/*
    * LDAPGroup.java
    *
    * Created on May 25, 2004, 11:57 AM
    */
   
   package gov.bnl.gums.userGroup;
   
   import gov.bnl.gums.GUMS;
  import gov.bnl.gums.GridUser;
  import gov.bnl.gums.configuration.Configuration;
  
  import java.util.*;
  
  import javax.naming.*;
  import javax.naming.directory.*;
  import javax.persistence.Entity;
  import javax.persistence.Transient;
  
  import org.apache.log4j.Logger;
  
  
  /** A group of users defined by an LDAP VO.
   * <p>
   * The query should be :
   * <ul>
   *   <li>A People ou (i.e. ou=People,o=atlas,dc=eu-datagrid,dc=org). All the 
   *   object found in that category will have to have a 'description' attribute
   *   which will contain the certificate DN</li>
   *   <li>A group ou (i.e. ou=usatlas,o=atlas,dc=eu-datagrid,dc=org). The ou
   *   object will need to have a 'member' property with the list of people in 
   *   the VO that are in the group. Each member will be an object in
   *   ou=People</li>
   *   <li>A root o (i.e. o=atlas,dc=eu-datagrid,dc=org). A ou=People object will
   *   be expected, and it will behave like the first option</li>
   * </ul>
   *
   * @author Gabriele Carcassi, Jay Packard
   */
  @Entity
  public class LDAPUserGroup extends UserGroup {
  	static protected Logger log = Logger.getLogger(LDAPUserGroup.class);
  	static protected Logger gumsAdminLog = Logger.getLogger(GUMS.gumsAdminLogName);
  
  	protected String peopleContext = null;
  
  	// persistent variables
  	protected String server;
  	protected String certDNField = "description";
  	protected String memberUidField = "memberUid";
  	protected String uidField = "uid";
  	protected String peopleTree;
  	protected String peopleObject = "ou=People";
  	protected String groupTree;
  
  	public LDAPUserGroup() {
  		super();
  		hasCache = true;
  	}
  	
  	public LDAPUserGroup(Configuration configuration, String name) {
  		super(configuration, name);
  		hasCache = true;
  	}
  	
  	/**
  	 * Getter for property certDN
  	 * 
  	 * @return cert DN as string
  	 */
  	 public String getCertDNField() {
  		 return certDNField;
  	 }
  
  	 /**
  	  * Getter for property groupTree
  	  *
  	  * @return groupTree as string
  	  */
  	 public String getGroupTree() {
  		 return groupTree;
  	 }
  
  	 public String getMemberUidField() {
  		 return memberUidField;
  	 }
  
  	 /**
  	  * Getter for property peopleTree
  	  *
  	  * @return peopleTree as string
  	  */
  	 public String getPeopleTree() {
  		 return peopleTree;
  	 }
  
  	 /**
  	  * The LDAP query used to retrieveGetter for property query.
  	  * 
 	  * @return The LDAP query used. i.e. "ou=usatlas,o=atlas,dc=eu-datagrid,dc=org"
 	  */
 	 @Transient
 	 public String getQuery() {
 		 return peopleTree;
 	 }
 
 	 /**
 	  * Returns the name of the LDAP server used to retrieve the list of users.
 	  * 
 	  * @return The name of the server server. i.e. "grid-vo.nikhef.nl"
 	  */
 	 public String getServer() {
 		 return this.server;
 	 }
 
 	 public String getUidField() {
 		 return uidField;
 	 }
 
 	 /**
 	  * Setter for property certDN
 	  * 
 	  * @param certDN as string
 	  */
 	 @ConfigFieldAnnotation(label="Certificate DN Field", example="description")  
 	 public void setCertDNField(String certDNField) {
 		 this.certDNField = certDNField;
 	 }
 
 	 /**
 	  * Setter for property groupTree
 	  *
 	  * @param groupTree as string
 	  */
 	 @ConfigFieldAnnotation(label="Group Tree", example="ou=Group,dc=usatlas,dc=bnl,dc=gov")
 	 public void setGroupTree(String groupTree) {
 		 this.groupTree = groupTree;
 	 }
 
 	 @ConfigFieldAnnotation(label="Member Field", example="memberUid", help="field containing user ID in 'Group' object")
 	 public void setMemberUidField(String memberUidField) {
 		 this.memberUidField = memberUidField;
 	 }
 
 	 /**
 	  * Setter for property peopleTree
 	  *
 	  * @param peopleTree as string
 	  */
 	 @ConfigFieldAnnotation(label="People Tree", example="ou=People,dc=usatlas,dc=bnl,dc=gov")
 	 public void setPeopleTree(String peopleTree) {
 		 if (peopleTree == null)
 			 return;
 		 this.peopleTree = peopleTree;
 		 this.peopleObject = peopleTree.substring(0, peopleTree.indexOf(','));
 		 this.peopleContext = peopleTree.substring(peopleTree.indexOf(',')+1);
 	 }
 
 	 /**
 	  * Changes the LDAP query used to retrieveGetter for property query.
 	  * 
 	  * @param query The LDAP query used. i.e. "ou=usatlas,o=atlas,dc=eu-datagrid,dc=org"
 	  * @deprecated
 	  */
 	 public void setQuery(String query) {
 		 if (query == null)
 			 return;
 		 if (query.startsWith(peopleObject+",")) {
 			 peopleTree = query;
 			 peopleObject = query.substring(0, query.indexOf(','));
 			 peopleContext = query.substring(query.indexOf(',')+1);
 		 } else if (query.startsWith("ou=")) {
 			 peopleObject = "ou=People";
 			 peopleContext = query.substring(query.indexOf(',')+1);
 			 peopleTree = peopleObject + "," + peopleContext;
 		 } else if (query.startsWith("o=")) {
 			 peopleObject = "ou=People";
 			 peopleContext = query;
 			 peopleTree = peopleObject + "," + peopleContext;
 		 } else {
 			 throw new IllegalArgumentException("The query is not understood by the LDAP group. It is expected to start with \"ou=...\" or \"o=...\"");
 		 }
 	 }
 
