/*
 * Licensed to the Apache Software Foundation (ASF) under one
 * or more contributor license agreements.  See the NOTICE file
 * distributed with this work for additional information
 * regarding copyright ownership.  The ASF licenses this file
 * to you under the Apache License, Version 2.0 (the
 * "License"); you may not use this file except in compliance
 * with the License.  You may obtain a copy of the License at
 *
 *   http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing,
 * software distributed under the License is distributed on an
 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 * KIND, either express or implied.  See the License for the
 * specific language governing permissions and limitations
 * under the License.
 */
package org.apache.syncope.core.logic.init;

import java.io.File;
import java.io.InputStream;
import java.security.KeyStore;
import java.util.HashMap;
import java.util.Map;
import java.util.Properties;
import net.shibboleth.utilities.java.support.resolver.CriteriaSet;
import org.apache.commons.io.FileUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.syncope.core.persistence.api.SyncopeLoader;
import org.apache.syncope.core.provisioning.api.EntitlementsHolder;
import org.apache.syncope.common.lib.types.SAML2SPEntitlement;
import org.apache.syncope.core.logic.saml2.SAML2ReaderWriter;
import org.apache.syncope.core.spring.ApplicationContextProvider;
import org.apache.syncope.core.spring.ResourceWithFallbackLoader;
import org.apache.wss4j.common.saml.OpenSAMLUtil;
import org.opensaml.core.criterion.EntityIdCriterion;
import org.opensaml.security.credential.Credential;
import org.opensaml.security.credential.impl.KeyStoreCredentialResolver;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

@Component
public class SAML2SPLoader implements SyncopeLoader {

    private static final Logger LOG = LoggerFactory.getLogger(SAML2SPLoader.class);

    private static final String SAML2SP_LOGIC_PROPERTIES = "saml2sp-logic.properties";

    private static <T> T assertNotNull(final T argument, final String name) {
        if (argument == null) {
            throw new IllegalArgumentException("Argument '" + name + "' may not be null.");
        }
        return argument;
    }

    static {
        OpenSAMLUtil.initSamlEngine(false);
    }

    @Autowired
    private SAML2ReaderWriter saml2rw;

    private boolean inited;

    private KeyStore keystore;

    private String keyPass;

    private Credential credential;

    @Override
    public Integer getPriority() {
        return 1000;
    }

    @Override
    public void load() {
        EntitlementsHolder.getInstance().init(SAML2SPEntitlement.values());

        String confDirectory = null;

        Properties props = new Properties();
        try (InputStream is = getClass().getResourceAsStream("/" + SAML2SP_LOGIC_PROPERTIES)) {
            props.load(is);
            confDirectory = props.getProperty("conf.directory");

            File confDir = new File(confDirectory);
            if (confDir.exists() && confDir.canRead() && confDir.isDirectory()) {
                File confDirProps = FileUtils.getFile(confDir, SAML2SP_LOGIC_PROPERTIES);
                if (confDirProps.exists() && confDirProps.canRead() && confDirProps.isFile()) {
                    props.clear();
                    props.load(FileUtils.openInputStream(confDirProps));
                    confDirectory = props.getProperty("conf.directory");
                }
            }
        } catch (Exception e) {
            throw new RuntimeException("Could not read " + SAML2SP_LOGIC_PROPERTIES, e);
        }

        assertNotNull(confDirectory, "<conf.directory>");

        String name = props.getProperty("keystore.name");
        assertNotNull(name, "<keystore.name>");
        String type = props.getProperty("keystore.type");
        assertNotNull(type, "<keystore.type>");
        String storePass = props.getProperty("keystore.storepass");
        assertNotNull(storePass, "<keystore.storepass>");
        keyPass = props.getProperty("keystore.keypass");
        assertNotNull(keyPass, "<keystore.keypass>");
        String certAlias = props.getProperty("sp.cert.alias");
        assertNotNull(certAlias, "<sp.cert.alias>");

        LOG.debug("Attempting to load the provided keystore...");
        try {
            ResourceWithFallbackLoader loader = new ResourceWithFallbackLoader();
            loader.setResourceLoader(ApplicationContextProvider.getApplicationContext());
            loader.setPrimary(StringUtils.appendIfMissing("file:" + confDirectory, "/") + name);
            loader.setFallback("classpath:" + name);

            keystore = KeyStore.getInstance(type);
            try (InputStream inputStream = loader.getResource().getInputStream()) {
                keystore.load(inputStream, storePass.toCharArray());
                LOG.debug("Keystore loaded");
            }

            Map<String, String> passwordMap = new HashMap<>();
            passwordMap.put(certAlias, keyPass);
            KeyStoreCredentialResolver resolver = new KeyStoreCredentialResolver(keystore, passwordMap);

            this.credential = resolver.resolveSingle(new CriteriaSet(new EntityIdCriterion(certAlias)));
            LOG.debug("SAML 2.0 Service Provider certificate loaded");

            saml2rw.init();

            inited = true;
        } catch (Exception e) {
            LOG.error("Could not initialize the SAML 2.0 Service Provider certificate", e);
            inited = false;
        }
    }

    public boolean isInited() {
        return inited;
    }

    public KeyStore getKeyStore() {
        return keystore;
    }

    public String getKeyPass() {
        return keyPass;
    }

    public Credential getCredential() {
        return credential;
    }

}