/*
   
    * The OpenSAML License, Version 1.
   
    * Copyright (c) 2003
   
    * University Corporation for Advanced Internet Development, Inc.
   
    * All rights reserved
  
   *
  
   *
  
   * Redistribution and use in source and binary forms, with or without
  
   * modification, are permitted provided that the following conditions are met:
  
   *
  
   * Redistributions of source code must retain the above copyright notice, this
  
   * list of conditions and the following disclaimer.
  
   *
  
   * Redistributions in binary form must reproduce the above copyright notice,
  
   * this list of conditions and the following disclaimer in the documentation
  
   * and/or other materials provided with the distribution, if any, must include
  
   * the following acknowledgment: "This product includes software developed by
  
   * the University Corporation for Advanced Internet Development
  
   * <http://www.ucaid.edu>Internet2 Project. Alternately, this acknowledegement
  
   * may appear in the software itself, if and wherever such third-party
  
   * acknowledgments normally appear.
  
   *
  
   * Neither the name of OpenSAML nor the names of its contributors, nor
  
   * Internet2, nor the University Corporation for Advanced Internet Development,
  
   * Inc., nor UCAID may be used to endorse or promote products derived from this
  
   * software without specific prior written permission. For written permission,
  
   * please contact opensaml@opensaml.org
  
   *
  
   * Products derived from this software may not be called OpenSAML, Internet2,
  
   * UCAID, or the University Corporation for Advanced Internet Development, nor
  
   * may OpenSAML appear in their name, without prior written permission of the
  
   * University Corporation for Advanced Internet Development.
  
   *
  
   *
  
   * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
  
   * AND WITH ALL FAULTS. ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
  
   * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
  
   * PARTICULAR PURPOSE, AND NON-INFRINGEMENT ARE DISCLAIMED AND THE ENTIRE RISK
  
   * OF SATISFACTORY QUALITY, PERFORMANCE, ACCURACY, AND EFFORT IS WITH LICENSEE.
  
   * IN NO EVENT SHALL THE COPYRIGHT OWNER, CONTRIBUTORS OR THE UNIVERSITY
  
   * CORPORATION FOR ADVANCED INTERNET DEVELOPMENT, INC. BE LIABLE FOR ANY DIRECT,
  
   * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
  
   * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
  
   * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
  
   * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  
   * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
  
   * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  
   */
  
  
  
  
 
 package org.opensciencegrid.authz.saml;
 
 
 
 import java.io.InputStream;
 
 import java.util.ArrayList;
 
 import java.util.Collection;
 
 import java.util.Iterator;
 
 
 
 import org.apache.log4j.Category;
 
 
 
 import org.w3c.dom.*;
 
 
 
 import org.opensaml.v1_0_1.*;
 
 
 
 /***
 
  * Represents a SAML authorization decision statement.
 
  *
 
  * @author      Markus Lorch - based on work from Helen Rehn, Scott Cantor
 
  * @created     October 28, 2004
 
  *  revised     January 6, 2005 - moved to OpenSAML 1.0.1
 
  *
 
  * Project: FNAL privilege project
 
  *
 
  */
 
 
 
 //public class ObligatedAuthorizationDecisionStatement extends SAMLAuthorizationDecisionStatement implements Cloneable {
 
 public class ObligatedAuthorizationDecisionStatement extends SAMLAuthorizationDecisionStatement  {
 
 
 
     /*** this is the only member variable we add, holds obligations (at least one is mandatory) */
 
     private ArrayList xacmlObligations = null;
 
 
 
     static Category log = Category.getInstance(ObligatedAuthorizationDecisionStatement.class.getName());
 
 
 
 
 
     /***
 
      *  Builds an ObligatedAuthorizationDecisionStatement out of its component parts
 
      *
 
      * @param  subject     subject of the statement
 
      * @param  resource    URI of the resource being accessed at the time of
 
      *                           the statement
 
      * @param  actions     specific actions the decision applies to
 
      * @param  evidence    evidence which may be considered
 
      * @param  xacmlObligations  XACML style obligations (obligated attribute assignments),
 
      *                           at a minimum one obligation is required
 
      * @exception  SAMLException  Raised if an AuthorizationDecisionStatement
 
      *             cannot be constructed from the supplied information
 
      */
 
     public ObligatedAuthorizationDecisionStatement(SAMLSubject subject,
 
                                               String resource, String decision,
 
                                               Collection actions,
 
                                               Collection evidence,
 
                                               Collection xacmlObligations)
 
             throws SAMLException {
 
  
 
         // initialization of parent
 
         super(subject, resource, decision, actions, evidence);
 
 
 
         // check for required fields
 
         if (xacmlObligations == null) {
 
             throw new SAMLException(SAMLException.RESPONDER, "ObligatedAuthorizationDecisionStatement() requires at least one obligation");
 
         }
 
         this.xacmlObligations = new ArrayList(1);
 
         this.xacmlObligations.addAll(xacmlObligations);
 
         log.debug("instantiated ObligatedAuthorizationDecisionStatement through default constructor");
 
     }
 
 
 
     /***
 
      *  Reconstructs a statement from a DOM tree
 
      *
 
      * @param  e                  The root of a DOM tree
 
      * @exception  SAMLException  Thrown if the object cannot be constructed
 
      */
 
     public ObligatedAuthorizationDecisionStatement(Element e)
 
         throws SAMLException
 
     {
 
         super(e);
 
         log.debug("Constructing ObligatedAuthorizationDecisionStatement from DOM tree");
 
         this.fromDOM(e);
 
     }
 
 
 
 
 
     /***
 
      *  Reconstructs a statement from a stream
 
      *
 
      * @param  in                   A stream containing XML
 
      * @exception  SAMLException  Raised if an exception occurs while constructing
 
      *                              the object.
 
