package mudflat.controller.apps;

import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.text.DateFormat;
import java.text.ParseException;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Calendar;
import java.util.Date;
import java.util.GregorianCalendar;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.TreeMap;

import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

import mudflat.util.appFbBirthday.Month;
import mudflat.util.facebook.FqlUser;

import org.apache.commons.codec.binary.Base64;
import org.apache.log4j.Logger;
import org.apache.struts.action.ActionForm;
import org.apache.struts.action.ActionForward;
import org.apache.struts.action.ActionMapping;
import org.apache.struts.actions.DispatchAction;

import sun.misc.BASE64Encoder;

import com.google.gson.Gson;
import com.restfb.Connection;
import com.restfb.DefaultFacebookClient;
import com.restfb.FacebookClient;
import com.restfb.Parameter;
import com.restfb.types.User;

public class FacebookAuth extends DispatchAction {	
		
	private String apiKey = "123456789";
	private String secretToken = "ABCDEFGHIJKLMNOPQ";	
	private String authUrl2 = "https://graph.facebook.com/oauth/authorize" +
			"?client_id=" + apiKey + "" +
			"&redirect_uri=http://localhost:8080/mudflat/apps/facebookauth.do?do=authSucess" +
			"&scope=user_birthday";
	
	private String authUrl = 
		"https://graph.facebook.com/oauth/authorize" +
		"?client_id=123456789" +
		"&redirect_uri=http://localhost:8080/mudflat/apps/facebookauth.do?do=authSucess" +
		"&scope=user_birthday";
		
	public ActionForward authSucess(
			ActionMapping mapping,
			ActionForm form,
			HttpServletRequest request,
			HttpServletResponse response) {		
		
		return new ActionForward("http://apps.facebook.com/smd_auth_example/?ref=bookmarks&count=0/", true);
	}
	
	public ActionForward index(
			ActionMapping mapping,
			ActionForm form,
			HttpServletRequest request,
			HttpServletResponse response) {		
		
		String sigreq = request.getParameter("signed_request");
		int idx = sigreq.indexOf(".");
		byte[] sig = new Base64(true).decode(sigreq.substring(0, idx).getBytes());
		String rawpayload = sigreq.substring(idx+1);
		String payload = new String(new Base64(true).decode(rawpayload));

		/* parse the JSON payload and do the signature check */
		FacebookRequest ret = new Gson().fromJson(payload, FacebookRequest.class);
		/* check if it is HMAC-SHA256 */
		if (!ret.getAlgorithm().equals("HMAC-SHA256")) {
			/* note that this follows facebooks example, as published on 2010-07-21 (I wonder when this will break) */
			System.out.println("Fehler Algorthimus");
		}
		/* then check the signature */
		checkSignature(rawpayload, sig);
		
		if (ret.getOauth_token() == null){
			return new ActionForward(authUrl, true);
		}		
		
		FacebookClient facebookClient = new DefaultFacebookClient(ret.getOauth_token());
		
		String query = "SELECT name FROM user WHERE uid=220439";
		List<User> users = facebookClient.executeQuery(query, User.class);
		for (int i=0;i<users.size();i++){
			User u = users.get(i);
			System.out.println(u.getName());			
		}
		
		return mapping.findForward("index");
	}
	
	private void checkSignature(String  rawpayload, byte[] sig) {		
		try {
			SecretKeySpec secretKeySpec = new SecretKeySpec(this.secretToken.getBytes(), SIGN_ALGORITHM);
			Mac mac = Mac.getInstance("HMACSHA256");
			mac.init(secretKeySpec);
			byte[] mysig = mac.doFinal(rawpayload.getBytes());
			if (!Arrays.equals(mysig, sig)) {
				System.out.println("keine Übereinstimmung");
			}
		} catch (InvalidKeyException e) {
			e.printStackTrace();
		} catch (NoSuchAlgorithmException e) {
			e.printStackTrace();
		} catch (IllegalStateException e) {
			e.printStackTrace();
		}
			
	}
	

}