/*

* Copyright (c) 2008 Nokia Corporation and/or its subsidiary(-ies).

* All rights reserved.

* This component and the accompanying materials are made available

* under the terms of "Eclipse Public License v1.0"

* which accompanies this distribution, and is available

* at the URL "http://www.eclipse.org/legal/epl-v10.html".

*

* Initial Contributors:

* Nokia Corporation - initial contribution.

*

* Contributors:

*

* Description:

*

*/

package com.nokia.mj.impl.security.midp.authorization;

import com.nokia.mj.impl.security.midp.common.PolicyBasedPermission;

import com.nokia.mj.impl.security.midp.common.GeneralSecuritySettings;

import com.nokia.mj.impl.security.midp.common.SecurityExtensionsReader;

import com.nokia.mj.impl.security.midp.common.UserSecuritySettings;

import com.nokia.mj.impl.fileutils.FileUtility;

import com.nokia.mj.impl.utils.ResourceUtil;

import java.util.Vector;

import java.util.Hashtable;

import java.util.Enumeration;

import java.io.ObjectInputStream;

import java.io.InputStream;

import java.io.IOException;

/**

 * The security policy module is the entity which manages function

 * groups/permissions and their allowed access levels corresponding to

 * each protection domain

 */

public final class SecurityPolicyModule

{

    /**

     * The pre-defined domains

     */

    public static final String MANUFACTURER_DOMAIN = "Manufacturer";

    public static final String OPERATOR_DOMAIN = "Operator";

    public static final String OPERATOR_EXTRA_DOMAIN = "OperatorExtra";

    public static final String IDENTIFIED_THIRD_PARTY_DOMAIN = "IdentifiedThirdParty";

    public static final String UNIDENTIFIED_THIRD_PARTY_DOMAIN = "UnidentifiedThirdParty";

    private static final String ALL_DOMAIN = "All";

    private static final String MANUFACTURER_DOMAIN_FILE_NAME_PATTERN = "manufacturer";

    private static final String OPERATOR_DOMAIN_FILE_NAME_PATTERN = "operator";

    private static final String OPERATOR_EXTRA_DOMAIN_FILE_NAME_PATTERN = "operatorextra";

    private static final String IDENTIFIED_THIRD_PARTY_DOMAIN_FILE_NAME_PATTERN = "trustedthirdparty";

    private static final String UNIDENTIFIED_THIRD_PARTY_DOMAIN_FILE_NAME_PATTERN = "untrusted";

    /**

     * Location (root) of the policies

     */

    static String policiesDir = null;

    /**

     * Pattern for the name of the policies in use

     */

    static String policiesFileNamePrefix = "s60_";

    static String policiesFileNameSuffix = ".ser";

    /**

     * The hashtable containing the policies for different domains

     */

    private static Hashtable policies = new Hashtable();

    /**

     * The hashtable containing the extended policies for different domains

     */

    private static Hashtable extPolicies = new Hashtable();

    static

    {

        String policy = GeneralSecuritySettings.getSecurityPolicy();

        if (policy != null)

        {

            policiesFileNamePrefix = policy + "_";

        }

    }

    /**

     * Creates an instance of the SecurityPolicyModule

     *

     * @return An instance of SecurityPolicyModule

     */

    public static SecurityPolicyModule getInstance()

    {

        if (self == null)

        {

            self = new SecurityPolicyModule();

        }

        return self;

    }

    public PolicyBasedPermission[] getPermissions(String protectionDomain)

    {

        if (protectionDomain == null)

        {

            return null;

        }

        SecurityPolicy policy = getPolicy(protectionDomain.toLowerCase());

        if (policy == null)

        {

            return null;

        }

        return policy.getPermissions();

    }

    private synchronized SecurityPolicy getPolicy(String protectionDomain)

    {

        // for a certain protection domain, read the policy only once and when

        // really needed

        if (policies.get(protectionDomain) == null)

        {

            initPolicies(protectionDomain);

        }

        // get the policy for the queried domain and append permissions

        // from the "All" domain, containing the default permissions

        SecurityPolicy policy = (SecurityPolicy)policies.get(

                                    protectionDomain);

        if (policy != null)

