/*
 * ============LICENSE_START==========================================
 * ONAP Portal SDK
 * ===================================================================
 * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
 * ===================================================================
 *
 * Unless otherwise specified, all software contained herein is licensed
 * under the Apache License, Version 2.0 (the "License");
 * you may not use this software except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *             http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 *
 * Unless otherwise specified, all documentation contained herein is licensed
 * under the Creative Commons License, Attribution 4.0 Intl. (the "License");
 * you may not use this documentation except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *             https://creativecommons.org/licenses/by/4.0/
 *
 * Unless required by applicable law or agreed to in writing, documentation
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 *
 * ============LICENSE_END============================================
 *
 * 
 */
package org.onap.portalsdk.core.onboarding.util;

import java.util.ArrayList;
import java.util.List;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import java.util.stream.Collectors;

import javax.servlet.http.HttpServletRequest;

import org.apache.commons.codec.DecoderException;
import org.apache.commons.codec.binary.Hex;
import org.onap.aaf.cadi.CadiWrap;
import org.onap.aaf.cadi.Permission;
import org.onap.aaf.cadi.aaf.AAFPermission;
import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate;
import org.onap.portalsdk.core.onboarding.exception.PortalAPIException;

public class AuthUtil {

	private static final String decodeValueOfForwardSlash = "2f";
	private static final String decodeValueOfHyphen = "2d";
	private static final String decodeValueOfAsterisk = "2a";
	private static final EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(AuthUtil.class);

	/*
	 * This method compares the portalApiPath against the urlPattern; splits the
	 * portalApiPath by "/" and compares each part with that of the urlPattern.
	 * 
	 * Example: "xyz/1/abc" matches with the pattern "xyz/* /abc" but not with
	 * "xyz/*"
	 * 
	 */
	public static Boolean matchPattern(String portalApiPath, String urlPattern) {
		String[] path = portalApiPath.split("/");
		if (path.length > 1) {

			String[] roleFunctionArray = urlPattern.split("/");
			boolean match = true;
			if (roleFunctionArray.length == path.length) {
				for (int i = 0; i < roleFunctionArray.length; i++) {
					if (match) {
						if (!roleFunctionArray[i].equals("*")) {
							Pattern p = Pattern.compile(Pattern.quote(path[i]), Pattern.CASE_INSENSITIVE);
							Matcher m = p.matcher(roleFunctionArray[i]);
							match = m.matches();

						}
					}
				}
				if (match)
					return match;
			}
		} else {
			if (portalApiPath.matches(urlPattern))
				return true;
			else if (urlPattern.equals("*"))
				return true;

		}
		return false;
	}
	/**
	 * 
	 * @param request
	 * @return returns list of AAFPermission  of the requested MechId for all the namespaces
	 */
	public static List<AAFPermission> getAAFPermissions(HttpServletRequest request) {
		CadiWrap wrapReq = (CadiWrap) request;
		List<Permission> perms = wrapReq.getPermissions(wrapReq.getUserPrincipal());
		List<AAFPermission> aafPermsList = new ArrayList<>();
		for (Permission perm : perms) {
			AAFPermission aafPerm = (AAFPermission) perm;
			aafPermsList.add(aafPerm);
		}
		return aafPermsList;
	}

	/**
	 * 
	 * @param request
	 * @return returns list of AAFPermission for the specific namespace
	 */
	public static List<AAFPermission> getNameSpacesAAFPermissions(String nameSpace,
			List<AAFPermission> allPermissionsList) {
		String type = nameSpace + ".url";
		allPermissionsList.removeIf(perm -> (!perm.getType().equals(type)));
		return allPermissionsList;
	}
	/**
	 * 
	 * @param permsList
	 * @return returns the list of instaces of namespace
	 * @throws PortalAPIException
	 */
	public static List<String> getAllInstances(List<AAFPermission> permsList) throws PortalAPIException {
		List<String> instanceList = permsList.stream().map(AAFPermission::getInstance).collect(Collectors.toList());

		List<String> finalInstanceList = new ArrayList<>();
		for (String instance : instanceList) {
			String str = "";
			if (instance.equals("*"))
				str = instance;
			else
				str = decodeFunctionCode(instance);
			finalInstanceList.add(str);
		}
		return finalInstanceList;
	}

	public static String decodeFunctionCode(String str) throws PortalAPIException {
		String decodedString = str;
		List<Pattern> decodingList = new ArrayList<>();
		decodingList.add(Pattern.compile(decodeValueOfForwardSlash));
		decodingList.add(Pattern.compile(decodeValueOfHyphen));
		decodingList.add(Pattern.compile(decodeValueOfAsterisk));
		for (Pattern xssInputPattern : decodingList) {
			try {
				decodedString = decodedString.replaceAll("%" + xssInputPattern,
						new String(Hex.decodeHex(xssInputPattern.toString().toCharArray())));
			} catch (DecoderException e) {
				logger.error(EELFLoggerDelegate.errorLogger, "Decode Failed! for instance: "+ str);
				throw new PortalAPIException("decode failed", e);
			}
		}

		return decodedString;
	}

	/**
	 * 
	 * @param request
	 * @param nameSpace application namespace
	 * @return boolean value if the access is allowed
	 * @throws PortalAPIException
	 */
	public static boolean isAccessAllowed(HttpServletRequest request, String nameSpace) throws PortalAPIException {
		List<AAFPermission> aafPermsList = getAAFPermissions(request);
		logger.debug(EELFLoggerDelegate.debugLogger, "Application nameSpace: "+ nameSpace);
		if (nameSpace.isEmpty()) {
			throw new PortalAPIException("NameSpace not Declared!");
		}
		List<AAFPermission> aafPermsFinalList = getNameSpacesAAFPermissions(nameSpace, aafPermsList);
		List<String> finalInstanceList = getAllInstances(aafPermsFinalList);
		String requestUri =	request.getRequestURI().substring(request.getContextPath().length() + 1);
		boolean isauthorized = false;
		for (String str : finalInstanceList) {
			if (!isauthorized)
				isauthorized = matchPattern(requestUri, str);
		}
		return isauthorized;
	}
}