/*
 */
package org.apache.taverna.server.master.interfaces;
/*
 * Licensed to the Apache Software Foundation (ASF) under one or more
 * contributor license agreements.  See the NOTICE file distributed with
 * this work for additional information regarding copyright ownership.
 * The ASF licenses this file to You under the Apache License, Version 2.0
 * (the "License"); you may not use this file except in compliance with
 * the License.  You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.Principal;
import java.util.Set;

import javax.ws.rs.core.HttpHeaders;
import javax.xml.ws.handler.MessageContext;

import org.springframework.security.core.context.SecurityContext;
import org.apache.taverna.server.localworker.remote.ImplementationException;
import org.apache.taverna.server.master.common.Credential;
import org.apache.taverna.server.master.common.Trust;
import org.apache.taverna.server.master.exceptions.InvalidCredentialException;
import org.apache.taverna.server.master.utils.UsernamePrincipal;

/**
 * Security context for a workflow run.
 * 
 * @author Donal Fellows
 */
public interface TavernaSecurityContext {
	/**
	 * @return Who owns the security context.
	 */
	UsernamePrincipal getOwner();

	/**
	 * Describe the names of the users (as extracted from their
	 * {@link Principal} objects) that may destroy the run or manipulate its
	 * lifetime.
	 * 
	 * @return The names of the users who may use destroy operations. Read-only.
	 */
	Set<String> getPermittedDestroyers();

	/**
	 * Sets the collection of names of users (as extracted from their
	 * {@link Principal} objects) that may destroy the run or manipulate its
	 * lifetime.
	 * 
	 * @param destroyers
	 *            The names of the users who may use destroy operations.
	 */
	void setPermittedDestroyers(Set<String> destroyers);

	/**
	 * Describe the names of the users (as extracted from their
	 * {@link Principal} objects) that may update the run (including writing to
	 * files).
	 * 
	 * @return The names of the users who may use update operations. Read-only.
	 */
	Set<String> getPermittedUpdaters();

	/**
	 * Sets the collection of names of users (as extracted from their
	 * {@link Principal} objects) that may update the run (including writing to
	 * its files).
	 * 
	 * @param updaters
	 *            The names of the users who may use update operations.
	 */
	void setPermittedUpdaters(Set<String> updaters);

	/**
	 * Describe the names of the users (as extracted from their
	 * {@link Principal} objects) that may read from the run (including its
	 * files).
	 * 
	 * @return The names of the users who may use read operations. Read-only.
	 */
	Set<String> getPermittedReaders();

	/**
	 * Sets the collection of names of users (as extracted from their
	 * {@link Principal} objects) that may read from the run (including its
	 * files).
	 * 
	 * @param readers
	 *            The names of the users who may use read operations.
	 */
	void setPermittedReaders(Set<String> readers);

	/**
	 * @return The credentials owned by the user. Never <tt>null</tt>.
	 */
	Credential[] getCredentials();

	/**
	 * Add a credential to the owned set or replaces the old version with the
	 * new one.
	 * 
	 * @param toAdd
	 *            The credential to add.
	 */
	void addCredential(Credential toAdd);

	/**
	 * Remove a credential from the owned set. It's not a failure to remove
	 * something that isn't in the set.
	 * 
	 * @param toDelete
	 *            The credential to remove.
	 */
	void deleteCredential(Credential toDelete);

	/**
	 * Tests if the credential is valid. This includes testing whether the
	 * underlying credential file exists and can be unlocked by the password in
	 * the {@link Credential} object.
	 * 
	 * @param c
	 *            The credential object to validate.
	 * @throws InvalidCredentialException
	 *             If it is invalid.
	 */
	void validateCredential(Credential c) throws InvalidCredentialException;

	/**
	 * @return The identities trusted by the user. Never <tt>null</tt>.
	 */
	Trust[] getTrusted();

	/**
	 * Add an identity to the trusted set.
	 * 
	 * @param toAdd
	 *            The identity to add.
	 */
	void addTrusted(Trust toAdd);

	/**
	 * Remove an identity from the trusted set. It's not a failure to remove
	 * something that isn't in the set.
	 * 
	 * @param toDelete
	 *            The identity to remove.
	 */
	void deleteTrusted(Trust toDelete);

	/**
	 * Tests if the trusted identity descriptor is valid. This includes checking
	 * whether the underlying trusted identity file exists.
	 * 
	 * @param t
	 *            The trusted identity descriptor to check.
	 * @throws InvalidCredentialException
	 *             If it is invalid.
	 */
	void validateTrusted(Trust t) throws InvalidCredentialException;

	/**
	 * Establish the security context from how the owning workflow run was
	 * created. In particular, this gives an opportunity for boot-strapping
	 * things with any delegateable credentials.
	 * 
	 * @param securityContext
	 *            The security context associated with the request that caused
	 *            the workflow to be created.
	 * @throws Exception
	 *             If anything goes wrong.
	 */
	void initializeSecurityFromContext(SecurityContext securityContext)
			throws Exception;

	/**
	 * Establish the security context from how the owning workflow run was
	 * created. In particular, this gives an opportunity for boot-strapping
	 * things with any delegateable credentials.
	 * 
	 * @param context
	 *            The full information about the request that caused the
	 *            workflow to be created.
	 */
	void initializeSecurityFromSOAPContext(MessageContext context);

	/**
	 * Establish the security context from how the owning workflow run was
	 * created. In particular, this gives an opportunity for boot-strapping
	 * things with any delegateable credentials.
	 * 
	 * @param headers
	 *            The full information about the request that caused the
	 *            workflow to be created.
	 */
	void initializeSecurityFromRESTContext(HttpHeaders headers);

	/**
	 * Transfer the security context to the remote system.
	 * 
	 * @throws IOException
	 *             If the communication fails.
	 * @throws GeneralSecurityException
	 *             If the assembly of the context fails.
	 * @throws ImplementationException
	 *             If the local worker has problems with creating the realized
	 *             security context.
	 */
	void conveySecurity() throws GeneralSecurityException, IOException,
			ImplementationException;

	/**
	 * @return The factory that created this security context.
	 */
	SecurityContextFactory getFactory();
}