/*
 * Licensed to the Apache Software Foundation (ASF) under one
 * or more contributor license agreements.  See the NOTICE file
 * distributed with this work for additional information
 * regarding copyright ownership.  The ASF licenses this file
 * to you under the Apache License, Version 2.0 (the
 * "License"); you may not use this file except in compliance
 * with the License.  You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.apache.ambari.server.state.kerberos;

import java.util.Map;
import java.util.TreeMap;

/**
 * KerberosKeytabDescriptor is an implementation of an AbstractKerberosDescriptor that
 * encapsulates data related to a Kerberos keytab file.  This class is typically associated with a
 * KerberosPrincipalDescriptor via a KerberosIdentityDescriptor.
 * <p/>
 * A KerberosKeytabDescriptor has the following properties:
 * <ul>
 * <li>file</li>
 * <li>owner {name, access}</li>
 * <li>group {name, access}</li>
 * <li>configuration</li>
 * <li>cachable</li>
 * </ul>
 * <p/>
 * The following JSON Schema will yield a valid KerberosPrincipalDescriptor
 * <pre>
 *   {
 *      "$schema": "http://json-schema.org/draft-04/schema#",
 *      "title": "KerberosKeytabDescriptor",
 *      "description": "Describes a Kerberos keytab file and associated details",
 *      "type": "object",
 *      "properties": {
 *        "file": {
 *          "description": "The absolute path for the keytab file",
 *          "type": "string"
 *        },
 *        "owner": {
 *          "description": "Details about the file's user ownership",
 *          "type": "object",
 *          "properties": {
 *            "name": {
 *              "description": "The local username that should be set as the owner of this file",
 *              "type": "string"
 *            },
 *            "access": {
 *              "description": "The relevant access permissions that should be set for the owner of
 *                              this file. Expected values are 'rw', 'r', ''"
 *              "type": "string"
 *            }
 *          }
 *        }
 *        "group": {
 *          "description": "Details about the file's group ownership",
 *          "type": "object",
 *          "properties": {
 *            "name": {
 *              "description": "The local group name that should be set as the group owner of this file",
 *              "type": "string"
 *            },
 *            "access": {
 *              "description": "The relevant access permissions that should be set for the group
 *                              owner of this file. Expected values are 'rw', 'r', ''"
 *              "type": "string"
 *            }
 *          }
 *        }
 *        "configuration": {
 *          "description": "The configuration type and property name indicating the property to be
 *                          updated with the generated absolute path to the keytab file
 *                          - format: config-type/property.name",
 *          "type": "string"
 *        }
 *        "cachable" : {
 *          "description": "Indicates whether the generated keytab is allowed to be cached by the
 *                          Ambari server (true) or not (false)",
 *          "type": "boolean"
 *        }
 *      }
 *   }
 * </pre>
 * <p/>
 * In this implementation,
 * {@link org.apache.ambari.server.state.kerberos.AbstractKerberosDescriptor#name} will hold the
 * KerberosKeytabDescriptor#file value
 */
public class KerberosKeytabDescriptor extends AbstractKerberosDescriptor {

  /**
   * A String declaring the local username that should be set as the owner of the keytab file
   */
  private String ownerName = null;

  /**
   * A String declaring the access permissions that should be set on the keytab file related to the
   * owner.
   * <p/>
   * Expected values are:
   * <ul>
   * <li>"rw" - read/write</li>
   * <li>"r" - read-only</li>
   * <li>"" - no access</li>
   * </ul>
   */
  private String ownerAccess = null;

  /**
   * A String declaring the local groip name that should be set as the group owner of the keytab file
   */
  private String groupName = null;

  /**
   * A String declaring the access permissions that should be set on the keytab file related to the
   * group.
   * <p/>
   * Expected values are:
   * <ul>
   * <li>"rw" - read/write</li>
   * <li>"r" - read-only</li>
   * <li>"" - no access</li>
   * </ul>
   */
  private String groupAccess = null;

  /**
   * A string declaring configuration type and property name indicating the property to be updated
   * with the absolute path to the keytab file
   * <p/>
   * This String is expected to be in the following format: configuration-type/property.name, where
   * <ul>
   * <li>configuration-type is the configuration file type where the property exists</li>
   * <li>property.value is the name of the relevant property within the configuration</li>
   * </ul>
   * <p/>
   * Example: hdfs-site/dfs.namenode.keytab.file
   */
  private String configuration = null;


  /**
   * A boolean value indicating whether the generated keytab is allowed to be cached by the Ambari
   * server or not.
   */
  private boolean cachable = true;

