/*
 * ============LICENSE_START==========================================
 * ONAP Portal SDK
 * ===================================================================
 * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
 * ===================================================================
 *
 * Unless otherwise specified, all software contained herein is licensed
 * under the Apache License, Version 2.0 (the "License");
 * you may not use this software except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *             http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 *
 * Unless otherwise specified, all documentation contained herein is licensed
 * under the Creative Commons License, Attribution 4.0 Intl. (the "License");
 * you may not use this documentation except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *             https://creativecommons.org/licenses/by/4.0/
 *
 * Unless required by applicable law or agreed to in writing, documentation
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 *
 * ============LICENSE_END============================================
 *
 * 
 */
package org.onap.portalsdk.core.onboarding.crossapi;

import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.regex.Matcher;
import java.util.regex.Pattern;

import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.onap.aaf.cadi.filter.CadiFilter;
import org.onap.portalsdk.core.onboarding.util.PortalApiConstants;
import org.onap.portalsdk.core.onboarding.util.PortalApiProperties;

public class CadiAuthFilter extends CadiFilter {

	private static String inlclude_url_endpoints ="";
	public static final String AUTHORIZATION = "Authorization";
	
	public void init(FilterConfig filterConfig) throws ServletException {
		super.init(filterConfig);
		inlclude_url_endpoints = filterConfig.getInitParameter("inlclude_url_endpoints");
	}

	public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
			throws IOException, ServletException {
		
		if (inlclude_url_endpoints.equals("") || inlclude_url_endpoints == null || inlclude_url_endpoints.isEmpty()) {
			throw new NullPointerException("inlclude_url_endpoints is null");
		} else {
			String includeUrlEndPointString = inlclude_url_endpoints;
			ArrayList<String> includeUrlEndPointList = new ArrayList<String>(
					Arrays.asList(includeUrlEndPointString.split(",")));
			if (includeFilter(request, includeUrlEndPointList)) {
				super.doFilter(request, response, chain);
			} else 
				chain.doFilter(request, response);
		}
	}

	private boolean includeFilter(ServletRequest request, ArrayList<String> includeapisList) {
		boolean isauthenticated = false;
		HttpServletRequest httpRequest = (HttpServletRequest) request;
		
		if(httpRequest.getHeader(AUTHORIZATION) == null)
			return isauthenticated;
		// TODO: refactor to have exclusion pattern
		String path = httpRequest.getRequestURI().substring(httpRequest.getContextPath().length() + 1);
		if (path.contains("analytics")) {
			return isauthenticated;
		}
		
		for (String str : includeapisList) {
			if (!isauthenticated)
				isauthenticated = matchPattern(path, str);
		}
		if (isauthenticated && PortalApiProperties.getProperty(PortalApiConstants.ROLE_ACCESS_CENTRALIZED)
				.equalsIgnoreCase("remote"))
			isauthenticated = true;
		else
			isauthenticated = false;
		return isauthenticated;
	}

	private boolean matchPattern(String requestedPath, String includeUrl) {
		includeUrl = includeUrl.substring(1);
		String[] path = requestedPath.split("/");
		if (path.length > 1) {
			String[] roleFunctionArray = includeUrl.split("/");
			boolean match = true;
			for (int i = 0; i < roleFunctionArray.length; i++) {
				if (match) {
					if (!roleFunctionArray[i].equals("*")) {
						Pattern p = Pattern.compile(Pattern.quote(path[i]), Pattern.CASE_INSENSITIVE);
						Matcher m = p.matcher(roleFunctionArray[i]);
						match = m.matches();
					} else if (roleFunctionArray[i].equals("*")) {
						match = true;
					}

				}
			}
			if (match)
				return match;
		} else {
			if (requestedPath.matches(includeUrl))
				return true;
			else if (includeUrl.equals("*"))
				return true;
		}
		return false;
	}

}