/*
   jGuard is a security framework based on top of jaas (java authentication and authorization security).
   it is written for web applications, to resolve simply, access control problems.
   version $Name$
   http://sourceforge.net/projects/jguard/
   
   Copyright (C) 2004  Charles GAY
   
   This library is free software; you can redistribute it and/or
  modify it under the terms of the GNU Lesser General Public
  License as published by the Free Software Foundation; either
  version 2.1 of the License, or (at your option) any later version.
  
  This library is distributed in the hope that it will be useful,
  but WITHOUT ANY WARRANTY; without even the implied warranty of
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  Lesser General Public License for more details.
  
  You should have received a copy of the GNU Lesser General Public
  License along with this library; if not, write to the Free Software
  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  
  
  jGuard project home page:
  http://sourceforge.net/projects/jguard/
  
  */
  package net.sf.jguard.ext.authorization.manager;
  
  import net.sf.jguard.core.authorization.manager.AuthorizationManager;
  import java.io.FileWriter;
  import java.io.IOException;
  import java.io.OutputStream;
  import java.security.Permission;
  import java.security.Principal;
  import java.util.ArrayList;
  import java.util.Arrays;
  import java.util.Collection;
  import java.util.HashSet;
  import java.util.Iterator;
  import java.util.List;
  import java.util.Map;
  import java.util.Set;
  
  import java.util.logging.Level;
  import net.sf.jguard.core.CoreConstants;
  import net.sf.jguard.core.PolicyEnforcementPointOptions;
  import net.sf.jguard.core.authorization.permissions.Domain;
  import net.sf.jguard.core.authorization.permissions.JGPermissionCollection;
  import net.sf.jguard.core.authorization.permissions.PermissionUtils;
  import net.sf.jguard.core.principals.RolePrincipal;
  import net.sf.jguard.core.authorization.AuthorizationException;
  import net.sf.jguard.core.principals.PrincipalUtils;
  import net.sf.jguard.core.util.XMLUtils;
  
  import org.dom4j.Attribute;
  import org.dom4j.Document;
  import org.dom4j.Element;
  import org.dom4j.QName;
  import org.dom4j.io.HTMLWriter;
  import org.dom4j.io.OutputFormat;
  import org.dom4j.io.XMLWriter;
  import org.dom4j.util.UserDataAttribute;
  import org.slf4j.Logger;
  import org.slf4j.LoggerFactory;
  
  
  /**
   * AuthorizationManager implementation which enable Permission Management with an XML backend.
   * @author <a href="mailto:diabolo512@users.sourceforge.net">Charles Gay</a>
   * @author <a href="mailto:vinipitta@users.sourceforge.net">Vinicius Pitta Lima de Araujo</a>
   */
  public class XmlAuthorizationManager extends AbstractAuthorizationManager implements AuthorizationManager{
  	/** Logger for this class */
  	private static final Logger logger = LoggerFactory.getLogger(XmlAuthorizationManager.class.getName());
  
      private Element root;
      private Document document = null;
      private String fileLocation;
  
  
  
      /**
       * initialize this XML AuthorizationManager.
       * @param options
       * @see net.sf.jguard.ext.authorization.manager.AuthorizationManager#init(java.util.Properties)
       */
      public XmlAuthorizationManager(Map options) {
      	super(options);
      	String applicationName= (String)options.get(PolicyEnforcementPointOptions.APPLICATION_NAME.getLabel());
      	this.setApplicationName(applicationName);
      	super.options = options;
          fileLocation = (String)options.get(CoreConstants.AUTHORIZATION_XML_FILE_LOCATION);
          if(fileLocation ==null ||"".equals(fileLocation)){
          	throw new IllegalArgumentException(CoreConstants.AUTHORIZATION_XML_FILE_LOCATION+" argument for XMLAuthorizationManager is null or empty "+fileLocation);
          }
          init();
  
