/*
 * CDDL HEADER START
 *
 * The contents of this file are subject to the terms of the
 * Common Development and Distribution License, Version 1.0 only
 * (the "License").  You may not use this file except in compliance
 * with the License.
 *
 * You can obtain a copy of the license at
 * trunk/ds/resource/legal-notices/cddl.txt
 * or http://www.opensource.org/licenses/cddl1.php.
 * See the License for the specific language governing permissions
 * and limitations under the License.
 *
 * When distributing Covered Code, include this CDDL HEADER in each
 * file and include the License file at
 * trunk/ds/resource/legal-notices/cddl.txt.  If applicable,
 * add the following below this CDDL HEADER, with the fields enclosed
 * by brackets "[]" replaced with your own identifying information:
 *      Portions Copyright [yyyy] [name of copyright owner]
 *
 * CDDL HEADER END
 *
 *
 *      Copyright 2010-2016 UnboundID Corp.
 */
package com.unboundid.directory.sdk.broker.types;

import com.unboundid.util.Mutable;
import com.unboundid.util.NotExtensible;
import com.unboundid.util.ThreadSafety;
import com.unboundid.util.ThreadSafetyLevel;
import com.unboundid.util.Validator;

import java.util.Collections;
import java.util.Date;
import java.util.Iterator;
import java.util.Set;


/**
 * This class provides a data structure for working with OAuth2 temporary
 * authorization codes.
 */
@NotExtensible()
@Mutable()
@ThreadSafety(level= ThreadSafetyLevel.COMPLETELY_THREADSAFE)
public final class AuthorizationCode
{
  // The ID of the user that performed the authorization.
  private final String userId;

  // The application ID that has been authorized.
  private final String applicationId;

  // The redirect URI the client specified.
  private final String redirectUri;

  // The time that this authorization code was generated.
  private final Date generateTimestamp;

  // The maximum length of time in seconds that this authorization code will be
  // considered valid.
  private final long maxValiditySeconds;

  // The set of scope IDs for which the application has been authorized.
  private final Set<String> scopeIds;

  // The optional state parameter from the client.
  private final String state;

  // The time that the user authenticated with the server, in milliseconds
  // since midnight January 1, 1970 GMT
  private final long authTime;

  // A value of this authorization code that will be exposed to clients.
  private volatile String value;

  /**
   * Construct a new authorization code instance.
   *
   * @param userId The user ID of the resource owner this authorization code
   *                 is associated with. Must not be null.
   * @param applicationId The application ID with which this token is
   *                      associated. Must not be null.
   * @param redirectUri the endpoint to redirect the resource owner's user-agent
   *                    back to the application. Must not be null.
   * @param generateTimestamp The time that this token was generated.
   *                          Must not be null.
   * @param maxValiditySeconds The maximum length of time in seconds that this
   *                           token will be considered valid. Must not be null.
   * @param scopeIds The set of scopes for which the client has been authorized.
   *                  Must not be null.
   * @param state The opaque value used by the client to maintain state between
   *              the request and callback.
   * @param authTime The time at which the resource owner was authenticated with
   *                 the Identity Broker, in milliseconds since 1/1/70 12:00 AM.
   */
  public AuthorizationCode(final String userId, final String applicationId,
                           final String redirectUri,
                           final Date generateTimestamp,
                           final long maxValiditySeconds,
                           final Set<String> scopeIds,
                           final String state,
                           final long authTime)
  {
    Validator.ensureNotNull(userId, applicationId, redirectUri);
    Validator.ensureNotNull(generateTimestamp, maxValiditySeconds, scopeIds);
    this.applicationId = applicationId;
    this.userId = userId;
    this.redirectUri = redirectUri;
    this.generateTimestamp = generateTimestamp;
    this.maxValiditySeconds = maxValiditySeconds;
    this.scopeIds = Collections.unmodifiableSet(scopeIds);
    this.state = state;
    this.authTime = authTime;
  }

  /**
   * Retrieves the user ID of the resource owner this authorization code is
   * associated with.
   *
   * @return The user ID of the resource owner this authorization code is
   *         associated with.
   */
  public String getUserId()
  {
    return userId;
  }

  /**
   * Retrieves the application ID with which this authorization code is
   * associated.
   *
   * @return  The application ID with which this authorization code is
   *          associated.
   */
  public String getApplicationId()
  {
    return applicationId;
  }

  /**
   * Retrieves the set of scope IDs for which the client has been authorized.
   *
   * @return  The set of scope IDs for which the client has been authorized.
   */
  public Set<String> getScopeIds()
  {
    return scopeIds;
  }

  /**
   * Retrieves the time that this authorization code was generated.
   *
   * @return  The time that this authorization code was generated.
   */
  public Date getGenerateTimestamp()
  {
    return generateTimestamp;
  }

  /**
   * Retrieves the maximum length of time in seconds that this code will be
   * considered valid.
   *
   * @return  The maximum length of time in seconds that this code will be
   *          considered valid.
   */
  public long getMaxValiditySeconds()
  {
    return maxValiditySeconds;
  }

