#!/usr/local/bin/python

import emulab_access
import dragon_access
from experiment_control import experiment_control_local
from split import split_local
from util import read_simple_accessdb
from fedid import fedid

from authorizer import authorizer, abac_authorizer

class deter_impl:
    """
    The implementation of access control based on mapping users to projects.

    Users can be mapped to existing projects or have projects created
    dynamically.  This implements both direct requests and proxies.
    """
    # Used by the SOAP caller
    soap_namespaces = ('http://www.isi.edu/faber/fedd.wsdl',
	    'http://www.isi.edu/faber/fedd_internal.wsdl')

    def __init__(self, config=None):
	"""
	Initializer.  Uses the parsed configuration to create appropriate
	components.
	"""
	self.soap_services = { }
	self.xmlrpc_services = { }
	self.auth = None

	if config:
	    self.cert_file = config.get("globals", "cert_file");
	    self.cert_pwd = config.get("globals", "cert_pwd");
	    self.trusted_certs = config.get("globals", "trusted_certs");
	    self.access_type = config.get("globals", "access_type", "emulab")
	    self.auth_type = config.get("globals", "auth_type", "legacy")

	    if self.auth_type == 'legacy':
		self.auth = authorizer()
	    elif self.auth_type == 'abac':
		auth_url = config.get('globals', 'auth_url')
		if not auth_url:
		    raise RuntimeError("auth_url required for ABAC " + \
			    "authorization")
		if self.cert_file:
		    me = fedid(file=self.cert_file)
		else:
		    raise RuntimeError("ABAC authorization needs a " +\
			    "certificate file")
		self.auth= abac_authorizer(url=auth_url, 
			cert_file=self.cert_file, cert_pwd=self.cert_pwd,
			trusted_certs=self.trusted_certs, me=me)
	    else:
		raise RuntimeError("Unknown authorizer type %s" % \
			self.auth_type)

	    access_db = config.get("globals", "accessdb")

	    if access_db:
		try:
		    read_simple_accessdb(access_db, self.auth)
		except IOError, e:
		    raise RuntimeError(
			    "Error reading accessDB %s: %s" % (access_db, e))
		except ValueError, e:
		    raise RuntimeError("%s" % e)

	    if config.has_section("access"):
		if self.access_type == "emulab":
		    self.access = emulab_access.access(config, self.auth)
		elif self.access_type == "dragon":
		    self.access = dragon_access.access(config, self.auth)
		else:
		    raise RuntimeError("Unknown access_type: %s" % \
			    self.access_type)
		self.soap_services.update(self.access.soap_services) 
		self.xmlrpc_services.update(self.access.xmlrpc_services) 

	    if config.has_section("experiment_control"):
		self.experiment = \
			experiment_control_local(config, self.auth)
		# Tell the experiment control where local access control is and
		# what testbeds it pertains to.
		if getattr(self, 'access', None):
		    for t in self.access.testbed:
			self.experiment.local_access[t] = self.access

		self.soap_services.update(self.experiment.soap_services) 
		self.xmlrpc_services.update(self.experiment.xmlrpc_services) 
		self.get_handler = self.experiment.get_handler
	    else:
		if self.access and self.access.get_handler:
		    self.get_handler = self.access.get_handler
		else:
		    self.get_handler = None

	    if config.has_section("splitter"):
		self.splitter = split_local(config, self.auth)
		self.soap_services.update(self.splitter.soap_services) 
		self.xmlrpc_services.update(self.splitter.xmlrpc_services) 

def new_feddservice(config):
    return deter_impl(config)