/*
 *   Licensed to the Apache Software Foundation (ASF) under one
 *   or more contributor license agreements.  See the NOTICE file
 *   distributed with this work for additional information
 *   regarding copyright ownership.  The ASF licenses this file
 *   to you under the Apache License, Version 2.0 (the
 *   "License"); you may not use this file except in compliance
 *   with the License.  You may obtain a copy of the License at
 *
 *     https://www.apache.org/licenses/LICENSE-2.0
 *
 *   Unless required by applicable law or agreed to in writing,
 *   software distributed under the License is distributed on an
 *   "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 *   KIND, either express or implied.  See the License for the
 *   specific language governing permissions and limitations
 *   under the License.
 *
 */
package org.apache.directory.fortress.core.samples;

import java.util.List;

import junit.framework.Test;
import junit.framework.TestCase;
import junit.framework.TestSuite;

import org.apache.directory.fortress.core.AccessMgr;
import org.apache.directory.fortress.core.AccessMgrFactory;
import org.apache.directory.fortress.core.GlobalErrIds;
import org.apache.directory.fortress.core.PasswordException;
import org.apache.directory.fortress.core.SecurityException;
import org.apache.directory.fortress.core.impl.TestUtils;
import org.apache.directory.fortress.core.model.Session;
import org.apache.directory.fortress.core.model.User;
import org.apache.directory.fortress.core.model.UserRole;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/**
 * CreateSessionSample JUnit Test. Fortress Sessions are modeled on the RBAC specification.  Each Session
 * may contain User attributes plus all of their activated Roles.  The Session will also contain pw policy
 * and error status flags that were set during User's previous CreateSession invocation.
 *
 *
 * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
 */
public class CreateSessionSample extends TestCase
{
    private static final String CLS_NM = CreateSessionSample.class.getName();
    private static final Logger LOG = LoggerFactory.getLogger( CLS_NM );

    public CreateSessionSample(String name)
    {
        super(name);
    }

    /**
     * Run several Use cases that demonstrate RBAC Session creation attempts using common scenarios.
     * @return Test
     */
    public static Test suite()
    {
        TestSuite suite = new TestSuite();
        suite.addTest(new CreateSessionSample("testCreateSession"));
        suite.addTest(new CreateSessionSample("testCreateSessionWithRole"));
        suite.addTest(new CreateSessionSample("testCreateSessionTrusted"));
        suite.addTest(new CreateSessionSample("testCreateSessionWithRolesTrusted"));
        return suite;
    }

    /**
     * This method is simple wrapper.
     *
     */
    public void testCreateSession()
    {
        //createSession("oamuser1", "passw0rd1", 10);
        createSession(CreateUserSample.TEST_USERID, CreateUserSample.TEST_PASSWORD, 10);
    }

    /**
     * Another wrapper for create session with roles.
     *
     */
    public void testCreateSessionWithRole()
    {
        //createSessionsWithRole(CreateUserSample.TEST_USERID, CreateUserSample.TEST_PASSWORD, CreateRoleSample.TEST_SIMPLE_ROLE);
        createSessionsWithRole(CreateUserSample.TEST_USERID, CreateUserSample.TEST_PASSWORD, CreateRoleSample.TEST_ROLE_PREFIX + "1");
    }

    /**
     * This wrapper will create a session passing roles without a password.
     *
     */
    public void testCreateSessionWithRolesTrusted()
    {
        createSessionsWithRolesTrusted(CreateUserSample.TEST_USERID, new String[]{CreateRoleSample.TEST_ROLE_PREFIX + "1", CreateRoleSample.TEST_ROLE_PREFIX + "3", CreateRoleSample.TEST_ROLE_PREFIX + "4"}, 3);
    }

    /**
     * This wrapper will create a session without a password.
     *
     */
    public void testCreateSessionTrusted()
    {
        createSessionTrusted(CreateUserSample.TEST_USERID);
    }

    /**
     * Calls AccessMgr createSession API.  Will check to ensure the RBAC Session contains the expected number of Roles
     * activated.
     *
     * @param userId  Case insensitive userId.
     * @param password Password is case sensitive, clear text but is stored in directory as hashed value.
     * @param expectedRoles integer contains the expected number of Roles in the Session.
     */
    public static void createSession(String userId, String password, int expectedRoles)
    {
        String szLocation = ".createSession";
        try
        {
            // Instantiate the AccessMgr implementation which perform runtime RBAC operations.
            AccessMgr accessMgr = AccessMgrFactory.createInstance(TestUtils.getContext());

            // The User entity is used to pass data into the createSession API.
            User user = new User(userId, password);

            // This API will return a Session object that contains the User's activated Roles and other info.
            Session session = accessMgr.createSession(user, false);

            // createSession will throw SecurityException if fails thus the Session should never be null.
            assertNotNull(session);

            // Pull the userId from the Session.
            String sessUserId = accessMgr.getUserId(session);
            assertTrue(szLocation + " failed compare found userId in session [" + sessUserId + "] valid userId [" + userId + "]", userId.equalsIgnoreCase(sessUserId));

            // Get the User's activated Roles.
            List<UserRole> uRoles = session.getRoles();

