/**
 * Licensed to the Apache Software Foundation (ASF) under one
 * or more contributor license agreements. See the NOTICE file
 * distributed with this work for additional information
 * regarding copyright ownership. The ASF licenses this file
 * to you under the Apache License, Version 2.0 (the
 * "License"); you may not use this file except in compliance
 * with the License. You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing,
 * software distributed under the License is distributed on an
 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 * KIND, either express or implied. See the License for the
 * specific language governing permissions and limitations
 * under the License.
 */

package org.apache.cxf.sts.cache;

import java.time.Duration;
import java.time.Instant;
import java.util.Collection;
import java.util.concurrent.TimeUnit;

import com.hazelcast.core.Hazelcast;
import com.hazelcast.core.HazelcastInstance;
import com.hazelcast.core.IMap;

import org.apache.cxf.common.util.StringUtils;
import org.apache.cxf.helpers.CastUtils;
import org.apache.cxf.ws.security.tokenstore.SecurityToken;
import org.apache.cxf.ws.security.tokenstore.TokenStore;

public class HazelCastTokenStore implements TokenStore {

    public static final long DEFAULT_TTL = 3600L;
    public static final long MAX_TTL = DEFAULT_TTL * 12L;

    private IMap<Object, Object> cacheMap;

    private long ttl = DEFAULT_TTL;
    private HazelcastInstance hazelcastInstance;
    private String mapName;

    public HazelCastTokenStore(String mapName) {
        this.mapName = mapName;
    }

    /**
     * Get the Hazelcast instance
     * If null, return Default instance
     * @param hzInstance Hazelcast instance
     */
    public HazelcastInstance getHazelcastInstance() {
        if (hazelcastInstance == null) {
            hazelcastInstance = Hazelcast.newHazelcastInstance();
        }
        return hazelcastInstance;
    }

    /**
     * Set the Hazelcast instance, otherwise default instance used
     * If you configure Hazelcast instance in spring, you must inject the instance here.
     * @param hzInstance Hazelcast instance
     */
    public void setHazelcastInstance(HazelcastInstance hazelcastInstance) {
        this.hazelcastInstance = hazelcastInstance;
    }

    /**
     * Set a new (default) TTL value in seconds
     * @param newTtl a new (default) TTL value in seconds
     */
    public void setTTL(long newTtl) {
        ttl = newTtl;
    }

    /**
     * Get the (default) TTL value in seconds
     * @return the (default) TTL value in seconds
     */
    public long getTTL() {
        return ttl;
    }

    public void add(SecurityToken token) {
        if (token != null && !StringUtils.isEmpty(token.getId())) {
            int parsedTTL = getTTL(token);
            if (parsedTTL > 0) {
                getCacheMap().put(token.getId(), token, parsedTTL, TimeUnit.SECONDS);
            }
        }
    }

    public void add(String identifier, SecurityToken token) {
        if (token != null && !StringUtils.isEmpty(identifier)) {
            int parsedTTL = getTTL(token);
            if (parsedTTL > 0) {
                getCacheMap().put(identifier, token, parsedTTL, TimeUnit.SECONDS);
            }
        }
    }

    public void remove(String identifier) {
        if (!StringUtils.isEmpty(identifier) && getCacheMap().containsKey(identifier)) {
            getCacheMap().remove(identifier);
        }
    }

    public Collection<String> getTokenIdentifiers() {
        return CastUtils.cast((Collection<?>)getCacheMap().keySet());
    }

    public SecurityToken getToken(String identifier) {
        return (SecurityToken)getCacheMap().get(identifier);
    }

    public void destroy() {
        if (hazelcastInstance != null) {
            hazelcastInstance.getLifecycleService().shutdown();
        }
    }

    private int getTTL(SecurityToken token) {
        int parsedTTL = 0;
        if (token.getExpires() != null) {
            Instant expires = token.getExpires();
            Instant now = Instant.now();
            if (expires.isBefore(now)) {
                return 0;
            }
            
            Duration duration = Duration.between(now, expires);

            parsedTTL = (int)duration.getSeconds();
            if (duration.getSeconds() != (long)parsedTTL || parsedTTL > MAX_TTL) {
                // Default to configured value
                parsedTTL = (int)ttl;
                if (ttl != (long)parsedTTL) {
                    // Fall back to 60 minutes if the default TTL is set incorrectly
                    parsedTTL = 3600;
                }
            }
        } else {
            // Default to configured value
            parsedTTL = (int)ttl;
            if (ttl != (long)parsedTTL) {
                // Fall back to 60 minutes if the default TTL is set incorrectly
                parsedTTL = 3600;
            }
        }
        return parsedTTL;
    }

    private IMap<Object, Object> getCacheMap() {
        if (this.cacheMap == null) {
            this.cacheMap = getHazelcastInstance().getMap(mapName);
        }
        return this.cacheMap;
    }

}