authorization-client/src/main/java/org/gcube/common/authorization/client/proxy/DefaultAuthorizationProxy.java

package org.gcube.common.authorization.client.proxy;

import static org.gcube.common.authorization.client.Constants.CONTEXT_PARAM;

import java.io.BufferedOutputStream;
import java.io.BufferedReader;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.net.HttpURLConnection;
import java.net.URL;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.WeakHashMap;

import org.gcube.common.authorization.client.Binder;
import org.gcube.common.authorization.client.Constants;
import org.gcube.common.authorization.client.exceptions.ObjectNotFound;
import org.gcube.common.authorization.library.AuthorizationEntry;
import org.gcube.common.authorization.library.Policies;
import org.gcube.common.authorization.library.enpoints.AuthorizationEndpoint;
import org.gcube.common.authorization.library.enpoints.AuthorizationEndpointScanner;
import org.gcube.common.authorization.library.policies.Policy;
import org.gcube.common.authorization.library.provider.ClientInfo;
import org.gcube.common.authorization.library.provider.SecurityTokenProvider;
import org.gcube.common.authorization.library.provider.ServiceInfo;
import org.gcube.common.authorization.library.provider.UserInfo;
import org.gcube.common.encryption.StringEncrypter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

public class DefaultAuthorizationProxy implements AuthorizationProxy {

	private static Logger log = LoggerFactory.getLogger(AuthorizationProxy.class);
	
	private static Map<String, AuthorizationEntryCache> cache = Collections.synchronizedMap(new WeakHashMap<String, AuthorizationEntryCache>());
	
	private Map<Integer, AuthorizationEndpoint> endpoints;

	private static final String TOKEN_SEPARATOR ="\\|";
	
	public DefaultAuthorizationProxy() {
		endpoints = AuthorizationEndpointScanner.endpoints();
	}

	private String getInternalEnpoint(int infrastructureHash){
		StringBuilder endpoint = new StringBuilder("http://").append(getEndpoint(infrastructureHash).getHost()).append(":")
				.append(getEndpoint(infrastructureHash).getPort()).append("/authorization-service/gcube/service");
		return endpoint.toString();
	}
	
	@Override
	public String generateToken(ClientInfo client, String context) throws Exception {
		
		String methodPath = "/token/"; 
		
		if (client instanceof UserInfo)
			methodPath+="user";
		else methodPath+="service";
		
		int infrastructureHash = getInfrastructureHashfromContext(context);
		
		StringBuilder callUrl = new StringBuilder(getInternalEnpoint(infrastructureHash)).append(methodPath).append("?")
				.append(CONTEXT_PARAM).append("=").append(context);
					
		URL url = new URL(callUrl.toString());
		HttpURLConnection connection = makeRequest(url, "PUT", false);
		connection.setDoOutput(true);
		connection.setDoInput(true);
		connection.setRequestProperty("Content-type", "application/xml");
						
		try(OutputStream os = new BufferedOutputStream(connection.getOutputStream())){
			Binder.getContext().createMarshaller().marshal(client, os);
		}
		
		log.debug("response code for "+callUrl.toString()+" is "+connection.getResponseCode()+" "+connection.getResponseMessage());
		
		if (connection.getResponseCode()!=200) throw new Exception("error contacting authorization service");
		String token= "";
		try(BufferedReader reader = new BufferedReader(new InputStreamReader((InputStream)connection.getContent()))){
			StringBuilder result = new StringBuilder();
			String line;
			while((line = reader.readLine()) != null) 
				result.append(line);
			token =  result.toString();
		}

		return token;
	}
		
	
	@Override
	public String generateApiKey(String apiQualifier) throws Exception {
		
		
		String methodPath = String.format("/apikey?qualifier=%s",apiQualifier); 
		
		int infrastructureHash = getInfrastructureHashFromToken(SecurityTokenProvider.instance.get());
		
		StringBuilder callUrl = new StringBuilder(getInternalEnpoint(infrastructureHash)).append(methodPath);
					
		URL url = new URL(callUrl.toString());
		HttpURLConnection connection = makeRequest(url, "PUT", true);
		connection.setDoInput(true);
		connection.setRequestProperty("Content-type", "application/xml");
						
				
		log.debug("response code for "+callUrl.toString()+" is "+connection.getResponseCode()+" "+connection.getResponseMessage());
		
		if (connection.getResponseCode()!=200) throw new Exception("error contacting authorization service");
		String token= "";
		try(BufferedReader reader = new BufferedReader(new InputStreamReader((InputStream)connection.getContent()))){
			StringBuilder result = new StringBuilder();
			String line;
			while((line = reader.readLine()) != null) 
				result.append(line);
			token =  result.toString();
		}

		return token;
	}
	
	
	private int getInfrastructureHashfromContext(String context) {
		try{
			String infrastructure = context.split("/")[1];
			return infrastructure.hashCode();
		}catch(Exception e){
			throw new RuntimeException("invalid contex");
		}
	}

	private int getInfrastructureHashFromToken(String token) {
		if (token==null)
			throw new RuntimeException("valid token required for this method");
		try{
			String hashCodeAsString = token.split(TOKEN_SEPARATOR)[1];
			return Integer.parseInt(hashCodeAsString);
		}catch(Exception e){
			throw new RuntimeException("invalid token",e);
		}
	}
	
	@Override
	public String requestActivation(ServiceInfo container, String context) throws Exception {
		
		String methodPath = "/generate/node"; 
	
		
				
