/*
 * Copyright 2017 Red Hat, Inc.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *   http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.jboss.as.connector.metadata.common;

import java.util.Objects;

import org.jboss.as.connector.logging.ConnectorLogger;
import org.jboss.as.connector.metadata.api.common.Credential;
import org.jboss.jca.common.CommonBundle;
import org.jboss.jca.common.api.validator.ValidateException;
import org.jboss.logging.Messages;
import org.wildfly.common.function.ExceptionSupplier;
import org.wildfly.security.credential.PasswordCredential;
import org.wildfly.security.credential.source.CredentialSource;
import org.wildfly.security.password.interfaces.ClearPassword;

/**
 * Extension of {@link org.jboss.jca.common.metadata.common.CredentialImpl} with added Elytron support.
 *
 * @author Flavia Rainone
 */
public class CredentialImpl implements Credential {

    private static final long serialVersionUID = 7990943957924515091L;

    private static CommonBundle bundle = (CommonBundle) Messages.getBundle(CommonBundle.class);
    private final String userName;
    private final String password;
    private final String securityDomain;

    /**
     * Indicates if the Credential data belongs to Elytron or PicketBox.
     */
    private boolean elytronEnabled;

    private final ExceptionSupplier<CredentialSource, Exception> credentialSourceSupplier;

    /**
     * Create a new CredentialImpl.
     *
     * @param userName        user name
     * @param password        user password
     * @param securityContext specific information that helps implementation define which context this Credential belongs to
     * @param elytronEnabled  is the authentication performed by Elytron. If {@code true},  {@param securityContext}, defined as
     *                        securityDomain in super class, refers to an Elytron authentication context
     * @throws ValidateException ValidateException in case of validation error
     */
    public CredentialImpl(final String userName, final String password, final String securityContext, final boolean elytronEnabled,
                          final ExceptionSupplier<CredentialSource, Exception> credentialSourceSupplier)
            throws ValidateException {
        this.userName = userName;
        this.password = password;
        this.securityDomain = securityContext;
        this.elytronEnabled = elytronEnabled;
        this.credentialSourceSupplier = credentialSourceSupplier;

    }

    public void validate() throws ValidateException {
        if (this.userName != null && this.securityDomain != null) {
            throw new ValidateException(bundle.invalidSecurityConfiguration());
        }
    }

    public final String getSecurityDomain() {
        return this.securityDomain;
    }

    public final String resolveSecurityDomain() {
        return this.getSecurityDomain();
    }

    public final String getUserName() {
        return this.userName;
    }

    public final String getPassword() {
        if (credentialSourceSupplier != null) {
            try {
                return new String(
                        credentialSourceSupplier.get().getCredential(PasswordCredential.class).getPassword(ClearPassword.class).getPassword());
            } catch (Exception e) {
                throw ConnectorLogger.DEPLOYMENT_CONNECTOR_LOGGER.invalidCredentialSourceSupplier(e);
            }
        }
        return this.password;

    }



    /**
     * Indicates if Elytron is enabled. In this case, {@link #getSecurityDomain()}, refers to an Elytron authentication context
     *
     * @return {@code true} if is Elytron enabled
     */
    @Override
    public final boolean isElytronEnabled() {
        return elytronEnabled;
    }

    @Override
    public boolean equals(Object o) {
        if (this == o) return true;
        if (o == null || getClass() != o.getClass()) return false;
        CredentialImpl that = (CredentialImpl) o;
        return elytronEnabled == that.elytronEnabled &&
                Objects.equals(userName, that.userName) &&
                Objects.equals(password, that.password) &&
                Objects.equals(securityDomain, that.securityDomain) &&
                Objects.equals(credentialSourceSupplier, that.credentialSourceSupplier);
    }

    @Override
    public int hashCode() {
        return Objects.hash(userName, password, securityDomain, elytronEnabled, credentialSourceSupplier);
    }

    @Override
    public String toString() {
        return "CredentialImpl{" +
                "userName='" + userName + '\'' +
                ", password='" + password + '\'' +
                ", securityDomain='" + securityDomain + '\'' +
                ", elytronEnabled=" + elytronEnabled +
                ", credentialSourceSupplier=" + credentialSourceSupplier +
                '}';
    }
}