package org.eparapher.rcp.wizards;

import java.lang.reflect.InvocationTargetException;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.cert.X509Certificate;
import java.util.Date;

import org.apache.log4j.Logger;
import org.eclipse.core.runtime.IProgressMonitor;
import org.eclipse.jface.dialogs.ProgressMonitorDialog;
import org.eclipse.jface.operation.IRunnableWithProgress;
import org.eclipse.jface.viewers.IStructuredSelection;
import org.eclipse.jface.wizard.Wizard;
import org.eclipse.ui.INewWizard;
import org.eclipse.ui.IWorkbench;
import org.eclipse.ui.IWorkbenchWindow;
import org.eclipse.ui.PlatformUI;
import org.eparapher.core.EParapherManager;
import org.eparapher.core.crypto.EPKeystoreManager;
import org.eparapher.core.crypto.cert.CertificateManager;
import org.eparapher.core.crypto.cert.NewCertParams;
import org.eparapher.core.interfaces.IUserKeystore;
import org.eparapher.rcp.tools.eParapherTools;

public class NewCertificateWizard extends Wizard implements INewWizard {

	private static Logger log = Logger.getLogger(NewCertificateWizard.class);

	/** The window */
	private IWorkbenchWindow window;

	private NewCertificateWizardPageOne one;

	private X509Certificate[] generatedCert = null;
	private String            generatedCSR = null;
	
	private NewCertParams     certParams = null;
	
	public NewCertificateWizard() {
		super();
		setWindowTitle("New certificate wizard");
		setNeedsProgressMonitor(true);
		certParams = new  NewCertParams();
	}

	public void addPages() {
		one = new NewCertificateWizardPageOne();
		addPage(one);
	}
	
	public boolean performFinish() {
		
		//Get Params
		certParams.setSelfCertSigned(one.isSelfSigned());
		certParams.setCSR(one.isCSR());
		certParams.setAlias(one.getAliasName());

		certParams.setKeypairAlg(one.getKeypairAlg());
		certParams.setKeypairSize(one.getKeypairSize());
		certParams.setCertSigAlg(one.getCertSigAlg());
		certParams.setEcDSASpecName(one.getECSpecsName());

		certParams.setSubjectDN(one.getUserDNasString());

		certParams.setValidFrom(new Date());
		certParams.setValidUntil(one.getEndofValidityDate(certParams.getValidFrom()));

		certParams.setSubaltnameDNSName(one.getSubjAltNameDNSName());
		certParams.setSubaltnameEMail(one.getSubjAltNameEMail());
		certParams.setSubaltnameOtherName(one.getSubjAltNameOtherName());

		//If the alias already exists : user confirm if overwrite.
		if (EPKeystoreManager.getInstance().getUserkeystore().containsAlias(certParams.getAlias())) {
			if ( ! EParapherManager.getInstance().getUI().askUserYesNo("alias '"+certParams.getAlias()+"' already exists in keystore\r\nDo you really want to overwrite it (you will loose your private key)?") )
				return false;
			else
				try {
					EPKeystoreManager.getInstance().getUserkeystore().getKeystore().deleteEntry(certParams.getAlias());
				} catch (KeyStoreException e) {
					log.error(e);
				}
		}
		//Ask the user for the Private Key Password if not CAPICOM, not PKCS11, not PKCS12 and not CMSKS
    	if ( !EPKeystoreManager.isCAPICOMUsed() && !EPKeystoreManager.isPKCS11Used() && !EPKeystoreManager.isPKCS12Used() && !EPKeystoreManager.isCMSKSUsed() ) {
			PinOrPassphraseWizard passphraseWizard = new PinOrPassphraseWizard( true, true, certParams.getAlias() );
			certParams.setAliaspwd(passphraseWizard.askForSecret());
			if ( certParams.getAliaspwd() == null || certParams.getAliaspwd().equals("") ) {
				String msg = "Cannot access private key, .";
				log.info(msg);
				eParapherTools.errorMessage(msg);
				return false;
			}
    	}
		ProgressMonitorDialog dialog = new ProgressMonitorDialog(PlatformUI.getWorkbench().getActiveWorkbenchWindow().getShell());
		try {
			generateKeysAndCert keycertgen = new generateKeysAndCert(certParams);
			dialog.run(true, true, keycertgen );
			generatedCert = keycertgen.getCertCahin();
			generatedCSR  = keycertgen.getCSRFilename();
			return true;
		} catch (InterruptedException e) {
			EParapherManager.getInstance().getUI().errorMessage("Error while generating Keypair/Certificate/CSR", e);
		} catch (InvocationTargetException e) {
			EParapherManager.getInstance().getUI().errorMessage("Error while generating Keypair/Certificate/CSR", e);
		}
		return false;
	}
	
