package org.gcube.common.security.secrets;

import java.util.Base64;
import java.util.HashMap;
import java.util.Map;

import org.gcube.com.fasterxml.jackson.databind.ObjectMapper;
import org.gcube.common.security.Owner;

public class AccessTokenSecret extends Secret {

	private String encodedAccessToken;

	protected Owner owner;
	protected String context;


	private boolean initialised = false;

	public AccessTokenSecret(String encodedAccessToken) {
		this.encodedAccessToken = encodedAccessToken;
	}

	@Override
	public Owner getOwner() {
		init();
		return this.owner;
	}

	@Override
	public String getContext() {
		init();
		return this.context;
	}

	@Override
	public Map<String, String> getHTTPAuthorizationHeaders() {
		Map<String, String> authorizationHeaders = new HashMap<>();
		authorizationHeaders.put("Authorization", "Bearer " + this.encodedAccessToken.getBytes());
		return authorizationHeaders;

	}
	
	protected String getEncodedAccessToken() {
		return encodedAccessToken;
	}

	@Override
	public boolean isExpired() {
		return false;
	}

	@Override
	public boolean isRefreshable() {
		return false;
	}

	private synchronized void init() {
		if (!initialised)
			try {
				
				String realAccessTokenEncoded = encodedAccessToken.split("\\.")[1];
				
				String decodedAccessPart = new String(Base64.getDecoder().decode(realAccessTokenEncoded.getBytes()));
				
				ObjectMapper objectMapper = new ObjectMapper();
				GCubeJWTObject obj = objectMapper.readValue(decodedAccessPart, GCubeJWTObject.class);
				owner = new Owner(obj.getUsername(), obj.getRoles(), obj.getEmail(), obj.getFirstName(), obj.getLastName(), obj.isExternalService());
				owner.setClientName(obj.getClientName());
				owner.setContactOrganisation(obj.getContactOrganisation());
				owner.setClientName(obj.getClientName());
				context = obj.getContext(); 
				initialised = true;
			} catch (Exception e) {
				throw new RuntimeException(e);
			}

	}

}