            // do some validations
            assertNotNull(uRoles);
            assertEquals(szLocation + " user role check failed list size user [" + user.getUserId() + "]", expectedRoles, uRoles.size());
            // now try negative test case:
            try
            {
                // this better fail
                User userBad = new User(user.getUserId(), "badpw");

                // The API will authenticate the User password, evaluate password policies and perform Role activations.
                accessMgr.createSession(userBad, false);
                fail(szLocation + " userId [" + userId + "]  failed negative test");
            }
            catch (PasswordException pe)
            {
                assertTrue(szLocation + " userId [" + userId + "]  excep id check", pe.getErrorId() == GlobalErrIds.USER_PW_INVLD);
                // pass
            }
            catch (SecurityException se)
            {
                fail(szLocation + " userId [" + userId + "]  failed with unexpected errorId" + se.getErrorId() + " msg=" + se.getMessage());
                // pass
            }
            LOG.info(szLocation + " userId [" + userId + "] successful");
        }
        catch (SecurityException ex)
        {
            LOG.error(szLocation + " userId [" + userId + "]  caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex);
            fail(ex.getMessage());
        }
    }

    /**
     * Call the AccessMgr createSession API passing a single Role for activation.  Successful RBAC Session should
     * contains same Role activated.
     *
     * @param userId  Case insensitive userId.
     * @param password Password is case sensitive, clear text but is stored in directory as hashed value.
     * @param role contains role name of Role targeted for Activation.
     */
    public static void createSessionsWithRole(String userId, String password, String role)
    {
        String szLocation = ".createSessionsWithRole";
        try
        {
            // Instantiate the AccessMgr implementation which perform runtime RBAC operations.
            AccessMgr accessMgr = AccessMgrFactory.createInstance(TestUtils.getContext());

            // The User entity is used to pass data into the createSession API.
            User user = new User(userId, password);
            user.setRoleName(role);

            // The API will authenticate the User password, evaluate password policies and perform Role activations.
            Session session = accessMgr.createSession(user, false);

            // createSession will throw SecurityException if fails thus the Session should never be null.
            assertNotNull(session);

            // do some validations
            // Get the User's activated Roles.
            List<UserRole> sessRoles = session.getRoles();
            assertTrue(szLocation + " userId [" + userId + "]  with roles failed role check", sessRoles.contains(new UserRole(role)));
            LOG.info(szLocation + "  userId [" + userId + "] successful");
        }
        catch (SecurityException ex)
        {
            LOG.error(szLocation + " userId [" + userId + "]  caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex);
            fail(ex.getMessage());
        }
    }

    /**
     * Create RBAC Session and activated supplied Roles.  This scenario perform authentication in trusted manner
     * which does not require User password.
     *
     * @param userId  Case insensitive userId.
     * @param roles array of Role names to activate into RBAC Session.
     * @param expectedRoles integer contains the expected number of Roles in the Session.
     */
    public static void createSessionsWithRolesTrusted(String userId, String[] roles, int expectedRoles)
    {
        String szLocation = ".createSessionsWithRolesTrusted";
        try
        {
            AccessMgr accessMgr = AccessMgrFactory.createInstance(TestUtils.getContext());

            // The User entity is used to pass data into the createSession API.
            User user = new User(userId);

            // iterate over array of input Role names.
            for (String roleName : roles)
            {
                // Add the Role name to list of Roles to be activated on Session.
                user.setRoleName(roleName);
            }

            // The API will verify User is good and perform Role activations.  Request will fail if User is locked out of ldap for any reason.
            Session session = accessMgr.createSession(user, true);

            // createSession will throw SecurityException if fails thus the Session should never be null.
            assertNotNull(session);

            // Get the User's activated Roles.
            List<UserRole> sessRoles = session.getRoles();

            // do some validations
            assertEquals(szLocation + " user role check failed list size user [" + user.getUserId() + "]", expectedRoles, sessRoles.size());
            for (String roleName : roles)
            {
                assertTrue(szLocation + " userId [" + userId + "]  with roles trusted failed role check", sessRoles.contains(new UserRole(roleName)));
            }

            LOG.info(szLocation + "  userId [" + userId + "] successful");
        }
        catch (SecurityException ex)
        {
            LOG.error(szLocation + " caught userId [" + userId + "]  SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex);
            fail(ex.getMessage());
        }
    }

    /**
     * Create trusted RBAC Session.  This API will attempt to activate all of the User's assigned Roles.
     *
     * @param userId  Case insensitive userId.
     */
    public static void createSessionTrusted(String userId)
    {
        String szLocation = ".createSessionTrusted";
        try
        {
            // Instantiate the AccessMgr implementation which perform runtime RBAC operations.
            AccessMgr accessMgr = AccessMgrFactory.createInstance(TestUtils.getContext());

            // The User entity is used to pass data into the createSession API.
            User user = new User(userId);

            // The API will verify User is good and perform Role activations.  Request will fail if User is locked out of ldap for any reason.
            Session session = accessMgr.createSession(user, true);

            // createSession will throw SecurityException if fails thus the Session should never be null.
            assertNotNull(session);
            LOG.info(szLocation + "  userId [" + userId + "] successful");
        }
        catch (SecurityException ex)
        {
            LOG.error(szLocation + " userId [" + userId + "] caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex);
            fail(ex.getMessage());
        }
    }
}