import com.nailabs.abac.process.*;
import com.nailabs.abac.trust.*;
import com.nailabs.abac.test.*;
import edu.stanford.peer.rbtm.credential.*;
import java.io.*;
import java.util.*;
import java.rmi.*;
import javax.servlet.*;
import javax.servlet.http.*;


public class SessionServlet extends HttpServlet {
    /** the key name for looking up the entity id of a session */
    static final String KEY = "EntityID";
    /** the hash code for the RTML Entity's signature */
    static final String HASH = "HashID";
    /** default action */
    String action = null;
    /** 
     * sets up a new session and invalidates the old session if it exists 
     * @param request the incoming HTTP request 
     * @param id the new entity id for the new session ot be created
     */
    public void setSessionId(HttpServletRequest request,String id,String hash)
    {
        HttpSession session = request.getSession(true);

        // end current session and create a new one
        if(!session.isNew()) {  
            try {
                session.invalidate();
                session = request.getSession(true);
            }
            catch(Exception ex) {
                ex.printStackTrace();
            }
        }
        session.setAttribute(KEY, id);
        session.setAttribute(HASH, hash);
    }

    /** public accessor method for the entity id of the current http session */
    public String getSessionId(HttpServletRequest request) {
        HttpSession session = request.getSession(false);
        
        if(session == null) {
            return null;
        }
        return (String)session.getAttribute(KEY);
    }

    public String getSessionIdHash(HttpServletRequest request) {
        HttpSession session = request.getSession(false);
        
        if(session == null) {
            return null;
        }
        return (String)session.getAttribute(HASH);	
    }

    protected void printStatus(PrintWriter out, String uid, String action) {
        out.println("<html><head><title>ABAC Status</title></head>");
        out.println("<body>");
        out.println("  <center>");
        out.println("<h1>User Authentication</h1>");
        out.print("    <p>You are currently logged in as: ");
        out.print(uid);
        out.println("</p>\n");
        out.println("    <form action=\"" + action + "\" method=\"post\">");
        out.println("  <input type=\"submit\" value=\"Logout\">");
        out.println("  <input type=\"hidden\" name=\"end\" value=\"end\">");
        out.println("    </form>");
        out.println("  </center>");
        out.println("<body>");
        out.println("</html>");        
    }

    protected void printLogin(PrintWriter out, String action)
    {
        final String TR = "<tr>", END_TR = "</tr>";
        final String TD = "<td>", END_TD = "</td>";
        final String TH = "<th>", END_TH = "</th>";

        out.println("<html><head><title>ABAC Login</title></head>");
        out.println("<body>");
        out.println("  <center>");
        out.println("<h1>User Authentication</h1>");
        out.println("</p>\n");
        out.println("\t<form action=\"" + action +"\" method=\"post\">");
        out.println("\t<table>");
        out.println(TR + TH);
        out.println("User Name:" + END_TH + TD);
        out.println("\t\t<input type=\"text\" name =\"username\" />");
        out.println(END_TD + END_TR);
        out.println(TR + TH);
        out.println("Password:" + END_TH + TD);
        out.println("\t\t<input type=\"password\" name=\"password\" />");
        out.println(END_TD + END_TR);
        out.println("\t</table>");
        out.println("<p> <INPUT type=\"submit\" value=\"Send\">");
        out.println("<INPUT type=\"reset\"> </p>");
        out.println("\t</form>");
        out.println("  </center>");
        out.println("<body>");
        out.println("</html>");
    }
    
    public void init(ServletConfig config) throws ServletException {
        config.getServletContext().log("Loading authentication servlet.");
    }


    protected void doGet(HttpServletRequest req, HttpServletResponse resp)
        throws ServletException, java.io.IOException {
        PrintWriter out = resp.getWriter();
        String uid = getSessionId(req);
        String action = req.getRequestURI().toString();

        if(uid == null) { 
            printLogin(out, action);
        } else {
            printStatus(out, uid, action);
        }
        out.close();
    }


    protected void doPost(HttpServletRequest req, HttpServletResponse resp)
        throws ServletException, java.io.IOException {
        PrintWriter out = resp.getWriter();
        String uid = req.getParameter("username");
        String pass = req.getParameter("password");
        String action = req.getRequestURI().toString();

        System.out.println("Authenticating for user " + uid);

        System.out.print("Parameters =  ");
        Enumeration e = req.getParameterNames();
        while(e.hasMoreElements()) {
            System.out.print(e.nextElement());
            System.out.print(", ");
        }
        System.out.println("");

        if(req.getParameter("end") != null) {
            try {
                req.getSession().invalidate();
            }
            catch(Exception ex) {
                ex.printStackTrace();
            }
            printLogin(out, action);
        } else {
            setSessionId(req, uid, "FakeHashKey" + uid);
            printStatus(out, getSessionId(req), action);
        }
        out.close();
    }
}