package org.argeo.cms.osgi.useradmin;

import static org.argeo.api.acr.ldap.LdapAttrs.description;
import static org.argeo.api.acr.ldap.LdapAttrs.owner;

import java.security.Principal;
import java.time.Instant;
import java.util.HashSet;
import java.util.Set;

import javax.naming.InvalidNameException;
import javax.naming.ldap.LdapName;
import javax.security.auth.Subject;

import org.argeo.api.acr.ldap.NamingUtils;
import org.osgi.service.useradmin.Group;

/**
 * Canonically implements the Argeo token conventions.
 */
public class TokenUtils {
	public static Set<String> tokensUsed(Subject subject, String tokensBaseDn) {
		Set<String> res = new HashSet<>();
		for (Principal principal : subject.getPrincipals()) {
			String name = principal.getName();
			if (name.endsWith(tokensBaseDn)) {
				try {
					LdapName ldapName = new LdapName(name);
					String token = ldapName.getRdn(ldapName.size()).getValue().toString();
					res.add(token);
				} catch (InvalidNameException e) {
					throw new IllegalArgumentException("Invalid principal " + principal, e);
				}
			}
		}
		return res;
	}

	/** The user related to this token group */
	public static String userDn(Group tokenGroup) {
		return (String) tokenGroup.getProperties().get(owner.name());
	}

	public static boolean isExpired(Group tokenGroup) {
		return isExpired(tokenGroup, Instant.now());

	}

	public static boolean isExpired(Group tokenGroup, Instant instant) {
		String expiryDateStr = (String) tokenGroup.getProperties().get(description.name());
		if (expiryDateStr != null) {
			Instant expiryDate = NamingUtils.ldapDateToInstant(expiryDateStr);
			if (expiryDate.isBefore(instant)) {
				return true;
			}
		}
		return false;
	}

//	private final String token;
//
//	public TokenUtils(String token) {
//		this.token = token;
//	}
//
//	public String getToken() {
//		return token;
//	}
//
//	@Override
//	public int hashCode() {
//		return token.hashCode();
//	}
//
//	@Override
//	public boolean equals(Object obj) {
//		if ((obj instanceof TokenUtils) && ((TokenUtils) obj).token.equals(token))
//			return true;
//		return false;
//	}
//
//	@Override
//	public String toString() {
//		return "Token #" + hashCode();
//	}

}