/*
 * Licensed to the Apache Software Foundation (ASF) under one
 * or more contributor license agreements.  See the NOTICE file
 * distributed with this work for additional information
 * regarding copyright ownership.  The ASF licenses this file
 * to you under the Apache License, Version 2.0 (the
 * "License"); you may not use this file except in compliance
 * with the License.  You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing,
 * software distributed under the License is distributed on an
 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 * KIND, either express or implied.  See the License for the
 * specific language governing permissions and limitations
 * under the License.
 */

package org.apache.ranger.plugin.policyengine;

import java.util.ArrayList;
import java.util.Date;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;

import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.log4j.Logger;

public class RangerAccessRequestImpl implements RangerAccessRequest {
	private static final Logger LOG = Logger.getLogger(RangerAccessRequestImpl.class);

	private RangerAccessResource resource;
	private String               accessType;
	private String               user;
	private Set<String>          userGroups;
	private Set<String>          userRoles;
	private Date                 accessTime;
	private String               clientIPAddress;
	private List<String>         forwardedAddresses;
	private String               remoteIPAddress;
	private String               clientType;
	private String               action;
	private String               requestData;
	private String               sessionId;
	private Map<String, Object>  context;
	private String				 clusterName;
	private String				 clusterType;

	private boolean isAccessTypeAny;
	private boolean isAccessTypeDelegatedAdmin;
	private ResourceMatchingScope resourceMatchingScope = ResourceMatchingScope.SELF;

	public RangerAccessRequestImpl() {
		this(null, null, null, null, null);
	}

	public RangerAccessRequestImpl(RangerAccessResource resource, String accessType, String user, Set<String> userGroups, Set<String> userRoles) {
		setResource(resource);
		setAccessType(accessType);
		setUser(user);
		setUserGroups(userGroups);
		setUserRoles(userRoles);
		setForwardedAddresses(null);

		// set remaining fields to default value
		setAccessTime(null);
		setRemoteIPAddress(null);
		setClientType(null);
		setAction(null);
		setRequestData(null);
		setSessionId(null);
		setContext(null);
		setClusterName(null);
	}

	public RangerAccessRequestImpl(RangerAccessRequest request) {
		setResource(request.getResource());
		setAccessType(request.getAccessType());
		setUser(request.getUser());
		setUserGroups(request.getUserGroups());
		setUserRoles(request.getUserRoles());
		setForwardedAddresses(request.getForwardedAddresses());
		setAccessTime(request.getAccessTime());
		setRemoteIPAddress(request.getRemoteIPAddress());
		setClientType(request.getClientType());
		setAction(request.getAction());
		setRequestData(request.getRequestData());
		setSessionId(request.getSessionId());
		setContext(request.getContext());
		setClusterName(request.getClusterName());
		setResourceMatchingScope(request.getResourceMatchingScope());
	}

	@Override
	public RangerAccessResource getResource() {
		return resource;
	}

	@Override
	public String getAccessType() {
		return accessType;
	}

	@Override
	public String getUser() {
		return user;
	}

	@Override
	public Set<String> getUserGroups() {
		return userGroups;
	}

	@Override
	public Set<String> getUserRoles() {
		return userRoles;
	}

	@Override
	public Date getAccessTime() {
		return accessTime;
	}

	@Override
	public String getClientIPAddress() { return clientIPAddress;}

	@Override
	public String getRemoteIPAddress() {
		return remoteIPAddress;
	}

	@Override
	public List<String> getForwardedAddresses() { return forwardedAddresses; }

	@Override
	public String getClientType() {
		return clientType;
	}

	@Override
	public String getAction() {
		return action;
	}

	@Override
	public String getRequestData() {
		return requestData;
	}

	@Override
	public String getSessionId() {
		return sessionId;
	}

	@Override
	public Map<String, Object> getContext() {
		return context;
	}

	@Override
	public ResourceMatchingScope getResourceMatchingScope() {
		return resourceMatchingScope;
	}

	@Override
	public boolean isAccessTypeAny() {
		return isAccessTypeAny;
	}

	@Override
	public boolean isAccessTypeDelegatedAdmin() {
		return isAccessTypeDelegatedAdmin;
	}

	public void setResource(RangerAccessResource resource) {
		this.resource = resource;
	}

	public void setAccessType(String accessType) {
		if (StringUtils.isEmpty(accessType)) {
			accessType = RangerPolicyEngine.ANY_ACCESS;
		}

		this.accessType            = accessType;
		isAccessTypeAny            = StringUtils.equals(accessType, RangerPolicyEngine.ANY_ACCESS);
		isAccessTypeDelegatedAdmin = StringUtils.equals(accessType, RangerPolicyEngine.ADMIN_ACCESS);
	}

