package com.atlassian.sal.core.net.auth;
   
   import com.atlassian.sal.core.trusted.CertificateFactory;
   import com.atlassian.security.auth.trustedapps.EncryptedCertificate;
   import org.apache.http.Header;
   import org.apache.http.HttpRequest;
   import org.apache.http.auth.AuthenticationException;
   import org.apache.http.auth.ContextAwareAuthScheme;
   import org.apache.http.auth.Credentials;
  import org.apache.http.auth.MalformedChallengeException;
  import org.apache.http.client.methods.HttpRequestWrapper;
  import org.apache.http.protocol.BasicHttpContext;
  import org.apache.http.protocol.HttpContext;
  import org.slf4j.Logger;
  import org.slf4j.LoggerFactory;
  
  public class TrustedTokenScheme implements ContextAwareAuthScheme
  {
  
      private static final Logger log = LoggerFactory.getLogger(TrustedTokenScheme.class);
  
      private final CertificateFactory certificateFactory;
  
      public TrustedTokenScheme(final CertificateFactory certificateFactory)
      {
          this.certificateFactory = certificateFactory;
      }
  
      @Override
      public Header authenticate(final Credentials credentials, final HttpRequest request, final HttpContext context)
              throws AuthenticationException
      {
  
          final String username = credentials.getUserPrincipal().getName();
          final String url = ((HttpRequestWrapper) request).getOriginal().getRequestLine().getUri();
  
          EncryptedCertificate certificate = certificateFactory.createCertificate(username, url);
  
          // TODO @alex This is a copy of TrustApplicationUtils.addRequestParameters
          // I would propose instead a TrustApplicationUtils.getRequestHeaders list to use here.
          request.addHeader("X-Seraph-Trusted-App-ID", certificate.getID());
          request.addHeader("X-Seraph-Trusted-App-Cert", certificate.getCertificate());
          request.addHeader("X-Seraph-Trusted-App-Key", certificate.getSecretKey());
  
          Integer version = certificate.getProtocolVersion();
          if(version != null) {
              request.addHeader("X-Seraph-Trusted-App-Version", version.toString());
          }
  
          request.addHeader("X-Seraph-Trusted-App-Magic", certificate.getMagicNumber());
          if(certificate.getSignature() != null)
          {
              request.addHeader("X-Seraph-Trusted-App-Signature", certificate.getSignature());
          }
  
          /*
            HttpClient just calls request.addHeader() with the value returned here.
            Rather than arbitrarily returning just one of the headers we need, returning null which is safely ignored.
            Have raised https://issues.apache.org/jira/browse/HTTPCLIENT-1607 to change this method to return a HeaderGroup
          */
          return null;
      }
  
      @Override
      public void processChallenge(final Header header) throws MalformedChallengeException
      {
          log.warn("Ignoring a call to processChallenge as TrustedTokenScheme is intended for preemptive authentication only.");
      }
  
      @Override
      public String getSchemeName()
      {
          return "trustedtoken";
      }
  
      @Override
      public String getParameter(final String name)
      {
          throw new UnsupportedOperationException("Not implemented");
      }
  
      @Override
      public String getRealm()
      {
          throw new UnsupportedOperationException("Not implemented");
      }
  
      @Override
      public boolean isConnectionBased()
      {
          return false;
      }
  
      @Override
      public boolean isComplete()
      {
          return true;
      }
  
     @Override
     public Header authenticate(final Credentials credentials, final HttpRequest request) throws AuthenticationException
     {
         return authenticate(credentials, request, new BasicHttpContext());
     }
 
 }