      }
 
 
 	/**
 	 * initialize permissions and Principals.
 	 */
 	private void init()  {
         //remove white spaces on both ends
         fileLocation = fileLocation.trim();
         //replace the white space remaining in the internal string structure
         // by the '%20' pattern
         fileLocation = fileLocation.replaceAll(" ","%20");
 
         if(logger.isDebugEnabled()){
         	logger.debug("fileLocation="+fileLocation);
         }
 		document =  XMLUtils.read(fileLocation);
 		root = document.getRootElement();
 
 		initPermissions();
 		initPrincipals();
 	}
 
 
 	/**
      * build Principals and associate to them their permissions.
 	 */
 	private void initPrincipals() {
 
 		 Element principalsElement  = root.element("principals");
             //convert a List into a Set because it is a functional requirement
             //=> you can't have two same principals
 		    List principalsElementList = principalsElement.elements("principal");
 		    Iterator itPrincipals = principalsElementList.iterator();
 
 		    while(itPrincipals.hasNext()){
 		        Element principalElement = (Element)itPrincipals.next();
 		        String className = principalElement.element("class").getStringValue();
 		        String name = null;
 		        
 		        if(className.equals(RolePrincipal.class.getName())){
 		        	name = RolePrincipal.getName(principalElement.element("name").getStringValue(), applicationName);
 		         
 		        }else{
 		        	name = principalElement.element("name").getStringValue();
 		        }
 		        Principal ppal = PrincipalUtils.getPrincipal(className,name);
 		        if(className.equals(RolePrincipal.class.getName())){
 		        	buildJGuardPrincipal(principalElement, ppal);	
 		        }
 		        //add principal created to the Principals Set
 		        principalsSet.add(ppal);
                 //add principal created to the principals map
                 principals.put(getLocalName(ppal),ppal);
 		    }
 
 		    assemblyHierarchy();
 	}
 
 
 	/**
      * build permissions and domain maps.
 	 */
 	private void initPermissions() {
 
          Element domainsElement = root.element("permissions");
          List domainsElementList = domainsElement.elements("domain");
 		Iterator itDomains = domainsElementList.iterator();
 
 		while(itDomains.hasNext()){
 		    Element domainElement = (Element)itDomains.next();
 		    String id = domainElement.element("name").getStringValue();
 		    JGPermissionCollection domain = new Domain(id);
                     //add the new domain to the set
                     domainsSet.add(domain);
                     // add the new domain to the map
                     domains.put(id,domain);
                     
 		    //permissions domain's Set
 		    Set permissionsDomain = new HashSet();
 		    //dom4j elements list
 		    List permissionsElementList = domainElement.elements("permission");
 		    Iterator itPermissions = permissionsElementList.iterator();
 
 		    //iterate over domain's permissions
 		    while(itPermissions.hasNext()){
                       Element permissionElement = (Element)itPermissions.next();
                       Element actionsElement = permissionElement.element("actions");
                       List actionsList = actionsElement.elements();
                       Iterator itActions = actionsList.iterator();
                       StringBuffer sbActions = new StringBuffer();
                       int i = 0;
                       while(itActions.hasNext()){
                 	 String actionTemp = ((Element)itActions.next()).getText();
                 	 if(i!=0){
                 	   sbActions.append(',');
                 	 }
                 	 sbActions.append(actionTemp);
                 	 i++;
                       }
                       String actions = sbActions.toString();
 		      String permissionName= permissionElement.element("name").getTextTrim();
 
 		        String className = ((Element)permissionElement.element("class")).getTextTrim();
 		        Permission perm = null;
 				try {
 					perm = PermissionUtils.getPermission(className,permissionName,actions);
 				} catch (ClassNotFoundException e) {
 					logger.warn(e.getMessage());
 					continue;
 				}
                 //add the permission to her domain
                 domain.add(perm);
 
 		        //add the permission to the global map
 		        permissions.put(perm.getName(),perm);
                 permissionsSet.add(perm);
 		        //add the permission to the domain' permissions list
 		        permissionsDomain.add(perm);
 
