public class TestFactoryFlow extends AbstractUserIDCardTest {

    @Test
    public void testJWT2Idws() {

        /**
         * Consumer sender request
         */

        // CredentialVault og Factory
        CredentialVault signingVault = CredentialVaultTestUtil.getFoces3CredentialVault();
        CredentialVault holderOfKeyVault = CredentialVaultTestUtil.getVocesHolderOfKeyCredentialVault();
        OIOSAMLFactory factory = new OIOSAMLFactory();

        // Byg Jwt token (JTP-H profil)
        String audience = "http://audience/clear";

        String sub = "urn:dk:healthcare:eid:uuid:global:person:594f7fc0-30cf-4b83-8521-4d3f810b3107";
        String acr = "https://data.gov.dk/concept/core/nsis/loa/Substantial";
        String cpr = "1111901113";

        JwtBuilder builder = Jwts.builder();
        String jtph = builder.header()
                .keyId("test_foces3_2027")
                .and().claims()
                .issuer("http://sts-tester")
                .id(UUID.randomUUID().toString())
                .audience().add(audience).and()
                .issuedAt(notBefore)
                .expiration(notOnOrAfter)
                .subject(sub)
                .add("scope", "clear sosi-sts ignoredScope")
                .add("system_name", "MyTestSystem")
                .add("auth_time", String.valueOf(notBefore))
                .add("acr", acr)
                .add("iss-policy", "urn:dk:sundhed:oidc:policy_strict")
                .add("cpr", cpr)
                .add("cpr_uuid", "594f7fc0-30cf-4b83-8521-4d3f810b3107")
                .add("over_15", "true")
                .and().signWith(SignatureAlgorithm.RS256, signingVault.getSystemCredentialPair().getPrivateKey())
                .compact();

        // Byg STS request
        JWTToIdentityTokenRequestDOMBuilder requestBuilder = factory.createJWTToIdentityTokenRequestDOMBuilder();

        requestBuilder.setCPRNumberClaim(cpr);

        requestBuilder.setJWTToken(jtph);
        requestBuilder.setSigningVault(signingVault);
        requestBuilder.setAudience(audience);

        Document consumerStsRequestDocument = requestBuilder.build();

        /**
         * Send request over netværk
         */
        String consumerStsRequestXml = XmlUtil.node2String(consumerStsRequestDocument, false, false);
        consumerStsRequestDocument = readXml(System.getProperties(), consumerStsRequestXml, false);

        /**
         *  STS modtager request
         */
        JWTToIdentityTokenRequest stsRequest = factory.createJWTToIdentityTokenRequestModelBuilder().build(consumerStsRequestDocument);

        // Her vil STS'en verificere JSon Web Token. I dette eksempel verificeres følgende tre attributter:
        final Jws<Claims> claimsJws = JwtParser(signingVault).parseClaimsJws(stsRequest.getJsonWebToken());
        Assert.assertEquals(sub, claimsJws.getBody().get("sub", String.class));
        Assert.assertEquals(acr, claimsJws.getBody().get("acr", String.class));
        Assert.assertEquals(cpr, claimsJws.getBody().get("cpr", String.class));

        /**
         *  STS bygger response
         */

        // Byg IdentityToken
        CitizenIdentityTokenBuilder identityTokenBuilder = factory.createCitizenIdentityTokenBuilder();
        identityTokenBuilder.setAudienceRestriction("http://fmk-online.dk");
        identityTokenBuilder.setRecipientURL("https://fmk");
        identityTokenBuilder.setIssuer("Issuer");
        identityTokenBuilder.setNotBefore(notBefore);
        identityTokenBuilder.setNotOnOrAfter(notOnOrAfter);
        identityTokenBuilder.setDeliveryNotOnOrAfter(notOnOrAfter);
        identityTokenBuilder.setCprNumberAttribute(cpr);
        identityTokenBuilder.setSubjectNameID("SubjectNameID");
        identityTokenBuilder.setSubjectNameIDFormat("SubjectNameIDFormat");
        identityTokenBuilder.setHolderOfKeyCertificate(holderOfKeyVault.getSystemCredentialPair().getCertificate());
        identityTokenBuilder.setSigningVault(signingVault);

        IdentityToken identityToken = identityTokenBuilder.build();

        // Byg STS response
        OIOBootstrapToIdentityTokenResponseDOMBuilder responseBuilder = factory.createOIOBootstrapToIdentityTokenResponseDOMBuilder();
        responseBuilder.setIdentityToken(identityToken);
        responseBuilder.setSigningVault(holderOfKeyVault);
        responseBuilder.setRelatesTo("relatesTo");
        responseBuilder.setContext("context");

        Document consumerStsResponseDocument = responseBuilder.build();

        /**
         *  Send response over netværk
         */
        String consumerStsResponseXml = XmlUtil.node2String(consumerStsResponseDocument, false, false);
        consumerStsResponseDocument = readXml(System.getProperties(), consumerStsResponseXml, false);

        /**
         *  Consumer modtager response
         */
        OIOBootstrapToIdentityTokenResponse consumerStsResponse = factory.createOIOBootstrapToIdentityTokenResponseModelBuilder().build(consumerStsResponseDocument);

        IdentityToken identityTokenResponse = consumerStsResponse.getIdentityToken();
        Assert.assertEquals("DK-SAML-2.0", identityTokenResponse.getSpecVersion());
        Assert.assertEquals("http://fmk-online.dk", identityTokenResponse.getAudienceRestriction());
        Assert.assertEquals(cpr, identityTokenResponse.getCpr());
    }

    private static JwtParser JwtParser(CredentialVault signingVault) {
        return Jwts.parser()
                .setSigningKeyResolver(new SigningKeyResolver() {
                    @Override
                    public Key resolveSigningKey(JwsHeader jwsHeader, Claims claims) {
                        return signingVault.getSystemCredentialPair().getCertificate().getPublicKey();
                    }

                    @Override
                    public Key resolveSigningKey(JwsHeader jwsHeader, byte[] bytes) {
                        throw new UnsupportedOperationException("Method not implemented");
                    }
                })
                .build();
    }
}