  /**
   * Retrieves the opaque value used by the client to maintain state between
   * the request and callback.
   *
   * @return  The opaque value used by the client to maintain state between
   *          the request and callback or {@code null} if it was not used.
   */
  public String getState()
  {
    return state;
  }

  /**
   * Returns the endpoint to redirect the resource owner's user-agent back to
   * the application.
   *
   * @return  The endpoint to redirect the resource owner's user-agent back to
   *          the application.
   */
  public String getRedirectUri()
  {
    return redirectUri;
  }


  /**
   * Retrieves the time that the user authenticated with the server.
   *
   * @return Authentication time in milliseconds since midnight 1/1/1970 GMT.
   */
  public long getAuthTime() {
    return authTime;
  }

  /**
   * Retrieves the string value of this authorization code that should be
   * returned to the client.
   *
   * @return  The string value of this authorization code that should be
   *          returned to the client.
   */
  public String getValue()
  {
    return value;
  }

  /**
   * Sets the string value of this authorization code that should be returned
   * to the client.
   *
   * @param value The string value of this authorization code that should be
   *              returned to the client.
   */
  public void setValue(final String value)
  {
    this.value = value;
  }

  /**
   * Indicates whether this authorization code is expired.
   *
   * @return  {@code true} if this authorization code is expired, or
   *          {@code false} if not.
   */
  public boolean isExpired()
  {
    final long generateTS = generateTimestamp.getTime();
    final long expirationTime = (generateTS + (1000L * maxValiditySeconds));
    final long currentTime = System.currentTimeMillis();
    return currentTime > expirationTime;
  }



  /**
   * Retrieves a hash code for this authorization code.
   *
   * @return  A hash code for this authorization code.
   */
  @Override
  public int hashCode()
  {
    final int prime = 31;
    int result = 1;
    result = prime * result + (userId != null ? userId.hashCode() : 0);
    result = prime * result + (applicationId != null ?
        applicationId.hashCode() : 0);
    result = prime * result + (state != null ? state.hashCode() : 0);
    result = prime * result + (redirectUri != null ?
        redirectUri.hashCode() : 0);
    result = prime * result + (generateTimestamp != null ?
        generateTimestamp.hashCode() : 0);
    result = prime * result + (int) (maxValiditySeconds ^
        (maxValiditySeconds >>> 32));
    result = prime * result + (scopeIds != null ? scopeIds.hashCode() : 0);
    return result;
  }

  /**
   * Indicates whether the provided object is equal to this authorization code.
   *
   * @param  o  The object for which to make the determination.
   *
   * @return  {@code true} if the provided object is equal to this authorization
   *          code, or {@code false} if not.
   */
  @Override
  public boolean equals(final Object o)
  {
    if (this == o)
    {
      return true;
    }
    if (o == null || getClass() != o.getClass())
    {
      return false;
    }

    AuthorizationCode that = (AuthorizationCode) o;

    if (maxValiditySeconds != that.maxValiditySeconds)
    {
      return false;
    }
    if (applicationId != null ? !applicationId.equals(that.applicationId) :
        that.applicationId != null)
    {
      return false;
    }
    if (scopeIds != null ? !scopeIds.equals(that.scopeIds) :
        that.scopeIds != null)
    {
      return false;
    }
    if (generateTimestamp != null ?
        !generateTimestamp.equals(that.generateTimestamp) :
        that.generateTimestamp != null)
    {
      return false;
    }
    if (userId != null ? !userId.equals(that.userId) :
        that.userId != null)
    {
      return false;
    }
    if (redirectUri != null ? !redirectUri.equals(that.redirectUri) :
        that.redirectUri != null)
    {
      return false;
    }
    if (state != null ? !state.equals(that.state) : that.state != null)
    {
      return false;
    }
    if (value != null ? !value.equals(that.value) : that.value != null)
    {
      return false;
    }

    return true;
  }




  /**
   * Retrieves a string representation of this authorization code.
   *
   * @return  A string representation of this authorization code.
   */
  @Override()
  public String toString()
  {
    final StringBuilder buffer = new StringBuilder();
    toString(buffer);
    return buffer.toString();
  }



  /**
   * Appends a string representation of this authorization code to the provided
   * buffer.
   *
   * @param  buffer  The buffer to which the string representation should be
   *                 appended.
   */
  void toString(final StringBuilder buffer)
  {
    buffer.append("AuthorizationCode(userId='");
    buffer.append(userId);
    buffer.append("', appID=");
    buffer.append(applicationId);
    buffer.append(", generateTimestamp=");
    buffer.append(generateTimestamp);
    buffer.append("', maxValiditySeconds=");
    buffer.append(maxValiditySeconds);
    buffer.append(", value=");
    buffer.append(value);

    if (state != null)
    {
      buffer.append("', state='");
      buffer.append(state);
    }
    if (! scopeIds.isEmpty())
    {
      buffer.append(", authorizedScopes={");

      final Iterator<String> iterator = scopeIds.iterator();
      while (iterator.hasNext())
      {
        buffer.append(iterator.next());
        if (iterator.hasNext())
        {
          buffer.append(", ");
        }
      }

      buffer.append('}');
    }
    buffer.append("', redirectUri='");
    buffer.append(redirectUri);

    buffer.append("')");
  }
}