package org.eparapher.core.crypto.keystore;
   
   import java.io.File;
   import java.io.FileOutputStream;
   import java.security.KeyStore;
   import java.security.KeyStoreException;
   import java.security.PrivateKey;
   import java.security.cert.Certificate;
   import java.security.cert.X509Certificate;
  
  import org.apache.log4j.Logger;
  import org.eparapher.core.EParapherManager;
  import org.eparapher.core.crypto.EPKeystoreManager;
  import org.eparapher.core.crypto.KeystoreEntry;
  import org.eparapher.core.crypto.cert.X509Util;
  
  
  public class EPKeystoreUtils {
  
  	private static Logger log = Logger.getLogger(EPKeystoreUtils.class);
  	
  	public static KeyStore initNewKeystore( String ks_type, String password) {
  		KeyStore new_ks = null;
  		try {
  			new_ks = KeyStore.getInstance( ks_type );
  			char[] pwd = password.toCharArray();
  			new_ks.load(null, pwd);
  			return new_ks;
  		} catch (Exception e) {
  			log.error("" + e.getLocalizedMessage(), e);
  		}
  		return null;
  	}
  	
  	public static boolean saveKeystore( KeyStore ks, String file, String password) {
  		if (ks != null) {
  			try {
  				char[] pwd = password.toCharArray();
  				ks.store(new FileOutputStream(file), pwd);
  				return true;
  			} catch (Exception e) {
  				log.error("" + e.getLocalizedMessage(), e);
  			}
  		}
  		return false;
  	}
  
      public static boolean isCertificateTrusted(X509Certificate cert) {
          String alias;
          try {
              alias = EPKeystoreManager.getInstance().getTrustStore().getKeystore().getCertificateAlias(cert);
          } catch (KeyStoreException e) {
              log.error("Truststore problem",e);
              return false;
          }
          return (alias != null);
  	}
  
  	public static boolean exportUserKSPKAndCerts( String[] alias_array, KeyStore ks_dest, String password, boolean keepKSPassword) {
  
  		try {
  			char[] pwd = password.toCharArray();
  			
  			IUserKeystore usr_ks = EPKeystoreManager.getInstance().getUserkeystore();
  			String current_alias = usr_ks.getDefaultAlias();
  
  			// for each alias
  			log.info("exporting aliases:");
  			for (int i = 0; i < alias_array.length; i++) {
  				String alias = alias_array[i];
  				usr_ks.setDefaultAlias(alias);
  				
  				// Process private key entry
  				if(usr_ks.getKeystore().isKeyEntry(alias)) {
  					if (usr_ks.loadPrivateKey()) {
  						PrivateKey pk = usr_ks.getPrivateKey();
  						if (keepKSPassword && (usr_ks instanceof FileKeystore)) {
  							char[] old_pwd = ((FileKeystore) usr_ks).getKSPassword();
  							ks_dest.setKeyEntry(alias, pk, old_pwd, usr_ks.getX509CertificateChain());
  							log.info(" - \""+alias+"\" (key)");
  						} else {
  							String secret;
  							secret = EParapherManager.getInstance().getUI().askUserKeystoreSecret( true, true, usr_ks.getDefaultAlias() );
  							if (secret == null) {
  								log.warn("Skipping alias "+alias+" : New Private key passphrase definition has been cancelled");
  							} else {
  								ks_dest.setKeyEntry(alias, pk, secret.toCharArray(), usr_ks.getX509CertificateChain());
  								log.info(" - \""+alias+"\" (key)");
  							}
  						 }
  					 } else
  						 log.warn(" - \""+alias+"\" : export cancelled : not loaded");
  				}
  				// Process certificate entry
  				else if(usr_ks.getKeystore().isCertificateEntry(alias)) {
  					ks_dest.setCertificateEntry(alias, usr_ks.getKeystore().getCertificate(alias));
  					log.info(" - \""+alias+"\" (certificate)");	
  				} else 
  					log.info("unknwon type for alias \""+alias+"\"");
 			}
 			usr_ks.setDefaultAlias(current_alias);
 			
 			return true;
 		} catch (Exception e) {
 			log.error(" exportUserKSPKAndCerts : " + e.getLocalizedMessage(), e);
 		}
 		return false;
 	}
 
 	public static boolean exportUserKSCerts( String[] alias_array, String directory ) {
 
 		try {
 			
 			IUserKeystore usr_ks = EPKeystoreManager.getInstance().getUserkeystore();
 
 			// process selected alias
 			log.info("exporting aliases :");
 			for (int i = 0; i < alias_array.length; i++) {
 				String alias = alias_array[i];
 				
 				// Process private key entry
 				if(usr_ks.getKeystore().isKeyEntry(alias)) {
 					X509Certificate[] aliasCertChain = X509Util.convertCertChaintoX509( usr_ks.getKeystore().getCertificateChain(alias) );
 					if (aliasCertChain.length==0)
 						log.info(" - alias \""+alias+"\" does not contain X509 Certificate");
 					else
 						for (int j = 0; j < aliasCertChain.length; j++) {
 							if (aliasCertChain[j]!=null) {
 								X509Certificate certificate = aliasCertChain[j];
 								String filename = directory + File.separator + alias + "-" + j + ".crt";
 								X509Util.saveX509toFile( filename, certificate);
 								log.info(" - exporting certificate(s) alias \""+alias+"\" to '"+filename+"'");
 							} else
 								log.info(" - certificate n�"+j+" in alias \""+alias+"\" is not an X509 Certificate");
 						}
 				}
 				
 				 // Process certificate entry
 				 else if(usr_ks.getKeystore().isCertificateEntry(alias)) {
 					Certificate aliascert =  usr_ks.getKeystore().getCertificate(alias);
 					if ( aliascert instanceof X509Certificate) {
 						X509Certificate x509Cert = (X509Certificate) aliascert;
 						String filename = directory + File.separator + alias + ".crt";
 						X509Util.saveX509toFile( filename, x509Cert);
 						log.info(" - exporting alias \""+alias+"\" to '"+filename+"'");
 					} else
 						log.info(" - exporting alias \""+alias+"\" failed : not a X509 Certificate");
 				 } else 
 					 log.info("unknwon type for alias \""+alias+"\"");
 			}
 			
 			return true;
 		} catch (Exception e) {
 			log.error(" exportUserKSCerts : " + e.getLocalizedMessage(), e);
 		}
 		return false;
 	}
 }