  /**
   * Creates a new KerberosKeytabDescriptor
   *
   * @param file          the path to the keytab file
   * @param ownerName     the local username of the file owner
   * @param ownerAccess   the file access privileges for the file owner ("r", "rw", "")
   * @param groupName     the local group name with privileges to access the file
   * @param groupAccess   the file access privileges for the group ("r", "rw", "")
   * @param configuration the configuration used to store the principal name
   * @param cachable      true if the keytab may be cached by Ambari; otherwise false
   */
  public KerberosKeytabDescriptor(String file, String ownerName, String ownerAccess, String groupName,
                                  String groupAccess, String configuration, boolean cachable) {
    setName(file);
    setOwnerName(ownerName);
    setOwnerAccess(ownerAccess);
    setGroupName(groupName);
    setGroupAccess(groupAccess);
    setConfiguration(configuration);
    setCachable(cachable);
  }

  /**
   * Creates a new KerberosKeytabDescriptor
   * <p/>
   * See {@link org.apache.ambari.server.state.kerberos.KerberosKeytabDescriptor} for the JSON
   * Schema that may be used to generate this map.
   *
   * @param data a Map of values use to populate the data for the new instance
   * @see org.apache.ambari.server.state.kerberos.KerberosKeytabDescriptor
   */
  public KerberosKeytabDescriptor(Map<?, ?> data) {
    // The name for this KerberosKeytabDescriptor is stored in the "file" entry in the map
    // This is not automatically set by the super classes.
    setName(getStringValue(data, "file"));

    if (data != null) {
      Object object;

      object = data.get("owner");
      if (object instanceof Map) {
        Map<?, ?> map = (Map<?, ?>) object;
        setOwnerName(getStringValue(map, "name"));
        setOwnerAccess(getStringValue(map, "access"));
      }

      object = data.get("group");
      if (object instanceof Map) {
        Map<?, ?> map = (Map<?, ?>) object;
        setGroupName(getStringValue(map, "name"));
        setGroupAccess(getStringValue(map, "access"));
      }

      setConfiguration(getStringValue(data, "configuration"));

      // If the "cachable" value is anything but false, set it to true
      setCachable(!"false".equalsIgnoreCase(getStringValue(data, "cachable")));
    }
  }

  /**
   * Gets the path to the keytab file
   * <p/>
   * The value may include variable placeholders to be replaced as needed
   * <ul>
   * <li>
   * ${variable} placeholders are replaced on the server - see
   * {@link VariableReplacementHelper#replaceVariables(String, Map)}
   * </li>
   * </ul>
   *
   * @return a String declaring the keytab file's absolute path
   * @see VariableReplacementHelper#replaceVariables(String, Map)
   */
  public String getFile() {
    return getName();
  }

  /**
   * Sets the path to the keytab file
   *
   * @param file a String declaring this keytab's file path
   * @see #getFile()
   */
  public void setFile(String file) {
    setName(file);
  }

  /**
   * Gets the local username to set as the owner of the keytab file
   *
   * @return a String declaring the name of the user to own the keytab file
   */
  public String getOwnerName() {
    return ownerName;
  }

  /**
   * Sets the local username to set as the owner of the keytab file
   *
   * @param name a String declaring the name of the user to own the keytab file
   */
  public void setOwnerName(String name) {
    this.ownerName = name;
  }

  /**
   * Gets the access permissions that should be set on the keytab file related to the file's owner
   *
   * @return a String declaring the access permissions that should be set on the keytab file related
   * to the file's owner
   * @see #ownerAccess
   */
  public String getOwnerAccess() {
    return ownerAccess;
  }

  /**
   * Sets the access permissions that should be set on the keytab file related to the file's owner
   *
   * @param access a String declaring the access permissions that should be set on the keytab file
   *               related to the file's owner
   * @see #ownerAccess
   */
  public void setOwnerAccess(String access) {
    this.ownerAccess = access;
  }

  /**
   * Gets the local group name to set as the group owner of the keytab file
   *
   * @return a String declaring the name of the group to own the keytab file
   */
  public String getGroupName() {
    return groupName;
  }

  /**
   * Sets the local group name to set as the group owner of the keytab file
   *
   * @param name a String declaring the name of the group to own the keytab file
   */
  public void setGroupName(String name) {
    this.groupName = name;
  }

  /**
   * Gets the access permissions that should be set on the keytab file related to the file's group
   *
   * @return a String declaring the access permissions that should be set on the keytab file related
   * to the file's group
   * @see #groupAccess
   */
  public String getGroupAccess() {
    return groupAccess;
  }

  /**
   * Sets the access permissions that should be set on the keytab file related to the file's group
   *
   * @param access a String declaring the access permissions that should be set on the keytab file
   *               related to the file's group
   * @see #groupAccess
   */
  public void setGroupAccess(String access) {
    this.groupAccess = access;
  }

  /**
   * Gets the configuration type and property name indicating the property to be updated with the
   * keytab's file path
   *
   * @return a String declaring the configuration type and property name indicating the property to
   * be updated with the keytab's file path
   * #see #configuration
   */
  public String getConfiguration() {
    return configuration;
  }

  /**
   * Sets the configuration type and property name indicating the property to be updated with the
   * keytab's file path
   *
   * @param configuration a String declaring the configuration type and property name indicating the
   *                      property to be updated with the keytab's file path
   * @see #configuration
   */
  public void setConfiguration(String configuration) {
    this.configuration = configuration;
  }