	protected class generateKeysAndCert implements IRunnableWithProgress {

		NewCertParams X509Params;
		
		String csrFile;
		X509Certificate[] certChain;
		
		protected generateKeysAndCert(NewCertParams params) {
			X509Params = params;
			csrFile = null;
		}
		protected String getCSRFilename() {
			return csrFile;
		}
		protected X509Certificate[] getCertCahin() {
			return certChain;
		}
		public void run(IProgressMonitor monitor) {
			
			if (X509Params.isSelfCertSigned())
				monitor.beginTask("Generating self signed certificate",3);
			if (X509Params.isCSR())
				monitor.beginTask("Generating certificate signing request",4);

			try {
				//Generate Keys
				monitor.subTask("Generating " + X509Params.getKeypairAlg() + " Keypair");
				KeyPair keypair = CertificateManager.generateKeyPair(X509Params);
				monitor.worked(1);
				
				if (monitor.isCanceled())
					return;

				//Generate Certificate
				monitor.subTask("Generating X509 Certificate");
				certChain = CertificateManager.generateNewCertificate( X509Params, keypair );
				monitor.worked(1);
				if (monitor.isCanceled())
					return;
				monitor.worked(1);

				//EPKeystoreManager.getInstance().getUserkeystore().getKeystore().setKeyEntry(X509Params.getAlias(), keypair.getPrivate(), X509Params.getAliaspwd().toCharArray(), null );
				//EPKeystoreManager.getInstance().getUserkeystore().saveKeyStore();
				
				//Generate CSR
				if (X509Params.isCSR()) {
					monitor.subTask("Generating certificate signing request (PKCS#10)");
					csrFile = CertificateManager.createSigningRequest( X509Params, keypair );
					monitor.worked(1);
					if (monitor.isCanceled())
						return;
				}
				
				monitor.subTask("Storing private key and certificate");
				//Store the new private key and certificate in your keystore
				IUserKeystore uks = EPKeystoreManager.getInstance().getUserkeystore();
				KeyStore ks = uks.getKeystore();
				String alias = X509Params.getAlias();
				if ( EPKeystoreManager.isPKCS11Used() || EPKeystoreManager.isCAPICOMUsed() || X509Params.getAliaspwd() == null) {
					ks.setKeyEntry(alias, keypair.getPrivate(), null, certChain );
				} else {
					ks.setKeyEntry(alias, keypair.getPrivate(), X509Params.getAliaspwd().toCharArray(), certChain );
				}
				
				uks.saveKeyStore();
				monitor.worked(1);

			} catch (NoSuchAlgorithmException e) {
				manageexception(e);
			} catch (NoSuchProviderException e) {
				manageexception(e);
			} catch (Exception e) {
				manageexception(e);
			}
			monitor.done();
		}

		private void manageexception(final Throwable e) {
			EParapherManager.getInstance().getUI().errorMessage(e.getLocalizedMessage(), e);
		}
	}

	public boolean isCSR() {
		return certParams.isCSR();
	}

	public boolean isSelfSignedCert() {
		
		return certParams.isSelfCertSigned();
	}

	public String getAlias() {
		return certParams.getAlias();
	}

	public X509Certificate[] getGeneratedCertificate() {
		return generatedCert;
	}
	public String getCSRFile() {
		return generatedCSR;
	}

	public void init(IWorkbench workbench, IStructuredSelection selection) {
        window = workbench.getActiveWorkbenchWindow();
	}

}