package art.servers.gost.atex5;

import art.servers.gost.access.configuration.Configuration;
import art.servers.gost.access.configuration.ConfigurationDetail_ATEX5;
import java.io.ByteArrayOutputStream;
import java.util.Base64;
import org.w3c.dom.Document;
import org.xml.sax.SAXException;
import javax.xml.crypto.dom.DOMStructure;
import javax.xml.crypto.dsig.Reference;
import javax.xml.crypto.dsig.SignedInfo;
import javax.xml.crypto.dsig.Transform;
import javax.xml.crypto.dsig.XMLSignatureFactory;
import javax.xml.crypto.dsig.dom.DOMSignContext;
import javax.xml.crypto.dsig.keyinfo.KeyInfoFactory;
import javax.xml.crypto.dsig.spec.C14NMethodParameterSpec;
import javax.xml.crypto.dsig.spec.TransformParameterSpec;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.soap.*;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.cert.Certificate;
import java.util.ArrayList;


public class RequestXML 
{
    
    protected static Document readInXMLFile() throws ParserConfigurationException, SAXException, IOException
    {
        return null;
    }

    

    protected static SOAPMessage createSOAPEnvelope(Document xmlDocument) throws SOAPException 
    {
        // Create SOAP Message
        MessageFactory messageFactory = MessageFactory.newInstance(SOAPConstants.SOAP_1_1_PROTOCOL);
        SOAPMessage soapMessage = messageFactory.createMessage();
        soapMessage.setProperty(SOAPMessage.CHARACTER_SET_ENCODING, "UTF-8");
        soapMessage.setProperty(SOAPMessage.WRITE_XML_DECLARATION, "true");
        SOAPEnvelope soapEnvelope = soapMessage.getSOAPPart().getEnvelope();


        // Add DOM object to SOAP body
        SOAPBody soapBody = soapMessage.getSOAPBody();
        soapBody.addDocument(xmlDocument);
        soapBody.addAttribute(soapEnvelope.createName("Id", "wsu", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"), "Body");

        return soapMessage;


    }


    protected static SOAPMessage signSOAPMessage(SOAPMessage soapMessage) throws Exception 
    {
        // Create the security element
        SOAPElement soapHeader = soapMessage.getSOAPHeader();

        SOAPElement securityElement = soapHeader.addChildElement("Security", "wsse", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd");
        securityElement.addNamespaceDeclaration("wsu", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd");

        // (i) Extract the certificate
        
        java.security.cert.Certificate cert = getCertificate();

        // (ii) Add Binary Security Token. The base64 encoded value of the ROS digital certificate.
        addBinarySecurityToken(securityElement, cert);


        //(iii) Add Timestamp element
        //SOAPElement timestamp = addTimestamp(securityElement, soapMessage);

        // (iv) Add signature element
        addSignature(securityElement, soapMessage.getSOAPBody());

        return soapMessage;


    }



    protected static java.security.cert.Certificate getCertificate() throws Exception 
    {
        Configuration configuration = ((Configuration)art.servers.gost.access.Shared.configuration);
        ConfigurationDetail_ATEX5 configurationATEX5 = configuration.detail.atex5;
           
        KeyStore keystore = KeyStore.getInstance(configurationATEX5.keystoreType);
        char[] password = new char[configurationATEX5.keystorePassword.length()]; 
        configurationATEX5.keystorePassword.getChars(0, configurationATEX5.keystorePassword.length(), password, 0);
        keystore.load(new FileInputStream(configuration.detail.atex5.keystoreLocation), password);
        KeyStore.PrivateKeyEntry keyEntry = (KeyStore.PrivateKeyEntry)keystore.getEntry(configurationATEX5.certificateAlias, new KeyStore.PasswordProtection(configurationATEX5.certificatePassword.toCharArray()));
        Certificate cert = keyEntry.getCertificate();
        return cert;
    }


    protected static SOAPElement addBinarySecurityToken(SOAPElement securityElement, java.security.cert.Certificate cert) throws Exception 
    {

        // Get byte array of cert.
        byte[] certByte = cert.getEncoded();

        // Add the Binary Security Token element
        SOAPElement binarySecurityToken = securityElement.addChildElement("BinarySecurityToken", "wsse");

        binarySecurityToken.setAttribute("ValueType", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3");
        binarySecurityToken.setAttribute("EncodingType", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary");
        binarySecurityToken.setAttribute("wsu:Id", "X509Token");
        binarySecurityToken.addTextNode(Base64.getEncoder().encodeToString(certByte));
        return securityElement;

    }


    protected static SOAPElement addSignature(SOAPElement securityElement, SOAPBody soapBody) throws Exception 
    {
        // Get private key from ROS digital certificate
        PrivateKey key = getKeyFormCert();

        SOAPElement securityTokenReference = addSecurityToken(securityElement);