 		    }
 		    //add to the map the domain's id and his permissions
 		    domainsPermissions.put(id,permissionsDomain);
 		}
 		super.urlp.addAll(permissionsSet);
 	}
 
     /**
      * return needed initialization parameters.
 	 * @see net.sf.jguard.ext.authorization.manager.AuthorizationManager#getInitParameters()
 	 */
 	public List getInitParameters() {
         String[] authorizationParams = {"fileLocation"};
        return Arrays.asList(authorizationParams);
 	}
 
     /**
      * create an URLPermission int the corresponding backend.
      * @param permission Permission
      * @throws AuthorizationException
      * @see net.sf.jguard.ext.authorization.manager.AuthorizationManager#createPermission(java.security.Permission, java.lang.String)
      */
      public void createPermission(Permission permission,String domainName) throws AuthorizationException {
 	     String[] actions = permission.getActions().split(",");
 
          Element domainElement = (Element)root.selectSingleNode("//domain[name='"+domainName+"']");
          //add the permissionElement reference to the domainElement
          Element permissionElement = domainElement.addElement("permission");
          Element nameElement = permissionElement.addElement("name");
          nameElement.setText(permission.getName());
          Element classElement = permissionElement.addElement("class");
          classElement.setText(permission.getClass().getName());
          Element actionsElement = permissionElement.addElement("actions");
          for(int i= 0;i<actions.length;i++){
         	 Element actionElement = actionsElement.addElement("action");
         	 actionElement.setText(actions[i]);
          }
 
          //we retrieve the domain corresponding to the domainName
          //and linking together the URLPermission newly created
          //and it
          permissions.put(permission.getName(),permission);
          permissionsSet.add(permission);
          urlp.add(permission);
          //add the permission to the Domain
          ((JGPermissionCollection)domains.get(domainName)).add(permission);
 
          try {
             XMLUtils.write(fileLocation,document);
         } catch (IOException e) {
             logger.error( "error when create permission "+permission,e);
         }
 
     }
 
      /**
       * create a new domain.
       * @param domainName
       * @see net.sf.jguard.ext.authorization.manager.AuthorizationManager#createDomain(java.lang.String)
       */
      public void createDomain(String  domainName) throws AuthorizationException {
 
          Element domainsElement = (Element)root.selectSingleNode("//permissions");
           //add the permissionElement reference to the domainElement
           Element domainElement = domainsElement.addElement("domain");
           Element nameElement = domainElement.addElement("name");
           nameElement.setText(domainName);
           JGPermissionCollection domain = new Domain(domainName);
           domains.put(domainName,domain);
           domainsSet.add(domain);
          try {
         	 XMLUtils.write(fileLocation,document);
         } catch (IOException e) {
 			logger.error( "createDomain(String)", e);
         }
 
      }
     /**
      * replace the inital permission with the new one.
      * @param oldPermissionName old permission name
      * @param permission URLPermission updated
      * @param newDomainName
      * @see net.sf.jguard.ext.authorization.manager.AuthorizationManager#updatePermission(java.lang.String, java.security.Permission, java.lang.String)
      */
     public void updatePermission(String oldPermissionName, Permission permission,String newDomainName) throws AuthorizationException {
         //we set the real domain to the updated permission and not a dummy one
         deletePermission(oldPermissionName);
         createPermission(permission,newDomainName);
     }
 
 
     /**
      * remove the permission.
      * @param permissionName
      * @see net.sf.jguard.ext.authorization.manager.AuthorizationManager#deletePermission(java.lang.String)
      */
     public void deletePermission(String permissionName) throws AuthorizationException {
         Element permissionElement = (Element)root.selectSingleNode("//permission[name='"+permissionName+"']");
         Element domainElement = (Element)root.selectSingleNode("//permission[name='"+permissionName+"']/..");
         domainElement.remove(permissionElement);
         Permission oldPermission = (Permission)permissions.remove(permissionName);
         Domain domain = getDomain(oldPermission);
         domain.removePermission(oldPermission);
         permissions.remove(oldPermission.getName());
         permissionsSet.remove(oldPermission);
         urlp.removePermission(oldPermission);
         removePermissionFromPrincipals(permissionName);
         updatePrincipals(domain);
 
         try {
         	XMLUtils.write(fileLocation,document);
         } catch (IOException e) {
 			logger.error( "deletePermission(String)", e);
         }
     }
 
