package com.github.ebnew.ki4so.core.authentication.handlers;

import com.github.ebnew.ki4so.core.authentication.KnightCredential;
import com.github.ebnew.ki4so.core.authentication.KnightEncryCredential;
import com.github.ebnew.ki4so.core.authentication.KnightEncryCredentialManager;
import com.github.ebnew.ki4so.core.model.KnightCredentialInfo;
import org.springframework.beans.factory.annotation.Autowired;

import com.github.ebnew.ki4so.core.exception.AuthenticationException;
import com.github.ebnew.ki4so.core.exception.InvalidEncryCredentialException;

/**
 * 认证后的凭据认证处理器实现类,需要验证认证后的凭据是否有效,凭据是否过期等等其它
 * 合法性验证。
 * @author burgess yang
 *
 */
public class EncryCredentialAuthenticationHandler extends
		AbstractPreAndPostProcessingAuthenticationHandler {
	
	@Autowired
	private KnightEncryCredentialManager encryCredentialManager;
	
	public void setEncryCredentialManager(
            KnightEncryCredentialManager encryCredentialManager) {
		this.encryCredentialManager = encryCredentialManager;
	}

	/** Default class to support if one is not supplied. */
	private static final Class<KnightEncryCredential> DEFAULT_CLASS = KnightEncryCredential.class;




    @Override
    protected boolean doAuthentication(KnightCredential credential) throws AuthenticationException {
        //不支持的凭据直接返回false.
        if(!this.supports(credential)){
            return false;
        }
        if(credential!=null && credential instanceof KnightEncryCredential){
            KnightEncryCredential encryCredential = (KnightEncryCredential)credential;
            try{
                //解密凭据信息。
                KnightCredentialInfo encryCredentialInfo = this.encryCredentialManager.decrypt(encryCredential);
                //设置凭据信息的关联性。
                if(encryCredentialInfo!=null){
                    encryCredential.setCredentialInfo(encryCredentialInfo);
                    //检查加密凭据的合法性。
                    return this.encryCredentialManager.checkEncryCredentialInfo(encryCredentialInfo);
                }
            }catch (InvalidEncryCredentialException e) {
                return false;
            }
        }
        return false;
    }

    /**
     * @return true if the credentials are not null and the credentials class is
     *         equal to the class defined in classToSupport.
     */
    @Override
    public boolean supports(KnightCredential credential) {
        return credential != null
                && (DEFAULT_CLASS.equals(credential.getClass()) || (DEFAULT_CLASS
                .isAssignableFrom(credential.getClass())));
    }
}