        {

            policy = policy.append((SecurityPolicy)policies.get(

                                       ALL_DOMAIN.toLowerCase()));

            // append the extensions permissions

            policy = policy.append((SecurityPolicy)extPolicies.get(

                                       protectionDomain));

            // append the extensions ALL permissions

            policy = policy.append((SecurityPolicy)extPolicies.get(

                                       ALL_DOMAIN.toLowerCase()));

        }

        return policy;

    }

    void initPolicies(String protectionDomain)

    {

        // collect the security policies from all the DRIVES,

        // and do replace existing ones (because the policies

        // are retrieved first from C: then Z: etc.)

        if (policiesDir == null)

        {

            policiesDir = ResourceUtil.getResourceDir(0);

        }

        Vector extPoliciesFileNames = SecurityExtensionsReader.getExtPoliciesFileNames();

        String domainFileNamePattern = null;

        if (extPoliciesFileNames.size() == 0)

        {

            // if there are no extensions, then it's enough to read only the

            // policy which corresponds to the requested domain

            if (UNIDENTIFIED_THIRD_PARTY_DOMAIN.equalsIgnoreCase(protectionDomain))

            {

                domainFileNamePattern = UNIDENTIFIED_THIRD_PARTY_DOMAIN_FILE_NAME_PATTERN;

            }

            else if (IDENTIFIED_THIRD_PARTY_DOMAIN.equalsIgnoreCase(protectionDomain))

            {

                domainFileNamePattern = IDENTIFIED_THIRD_PARTY_DOMAIN_FILE_NAME_PATTERN;

            }

            else if (OPERATOR_DOMAIN.equalsIgnoreCase(protectionDomain))

            {

                domainFileNamePattern = OPERATOR_DOMAIN_FILE_NAME_PATTERN;

            }

            else if (OPERATOR_EXTRA_DOMAIN.equalsIgnoreCase(protectionDomain))

            {

                domainFileNamePattern = OPERATOR_EXTRA_DOMAIN_FILE_NAME_PATTERN;

            }

            else if (MANUFACTURER_DOMAIN.equalsIgnoreCase(protectionDomain))

            {

                domainFileNamePattern = MANUFACTURER_DOMAIN_FILE_NAME_PATTERN;

            }

        }

        else

        {

            // if there are extensions, then we need to read all the policies

            // from all the domains, since we need to ensure that extension

            // policies can not collide with any of the base policies

            domainFileNamePattern = "*";

        }

        String masterPolicyFileNamePattern = policiesFileNamePrefix + domainFileNamePattern + policiesFileNameSuffix;

        for (int i = 1; policiesDir != null; i++)

        {

            if (!policiesDir.endsWith("/")

                    && !policiesDir.endsWith("\\"))

            {

                policiesDir = policiesDir + System.getProperty("file.separator");

            }

            policiesDir = policiesDir

                          + "security"

                          + System.getProperty("file.separator")

                          + "policies"

                          + System.getProperty("file.separator");

            try

            {

                FileUtility dir = new FileUtility(policiesDir);

                Vector entries = dir.listFiles(masterPolicyFileNamePattern, false);

                if (entries.size() > 0)

                {

                    // within the same policies dir we do collect all he permissions,

                    // but we overwrite when starting from new directory

                    Hashtable appendAllowed = new Hashtable();

                    for (int j=0; j<entries.size(); j++)

                    {

                        initPolicy(policiesDir + (String)entries.elementAt(j), appendAllowed);

                    }

                    // init the policy for default permissions

                    initPolicy(policiesDir + ALL_DOMAIN.toLowerCase() + ".ser", appendAllowed);

                }

            }

            catch (IOException e) {}

            // move on to the next directory

            policiesDir = ResourceUtil.getResourceDir(i);

        }

        // init extension policies: handle the policies as a group

        // do the validation against the existing collection of extension

        // policies and add all the policies from a group at once into

        // the collection of extensions policies. In this way policies

        // from the same group don't get validated against each other.

