package com.nailabs.abac.process;

import java.util.*;
import edu.stanford.peer.rbtm.credential.*;

/**
 * Access control policy for credentials. The policy can be queried using the 
 * <code>requires</code> method with a specific credential. 
 */
public class ACPolicy implements java.io.Serializable {
    /** Implicitly allow access if there is no relevant policy */
    public static final Role TRUE = null;

    /** Internal hash table for policy storage */
    private HashMap accessControl = null;

    /** Default constructor with a non-resstrictive policy */
    public ACPolicy() {
	accessControl = new HashMap();
    }

    /** Accessor for all the access control policy keys */
    public Vector getProtectedCredentials() { 
        return new Vector(accessControl.keySet()); 
    }

    /** 
     * Useful for forward discovery. 
     * @return a set of all roles which satisfy the AC policy requirements
     */
    public Vector getRequiredRoles() {
	return new Vector(accessControl.values());
    }

    /** Adds a single policy atom from String parameters. */
    public void addACFact(String cred, String expr) 
	throws CredentialParsingException {
	addACFact(new StaticCredential(cred), 
	     StaticCredential.getEntityExpression(expr));
    }

    /** Adds a single policy atom. */
    public void addACFact(Credential key, EntityExpression expr) {
	accessControl.put(key, expr);
    }

    /** Query the policy to determine the required role for a credential */
    public EntityExpression requires(Credential resource) {
	return (EntityExpression)accessControl.get(resource);
    }

    /** Returns the underlying storage data structure in a printable format */
    public String toString() {
	if(accessControl == null)
	    return null;
	else 
	    return accessControl.toString();
    }

}