/*
 * Licensed to the Apache Software Foundation (ASF) under one or more
 * contributor license agreements.  See the NOTICE file distributed with
 * this work for additional information regarding copyright ownership.
 * The ASF licenses this file to You under the Apache License, Version 2.0
 * (the "License"); you may not use this file except in compliance with
 * the License.  You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.apache.jackrabbit.core.security.user;

import org.apache.jackrabbit.api.security.principal.ItemBasedPrincipal;
import org.apache.jackrabbit.api.security.user.Impersonation;
import org.apache.jackrabbit.api.security.user.User;
import org.apache.jackrabbit.core.NodeImpl;
import org.apache.jackrabbit.core.PropertyImpl;
import org.apache.jackrabbit.core.security.authentication.CryptedSimpleCredentials;
import org.apache.jackrabbit.core.security.principal.AdminPrincipal;

import javax.jcr.Credentials;
import javax.jcr.RepositoryException;
import javax.jcr.Value;
import java.io.UnsupportedEncodingException;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;

/**
 * UserImpl
 */
public class UserImpl extends AuthorizableImpl implements User {

    private Principal principal;
    private Impersonation impersonation;

    protected UserImpl(NodeImpl node, UserManagerImpl userManager) {
        super(node, userManager);
    }

    //-------------------------------------------------------< Authorizable >---
    /**
     * @see org.apache.jackrabbit.api.security.user.Authorizable#isGroup()
     */
    public boolean isGroup() {
        return false;
    }

    /**
     * @see org.apache.jackrabbit.api.security.user.Authorizable#getPrincipal()
     */
    public Principal getPrincipal() throws RepositoryException {
        if (principal == null) {
            if (isAdmin()) {
                principal = new NodeBasedAdminPrincipal(getPrincipalName());
            } else {
                principal = new NodeBasedPrincipal(getPrincipalName());
            }
        }
        return principal;
    }

    //---------------------------------------------------------------< User >---
    /**
     * @see User#isAdmin()
     */
    public boolean isAdmin() {
        try {
            return userManager.isAdminId(getID());
        } catch (RepositoryException e) {
            // should never get here
            log.error("Internal error while retrieving UserID.", e);
            return false;
        }
    }

    public boolean isSystemUser() {
        return false;
    }

    /**
     * @see User#getCredentials()
     */
    public Credentials getCredentials() throws RepositoryException {
        try {
            String password = getNode().getProperty(P_PASSWORD).getString();
            return new CryptedSimpleCredentials(getID(), password);
        } catch (NoSuchAlgorithmException e) {
            throw new RepositoryException(e);
        } catch (UnsupportedEncodingException e) {
            throw new RepositoryException(e);
        }
    }

    /**
     * @see User#getImpersonation()
     */
    public Impersonation getImpersonation() throws RepositoryException {
        if (impersonation == null) {
            impersonation = new ImpersonationImpl(this, userManager);
        }
        return impersonation;
    }

    /**
     * @see User#changePassword(String)
     */
    public void changePassword(String password) throws RepositoryException {
        userManager.onPasswordChange(this, password);
        userManager.setPassword(getNode(), password, true);
        if (userManager.isAutoSave()) {
            getNode().save();
        }
    }

    /**
     * @see User#changePassword(String, String)
     */
    public void changePassword(String password, String oldPassword) throws RepositoryException {
        // make sure the old password matches.
        String pwHash = getNode().getProperty(P_PASSWORD).getString();
        if (!PasswordUtility.isSame(pwHash, oldPassword)) {
            throw new RepositoryException("Failed to change password: Old password does not match.");
        }
        changePassword(password);
    }

    /**
     * @see User#disable(String)
     */
    public void disable(String reason) throws RepositoryException {
        if (isAdmin()) {
            throw new RepositoryException("The administrator user cannot be disabled.");
        }
        if (reason == null) {
            if (isDisabled()) {
                // enable the user again.
                PropertyImpl disableProp = getNode().getProperty(P_DISABLED);
                userManager.removeProtectedItem(disableProp, getNode());
            } // else: nothing to do.
        } else {
            Value v = getSession().getValueFactory().createValue(reason);
            userManager.setProtectedProperty(getNode(), P_DISABLED, v);
        }
    }

    /**
     * @see User#isDisabled()
     */
    public boolean isDisabled() throws RepositoryException {
        return getNode().hasProperty(P_DISABLED);
    }

    /**
     * @see User#getDisabledReason()
     */
    public String getDisabledReason() throws RepositoryException {
        if (isDisabled()) {
            return getNode().getProperty(P_DISABLED).getString();
        } else {
            return null;
        }
    }

    //--------------------------------------------------------------------------
    /**
     *
     */
    private class NodeBasedAdminPrincipal extends AdminPrincipal implements ItemBasedPrincipal {

        public NodeBasedAdminPrincipal(String adminId) {
            super(adminId);
        }

        public String getPath() throws RepositoryException {
            return getNode().getPath();
        }
    }
}