 
     /**
      * delete domain
      * @param domainName name to delete
      * @see net.sf.jguard.ext.authorization.manager.AuthorizationManager#deleteDomain(java.lang.String)
      */
     public void deleteDomain(String domainName) throws AuthorizationException {
         domains.remove(domainName);
         domainsSet.remove(new Domain(domainName));
         Element domainsElement = (Element)root.selectSingleNode("//permissions");
         Element domainElement = (Element)domainsElement.selectSingleNode("//domain[name='"+domainName+"']");
         domainsElement.remove(domainElement);
         super.removeDomainFromPrincipals(domainName);
         try {
         	XMLUtils.write(fileLocation,document);
         } catch (IOException e) {
 			logger.error( "deleteDomain(String)", e);
         }
 
     }
 
 
     /**
      * create a new Role/principal
      * @param principal principal/role to create
      * @see net.sf.jguard.ext.authorization.manager.AuthorizationManager#createPrincipal(net.sf.jguard.core.principals.RolePrincipal)
      */
     public void createPrincipal(Principal principal) throws AuthorizationException {
         Element principalsElement = root.element("principals");
         //add the permissionElement reference to the domainElement
         Element principalElement = principalsElement.addElement("principal");
         Element nameElement = principalElement.addElement("name");
         //add 'class' Element
         Element classElement = principalElement.addElement("class");
         classElement.setText(principal.getClass().getName());
 
         nameElement.setText(getLocalName(principal));
         principals.put(getLocalName(principal),principal);
         principalsSet.add(principal);
         if (principal.getClass().equals(RolePrincipal.class)){
           RolePrincipal ppal = (RolePrincipal)principal;
 	      insertPermissionsAndInheritance(principalElement, ppal);
         }
 
        try {
     	   XMLUtils.write(fileLocation,document);
       } catch (IOException e) {
 			logger.error( "createRole(RolePrincipal)", e);
       }
 
     }
 
 	private void insertPermissionsAndInheritance(Element principalElement, RolePrincipal ppal) {
 		//add the orphaned permissions to the XML file
 		Element permsRefElement = principalElement.addElement("permissionsRef");
 		Set orphanedPerms = ppal.getOrphanedPermissions();
 		Iterator orphanedPermsIterator = orphanedPerms.iterator();
 		while(orphanedPermsIterator.hasNext()){
 		    Permission perm = (Permission)orphanedPermsIterator.next();
 		    Element permRef = permsRefElement.addElement("permissionRef");
 		    //add the name attribute
 		    Attribute nameAttribute = new UserDataAttribute(new QName("name"));
 		    nameAttribute.setValue(perm.getName());
 		    permRef.add(nameAttribute);
 		}
 
 		//add the permissions from domains to the XML file
 		Set doms = ppal.getDomains();
 		Iterator PermsFromDomainsIterator = doms.iterator();
 		while(PermsFromDomainsIterator.hasNext()){
 		    Domain dom = (Domain)PermsFromDomainsIterator.next();
 		    Element permRef = permsRefElement.addElement("domainRef");
 		    //add the name attribute
 		    Attribute nameAttribute = new UserDataAttribute(new QName("name"));
 		    nameAttribute.setValue(dom.getName());
 		    permRef.add(nameAttribute);
 		}
 
 		//role inheritance is only supported by RolePrincipal
 		if(ppal.getDescendants().size() > 0) {
 		        Element descendants = principalElement.addElement("descendants");
 
