/*
 * Copyright 2002-2016 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package org.springframework.integration.security.channel;

import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;

import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.access.SecurityConfig;
import org.springframework.util.Assert;
import org.springframework.util.ObjectUtils;
import org.springframework.util.StringUtils;

/**
 * Creates the {@link ConfigAttribute}s for secured channel
 * send and receive operations based on simple String values.
 *
 * @author Mark Fisher
 * @author Oleg Zhurakousky
 * @author Artem Bilan
 */
public class DefaultChannelAccessPolicy implements ChannelAccessPolicy {

	private final Collection<ConfigAttribute> configAttributeDefinitionForSend;

	private final Collection<ConfigAttribute> configAttributeDefinitionForReceive;


	/**
	 * Create an access policy instance. The provided 'sendAccess' and 'receiveAccess'
	 * values may be a single String or a comma-delimited list of values. All whitespace
	 * will be trimmed. A <code>null</code> value indicates that the policy does not
	 * apply for either send or receive access type. At most one of the values may be null.
	 * @param sendAccess The send access value(s).
	 * @param receiveAccess The receive access value(s).
	 */
	public DefaultChannelAccessPolicy(String sendAccess, String receiveAccess) {
		boolean sendAccessDefined = StringUtils.hasText(sendAccess);
		boolean receiveAccessDefined = StringUtils.hasText(receiveAccess);
		Assert.isTrue(sendAccessDefined || receiveAccessDefined,
				"At least one of 'sendAccess' and 'receiveAccess' must not be null and have at least one entry.");
		if (sendAccessDefined) {
			String[] sendAccessValues = StringUtils.commaDelimitedListToStringArray(sendAccess);
			this.configAttributeDefinitionForSend = new HashSet<ConfigAttribute>();
			for (String sendAccessValue : sendAccessValues) {
				this.configAttributeDefinitionForSend.add(new SecurityConfig(StringUtils.trimAllWhitespace(sendAccessValue)));
			}
		}
		else {
			this.configAttributeDefinitionForSend = Collections.emptySet();
		}
		if (receiveAccessDefined) {
			String[] receiveAccessValues = StringUtils.commaDelimitedListToStringArray(receiveAccess);
			this.configAttributeDefinitionForReceive = new HashSet<ConfigAttribute>();
			for (String receiveAccessValue : receiveAccessValues) {
				this.configAttributeDefinitionForReceive.add(new SecurityConfig(StringUtils.trimAllWhitespace(receiveAccessValue)));
			}
		}
		else {
			this.configAttributeDefinitionForReceive = Collections.emptySet();
		}
	}

	/**
	 * Create an access policy instance. A <code>null</code> value indicates that the policy does not
	 * apply for either send or receive access type. At most one of the values may be null.
	 * Typically is used for the values from the {@link SecuredChannel}
	 * @param sendAccess The send access values.
	 * @param receiveAccess The receive access values.
	 * @since 4.2
	 */
	public DefaultChannelAccessPolicy(String[] sendAccess, String[] receiveAccess) {
		boolean sendAccessDefined = !ObjectUtils.isEmpty(sendAccess);
		boolean receiveAccessDefined = !ObjectUtils.isEmpty(receiveAccess);
		Assert.isTrue(sendAccessDefined || receiveAccessDefined,
				"At least one of 'sendAccess' and 'receiveAccess' must not be null.");
		if (sendAccessDefined) {
			this.configAttributeDefinitionForSend = new HashSet<ConfigAttribute>();
			for (String sendAccessValue : sendAccess) {
				this.configAttributeDefinitionForSend.add(new SecurityConfig(sendAccessValue));
			}
		}
		else {
			this.configAttributeDefinitionForSend = Collections.emptySet();
		}
		if (receiveAccessDefined) {
			this.configAttributeDefinitionForReceive = new HashSet<ConfigAttribute>();
			for (String receiveAccessValue : receiveAccess) {
				this.configAttributeDefinitionForReceive.add(new SecurityConfig(receiveAccessValue));
			}
		}
		else {
			this.configAttributeDefinitionForReceive = Collections.emptySet();
		}
	}


	@Override
	public Collection<ConfigAttribute> getConfigAttributesForSend() {
		return this.configAttributeDefinitionForSend;
	}

	@Override
	public Collection<ConfigAttribute> getConfigAttributesForReceive() {
		return this.configAttributeDefinitionForReceive;
	}

}