        // The SecurityExtensionsReader.POLICIES_SEPARATOR defines a group

        Hashtable tmpPolicies = new Hashtable();

        for (int i=0; i<extPoliciesFileNames.size(); i++)

        {

            if (((String)extPoliciesFileNames.elementAt(i)).equals(

                        SecurityExtensionsReader.POLICIES_SEPARATOR))

            {

                // pour the tmpPolicies into the extPolicies

                for (Enumeration e = tmpPolicies.keys() ; e.hasMoreElements() ;)

                {

                    String domain = (String)e.nextElement();

                    SecurityPolicy tmpPolicy = (SecurityPolicy)tmpPolicies

                                               .get(domain.toLowerCase());

                    SecurityPolicy extPolicy = (SecurityPolicy)extPolicies

                                               .get(domain.toLowerCase());

                    if (extPolicy != null)

                    {

                        extPolicy = extPolicy.append(

                                        tmpPolicy);

                    }

                    else

                    {

                        extPolicy = tmpPolicy;

                    }

                    extPolicies.put(

                        domain.toLowerCase(),

                        extPolicy);

                }

                // reset the tmpPolicies

                tmpPolicies = new Hashtable();

            }

            initExtPolicy((String)extPoliciesFileNames.elementAt(i), tmpPolicies);

        }

    }

    private void initPolicy(String policyFilePath, Hashtable appendAllowed)

    {

        InputStream policyStream = null;

        ObjectInputStream in = null;

        try

        {

            FileUtility entry = new FileUtility(policyFilePath);

            if (entry.isFile())

            {

                policyStream = entry.openInputStream();

                in = new ObjectInputStream(policyStream);

                SecurityPolicy policy = (SecurityPolicy)in.readObject();

                if (policy != null

                        && policy.getProtectionDomain() != null)

                {

                    String domain = policy.getProtectionDomain().toLowerCase();

                    if (appendAllowed.get(domain) !=  null)

                    {

                        // do append

                        SecurityPolicy currPolicy = (SecurityPolicy)policies

                                                    .get(domain);

                        if (currPolicy != null)

                        {

                            currPolicy = currPolicy.append(

                                             policy);

                        }

                        else

                        {

                            currPolicy = policy;

                        }

                        policies.put(domain, currPolicy);

                    }

                    else

                    {

                        // do replace

                        appendAllowed.put(domain, "");

                        policies.put(domain, policy);

                    }

                }

                in.close();

            }

        }

        catch (IOException ex) {}

        catch (ClassNotFoundException ex) {}

        catch (IllegalArgumentException ex) {}

        // recover the resources

        finally

        {

            try

            {

                if (policyStream != null)

                {

                    policyStream.close();

                }

            }

            catch (IOException e) {}

            try

            {

                if (in != null)

                {

                    in.close();

                }

            }

            catch (IOException e) {}

        }

    }

    private void initExtPolicy(String extPolicyFilePath, Hashtable tmpPolicies)

    {

        InputStream policyStream = null;

        ObjectInputStream in = null;

        try

        {

            FileUtility entry = new FileUtility(extPolicyFilePath);

            if (entry.isFile())

            {

                policyStream = entry.openInputStream();

                in = new ObjectInputStream(policyStream);

                SecurityPolicy policy = (SecurityPolicy)in.readObject();

                if (policy != null

                        && policy.getProtectionDomain() != null)

                {

                    String extPolicyDomain = policy.getProtectionDomain();

                    PolicyBasedPermission[] extPermissions = policy.getPermissions();

                    if (extPermissions != null)

                    {

                        Vector okPermissions = new Vector();

                        for (int i=0; i<extPermissions.length; i++)

                        {

                            SecurityPolicyPermissionSettings settings = null;

                            SecurityPolicyPermission foundPerm = find(

                                                                     extPolicyDomain,

                                                                     extPermissions[i], policies);

                            settings = (SecurityPolicyPermissionSettings)foundPerm

                                       .getUserSecuritySettings();

                            // discard permissions which exist in the base policy

                            if (foundPerm.getName() == null)

