package com.c2kernel.lookup;

import java.util.ArrayList;
import java.util.Enumeration;

import com.c2kernel.common.ObjectAlreadyExistsException;
import com.c2kernel.common.ObjectCannotBeUpdated;
import com.c2kernel.common.ObjectNotFoundException;
import com.c2kernel.utils.Logger;
import com.novell.ldap.*;

/**************************************************************************
 *
 * $Revision: 1.1 $
 * $Date: 2005/04/26 06:48:12 $
 *
 * Copyright (C) 2003 CERN - European Organization for Nuclear Research
 * All rights reserved.
 **************************************************************************/

//    public static final String codeRevision = "$Revision: 1.1 $ $Date: 2005/04/26 06:48:12 $ $Author: abranson $";
public class LDAPRoleManager {

    /**
     *
     */
    LDAPLookup mLdap;
    private String mRolePath;
    private String mEntityPath;
    
    public LDAPRoleManager(LDAPLookup ldap, String rolePath, String entityPath) {
        super();
        this.mLdap = ldap;
        this.mRolePath = rolePath;
        this.mEntityPath = entityPath;
    }

    //NOTE: A role must have at LEAST 1 userDN, cannot be empty...
    //Creates a cristalRole
    //CristalRole is-a specialized CristalContext which contains multi-valued uniqueMember attribute pointing to cristalagents
    public RolePath createRole(String roleName, boolean jobList)
        throws ObjectAlreadyExistsException, ObjectCannotBeUpdated
    {

        // create the role
    	RolePath rolePath = new RolePath(roleName, jobList);
    	String roleDN = rolePath.getFullDN();	
        LDAPEntry roleNode;
        try
        {                                 
        	roleNode = LDAPLookupUtils.getEntry(mLdap.getConnection(), rolePath.getFullDN());
            throw new ObjectAlreadyExistsException();
        } catch (ObjectNotFoundException ex) { }
        
        //create CristalRole if it does not exist
        roleNode = new LDAPEntry(roleDN, rolePath.createAttributeSet());
        try {
            LDAPLookupUtils.addEntry(mLdap.getConnection(),roleNode);
        } catch (LDAPException e) {
            throw new ObjectCannotBeUpdated(e.getLDAPErrorMessage(), "");
        }
        return rolePath;
	

    }
    public void deleteRole(RolePath role) throws ObjectNotFoundException, ObjectCannotBeUpdated {
        try {
            LDAPLookupUtils.delete(mLdap.getConnection(), role.getFullDN());
        } catch (LDAPException ex) {
            throw new ObjectCannotBeUpdated("Could not remove role");
        }
    }

    protected void addRole(AgentPath agent, RolePath role)
            throws ObjectCannotBeUpdated, ObjectNotFoundException 
    {
        LDAPEntry roleEntry = LDAPLookupUtils.getEntry(mLdap.getConnection(), role.getFullDN());
        //add memberDN to uniqueMember if it is not yet a member
        if (!LDAPLookupUtils.existsAttributeValue(roleEntry, "uniqueMember", agent.getFullDN()))
            LDAPLookupUtils.addAttributeValue(mLdap.getConnection(), roleEntry, "uniqueMember", agent.getFullDN());
        else
            throw new ObjectCannotBeUpdated("Agent " + agent.getAgentName() + " already has role " + role.getName());
    }

    protected void removeRole(AgentPath agent, RolePath role) 
        throws ObjectCannotBeUpdated, ObjectNotFoundException
    {
    	LDAPEntry roleEntry = LDAPLookupUtils.getEntry(mLdap.getConnection(), role.getFullDN());
    	if (LDAPLookupUtils.existsAttributeValue(roleEntry, "uniqueMember", agent.getFullDN()))
   			LDAPLookupUtils.removeAttributeValue(mLdap.getConnection(), roleEntry, "uniqueMember", agent.getFullDN());
    	else
    		throw new ObjectCannotBeUpdated("Agent did not have that role");
    }
    
    protected boolean hasRole(AgentPath agent, RolePath role) {
        String filter = "(&(objectclass=cristalrole)(uniqueMember="+agent.getFullDN()+")(cn="+role.getName()+"))";    
        LDAPSearchConstraints searchCons = new LDAPSearchConstraints();
        searchCons.setBatchSize(0);
        searchCons.setDereference(LDAPSearchConstraints.DEREF_NEVER );
        Enumeration roles = mLdap.search(mRolePath,LDAPConnection.SCOPE_SUB,filter,searchCons);
        return roles.hasMoreElements();
    }

    protected AgentPath[] getAgents(RolePath role)
        throws ObjectNotFoundException
    {
    	//get the roleDN entry, and its uniqueMember entry pointing to 
    	LDAPEntry roleEntry;
        try {
            roleEntry = LDAPLookupUtils.getEntry(mLdap.getConnection(), role.getFullDN());
        } catch (ObjectNotFoundException e) {
            throw new ObjectNotFoundException("Role does not exist", "");
        }
    
