package com.yayisoft.sso.client;

import java.io.IOException;
import java.io.PrintWriter;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

import com.yayisoft.sso.util.CommonUtil;
import com.yayisoft.sso.util.SSOException;

public class Anchor extends HttpServlet {

	/**
	 * 
	 */
	private static final long serialVersionUID = 1L;

	/**
	 * Constructor of the object.
	 */
	public Anchor() {
		super();
	}

	/**
	 * Destruction of the servlet. <br>
	 */
	public void destroy() {
		super.destroy(); // Just puts "destroy" string in log
		// Put your code here
	}

	/**
	 * The doGet method of the servlet. <br>
	 *
	 * This method is called when a form has its tag value method equals to get.
	 * 
	 * @param request the request send by the client to the server
	 * @param response the response send by the server to the client
	 * @throws ServletException if an error occurred
	 * @throws IOException if an error occurred
	 */
	public void doGet(HttpServletRequest request, HttpServletResponse response)
			throws ServletException, IOException {

		try {
			PrintWriter out = response.getWriter();
			HttpSession session = request.getSession(true);
			
			String url= (String) session.getAttribute("url");	
			String apply = (String) session.getAttribute("apply");
			String strips = (String) session.getAttribute("strips");		
			if (url == null ||apply == null || strips == null) {//如果targetURL是空的,那么會話不是連續(xù)的
				out.println("invalid request, U R bad Guy!!!");
				out.println("reason: target == null ");
				out.flush();
				out.close();
				session.invalidate();		
//			response.sendRedirect(Config.PAGE_LOGIN);				
				return;
			}
			
			// "?tokon=" + tokon + "&intro="+intro+"&strips="+ strips);
			String tokon = request.getParameter("tokon");// 
			String intro = request.getParameter("intro");
			strips = request.getParameter("strips");
			String tips = request.getParameter("tips");
			if (tokon == null || intro == null || strips == null || tips == null) {// put targetURL
				out.println("invalid request, U R bad Guy!!!");
				out.println("reason: tokon == null ");				
				out.flush();
				out.close();
				session.invalidate();//
//				response.sendRedirect(Config.PAGE_LOGIN);	
				return;
			} else {
				if ((!CommonUtil.checkTips(tokon, tips))||(!CommonUtil.checkIntro(intro, strips))) {//檢查tips是否合法,tips是中心服務(wù)器返回的驗證碼
					out.println("invalid request, U R bad Guy!!!");
					out.println("reason: checkTips Failed ");
					out.flush();
					out.close();
					session.invalidate();//
//					response.sendRedirect(Config.PAGE_LOGIN);	
					return;
				} else{
					String user = CommonUtil.DecryptUser(tokon, apply, intro);//對用戶名解密
					session.setAttribute("user", user);
					session.setAttribute("sessionid", session.getId());
					session.removeAttribute("target");//移除本次憑證,防止重放
					session.removeAttribute("apply");
					session.removeAttribute("strips");
					System.out.println("一個用戶經(jīng)過認證中心了,呵呵" + user);
					System.out.println("信息成功了\ntokon = " + tokon+"\nuser"+user+"\napply"+apply+"\nintro"+intro);
					System.out.println();
					System.out.println("他到" + url);
					response.sendRedirect(url);//轉(zhuǎn)向目的地
					System.out.println("完畢");
					System.out.println();
					System.out.println();
					return;
					// 認證通過,這個tokon是我(認證中心)頒發(fā)的!
					// 我將給客戶端一個通知,你是合法的公民

					// 可是這個通知如何安全給客戶呢?
					// client客戶用socket請求嗎?socket是無法獲取session信息的!可以返回一個值,確定
					//所以,必須在session的會話級別操作,不然就像CAS一樣用統(tǒng)一SESSION_STORE保持
					

					// iframe,可以偽造

					// cookie,同一個domain域名是可以操作的!

					// 將tokon用特定算法加密,結(jié)果result發(fā)送給clinet(加key)
					// client用用特定算法解密,如果兩個結(jié)果相同,那么認證成功!
				}
			}			
		} catch (SSOException e) {		
			e.printStackTrace();
		}
		// TODO 要清空 String字符串,防止竊聽!!!
	}
	
	/**
	 * The doPost method of the servlet. <br>
	 *
	 * This method is called when a form has its tag value method equals to post.
	 * 
	 * @param request the request send by the client to the server
	 * @param response the response send by the server to the client
	 * @throws ServletException if an error occurred
	 * @throws IOException if an error occurred
	 */
	public void doPost(HttpServletRequest request, HttpServletResponse response)
			throws ServletException, IOException {
		this.doGet(request, response);
	}

	/**
	 * Initialization of the servlet. <br>
	 *
	 * @throws ServletException if an error occurs
	 */
	public void init() throws ServletException {
		// Put your code here
	}

}