                            {

                                foundPerm = find(extPolicyDomain,

                                                 extPermissions[i], extPolicies);

                                if (settings == null)

                                {

                                    settings = (SecurityPolicyPermissionSettings)foundPerm

                                               .getUserSecuritySettings();

                                }

                            }

                            if (foundPerm.getName() == null)

                            {

                                // extPermissions[i] is a good one

                                if (settings == null)

                                {

                                    okPermissions.addElement(extPermissions[i]);

                                }

                                else

                                {

                                    okPermissions.addElement(new SecurityPolicyPermission(

                                                                 extPermissions[i].getName(),

                                                                 extPermissions[i].getTarget(),

                                                                 extPermissions[i].getActionList(),

                                                                 settings));

                                }

                            }

                            else

                            {

                                SecurityExtensionsReader.discard("policy "

                                                                 + extPermissions[i].getName()

                                                                 + " from "

                                                                 + extPolicyFilePath

                                                                 + " is discarded because it already exists");

                            }

                        }

                        // collect all the permissions from all the policies

                        if (okPermissions.size() > 0)

                        {

                            SecurityPolicyPermission[] okPerms = new SecurityPolicyPermission[okPermissions.size()];

                            okPermissions.copyInto(okPerms);

                            SecurityPolicy extPolicy = (SecurityPolicy)tmpPolicies.get(

                                                           extPolicyDomain.toLowerCase());

                            if (extPolicy != null)

                            {

                                extPolicy = extPolicy.append(

                                                new SecurityPolicy(extPolicyDomain,

                                                                   okPerms));

                            }

                            else

                            {

                                extPolicy = new SecurityPolicy(

                                    extPolicyDomain, okPerms);

                            }

                            tmpPolicies.put(

                                extPolicyDomain.toLowerCase(),

                                extPolicy);

                        }

                    }

                }

                in.close();

            }

        }

        catch (IOException ex) {}

        catch (ClassNotFoundException ex) {}

        catch (IllegalArgumentException ex) {}

        // recover the resources

        finally

        {

            try

            {

                if (policyStream != null)

                {

                    policyStream.close();

                }

            }

            catch (IOException e) {}

            try

            {

                if (in != null)

                {

                    in.close();

                }

            }

            catch (IOException e) {}

        }

    }

    private SecurityPolicyPermission find(String aExtPolicyDomain, PolicyBasedPermission aExtPerm, Hashtable aPolicies)

    {

        SecurityPolicyPermissionSettings settings = null;

        boolean settingsFound = (aExtPerm.getUserSecuritySettings() == null);

        boolean permissionFound = false;

        for (Enumeration e = aPolicies.keys() ; e.hasMoreElements() ;)

        {

            String domain = (String)e.nextElement();

            boolean sameDomain = (domain.equalsIgnoreCase(aExtPolicyDomain));

            PolicyBasedPermission[] policyPermissions = ((SecurityPolicy)aPolicies

                    .get(domain)).getPermissions();

            if (policyPermissions != null)

            {

                for (int j=0; j<policyPermissions.length; j++)

                {

                    // pick up the user settings (if any)

                    if (sameDomain

                            && !settingsFound

                            && policyPermissions[j].getUserSecuritySettings() != null)

                    {

                        if (aExtPerm.getUserSecuritySettings().getName()

                                .equalsIgnoreCase(policyPermissions[j]

                                                  .getUserSecuritySettings().getName()))

                        {

                            settingsFound = true;

                            settings = (SecurityPolicyPermissionSettings)policyPermissions[j]

                                       .getUserSecuritySettings();

                        }

                    }

                    if (!permissionFound

                            && policyPermissions[j].getName()

                            .equalsIgnoreCase(aExtPerm.getName()))

                    {

                        if (settingsFound)

                        {

                            return new SecurityPolicyPermission(

                                       aExtPerm.getName(),

                                       null, null,

                                       settings);

                        }

                        permissionFound = true;

                    }

                }

            }

        }

        return new SecurityPolicyPermission(

                   (permissionFound ? aExtPerm.getName() : null),

                   null, null, settings);

    }

    private static SecurityPolicyModule self;

}