using System;
using System.IO;
using System.Security.Cryptography.X509Certificates;
using System.Xml;

namespace Kreta.EESZTInterface.STS
{
    partial class CreateSoap
    {
        public static XmlDocument CreateX509Soap(X509Certificate2 oamCert, X509Certificate2 cert)
        {
            XmlElement elem;
            XmlDocument xmlDoc = new XmlDocument();
            xmlDoc.PreserveWhitespace = true;

            string idBody = "Id-" + Guid.NewGuid().ToString().Replace("-", "");
            string idTs = "TS-" + Guid.NewGuid().ToString().Replace("-", "");
            string idX509 = "X509-" + Guid.NewGuid().ToString().Replace("-", "");
            string idOamCert = "OAM-" + Guid.NewGuid().ToString().Replace("-", "");

            XmlElement root = xmlDoc.CreateElement("soap", "Envelope", Namespaces.soap12Ns);
            root.SetAttribute("xmlns:ns", Namespaces.nsNs);
            xmlDoc.AppendChild(root);

            XmlElement head = xmlDoc.CreateElement("soap", "Header", Namespaces.soap12Ns);
            root.AppendChild(head);

            XmlElement sec = xmlDoc.CreateElement("wsse", "Security", Namespaces.wsseNs);
            sec.SetAttribute("xmlns:wsu", Namespaces.wsuNs);
            head.AppendChild(sec);

            XmlElement binary = xmlDoc.CreateElement("wsse", "BinarySecurityToken", Namespaces.wsseNs);
            binary.SetAttribute("Id", Namespaces.wsuNs, idOamCert);
            binary.SetAttribute("ValueType", STSValues.x509v3Value);
            binary.SetAttribute("EncodingType", STSValues.base64BinaryValue);
            binary.InnerText = CertificateHelper.CertToBase64String(oamCert);
            sec.AppendChild(binary);

            binary = xmlDoc.CreateElement("wsse", "BinarySecurityToken", Namespaces.wsseNs);
            binary.SetAttribute("Id", Namespaces.wsuNs, idX509);
            binary.SetAttribute("ValueType", STSValues.x509v3Value);
            binary.SetAttribute("EncodingType", STSValues.base64BinaryValue);
            binary.InnerText = CertificateHelper.CertToBase64String(cert);
            sec.AppendChild(binary);

            XmlElement timestamp = xmlDoc.CreateElement("wsu", "Timestamp", Namespaces.wsuNs);
            timestamp.SetAttribute("Id", Namespaces.wsuNs, idTs);
            sec.AppendChild(timestamp);

            elem = xmlDoc.CreateElement("wsu", "Created", Namespaces.wsuNs);
            elem.InnerText = DateTime.Now.ToUniversalTime().ToString("yyyy-MM-ddTHH:mm:ssZ");
            timestamp.AppendChild(elem);

            elem = xmlDoc.CreateElement("wsu", "Expires", Namespaces.wsuNs);
            elem.InnerText = DateTime.Now.AddHours(2).ToUniversalTime().ToString("yyyy-MM-ddTHH:mm:ssZ");
            timestamp.AppendChild(elem);

            XmlElement body = xmlDoc.CreateElement("soap", "Body", Namespaces.soap12Ns);
            body.SetAttribute("xmlns:wsu", Namespaces.wsuNs);
            body.SetAttribute("Id", Namespaces.wsuNs, idBody);
            xmlDoc.DocumentElement.AppendChild(body);

            XmlElement secToken = xmlDoc.CreateElement("ns", "RequestSecurityToken", Namespaces.nsNs);
            body.AppendChild(secToken);

            elem = xmlDoc.CreateElement("ns", "RequestType", Namespaces.nsNs);
            elem.InnerText = STSValues.issueValue;
            secToken.AppendChild(elem);

            elem = xmlDoc.CreateElement("ns", "TokenType", Namespaces.nsNs);
            elem.InnerText = STSValues.samlv2Value;
            secToken.AppendChild(elem);

            var mem = new MemoryStream();
            xmlDoc.Save(mem);
            mem.Seek(0, SeekOrigin.Begin);

            xmlDoc = new XmlDocument
            {
                PreserveWhitespace = true
            };
            xmlDoc.Load(mem);

            xmlDoc = SignHelper.SignMessage(xmlDoc, cert, "#" + idBody, "#" + idTs, "#" + idX509);

            xmlDoc = EncryptHelper.EncryptMessage(xmlDoc, oamCert, "#" + idBody, "#" + idTs, "#" + idOamCert);

            return xmlDoc;

        }
    }
}