	public void setUser(String user) {
		this.user = user;
	}

	public void setUserGroups(Set<String> userGroups) {
		this.userGroups = (userGroups == null) ? new HashSet<String>() : userGroups;
	}

	public void setUserRoles(Set<String> userRoles) {
		this.userRoles = (userRoles == null) ? new HashSet<String>() : userRoles;
	}

	public void setAccessTime(Date accessTime) {
		this.accessTime = accessTime;
	}

	public void setClientIPAddress(String ipAddress) {
		this.clientIPAddress = ipAddress;
	}

	public void setForwardedAddresses(List<String> forwardedAddresses) {
		this.forwardedAddresses = (forwardedAddresses == null) ? new ArrayList<String>() : forwardedAddresses;
	}

	public void setRemoteIPAddress(String remoteIPAddress) {
		this.remoteIPAddress = remoteIPAddress;
	}

	public void setClientType(String clientType) {
		this.clientType = clientType;
	}

	public void setAction(String action) {
		this.action = action;
	}

	public void setRequestData(String requestData) {
		this.requestData = requestData;
	}

	public void setSessionId(String sessionId) {
		this.sessionId = sessionId;
	}
	
	public String getClusterName() {
		return clusterName;
	}

	public void setClusterName(String clusterName) {
		this.clusterName = clusterName;
	}

	public String getClusterType() {
		return clusterType;
	}

	public void setClusterType(String clusterType) {
		this.clusterType = clusterType;
	}

	public void setResourceMatchingScope(ResourceMatchingScope scope) { this.resourceMatchingScope = scope; }

	public void setContext(Map<String, Object> context) {
		this.context = (context == null) ? new HashMap<String, Object>() : context;
	}

	public void extractAndSetClientIPAddress(boolean useForwardedIPAddress, String[]trustedProxyAddresses) {
		String ip = getRemoteIPAddress();
		if (ip == null) {
			ip = getClientIPAddress();
		}

		String newIp = ip;

		if (useForwardedIPAddress) {
			if (LOG.isDebugEnabled()) {
				LOG.debug("Using X-Forward-For...");
			}
			if (CollectionUtils.isNotEmpty(getForwardedAddresses())) {
				if (trustedProxyAddresses != null && trustedProxyAddresses.length > 0) {
					if (StringUtils.isNotEmpty(ip)) {
						for (String trustedProxyAddress : trustedProxyAddresses) {
							if (StringUtils.equals(ip, trustedProxyAddress)) {
								newIp = getForwardedAddresses().get(0);
								break;
							}
						}
					}
				} else {
					newIp = getForwardedAddresses().get(0);
				}
			} else {
				if (LOG.isDebugEnabled()) {
					LOG.debug("No X-Forwarded-For addresses in the access-request");
				}
			}
		}

		if (LOG.isDebugEnabled()) {
			LOG.debug("Old Remote/Client IP Address=" + ip + ", new IP Address=" + newIp);
		}
		setClientIPAddress(newIp);
	}

	@Override
	public String toString( ) {
		StringBuilder sb = new StringBuilder();

		toString(sb);

		return sb.toString();
	}

	public StringBuilder toString(StringBuilder sb) {
		sb.append("RangerAccessRequestImpl={");

		sb.append("resource={").append(resource).append("} ");
		sb.append("accessType={").append(accessType).append("} ");
		sb.append("user={").append(user).append("} ");

		sb.append("userGroups={");
		if(userGroups != null) {
			for(String userGroup : userGroups) {
				sb.append(userGroup).append(" ");
			}
		}
		sb.append("} ");

		sb.append("userRoles={");
		if(userRoles != null) {
			for(String role : userRoles) {
				sb.append(role).append(" ");
			}
		}
		sb.append("} ");

		sb.append("accessTime={").append(accessTime).append("} ");
		sb.append("clientIPAddress={").append(getClientIPAddress()).append("} ");
		sb.append("forwardedAddresses={").append(StringUtils.join(forwardedAddresses, " ")).append("} ");
		sb.append("remoteIPAddress={").append(remoteIPAddress).append("} ");
		sb.append("clientType={").append(clientType).append("} ");
		sb.append("action={").append(action).append("} ");
		sb.append("requestData={").append(requestData).append("} ");
		sb.append("sessionId={").append(sessionId).append("} ");
		sb.append("resourceMatchingScope={").append(resourceMatchingScope).append("} ");
		sb.append("clusterName={").append(clusterName).append("} ");
		sb.append("clusterType={").append(clusterType).append("} ");

		sb.append("context={");
		if(context != null) {
			for(Map.Entry<String, Object> e : context.entrySet()) {
				sb.append(e.getKey()).append("={").append(e.getValue()).append("} ");
			}
		}
		sb.append("} ");

		sb.append("}");

		return sb;
	}
	@Override
	public RangerAccessRequest getReadOnlyCopy() {
		return new RangerAccessRequestReadOnly(this);
	}
}