    	String[] res = LDAPLookupUtils.getAllAttributeValues(roleEntry,"uniqueMember");
    	ArrayList<AgentPath> agents = new ArrayList<AgentPath>();
    	for (int i=0; i<res.length; i++)
    	{
    		String userDN = res[i];
            try {
    			LDAPEntry userEntry = LDAPLookupUtils.getEntry(mLdap.getConnection(), userDN); 
    		    AgentPath path = (AgentPath)mLdap.nodeToPath(userEntry);
                agents.add(path);
    		} catch (ObjectNotFoundException ex) {
                Logger.error("Agent "+res[i]+" does not exist");
    		} catch (InvalidEntityPathException ex) {
                Logger.error("Agent "+res[i]+" is not a valid entity");
    		}
    	}	
        AgentPath[] usersList = new AgentPath[0];
        usersList = (AgentPath[])agents.toArray(usersList);
    	return usersList;
    }

    //returns the role/s of a user
    protected RolePath[] getRoles(AgentPath agentPath)
    {
    	//search the mDomainPath tree uniqueMember=userDN
    	//filter = objectclass=cristalrole AND uniqueMember=userDN
        String filter = "(&(objectclass=cristalrole)(uniqueMember="+agentPath.getFullDN()+"))";    
        LDAPSearchConstraints searchCons = new LDAPSearchConstraints();
        searchCons.setBatchSize(0);
        searchCons.setDereference(LDAPSearchConstraints.DEREF_NEVER );
    	Enumeration roles = mLdap.search(mRolePath,LDAPConnection.SCOPE_SUB,filter,searchCons);
        ArrayList<RolePath> roleList = new ArrayList<RolePath>();
    
    	while(roles.hasMoreElements())
    	{
            RolePath path = (RolePath) roles.nextElement();
   			roleList.add(path);			
    	}        
        RolePath[] roleArr = new RolePath[roleList.size()];
        roleArr = (RolePath[])roleList.toArray(roleArr);
        return roleArr;
    }

    /**
     * Utility for looking up a login name
     * 
     * @param ld
     * @param agentName
     * @param baseDN
     * @return
     * @throws ObjectNotFoundException
     */
    public AgentPath getAgentPath(String agentName) throws ObjectNotFoundException
    {			
        //search to get the userDN equivalent of the userID
        LDAPSearchConstraints searchCons = new LDAPSearchConstraints();
        searchCons.setBatchSize(0);
        searchCons.setDereference(LDAPSearchConstraints.DEREF_NEVER );
        String filter = "(&(objectclass=cristalagent)(uid="+agentName+"))";    	
        Enumeration res = mLdap.search(mEntityPath,LDAPConnection.SCOPE_SUB,filter,searchCons);
        if (!res.hasMoreElements())
            throw new ObjectNotFoundException("Agent not found"); 
        Path result = (Path)res.nextElement();
        if (result instanceof AgentPath)
            return (AgentPath)result;
        else
            throw new ObjectNotFoundException("Entry was not an Agent");
    }

    public RolePath getRolePath(String roleName) throws ObjectNotFoundException
    {
        LDAPSearchConstraints searchCons = new LDAPSearchConstraints();
        searchCons.setBatchSize(0);
        searchCons.setDereference(LDAPSearchConstraints.DEREF_NEVER );
        String filter = "(&(objectclass=cristalrole)(cn="+roleName+"))";    	
		Enumeration res = mLdap.search(mRolePath,LDAPConnection.SCOPE_SUB,filter,searchCons);
		if (!res.hasMoreElements())
            throw new ObjectNotFoundException("Role not found"); 
        Path result = (Path)res.nextElement();
        if (result instanceof RolePath)
            return (RolePath)result;
        else
            throw new ObjectNotFoundException("Entry was not a Role");						
    }

}