package com.pollex.pam.security.provider;

import com.fasterxml.jackson.databind.ObjectMapper;
import com.pollex.pam.config.ApplicationProperties;
import com.pollex.pam.domain.Consultant;
import com.pollex.pam.enums.ConsultantDetailEnum;
import com.pollex.pam.enums.CustomerDetailEnum;
import com.pollex.pam.repository.ConsultantRepository;
import com.pollex.pam.security.token.EServiceAuthenticationToken;
import com.pollex.pam.service.dto.EServiceRequest;
import com.pollex.pam.service.dto.EServiceResponse;
import org.apache.http.conn.ssl.NoopHostnameVerifier;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.ssl.SSLContexts;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.*;
import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Component;
import org.springframework.web.client.RestTemplate;

import javax.net.ssl.SSLContext;
import java.security.KeyManagementException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;

@Component
public class EServiceAuthenticationProvider {

    private static final String E_SERVICE_LOGIN_SUCCESS_CODE = "0";

    @Autowired
    ApplicationProperties applicationProperty;

    @Autowired
    ConsultantRepository consultantRepository;

    public Authentication authenticate(EServiceAuthenticationToken authenticationToken) throws AuthenticationException {
        String account = authenticationToken.getPrincipal();
        String credentials = authenticationToken.getCredentials();

        if(applicationProperty.isMockLogin()){
            return getConsultantToken(account, credentials);
        }

        try {
            ResponseEntity<EServiceResponse> responseEntity = loginByEService(account, credentials);
            if(HttpStatus.OK.equals(responseEntity.getStatusCode())) {
                EServiceResponse eServiceResponse = responseEntity.getBody();

                if(E_SERVICE_LOGIN_SUCCESS_CODE.equals(eServiceResponse.getCode())){
                    return getConsultantToken(account, credentials);
                }
            }

            throw new AuthenticationCredentialsNotFoundException("");
        } catch (Exception e) {
            throw new AuthenticationCredentialsNotFoundException("");
        }
    }

    private UsernamePasswordAuthenticationToken getConsultantToken(String account, String credential) {
        Consultant consultant = consultantRepository.findOneByAgentNo(account).orElseThrow(() -> new UsernameNotFoundException("consultant is not in db, consultant agentNo = " + account));

        List<GrantedAuthority> grantedAuths = Arrays.asList(new SimpleGrantedAuthority("ROLE_USER"));
        UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(account, credential, grantedAuths);

        Map<String, String> details = new HashMap<>();
        details.put(ConsultantDetailEnum.ID.getValue(), consultant.getId().toString());
        details.put(ConsultantDetailEnum.NAME.getValue(), consultant.getName());
        details.put(ConsultantDetailEnum.AGENT_NO.getValue(), account);
        authenticationToken.setDetails(details);

        return authenticationToken;
    }

    private ResponseEntity<EServiceResponse> loginByEService(String account, String paxxword) throws Exception{
        EServiceRequest dto = new EServiceRequest();
        dto.setFunc("ValidateUserLogin");
        dto.setId(account);
        dto.setPin(paxxword);
        dto.setPwd(paxxword);
        dto.setSys("epos");

        String dtoJson = new ObjectMapper().writeValueAsString(dto);

        RestTemplate restTemplate = getTrustAllRestTemplate();

        HttpHeaders headers = new HttpHeaders();
        headers.setContentType(MediaType.APPLICATION_JSON);

        HttpEntity<String> entity = new HttpEntity<>(dtoJson, headers);
        return restTemplate.exchange(applicationProperty.geteServiceLoginUrl(), HttpMethod.POST, entity, EServiceResponse.class);
    }

    private RestTemplate getTrustAllRestTemplate() throws KeyStoreException, NoSuchAlgorithmException, KeyManagementException {
        SSLContext sslContext = SSLContexts.custom()
            .loadTrustMaterial(null, (X509Certificate[] x509Certs, String s) -> true)
            .build();
        SSLConnectionSocketFactory csf = new SSLConnectionSocketFactory(sslContext, new NoopHostnameVerifier());
        CloseableHttpClient httpClient = HttpClients.custom()
            .setSSLSocketFactory(csf)
            .build();
        HttpComponentsClientHttpRequestFactory requestFactory = new HttpComponentsClientHttpRequestFactory();
        requestFactory.setHttpClient(httpClient);
        requestFactory.setConnectTimeout(300000);
        requestFactory.setReadTimeout(300000);
        return new RestTemplate(requestFactory);
    }
}