 	 /**
 	  * Changes the LDAP server used to retrieve the list of users.
 	  * @param server The name of the server server. i.e. "grid-vo.nikhef.nl"
 	  */
 	 @ConfigFieldAnnotation(label="LDAP Server", example="grid-vo.nikhef.nl") 
 	 public void setServer(String server) {
 		 this.server = server;
 	 }
 
 	 @ConfigFieldAnnotation(label="Account UID Field", example="uid")
 	 public void setUidField(String uidField) {
 		 this.uidField = uidField;
 	 }
 
 	 private Set<GridUser> retrieveGroupMembers(DirContext rootCtx, Attribute members) throws javax.naming.NamingException {
 		 Map<String, String> people = retrievePeopleMap(rootCtx);
 		 NamingEnumeration<?> names = members.getAll();
 		 Set<GridUser> users = new HashSet<GridUser>();
 		 while (names.hasMore()) {
 			 // Converting the people to the DN, by looking up the person description attribute
 			 String ldapName = (String)names.next();
 			 ldapName = ldapName.trim();
 			 String certDN = people.get(ldapName);
 			 if (certDN == null) {
 				 gumsAdminLog.warn("Member of a LDAP VO group not mapped to any certificate: '" + ldapName + "'");
 			 } else {
 				 users.add(new GridUser(certDN));
 			 }
 		 }
 		 if (users.isEmpty())
 			 gumsAdminLog.warn("The following group returned no members: " + this);
 		 return users;
 	 }
 
 	 /**
 	  * Returns the list of member retrieved from the LDAP server. The members are not saved in the database.
 	  * Must be synchronized since the System properties are being set
 	  * 
 	  * @return A list of VOEntry objects representing the members.
 	  */
 	 protected synchronized Set<GridUser> retrieveMembers() {
 		 java.util.Properties properties = retrieveProperties();
 		 log.info("Retrieving members from '" + properties.getProperty("java.naming.provider.url") + "'  '" + peopleTree + "' '" + groupTree + "'");
 		 try {
 			 javax.naming.directory.DirContext jndiCtx = new javax.naming.directory.InitialDirContext(properties);
 			 if (!peopleTree.equals("") && groupTree.equals("")) {
 				 DirContext rootCtx = (DirContext) jndiCtx.lookup(peopleContext);
 				 return retrieveVOMembers(rootCtx);
 			 }
 			 else if (!groupTree.equals("") && !peopleTree.equals("")) {
 				 Attributes atts = jndiCtx.getAttributes(groupTree);
 				 Attribute members = atts.get(memberUidField);
 				 if (members == null) {
 					 String message = "Couldn't retrieve the list of members from the LDAP group: missing attribute member";
 					 GUMS.gumsAdminEmailLog.put("ldapUpdateProblem", message, false);
 					 throw new RuntimeException(message);
 				 }
 				 DirContext rootCtx = (DirContext) jndiCtx.lookup(peopleContext);
 				 return retrieveGroupMembers(rootCtx, members);            
 			 }
 		 } catch (javax.naming.NamingException e) {
 			 String message = "Couldn't retrieve users from LDAP server: " + e;
 			 /*            if (e.getRootCause() != null) {
                 message += " caused by [" + e.getRootCause().getMessage() + "]";
             }*/
 			 log.error("Couldn't retrieve LDAP users: ", e);
 			 throw new RuntimeException(message, e);
 		 }
 		 return null;
 	 }
 	 
 	 protected Map<String, String> retrievePeopleMap(DirContext ldap) throws javax.naming.NamingException {
 		 NamingEnumeration<?> people = ldap.search(peopleObject, "("+certDNField+"=*)", null);
 		 Map<String, String> map = new Hashtable<String, String>();
 		 while (people.hasMore()) {
 			 SearchResult person = (SearchResult) people.next();
 			 Attributes personAtts = person.getAttributes();
 			 String ldapDN = (String)personAtts.get(uidField).get();//person.getName();
 			 //if (person.isRelative()) {
 			 //ldapDN = ldapDN + "," + peopleObject + "," + ldap.getNameInNamespace();
 			 //}
 			 String certDN = (String) personAtts.get(certDNField).get();
 			 if (certDN.startsWith("subject=")) {
 				 certDN = certDN.substring(8);
 			 }
 			 certDN = certDN.trim();
 			 map.put(ldapDN, certDN);
 		 }
 		 return map;
 	 }
 
 	 private Properties retrieveProperties() {
 		 Properties properties = new java.util.Properties();
 		 properties.put(Context.PROVIDER_URL, "ldap://"+server);
 		 properties.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
 		 properties.put(Context.SECURITY_PROTOCOL, "none");
 		 return properties;
 	 }
 
 	 private Set<GridUser> retrieveVOMembers(DirContext rootCtx) throws NamingException {
 		 Map<String, String> people = retrievePeopleMap(rootCtx);
 		 List<String> list = new ArrayList<String>(people.values());
 		 if (list.isEmpty()) {
 			 gumsAdminLog.warn("The following group returned no members: " + this);
 		 }
 		 Iterator<String> iter = list.iterator();
 		 Set<GridUser> users = new HashSet<GridUser>();
 		 while (iter.hasNext()) {
 			 String dn = (String) iter.next();
 			 users.add(new GridUser(dn));
 		 }
 		 if (list.isEmpty())
 			 gumsAdminLog.warn("The following group returned no members: " + this);
 		 return users;
 	 }    
 
 }