package es.caib.signatura.impl;
   
   import java.io.*;
   import java.lang.reflect.Constructor;
   import java.security.InvalidKeyException;
   import java.security.NoSuchAlgorithmException;
   import java.security.NoSuchProviderException;
   import java.security.SignatureException;
   import java.security.cert.CertificateException;
  import java.security.cert.CertificateExpiredException;
  import java.security.cert.CertificateNotYetValidException;
  import java.security.cert.X509Certificate;
  import java.util.Collection;
  import java.util.Iterator;
  import java.util.List;
  
  import es.caib.signatura.api.CertificateVerifyException;
  import es.caib.signatura.api.ParsedCertificate;
  import es.caib.signatura.api.SignatureProviderException;
  import es.caib.signatura.api.SignatureVerifyException;
  import es.caib.signatura.api.Certificate;
  
  /**
   * 
   */
  public class CertificateImpl implements Certificate {
  	private X509Certificate[] certificateChain = null;
  	
  
  	/**
  	 * Constructor.
  	 * 
  	 * @param certificateChain
  	 */
  	public CertificateImpl(X509Certificate[] certificateChain){
  		this.certificateChain = certificateChain;
  	}
  	
  	/**
  	 * {@inheritDoc}
  	 */
  	  public String getCertCaName(){
  		if(certificateChain == null || certificateChain.length == 0){
  			throw new Error("The certificate chain cannot be found.");
  		}
  		return certificateChain[certificateChain.length-1].getSubjectX500Principal().getName();
  	  }
  
  	/**
  	 * {@inheritDoc}
  	 */
  	  public String getCertSubjectCommonName(){
  		  ParsedCertificate Parsed = this.getParsedCertificate();
  		  return(Parsed.getName());
  	  }
  
  	/**
  	 * {@inheritDoc}
  	 */
  	  public String getCertSubjectAlternativeNames(){
  		  StringBuffer altNameSB = new StringBuffer("");
  			String altNameString = null;
  			try {
  				Collection generalNames = certificateChain[0].getSubjectAlternativeNames();
  				Iterator itr = generalNames.iterator();
  				while (itr.hasNext()) {
  					List list = (List) itr.next();
  
  					int tagNo = ((Integer) list.get(0)).intValue();
  					switch (tagNo) {
  					case 0:
  						altNameSB.append("," + "otherName=");
  						break;
  
  					case 1:
  						altNameSB.append("," + "rfc822Name=");
  						break;
  
  					case 2:
  						altNameSB.append("," + "dNSName=");
  						break;
  
  					case 3:
  						altNameSB.append("," + "x400Address=");
  						break;
  
  					case 4:
  						altNameSB.append("," + "directoryName=");
  						break;
  
  					case 5:
  						altNameSB.append("," + "ediPartyName=");
  						break;
  
  					case 6:
  						altNameSB.append("," + "uniformResourceIdentifier=");
  						break;
  
  					case 7:
 						altNameSB.append("," + "iPAddress=");
 						break;
 
 					case 8:
 						altNameSB.append("," + "registeredID=");
 						break;
 
 					}
 					altNameSB.append(list.get(1).toString());
 
 					// Quitamos la coma del principio
 					if (altNameSB.length() > 0) {
 						altNameString = altNameSB.substring(1, altNameSB.length());
 					}
 
 				}
 			}
 
 			catch (Exception ex) {
 				return null;
 			}
 
 			return altNameString;
 	  }
 
 
 	/**
 	 * {@inheritDoc}
 	 */
 	public X509Certificate getCert(){
 		return certificateChain[0];
 	}
 	  
 	/**
 	 * {@inheritDoc}
 	 */
 	  public ParsedCertificate getParsedCertificate(){
 		try {
 			ClassLoader cl = ClassLoaderFactory.getFactory().getMasterClassLoader();
 			Class clazz = cl .loadClass( "es.caib.signatura.provider.impl.common.ParsedCertificatImpl" );
 			Constructor constructor = clazz.getConstructor(new Class[] {certificateChain.getClass(), Boolean.TYPE});
 			ParsedCertificate parsed = (ParsedCertificate) constructor.newInstance(new Object [] {certificateChain, new Boolean(false)});
 			return new ParsedCertificateProxy (parsed);
 		} catch (Exception e) {
 			throw new RuntimeException(e);
 		}
 	  }
 	  
 		/**
 		 * {@inheritDoc}
 		 */
 	  	public boolean verify()
 	            throws IOException, CertificateVerifyException{
 	  		boolean isValid = true;
 	  		isValid = isValid && verifyCertificateChain();
 	  		if(!isValid){
 	  			/*
 	  			 * Podría darse el caso que la cadena de certificación estuviera invertida
 	  			 */
 	  			invertCertificateChain();
 	  			isValid = isValid && verifyCertificateChain();
 	  			if(!isValid){
 	  				/*
 	  				 * Si no es válida la cadena de certificación una vez invertida se asume
 	  				 * que la cadena de certificación original es la válida
 	  				 */
 	  				invertCertificateChain();
 	  			}
 	  		}
 	  		return isValid;
 	  	}
 	  	