        // Add signature
        createDetachedSignature(securityElement, key, securityTokenReference, soapBody);

        return securityElement;

    }


    protected static PrivateKey getKeyFormCert() throws Exception
    {
        Configuration configuration = ((Configuration)art.servers.gost.access.Shared.configuration);
        ConfigurationDetail_ATEX5 configurationATEX5 = configuration.detail.atex5;
        
        KeyStore keystore = KeyStore.getInstance(configurationATEX5.keystoreType);
        char[] password = new char[configurationATEX5.keystorePassword.length()]; 
        configurationATEX5.keystorePassword.getChars(0, configurationATEX5.keystorePassword.length(), password, 0);
        keystore.load(new FileInputStream(configurationATEX5.keystoreLocation), password);
        KeyStore.PrivateKeyEntry keyEntry = (KeyStore.PrivateKeyEntry)keystore.getEntry(configurationATEX5.certificateAlias, new KeyStore.PasswordProtection(configurationATEX5.certificatePassword.toCharArray()));
        return keyEntry.getPrivateKey();
    }


    
    protected static SOAPElement addSecurityToken(SOAPElement signature) throws SOAPException 
    {
        SOAPElement securityTokenReference = signature.addChildElement("SecurityTokenReference", "wsse");
        SOAPElement reference = securityTokenReference.addChildElement("Reference", "wsse");
        reference.setAttribute("URI", "#X509Token");
        return securityTokenReference;
    }


    protected static void createDetachedSignature(SOAPElement signatureElement, PrivateKey privateKey, SOAPElement securityTokenReference, SOAPBody soapBody) throws Exception {


        String providerName = System.getProperty("jsr105Provider", "org.jcp.xml.dsig.internal.dom.XMLDSigRI");
        XMLSignatureFactory xmlSignatureFactory = XMLSignatureFactory.getInstance("DOM",(Provider) Class.forName(providerName).newInstance());

        //Digest method
        javax.xml.crypto.dsig.DigestMethod digestMethod = xmlSignatureFactory.newDigestMethod("http://www.w3.org/2000/09/xmldsig#sha1", null);
        ArrayList<Transform> transformList = new ArrayList<Transform>();


        //Transform
        Transform envTransform = xmlSignatureFactory.newTransform("http://www.w3.org/2001/10/xml-exc-c14n#", (TransformParameterSpec) null);
        transformList.add(envTransform);


        //References

        ArrayList<Reference> refList = new ArrayList<Reference>();
        Reference refBody = xmlSignatureFactory.newReference("#Body", digestMethod, transformList, null, null);


        refList.add(refBody);


        javax.xml.crypto.dsig.CanonicalizationMethod cm = xmlSignatureFactory.newCanonicalizationMethod("http://www.w3.org/2001/10/xml-exc-c14n#",(C14NMethodParameterSpec) null);
        javax.xml.crypto.dsig.SignatureMethod sm = xmlSignatureFactory.newSignatureMethod("http://www.w3.org/2000/09/xmldsig#rsa-sha1", null);
        SignedInfo signedInfo = xmlSignatureFactory.newSignedInfo(cm, sm, refList);

        DOMSignContext signContext = new DOMSignContext(privateKey, signatureElement);
        signContext.setDefaultNamespacePrefix("ds");
        signContext.putNamespacePrefix("http://www.w3.org/2000/09/xmldsig#", "ds");

        //These are required for new Java versions
        signContext.setIdAttributeNS(soapBody,"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", "Id");


        KeyInfoFactory keyFactory = KeyInfoFactory.getInstance();
        DOMStructure domKeyInfo = new DOMStructure(securityTokenReference);
        javax.xml.crypto.dsig.keyinfo.KeyInfo keyInfo = keyFactory.newKeyInfo(java.util.Collections.singletonList(domKeyInfo));
        javax.xml.crypto.dsig.XMLSignature signature = xmlSignatureFactory.newXMLSignature(signedInfo, keyInfo);
        signContext.setBaseURI("");


        signature.sign(signContext);

    }

    protected static String outputSOAPMessageToString(SOAPMessage soapMessage) throws SOAPException, IOException 
    {
        ByteArrayOutputStream bos = new ByteArrayOutputStream();
        soapMessage.writeTo(bos);
        String result = new String(bos.toByteArray());
        bos.close();
        return result;
    }


    protected static void outputSOAPMessageToScreen(SOAPMessage soapMessage) throws SOAPException, IOException 
    {
        OutputStream os =  System.out;
        soapMessage.writeTo(os);
    }


    protected static void outputSOAPMessageToFile(SOAPMessage soapMessage, File outputFile) throws SOAPException, IOException 
    {
        java.io.FileOutputStream fos = new java.io.FileOutputStream(outputFile);
        soapMessage.writeTo(fos);
        fos.close();        
    }


}