 		        //add the descendants of this role
 		        for (Iterator descendantsIterator = ppal.getDescendants().iterator();
 		            descendantsIterator.hasNext(); ) {
 		            Element principalRef = descendants.addElement("principalRef");
 
 		            Attribute nameAttribute = new UserDataAttribute(new QName("name"));
 		            nameAttribute.setValue(((RolePrincipal) descendantsIterator.next()).getLocalName());
 		            principalRef.add(nameAttribute);
 		        }
 		}
 	}
 
     /**
      * remove the corrspoding principal/role
      * @param principal name
      * @see net.sf.jguard.ext.authorization.manager.AuthorizationManager#deletePrincipal(java.security.Principal)
      */
     public void deletePrincipal(Principal principal) throws AuthorizationException {
     	if(principal==null){
     		throw new IllegalArgumentException("principal parameter is null ");
     	}
         Principal ppalReference = (Principal)principals.remove(getLocalName(principal));
         if((ppalReference==null)){
         	logger.warn(" there is no principal intitled "+principal.getName()+" to delete");
         	return;
         }
         principalsSet.remove(ppalReference);
         Element principalsElement = root.element("principals");
         Element principalElement = (Element)principalsElement.selectSingleNode("//principal[name='"+getLocalName(principal)+"']");
         principalsElement.remove(principalElement);
         if(ppalReference.getClass().equals(RolePrincipal.class)){
           deleteReferenceInHierarchy((RolePrincipal)ppalReference);
           //delete all the references of this principal
           XMLUtils.deletePrincipalRefs(root,(RolePrincipal)ppalReference);
         }
         try {
         	XMLUtils.write(fileLocation,document);
         } catch (IOException e) {
 			logger.error( "deleteRole(String)", e);
         }
     }
 
 
 
     /**
      * update the specified Domain.
      * @param newName new name for the corresponding Domain
      * @param oldName old name for the corresponding Domain
      * @see net.sf.jguard.ext.authorization.manager.AuthorizationManager#updateDomain(java.lang.String, java.lang.String)
      */
     public void updateDomain(String newName, String oldName) throws AuthorizationException {
 
         Domain domain = (Domain)domains.get(oldName);
         domains.remove(oldName);
         domainsSet.remove(domain);
         domain.setName(newName);
         domains.put(domain.getName(),domain);
         domainsSet.add(domain);
         this.updatePrincipals(domain, oldName);
         Element domainsElement = (Element)root.selectSingleNode("//permissions");
         Element domainElement = (Element)domainsElement.selectSingleNode("//domain[name='"+oldName+"']");
         Element name =domainElement.element("name");
         name.setText(newName);
         try {
         	XMLUtils.write(fileLocation,document);
         } catch (IOException e) {
 			logger.error( "updateDomain(String, String)", e);
         }
     }
 
     /**
      * update a principal
      * @param oldPrincipalName name of the principal to be replaced
      * @param principal new principal
      * @see net.sf.jguard.ext.authorization.manager.AuthorizationManager#updatePrincipal(java.lang.String, net.sf.jguard.core.principals.RolePrincipal)
      */
     public void updatePrincipal(String oldPrincipalName, Principal principal) throws AuthorizationException {
         Principal oldPal = (Principal)principals.remove(oldPrincipalName);
         if(oldPal==null){
         	logger.warn(" principal "+oldPrincipalName+" cannot be updated because it does not exists ");
         	return;
         }
         principalsSet.remove(oldPal);
         principals.put(getLocalName(principal),principal);
         principalsSet.add(principal);
 
         try {
         	XMLUtils.write(fileLocation,document);
         } catch (IOException e) {
 			logger.error( "updateRole(String, RolePrincipal)", e);
         }
     }
 
 
 
 
 
         /**
 	 * add permissions and domains references to RolePrincipal.
 	 * @param principalElement
 	 * @param ppal
 	 */
 	private void buildJGuardPrincipal(Element principalElement, Principal ppal) {
 		RolePrincipal rolePrincipal = (RolePrincipal)ppal;
 		Element pel = principalElement.element("permissionsRef");
 		Collection domainsPrincipal = pel.elements("domainRef");
 		Iterator itDomainsPrincipal = domainsPrincipal.iterator();
         //domains names owned by this principal
         Set domainNames = new HashSet();
 
