/*
 * Copyright (c) 2008-2016 Computer Network Information Center (CNIC), Chinese Academy of Sciences.
 * 
 * This file is part of Duckling project.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *   http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License. 
 *
 */
package cn.vlabs.umt.ui.jsapi;

import java.io.IOException;
import java.util.Date;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.json.simple.JSONObject;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;

import cn.vlabs.umt.services.certificate.DucklingCertificate;
import cn.vlabs.umt.services.certificate.ICertificateService;
import cn.vlabs.umt.services.user.bean.LoginInfo;
import cn.vlabs.umt.ui.UMTContext;

/**
 * 用户证书管理Servlet
 */
@Controller
@RequestMapping("/api/certificate/**")
public class APICertificateController extends APIBaseServlet {
	@Autowired
	private ICertificateService certs ;
	
	private String checkURI(HttpServletRequest request,
			HttpServletResponse response) throws IOException {
		String[] parts = getURI(request).split("/");
		if (parts.length != 3) {
			sayWrongURL(response, "URL错误,必须使用/api/certificate/{username}形式的URL");
			return null;
		}
		String cstnetId = parts[2];
		LoginInfo loginInfo = UMTContext
				.getLoginInfo(request.getSession(false));
		if (loginInfo == null || loginInfo.getUser() == null
				|| !cstnetId.equals(loginInfo.getUser().getCstnetId())) {
			sayNoAccess(response,  "用户没有权限访问这个内容。");
			return null;
		}
		return cstnetId;
	}

	private void doGetCertificate(HttpServletResponse response,
			String cstnetId, boolean isFull) throws IOException {
		DucklingCertificate certificate = certs
				.getCertificate(cstnetId);
		if (certificate == null) {
			sayNotFound(response, "没有找到该用户的证书。");
			return;
		}
		JSONObject object = new JSONObject();
		object.put("cstnetId", certificate.getCstnetId());
		object.put("dn", certificate.getDn());
		object.put("registTime", certificate.getRegistTime().getTime());
		object.put("pubCert", certificate.getPubCert());
		if (isFull) {
			object.put("fullCert", certificate.getFullCert());
		}
		saySuccess(response, object);
	}

	private String getURI(HttpServletRequest request){
		int startIndex = request.getRequestURI().indexOf("api/certificate");
		return request.getRequestURI().substring(startIndex);
	}

	/**
	 * 删除证书(只允许更新用户自己的证书) /api/certificate/{username} 删除用户的所有证书
	 */
	@RequestMapping(method=RequestMethod.DELETE)
	public void doDelete(HttpServletRequest request,
			HttpServletResponse response) throws ServletException, IOException {
		String cstnetId = checkURI(request, response);
		if (cstnetId != null) {
			certs.deleteCertificate(cstnetId);
			saySuccess(response, new JSONObject());
		}
	}

	/**
	 * 下载证书 /api/certificate/{username} 下载公钥 /aip/certificate/{username}/full
	 * 下载完整版本的证书
	 */
	@RequestMapping(method=RequestMethod.GET)
	public void doGet(HttpServletRequest request,
			HttpServletResponse response) throws ServletException, IOException {
		String uri = getURI(request);
		String[] parts = uri.split("/");
		switch (parts.length) {
		case 4:
			if (!parts[3].equals("full")) {
				sayWrongURL(response,
						"URL错误,必须使用/api/certificate/{username}/full形式的URL");
				break;
			}
			LoginInfo loginInfo = UMTContext.getLoginInfo(request
					.getSession(false));
			if (loginInfo == null || loginInfo.getUser() == null
					|| !parts[2].equals(loginInfo.getUser().getCstnetId())) {
				sayNoAccess(response,  "用户没有权限访问这个内容。");
				break;
			}
			doGetCertificate(response, parts[2], true);
			break;
		case 3:
			doGetCertificate(response, parts[2], false);
			break;
		default:
			sayWrongURL(response,
					"URL错误,没有找到URL中的username部分(/api/certificate/{username}");
			break;
		}
	}

	/**
	 * 上传证书,如果已存在则进行更新(只允许更新自己的证书) /api/certificate/{username}
	 * 上传证书(只有公钥的部分和完整的部分)
	 */
	@RequestMapping(method=RequestMethod.POST)
	public void doPost(HttpServletRequest request,
			HttpServletResponse response) throws ServletException, IOException {
		String cstnetId = checkURI(request, response);

		if (cstnetId != null
				&& ensureParamExist(request, response, "dn", "pubCert",
						"fullCert")) {
			DucklingCertificate cert = new DucklingCertificate();
			cert.setCstnetId(cstnetId);
			cert.setDn(request.getParameter("dn"));
			cert.setFullCert(request.getParameter("fullCert"));
			cert.setPubCert(request.getParameter("pubCert"));
			cert.setRegistTime(new Date());
			certs.saveCertificate(cert);
			JSONObject message = new JSONObject();
			message.put("registTime", cert.getRegistTime().getTime());
			saySuccess(response, message);
		}
	}

}