  /**
   * Indicates whether the generated keytab is allowed to be cached by the Ambari server or not
   *
   * @return true if allowed to be cached; false otherwise
   */
  public boolean isCachable() {
    return cachable;
  }

  /**
   * Sets whether the generated keytab is allowed to be cached by the Ambari server or not
   *
   * @param cachable true if allowed to be cached; false otherwise
   */
  public void setCachable(boolean cachable) {
    this.cachable = cachable;
  }

  /**
   * Updates this KerberosKeytabDescriptor with data from another KerberosKeytabDescriptor
   * <p/>
   * Properties will be updated if the relevant updated values are not null.
   *
   * @param updates the KerberosKeytabDescriptor containing the updated values
   */
  public void update(KerberosKeytabDescriptor updates) {
    if (updates != null) {
      String updatedValue;

      updatedValue = updates.getFile();
      if (updatedValue != null) {
        setFile(updatedValue);
      }

      updatedValue = updates.getConfiguration();
      if (updatedValue != null) {
        setConfiguration(updatedValue);
      }

      updatedValue = updates.getOwnerName();
      if (updatedValue != null) {
        setOwnerName(updatedValue);
      }

      updatedValue = updates.getOwnerAccess();
      if (updatedValue != null) {
        setOwnerAccess(updatedValue);
      }

      updatedValue = updates.getGroupName();
      if (updatedValue != null) {
        setGroupName(updatedValue);
      }

      updatedValue = updates.getGroupAccess();
      if (updatedValue != null) {
        setGroupAccess(updatedValue);
      }
    }
  }

  /**
   * Creates a Map of values that can be used to create a copy of this KerberosKeytabDescriptor
   * or generate the JSON structure described in
   * {@link org.apache.ambari.server.state.kerberos.KerberosKeytabDescriptor}
   *
   * @return a Map of values for this KerberosKeytabDescriptor
   * @see org.apache.ambari.server.state.kerberos.KerberosKeytabDescriptor
   */
  @Override
  public Map<String, Object> toMap() {
    Map<String, Object> map = new TreeMap<String, Object>();

    String data;

    data = getFile();
    map.put("file", data);

    // Build file owner map
    Map<String, String> owner = new TreeMap<String, String>();

    data = getOwnerName();
    if (data != null) {
      owner.put("name", data);
    }

    data = getOwnerAccess();
    if (data != null) {
      owner.put("access", data);
    }

    if (!owner.isEmpty()) {
      map.put("owner", owner);
    }
    // Build file owner map (end)

    // Build file owner map
    Map<String, String> group = new TreeMap<String, String>();

    data = getGroupName();
    if (data != null) {
      group.put("name", data);
    }

    data = getGroupAccess();
    if (data != null) {
      group.put("access", data);
    }

    if (!owner.isEmpty()) {
      map.put("group", group);
    }
    // Build file owner map (end)

    data = getConfiguration();
    if (data != null) {
      map.put("configuration", data);
    }

    return map;
  }

  @Override
  public int hashCode() {
    return super.hashCode() +
        ((getConfiguration() == null)
            ? 0
            : getConfiguration().hashCode()) +
        ((getOwnerName() == null)
            ? 0
            : getOwnerName().hashCode()) +
        ((getOwnerAccess() == null)
            ? 0
            : getOwnerAccess().hashCode()) +
        ((getGroupName() == null)
            ? 0
            : getGroupName().hashCode()) +
        ((getGroupAccess() == null)
            ? 0
            : getGroupAccess().hashCode()) +
        ((getConfiguration() == null)
            ? 0
            : getConfiguration().hashCode());
  }

  @Override
  public boolean equals(Object object) {
    if (object == null) {
      return false;
    } else if (object == this) {
      return true;
    } else if (object.getClass() == KerberosKeytabDescriptor.class) {
      KerberosKeytabDescriptor descriptor = (KerberosKeytabDescriptor) object;
      return super.equals(object) &&
          (
              (getConfiguration() == null)
                  ? (descriptor.getConfiguration() == null)
                  : getConfiguration().equals(descriptor.getConfiguration())
          ) &&
          (
              (getOwnerName() == null)
                  ? (descriptor.getOwnerName() == null)
                  : getOwnerName().equals(descriptor.getOwnerName())
          ) &&
          (
              (getOwnerAccess() == null)
                  ? (descriptor.getOwnerAccess() == null)
                  : getOwnerAccess().equals(descriptor.getOwnerAccess())
          ) &&
          (
              (getGroupName() == null)
                  ? (descriptor.getGroupName() == null)
                  : getGroupName().equals(descriptor.getGroupName())
          ) &&
          (
              (getGroupAccess() == null)
                  ? (descriptor.getGroupAccess() == null)
                  : getGroupAccess().equals(descriptor.getGroupAccess())
          );
    } else {
      return false;
    }
  }
}