 		//iterate over principal's domains
 		while(itDomainsPrincipal.hasNext()){
 		    Element domainElement = (Element)itDomainsPrincipal.next();
 		    String domainName = domainElement.attributeValue("name");
 		    JGPermissionCollection domain = (JGPermissionCollection)domains.get(domainName);
 
 		    if(domain==null){
                         logger.warn("initPrincipals() - principal "
                                 + rolePrincipal.getLocalName()
                                 + " refers to a unknown domain name :"
                                 + domainName);
 		    }
                     
 		    if(!domainNames.contains(domainName)){
 			    domainNames.add(domainName);
 			    permissionsSet.addAll(domain.getPermissions());
 			    urlp.addAll(domain.getPermissions());
 			    rolePrincipal.addDomain(domain);
 		    }
 		}
 
 
 		Collection permissionsPrincipal = pel.elements("permissionRef");
 		Iterator itPermissionsPrincipal = permissionsPrincipal.iterator();
 
 		//iterate over permissions defined and add them to the principal permissions Set
 		while(itPermissionsPrincipal.hasNext()){
 		    Element perm = (Element)itPermissionsPrincipal.next();
 		    String permissionName=perm.attributeValue("name");
                     Permission permission = (Permission)permissions.get(permissionName);
                     if(permission==null){
                         logger.warn("initPrincipals() - principal "
 							+ rolePrincipal.getName()
 							+ " refers to a unknown permission name :"
 							+ permissionName);
                         
                         continue;
                     }
 		    permissionsSet.add(permission);
 		    urlp.add(permission);
 		    rolePrincipal.addPermission(permission);
 		    
 		}
 		//store the links between ascendants
         Element descendants = principalElement.element("descendants");
         if (descendants != null) {
         	  List descendantsElements = descendants.elements("principalRef");
         	  Iterator itDescendantsElements = descendantsElements.iterator();
         	  Collection descendantsNames = new ArrayList();
               while(itDescendantsElements.hasNext()){
                     Element descentantItem = (Element)itDescendantsElements.next();
                     descendantsNames.add(principals.get(descentantItem.attributeValue("name")));
               }
 
               hierarchyMap.put(getLocalName(rolePrincipal),descendantsNames);
         }
 	}
 
 	/**
 	 * @return <i>true</i> if there is no principals and no permissions.
 	 * <i>false</i> otherwise.
 	 */
 	public boolean isEmpty() {
         List principalsList = root.selectNodes("//principal");
         List permissions = root.selectNodes("//permissions");
         if(!principalsList.isEmpty()&&!permissions.isEmpty()){
             return false;
         }
 		return true;
 	}
 	
 	public String exportAsXMLString(){
 		return this.document.asXML();
 	}
 
 	public void writeAsHTML(OutputStream outputStream) throws IOException {
 		 HTMLWriter writer = new HTMLWriter(outputStream,OutputFormat.createPrettyPrint());
 		 writer.write(this.document);
 		 writer.flush();
 		
 	}
 	
 	public void writeAsXML(OutputStream outputStream, String encodingScheme) throws IOException  {
 		   OutputFormat outformat = OutputFormat.createPrettyPrint();
 		   outformat.setEncoding(encodingScheme);
 		   XMLWriter writer = new XMLWriter(outputStream, outformat);
 		   writer.write(this.document);
 		   writer.flush();
 	}
 	public void exportAsXMLFile(String fileName) throws IOException {
 		XMLWriter xmlWriter = new XMLWriter(new FileWriter(fileName), OutputFormat.createPrettyPrint());
 		xmlWriter.write(document);
 		xmlWriter.close();
 	}
 
     public void refresh() {
         
     }
 
 }