package com.fsenablers.saml;

import java.io.FileInputStream;
import java.io.InputStream;
import java.io.StringReader;
import java.security.KeyStore;
import java.security.PublicKey;
import java.security.cert.X509Certificate;

import java.security.cert.Certificate;

import org.apache.xml.security.keys.KeyInfo;
import org.apache.xml.security.signature.XMLSignature;
import org.apache.xml.security.utils.Constants;
import org.apache.xml.security.utils.XMLUtils;
import org.apache.xpath.XPathAPI;
import org.w3c.dom.Element;
import org.xml.sax.InputSource;


public class SAMLVerifier {

	
	/*
	   static org.apache.commons.logging.Log log = 
        org.apache.commons.logging.LogFactory.getLog(VerifySignature.class.getName());
        */
   
   public static boolean verify( String aKeystoreFile, String aStorePass, String aKeyName, String baseURI, String srcXML ) throws Exception {

	   boolean bVerified = false;

      javax.xml.parsers.DocumentBuilderFactory dbf =
         javax.xml.parsers.DocumentBuilderFactory.newInstance();


      dbf.setNamespaceAware(true);

      javax.xml.parsers.DocumentBuilder db = dbf.newDocumentBuilder();

         db.setErrorHandler(new org.apache.xml.security.utils
            .IgnoreAllErrorHandler());

         org.w3c.dom.Document doc = db.parse( new InputSource( new StringReader( srcXML )));
         Element nscontext = XMLUtils.createDSctx(doc, "ds",
                                                  Constants.SignatureSpecNS);
         Element sigElement = (Element) XPathAPI.selectSingleNode(doc,
                                 "//ds:Signature[1]", nscontext);
         XMLSignature signature = new XMLSignature(sigElement, baseURI );

         signature.addResourceResolver(new OfflineResolver());

         XMLUtils.outputDOMc14nWithComments(signature.getElement(), System.out);

         KeyInfo ki = signature.getKeyInfo();
         if (ki != null) {

        	// use embedded key info
        	 
        	X509Certificate cert = signature.getKeyInfo().getX509Certificate();
	    
            if (cert != null) {
               // as x509 certificate
               System.out.println( "Embedded x509: " + cert.toString() );
               bVerified = signature.checkSignatureValue( cert );
            } else {
               // as public key
               PublicKey pk = signature.getKeyInfo().getPublicKey();

               if (pk != null) {
                  System.out.println( "Embedded Public Key: " + pk.toString() );
            	  bVerified = signature.checkSignatureValue(pk);
               } else {
            	  // no public key so the signature can't be verified
            	  bVerified = false;
               }
            }
         } else {

        	 // use public key from local keystore
        	 InputStream keystoreInputStream = new FileInputStream( aKeystoreFile );
         	 KeyStore ks = KeyStore.getInstance( "JKS" );
    	   char[] storepass = aStorePass.toCharArray();
    	   ks.load( keystoreInputStream, storepass );
    	  
    	   Certificate myCert = ks.getCertificate( aKeyName );
    	   bVerified = signature.checkSignatureValue( myCert.getPublicKey() );
    	   
         }
      
      return bVerified;
   }

   static {
      org.apache.xml.security.Init.init();
   }
}