      */
 
     public ObligatedAuthorizationDecisionStatement(InputStream in)
 
         throws SAMLException
 
     {
 
         super(fromStream(in));
 
         log.debug("Constructing ObligatedAuthorizationDecisionStatement from a stream");
 
         this.fromDOM(fromStream(in));
 
     }
 
 
 
 
 
     /***
 
      *  Initialization of statement from a DOM element.<P>
 
      *
 
      *  Checks the statement's syntactic validity. An exception
 
      *  is thrown if any problems are detected. The exception will contain a
 
      *  message describing the problem, and may wrap another exception.<P>
 
      *
 
      * @param  e                   Root element of a DOM tree
 
      * @exception  SAMLException   Raised if an exception occurs while constructing
 
      *                              the object.
 
      */
 
     public void fromDOM(Element e)
 
         throws SAMLException
 
     {
 
         super.fromDOM(e);
 
 
 
 
 
         if  (config.getBooleanProperty("org.opensaml.strict-dom-checking") && 
 
              !XML.isElementNamed(e,OSGXML.SAML_EXT_NS,"ObligatedAuthorizationDecisionStatement"))
 
         {
 
             QName q = QName.getQNameAttribute(e, XML.XSI_NS, "type");
 
             if (!XML.isElementNamed(e,XML.SAMLP_NS,"Statement") || !XML.isElementNamed(e,XML.SAMLP_NS,"SubjectStatement") ||
 
                 q == null || !OSGXML.SAML_EXT_NS.equals(q.getNamespaceURI()) || !"ObligatedAuthorizationDecisionStatementType".equals(q.getLocalName()))
 
                 throw new MalformedException(SAMLException.REQUESTER, "ObligatedAuthorizationDecisionStatement.fromDOM() requires "+OSGXML.SAML_EXT_NS+":ObligatedAuthorizationDecisionStatement at root");
 
         }
 
 
 
 
 
         // Obligations.
 
         Node n = e.getFirstChild();
 
         while (n != null)
 
         {
 
             if (n.getNodeType() == Node.ELEMENT_NODE && XML.isElementNamed((Element)n, OSGXML.SAML_EXT_NS, "XACMLObligation")) {
 
             //if (n.getNodeType() == Node.ELEMENT_NODE && ((Element)n).getLocalName().equals("XACMLObligation"))  {
 
                if(xacmlObligations == null) {
 
                    xacmlObligations = new ArrayList(1);
 
                }
 
                xacmlObligations.add( new XACMLObligation((Element)n));
 
             }
 
 
 
             n = n.getNextSibling();
 
         }
 
     }
 
 
 
     /***
 
      *  Gets the xacml obligations
 
      *
 
      * @return    string with the xacml obligations
 
      */
 
     public Iterator getXACMLObligations() {
 
         // we should always have obligations, but just in case there aren't any
 
         if(xacmlObligations==null) 
 
           return new ArrayList(0).iterator();
 
         else
 
           return xacmlObligations.iterator();
 
     }
 
 
 
 
 
     /***
 
      *  Overridden method to return a DOM tree representing the 
 
      *  ObligatedAuthorizationDecisionStatement
 
      *
 
      *  This class embeds an ObligatedAuthorizationDecisionStatement directly
 
      *  in a SAML assertion. This requires modification of the SAML schema and
 
      *  will have to be changed in a future version. 
 
      *
 
      *  In order not to have to modify the SAML schema we will have to utilize the 
 
      *  extension point saml:Statement. We will use xsi:type to specify the actual 
 
      *  type of statement wanted:<br>
 
      *  <saml:Statement	xsi:type="osg-saml:ObligatedAuthorizationDecisionStatementType">
 
      *
 
      * @param  doc  A Document object to use in manufacturing the tree
 
      * @param  xmlns Include namespace on root element - ignored
 
      * @return      Root element of a DOM tree
 
      */
 
     public Node toDOM(Document doc, boolean xmlns) throws SAMLException {
 
 
 
         log.debug("returning DOM tree with ObligatedAuthorizationDecisionStatement");
 
 
 
         Element s = doc.createElementNS(OSGXML.SAML_EXT_NS, "ObligatedAuthorizationDecisionStatement");
 
         //using extension point
 
         // Element s = doc.createElementNS(XML.SAML_NS, "Statement");
 
         //and xsi:type attribute to specify extension type
 
         //s.setAttributeNS(XML.XMLNS_NS, "xmlns:ogs-saml", "opensciencegrid.authrorization.saml");
 
         //s.setAttributeNS(XML.XSI_NS, "xsi:type", "osg-saml:ObligatedAuthorizationDecisionStatementType");
 
 
 
         // the rest remains the same
 
         //standard attributes
 
         s.setAttributeNS(null, "Resource", getResource());
 
         s.setAttributeNS(null, "Decision", getDecision());
 
         s.appendChild(getSubject().toDOM(doc));
 
         
 
         Iterator i = getActions();
 
         while (i.hasNext())
 
             s.appendChild(((SAMLAction)i.next()).toDOM(doc));
 
         
 
         i = getEvidence();
 
         while (i.hasNext()) {
 
             Object o = i.next();
 
             if (o instanceof SAMLAssertion)
 
                 s.appendChild(((SAMLAssertion)o).toDOM(doc));
 
             else if (o instanceof String)
 
                 s.appendChild(doc.createElementNS(XML.SAML_NS,"AssertionIDReference")).appendChild(doc.createTextNode((String)o));
 
         }
 
 
 
         // obligations
 
         i = getXACMLObligations();
 
         while (i.hasNext())
 
             s.appendChild(((XACMLObligation)i.next()).toDOM(doc));
 
         
 
         return root = s;
 
     }
 
 
 
 }