/* ======================================================================
The Bodington System Software License, Version 1.0
 
Copyright (c) 2001 The University of Leeds.  All rights reserved.
 
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are
met:
 
1.  Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
 
2.  Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
 
3.  The end-user documentation included with the redistribution, if any,
must include the following acknowledgement:  "This product includes
software developed by the University of Leeds
(http://www.bodington.org/)."  Alternately, this acknowledgement may
appear in the software itself, if and wherever such third-party
acknowledgements normally appear.
 
4.  The names "Bodington", "Nathan Bodington", "Bodington System",
"Bodington Open Source Project", and "The University of Leeds" must not be
used to endorse or promote products derived from this software without
prior written permission. For written permission, please contact
d.gardner@leeds.ac.uk.
 
5.  The name "Bodington" may not appear in the name of products derived
from this software without prior written permission of the University of
Leeds.
 
THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
WARRANTIES, INCLUDING, BUT NOT LIMITED TO,  TITLE,  THE IMPLIED WARRANTIES
OF QUALITY  AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO
EVENT SHALL THE UNIVERSITY OF LEEDS OR ITS CONTRIBUTORS BE LIABLE FOR
ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
=========================================================
 
This software was originally created by the University of Leeds and may contain voluntary
contributions from others.  For more information on the Bodington Open Source Project, please
see http://bodington.org/
 
====================================================================== */

package org.bodington.servlet;

import java.rmi.RemoteException;
import java.security.cert.X509Certificate;

import javax.servlet.http.HttpServletRequest;

import org.bodington.server.BuildingServerException;
import org.bodington.server.NavigationSession;

/**
 * Class that handles session initialization via X509 certificates.
 * @see X509Certificate
 * @author Alexis O'Connor
 */
class X509SessionInitializer extends AbstractSessionInitializer
{
    // TODO If we only have one instance (in the chain) then we can't use this
    // instance variable?
    private X509Certificate[] certificates = null;
    
    /**
     * Find a session associated with the request. This implementation of the
     * method looks for an array of {@link X509Certificate} instances
     * associated with the request as attributes. If such an array exists, it
     * looks for an existing session keyed on it, otherwise it creates a new
     * one. If there is no certificate, this method returns <code>null</code>.
     * @param request {@inheritDoc}
     * @see X509Certificate
     */
    protected HttpSession findHttpSession( Request request )
    {
        if ( !request.isSecure() ) 
            return null;

        Object obj = request.getAttribute( 
            "javax.servlet.request.X509Certificate" );
        
        if (obj == null || !(obj instanceof X509Certificate[]))
            return null;
        
        certificates = (X509Certificate[])obj;
        if ( certificates.length > 0 )
        {
            // If there was a successful previous login with this certificate
            // and the http session is still alive it should be indexed...
            HttpSession session 
                = HttpSession.findSessionByCertificate( certificates[0] );
            // if this cert has not been seen before start a new session
            // and make sure that it is keyed against the certificate for later
            // requests. (even if we don't accept the cert.)
            if ( session == null )
            {
                session = 
                    (org.bodington.servlet.HttpSession)request.getSession( true );
                session.setCertificate( certificates[0] );
            }
            return session;
        }

        return null;
    }

    protected boolean initialize( Request request, 
        HttpSession session, NavigationSession navigation )
    {
        try
        {
            navigation.setClientX509( certificates[0] );
        }
        catch ( BuildingServerException e )
        {
        }

        return true;
    }

    protected void postInitialize( HttpSession session, Request request )
    {
        super.postInitialize( session, request );
        session.setAuthType( HttpServletRequest.CLIENT_CERT_AUTH );
    }
}