/*
 * Copyright [2020] [MaxKey of copyright http://www.maxkey.top]
 * 
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 * 
 *     http://www.apache.org/licenses/LICENSE-2.0
 * 
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 

package org.maxkey.authn.support.wsfederation;

import javax.servlet.http.HttpServletRequest;

import org.maxkey.authn.AbstractAuthenticationProvider;
import org.maxkey.constants.ConstantsLoginType;
import org.maxkey.util.StringUtils;
import org.opensaml.saml1.core.impl.AssertionImpl;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;


public class WsFederationServiceImpl implements   WsFederationService{
	final static Logger _logger = LoggerFactory.getLogger(WsFederationServiceImpl.class);
	
	private WsFederationConfiguration wsFederationConfiguration;
	
	@Autowired
    @Qualifier("authenticationProvider")
	AbstractAuthenticationProvider authenticationProvider ;
	
	public boolean login(String wsFederationWA,String wsFederationWResult,HttpServletRequest request){
		// it's an authentication
        if (StringUtils.isNotEmpty(wsFederationWA) && wsFederationWA.equalsIgnoreCase(WsFederationConstants.WSIGNIN)) {
            _logger.debug("wresult : {}"+wsFederationWResult);

            final String wctx = request.getParameter(WsFederationConstants.WCTX);
            _logger.debug("wctx : {}"+ wctx);

            // create credentials
            final AssertionImpl assertion = WsFederationUtils.parseTokenFromString(wsFederationWResult);
            //Validate the signature
            if (assertion != null && WsFederationUtils.validateSignature(assertion, wsFederationConfiguration.getSigningCertificates())) {
                final WsFederationCredential wsFederationCredential = WsFederationUtils.createCredentialFromToken(assertion);

                if (wsFederationCredential != null && wsFederationCredential.isValid(wsFederationConfiguration.getRelyingParty(),
                		wsFederationConfiguration.getIdentifier(),
                		wsFederationConfiguration.getTolerance())) {

                    //Give the library user a chance to change the attributes as necessary
                    if (wsFederationConfiguration.getAttributeMutator() != null) {
                    	wsFederationConfiguration.getAttributeMutator().modifyAttributes(
                    			wsFederationCredential.getAttributes(),
                    			wsFederationConfiguration.getUpnSuffix());
                    }

                    authenticationProvider.trustAuthentication(
                    		wsFederationCredential.getAttributes().get("").toString(),
                    		ConstantsLoginType.WSFEDERATION,
                    		"","","success");
                    return true;
                } else {
                    _logger.warn("SAML assertions are blank or no longer valid.");
                    return false;
                }
            } else {
                _logger.error("WS Requested Security Token is blank or the signature is not valid.");
                return false;
            }
        }
		return false;
	}

	public void setWsFederationConfiguration(
			WsFederationConfiguration wsFederationConfiguration) {
		this.wsFederationConfiguration = wsFederationConfiguration;
	}
	
}