		StringBuilder callUrl = new StringBuilder(getInternalEnpoint(getInfrastructureHashfromContext(context))).append(methodPath).append("?")
				.append(CONTEXT_PARAM).append("=").append(context);
					
		URL url = new URL(callUrl.toString());
		HttpURLConnection connection = (HttpURLConnection)url.openConnection();
		connection.setRequestMethod("PUT");
		connection.setDoOutput(true);
		connection.setDoInput(true);
		connection.setRequestProperty("Content-type", "application/xml");
						
		try(OutputStream os = new BufferedOutputStream(connection.getOutputStream())){
			Binder.getContext().createMarshaller().marshal(container, os);
		}
		
		log.debug("response code is "+connection.getResponseCode());
		
		if (connection.getResponseCode()!=200) throw new Exception("error contacting authorization service");
		String encryptedToken= "";
		try(BufferedReader reader = new BufferedReader(new InputStreamReader((InputStream)connection.getContent()))){
			StringBuilder result = new StringBuilder();
			String line;
			while((line = reader.readLine()) != null) 
				result.append(line);
			encryptedToken =  result.toString();
		}

		return StringEncrypter.getEncrypter().decrypt(encryptedToken, context);
	}
	
	@Override
	public AuthorizationEntry get(String token) throws ObjectNotFound, Exception{
		if (cache.containsKey(token) && cache.get(token).isValid())
			return cache.get(token).getEntry();
		
		final String methodPath = "/token/"; 

		StringBuilder callUrl = new StringBuilder(getInternalEnpoint(getInfrastructureHashFromToken(token))).append(methodPath).append(token);
		
		URL url = new URL(callUrl.toString());
		HttpURLConnection connection = makeRequest(url, "GET", false);
		connection.setDoInput(true);
		if (connection.getResponseCode()==404) throw new ObjectNotFound("token "+token+" not found");
		if (connection.getResponseCode()!=200) throw new Exception("error contacting authorization service (error code is "+connection.getResponseCode()+")");
		if (connection.getContentLengthLong()<=0) return null;

		try(InputStream stream = (InputStream)connection.getContent();){
			AuthorizationEntry entry = (AuthorizationEntry)Binder.getContext().createUnmarshaller().unmarshal(stream);
			//cache.put(token, new AuthorizationEntryCache(entry));
			return entry;
		}

	}
	
	@Override
	public void addPolicies(List<Policy> policies) throws Exception {
		final String methodPath = "/policyManager"; 

		StringBuilder callUrl = new StringBuilder(getInternalEnpoint(getInfrastructureHashFromToken(SecurityTokenProvider.instance.get()))).append(methodPath);
		
		URL url = new URL(callUrl.toString());
		HttpURLConnection connection = makeRequest(url, "POST", true);
		connection.setDoOutput(true);
		connection.setRequestProperty("Content-type", "application/xml");
				
		try(OutputStream os = new BufferedOutputStream(connection.getOutputStream())){
			Binder.getContext().createMarshaller().marshal(new Policies(policies), os);
		}
		
		if (connection.getResponseCode()!=200) throw new Exception("error adding policies");
				
	}

	@Override
	public void removePolicies(long... ids) throws Exception {
		final String methodPath = "/policyManager/"; 
		StringBuilder callUrl = new StringBuilder(getInternalEnpoint(getInfrastructureHashFromToken(SecurityTokenProvider.instance.get()))).append(methodPath);
		List<Long> errorIds = new ArrayList<Long>();
		for (long id: ids){
			URL url = new URL(callUrl.toString()+id);
			HttpURLConnection connection = makeRequest(url, "DELETE", true);
			if (connection.getResponseCode()!=200) errorIds.add(id);
		}
		if (!errorIds.isEmpty())
			throw new Exception("error removing policies with ids: "+errorIds);
	}

	@Override
	public List<Policy> getPolicies(String context) throws Exception{
		final String methodPath = "/policyManager/"; 

		StringBuilder callUrl = new StringBuilder(getInternalEnpoint(getInfrastructureHashfromContext(context))).append(methodPath).append("?").append(CONTEXT_PARAM).append("=").append(context);
		
		URL url = new URL(callUrl.toString());
		HttpURLConnection connection = makeRequest(url, "GET", true);
		connection.setDoInput(true);		
		if (connection.getResponseCode()!=200) throw new Exception("error retrieving policies");
		if (connection.getContentLengthLong()<=0) return Collections.emptyList();

		try(InputStreamReader stream = new InputStreamReader((InputStream)connection.getContent())){
			Policies policies = (Policies)Binder.getContext().createUnmarshaller().unmarshal(stream);
			return policies.getPolicies();
		}
	}
	
	private HttpURLConnection makeRequest(URL url, String method, boolean includeTokenInHeader) throws Exception{
		HttpURLConnection connection = (HttpURLConnection)url.openConnection();
		if (includeTokenInHeader)
			connection.setRequestProperty(Constants.TOKEN_HEADER_ENTRY,SecurityTokenProvider.instance.get());
		connection.setRequestMethod(method);
		return connection;
	}

	@Override
	public AuthorizationEndpoint getEndpoint(int infrastructureHash) {
		if (!this.endpoints.containsKey(infrastructureHash))
			throw new RuntimeException("Authorization Endpoint not found for the required infrastructure"); 
		return this.endpoints.get(infrastructureHash);
	}

	@Override
	public void setEndpoint(Map<Integer,AuthorizationEndpoint> endpoints) {
		this.endpoints = endpoints;		
	}


}