/*
 * Copyright (c) 2003, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License version 2 only, as
 * published by the Free Software Foundation.
 *
 * This code is distributed in the hope that it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 * version 2 for more details (a copy is included in the LICENSE file that
 * accompanied this code).
 *
 * You should have received a copy of the GNU General Public License version
 * 2 along with this work; if not, write to the Free Software Foundation,
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
 * or visit www.oracle.com if you need additional information or have any
 * questions.
 */

import javax.security.auth.callback.*;
import java.util.Map;
import java.util.Properties;
import java.io.*;
import javax.security.sasl.AuthorizeCallback;
import javax.security.sasl.RealmCallback;

public final class PropertiesFileCallbackHandler implements CallbackHandler {
    private Properties pwDb, namesDb, proxyDb;

    /**
     * Contents of files are in the Properties file format.
     *
     * @param pwFile name of file containing name/password pairs
     * @param namesFile name of file containing name to canonicalized name
     * @param proxyFile name of file containing authname to list of authzids
     */
    public PropertiesFileCallbackHandler(String pwFile, String namesFile,
        String proxyFile) throws IOException {
        String dir = System.getProperty("test.src");
        if (dir == null) {
            dir = ".";
        }
        dir = dir + "/";

        if (pwFile != null) {
            pwDb = new Properties();
            pwDb.load(new FileInputStream(dir+pwFile));
        }

        if (namesFile != null) {
            namesDb = new Properties();
            namesDb.load(new FileInputStream(dir+namesFile));
        }

        if (proxyFile != null) {
            proxyDb = new Properties();
            proxyDb.load(new FileInputStream(dir+proxyFile));
        }
    }

    public void handle(Callback[] callbacks)
        throws UnsupportedCallbackException {
        NameCallback ncb = null;
        PasswordCallback pcb = null;
        AuthorizeCallback acb = null;
        RealmCallback rcb = null;

        for (int i = 0; i < callbacks.length; i++) {
            if (callbacks[i] instanceof NameCallback) {
                ncb = (NameCallback) callbacks[i];
            } else if (callbacks[i] instanceof PasswordCallback) {
                pcb = (PasswordCallback) callbacks[i];
            } else if (callbacks[i] instanceof AuthorizeCallback) {
                acb = (AuthorizeCallback) callbacks[i];
            } else if (callbacks[i] instanceof RealmCallback) {
                rcb = (RealmCallback) callbacks[i];
            } else {
                throw new UnsupportedCallbackException(callbacks[i]);
            }
        }

        // Process retrieval of password; can get password iff
        // username is available in NameCallback
        //
        // Ignore realm for now; could potentially use different dbs for
        // different realms

        if (pcb != null && ncb != null) {
            String username = ncb.getDefaultName();
            String pw = pwDb.getProperty(username);
            if (pw != null) {
                char[] pwchars = pw.toCharArray();
                pcb.setPassword(pwchars);
                // Clear pw
                for (int i = 0; i <pwchars.length; i++) {
                    pwchars[i] = 0;
                }

                // Set canonicalized username if any
                String canonAuthid =
                    (namesDb != null? namesDb.getProperty(username) : null);
                if (canonAuthid != null) {
                    ncb.setName(canonAuthid);
                }
            }
        }

        // Check for authorization

        // Ignore realm for now; could potentially use different dbs for
        // different realms

        if (acb != null) {
            String authid = acb.getAuthenticationID();
            String authzid = acb.getAuthorizationID();
            if (authid.equals(authzid)) {
                // Self is always authorized
                acb.setAuthorized(true);

            } else {
                // Check db for allowed authzids
                String authzes = (proxyDb != null ? proxyDb.getProperty(authid)
                    : null);
                if (authzes != null && authzes.indexOf(authzid) >= 0) {
                    // XXX need to search for subtrings or use StringTokenizer
                    // to avoid incorrectly matching subnames
                    acb.setAuthorized(true);
                }
            }

            if (acb.isAuthorized()) {
                // Set canonicalized name
                String canonAuthzid = (namesDb != null ?
                    namesDb.getProperty(authzid) : null);
                if (canonAuthzid != null) {
                    acb.setAuthorizedID(canonAuthzid);
                }
            }
        }
    }
}