package util;

import java.io.IOException;

import org.apache.http.HttpEntity;
import org.apache.http.HttpResponse;
import org.apache.http.client.ClientProtocolException;
import org.apache.http.client.HttpClient;
import org.apache.http.client.ResponseHandler;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.util.EntityUtils;
import org.apache.log4j.Logger;
import org.opensaml.DefaultBootstrap;
import org.opensaml.xml.ConfigurationException;

import de.tudarmstadt.ukp.shibhttpclient.ShibHttpClient;


public class ShibbolethECP {

	// Logger
	private final static Logger LOGGER = Logger.getLogger(ShibbolethECP.class);
	
	// IdP URL
	private static String identityProviderUrl;

	public static void setIdentityProviderUrl(String identityProviderUrl) {
		ShibbolethECP.identityProviderUrl = identityProviderUrl;
	}
	
	public static boolean init(String idpUrl) {
		try {
			DefaultBootstrap.bootstrap();
		} catch (ConfigurationException ce) {
			ce.printStackTrace();
			LOGGER.error("OpenSAML wrongly configured.");
			return false;
		}
		
		if (idpUrl != null) {
			// TODO sanity check on the URL?
			setIdentityProviderUrl(idpUrl);
		} else {
			// no IdP given
			return false;
		}
		
		// everything fine, return true
		return true;
	}

	public static Boolean doLogin(final String user, final String pass) {
		
		// first lets do some sanity checks
		if (user == null) {
			LOGGER.error("No username given, aborting...");
			return false;
		}
		
		if (pass == null) {
			LOGGER.error("No password given, aborting...");
			return false;
		}
		
		if (identityProviderUrl == null) {
			LOGGER.error("Identity provider is not set, did you initialize this class correctly?");
			return false;
		}
		
		// The last argument indicates to accept any certificate
		HttpClient client = new ShibHttpClient(identityProviderUrl, user, pass, true);
		HttpGet req = new HttpGet("https://bwlp-masterserver.ruf.uni-freiburg.de/secure-all/test.php");
		String res = null;
		ResponseHandler<String> respHandler = new ResponseHandler<String>() {
			public String handleResponse(final HttpResponse response) throws ClientProtocolException, IOException {
					int status = response.getStatusLine().getStatusCode();
					if (status == 200 || status == 302) {
						HttpEntity entity = response.getEntity();
						return entity != null ? EntityUtils.toString(entity) : null;
					} else {
						throw new ClientProtocolException("Unexpected response status: " + status);
					}
			}
		};
		try {
			res = client.execute(req, respHandler);
		} catch (ClientProtocolException e) {
			// this is thrown on http return code not 200 or 302, indicates wrong login
			// TODO handle this with possible error causes: creds wrong, etc...
			LOGGER.error("Fatal error requesting '" + req.getURI() + "':", e);
			return false;
		} catch (IOException e) {
			LOGGER.error("Fatal protocol error requesting '" + req.getURI() + "':", e);
			return false;
		}

		// did we get a response?
		if (res != null) {
			LOGGER.info(res);
			// return true, to signal a successful login
			return true;
		} else {
			// we shouldn't actually reach this code...
			LOGGER.error("Seems like the request worked, but the response is empty. Something is very wrong...");
			return false;
		}
	}
}