package com.oreilly.strutsckbk.ch11;

import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/**
 * Utility methods for in Security. This class contains static methods that
 * can manipulate cookies containing a user's credentials.
 */
public class SecurityUtils {

	private static final String USERNAME_COOKIE = "StrutsCookbookUsername";
    private static final String PASSWORD_COOKIE = "StrutsCookbookPassword";
	private static final int COOKIE_MAX_AGE = 60 * 60 * 24 * 30; // 30 days

    /**
     * Adds a cookie containing the user's credentials
     * to the servlet response.
     * 
     * @param credentials user authentication credentials.
     * @param response HTTP servlet response.
     */
	public final static void addCredentials(Credentials credentials, HttpServletResponse response) {
		Cookie unameCookie = new Cookie(USERNAME_COOKIE, credentials.getName());
        unameCookie.setMaxAge(COOKIE_MAX_AGE);
        response.addCookie(unameCookie);
        Cookie pwordCookie = new Cookie(PASSWORD_COOKIE, credentials.getPassword());
        pwordCookie.setMaxAge(COOKIE_MAX_AGE);
		response.addCookie(pwordCookie);
	}

    /**
     * Removes a user's credentials by expiring the cookie.
     * 
     * @param request HTTP servlet response.
     */
	public final static void removeCredentials(HttpServletResponse response) {
		Cookie unameCookie = new Cookie(USERNAME_COOKIE, "expired");
        // setting the max age to zero causes the cookie to be removed on the client-side
        unameCookie.setMaxAge(0);
        response.addCookie(unameCookie);

        Cookie pwordCookie = new Cookie(PASSWORD_COOKIE, "expired");
        // setting the max age to zero causes the cookie to be removed on the client-side
        pwordCookie.setMaxAge(0);
        response.addCookie(pwordCookie);
	}

    /**
     * Searches for the user's credentials stored as a cookie
     * in the servlet request.
     * 
     * @param request HTTP servlet request.
     * @return credentials.
     */
	public final static Credentials findCredentials(HttpServletRequest request) {
		Cookie[] cookies = request.getCookies();
        String username = null;
        String password = null;
		if (cookies != null) {
			for (int i=0; i<cookies.length; i++) {
				if (cookies[i].getName().equals(USERNAME_COOKIE)) {
					username = cookies[i].getValue();
				}
                if (cookies[i].getName().equals(PASSWORD_COOKIE)) {
                    password = cookies[i].getValue();
                }
			}
		}
        if (username != null && password != null) {
            return new Credentials(username, password);
        }
		return null;
	}

    /**
	 * Private default constructor to prevent inadvertent instantiation.
	 */
	private SecurityUtils() {
	}
}