 	  	/**
 	  	 * Method to invert the certificate chain.
 	  	 */
 		private void invertCertificateChain(){
 			for(int i = 0;i < certificateChain.length / 2;i++){
 				X509Certificate temporalCertificate = certificateChain[certificateChain.length - 1 - i];
 				certificateChain[certificateChain.length - 1 - i] = certificateChain[i];
 				certificateChain[i] = temporalCertificate;
 			}
 		}
 		
 	  /**
 	   * Verifies the certificate and its certificate chain.
 	   */
 	  	private boolean verifyCertificateChain()
 	            throws IOException, CertificateVerifyException{
 	  		boolean isValid = true;
 	  		/*
 	  		 * date validity verification
 	  		 */
 	  		for(int i = 0;i < certificateChain.length && isValid;i++){
 	  			try {
 	  				certificateChain[i].checkValidity();
 	  			
 	  			} catch (CertificateExpiredException cee) {
 	  				System.out.println("CMSSignature Certificat rebutjat, el certificat ha caducat.");
 		  				isValid = false;
 	  			} catch (CertificateNotYetValidException cve) {
 	  				System.out.println("CMSSignature Certificat rebutjat, el certificat encara no és vàlid.");
 	  				isValid = false;
 	  			}
 	  		}	  		
 	  		/*
 	  		 * signature validity verification
 	  		 */
 	  		for(int i = 0;(i < certificateChain.length - 1) && isValid;i++){	  			
 	  				try {
 						certificateChain[i].verify(certificateChain[i + 1].getPublicKey());
 					} catch (InvalidKeyException e) {
 						isValid = false;
 					} catch (CertificateException e) {
 						isValid = false;
 					} catch (NoSuchAlgorithmException e) {
 						throw new CertificateVerifyException(e);
 					} catch (NoSuchProviderException e) {
 						throw new CertificateVerifyException(e);
 					} catch (SignatureException e) {
 						isValid = false;
 					}	  			
 	  		}
 	  		/*
 	  		 * Root certificate verification through Web Services.
 	  		 */
 	  		try{
 	  			isValid = isValid && verifyCertificateWebServices(certificateChain);
 	  		}catch(Exception e){
 	  			throw new CertificateVerifyException(e);
 	  		}
 	  		return isValid;
 	  	}
 	  	
 	  	/*
 	  	 * Validation through web services of the certificate chain.
 	  	 */
 	  	private boolean verifyCertificateWebServices(X509Certificate[] certificateChain)throws CertificateVerifyException{
 	  		/* TODO: commons-logging*/
 	  		return true;
 	  		/*
 	  		String result = verifyWebServices(certificateChain);
   			return WSResponseIsAVerifiedMessage(result);
   			*/
 	  	}
 	  	
 		/*
 		 * Validación mediante Web Services de la cadena de certificación
 		 */
 	  	/*
 		private String verifyWebServices(X509Certificate[] certificateChain) throws CertificateVerifyException{
 			String toReturn = new String();
 			try{
 				URLClassLoader urlClassLoader = (URLClassLoader)ClassLoaderFactory.getFactory().getMasterClassLoader();
 				Class c;			
 				c = urlClassLoader.loadClass("es.caib.signatura.cliente.ValidadorCertificadosEmbedded");						
 				Constructor constructor = c.getConstructor(new Class [] {});
 				IValidadorCertificados iValidadorCertificados = (IValidadorCertificados)constructor.newInstance(new Object [] {});
 				//ValidadorCertificadosEmbedded validadorCertificados = new ValidadorCertificadosEmbedded();
 				toReturn = iValidadorCertificados.validarCertificadoParaFirma(certificateChain);
 			} catch (Exception e) {
 				throw new CertificateVerifyException(e);
 			}
 			return toReturn;
 		}
 	  	
 		private boolean WSResponseIsAVerifiedMessage(String result) throws CertificateVerifyException {
 			String content = new String();
 			try {
 				DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance();
 				DocumentBuilder documentBuilder = documentBuilderFactory.newDocumentBuilder();
 				Document document;	    	  
 				StringBufferInputStream inputStream = new StringBufferInputStream(result);
 				document = documentBuilder.parse((InputStream)inputStream);	    	  
 				//Element element = document.getDocumentElement();
 				try{
 					NodeList nodeList = document.getElementsByTagName("validado");
 					Node node = nodeList.item(0);
 					Element element = (Element) node;
 					String tagName = element.getTagName();
 					Node textData = null;
 					boolean stop = false;
 					NodeList nodeDataList = element.getChildNodes();				
 					for(int i = 0;i < nodeDataList.getLength() && !stop;i++){
 						textData = nodeDataList.item(i);
 						stop = textData.getNodeType() == org.w3c.dom.Node.TEXT_NODE;						
 					}
 					content = ((org.w3c.dom.Text)textData).getData();
 				}catch(Exception e){
 					// Para no llevar a malos entendidos
 					// se da la firma como falsa
 					// 
 					return false;
 				}
 				if(content == null){
 					throw new Exception("No content in 'validado' TAG. Response message: " + result);
 				}
 			}catch(Exception e){
 				throw new CertificateVerifyException(e);
 			}
 			return content.compareToIgnoreCase("true") == 0;
 		}
 	  	*/
 
 }