/**
 * @author Jarek Gawor (gawor@mcs.anl.gov)
 * @author Terry Fleury (tfleury@ncsa.uiuc.edu)
 * @version 1.1 2006-03-28
 *
 * This is a sample Axis web service to demonstrate connecting from a client
 * using proxy certificates.  It assumes that you have set up Tomcat/Axis to
 * handle proxy certificates.
 *
 * This file is licensed under the terms of the Globus Toolkit Public
 * License, found at http://www.globus.org/toolkit/download/license.html.
 */
// In Tomcat servlet-api.jar
import javax.servlet.http.HttpServletRequest;

// In axis.jar
import org.apache.axis.MessageContext;
import org.apache.axis.transport.http.HTTPConstants;

// In cog-axis.jar
import org.globus.axis.util.Util;
import org.globus.axis.gsi.GSIConstants;
import org.globus.axis.handler.CredentialHandler;

// In cog-jglobus.jar
import org.globus.myproxy.MyProxy;

// In standard Java
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSContext;

public class SampleService {
    
    /** 
     * This is the main method that can be called by a client.  It simply
     * takes in a single string and returns another string showing any
     * delegated credentials and the string that was originally sent.  
     * @param arg A message string passed in by a client.
     * @return A response string showing any delegated credential, plus
     *         echoing back the original arg string.
     */
    public String serviceMethod(String arg) {
      
        GSSCredential cred4 = null;
        GSSCredential cred5 = null;

        MessageContext ctx = MessageContext.getCurrentContext();
        setMessageContextProperties(ctx);  

        /* For Tomcat 4.x, the delegated credential comes through in 
         * the GSI_CREDENTIALS property.  For Tomcat 5.x, the delegated
         * credential comes through in the GSI_CONTEXT property.
         */
        try {
            cred4 = (GSSCredential)ctx.getProperty(
                                       GSIConstants.GSI_CREDENTIALS);
            cred5 = ((GSSContext)ctx.getProperty(
                                     GSIConstants.GSI_CONTEXT)).getDelegCred();
        } catch (Exception e) {
        }

        // Print out some basic info to the catalina.out log file.
        System.out.println("SampleService called with text \""+arg+"\"");
        System.out.println("Tomcat 4 delegated credential : " + cred4);
        System.out.println("Tomcat 5 delegated credential : " + cred5);

        // Form a string to be returned to the calling client.
        StringBuffer buf = new StringBuffer();
        buf.append("User '");
        buf.append(ctx.getProperty(GSIConstants.GSI_USER_DN));
        buf.append("' authorized locally as '");
        buf.append(ctx.getProperty(GSIConstants.GSI_AUTH_USERNAME));
        buf.append("' with Tomcat4 credential of '");
        buf.append(cred4);
        buf.append("' and Tomcat 5 credential of '");
        buf.append(cred5);
        buf.append("' sent the text '");
        buf.append(arg);
        buf.append("'");

        return buf.toString();
    }

    /**
     * This method is called when a client has delegated a proxy credential 
     * to a MyProxy server and wants to notify this service with the
     * username/passphrase information required to get the credential.
     * @param host The MyProxy host name (probably FQDN).
     * @param port The port for connecting to the MyProxy host (e.g. 7512).
     * @param username The username for getting the proxy credential.
     * @param passphrase The passphrase for getting the proxy credential.
     * @param lifetime The desired lifetime (in seconds) for getting the
     *        proxy credential. The actual lifetime of the retrieved
     *        credential is possibly shorter.
     * @return A string letting the calling client the status of this
     *         service getting the proxy credential (e.g. success/failure).
     */
    public String notifyGSSCredentialStored(String host, int port, 
                  String username, String passphrase, int lifetime) {

        StringBuffer buf = new StringBuffer();
        GSSCredential credential = null;

        try {
            MyProxy myProxyServer = new MyProxy(host,port);
            credential = myProxyServer.get(username,passphrase,lifetime);
            myProxyServer.destroy(credential,username,passphrase);
            buf.append("Using the MyProxy server at " + host + ":" + port);
            buf.append(" with username = '" + username + "'");
            buf,append(", passpharse = '" + passphrase + "'");
            buf.append(", and lifetime = " + lifetime + " seconds");
            buf.append(", successfully fetched the credential " + credential);
        } catch (Exception e) {
            buf.append("Could not get credential from the MyProxy server at ");
            buf.append(host + ":" + port + " because ");
            buf.append(e.getMessage());
        }

        return buf.toString();
    }


    /**
     * Set some basic propeties on the current message.  This method takes
     * in a MessageContext and sets some GSI properties for demonstration
     * purposes.  It is possible to configure your server-config.wsdd file
     * with the CredentialHandler and have these properties set
     * automatically.  NOTE that the Tomcat 5 delegated credential available
     * in GSI_CONTEXT does not yet get set with the CredentialHandler.
     * @param msgContext The current message context on which various GSI
     *                   properties will be set.
     */
    private void setMessageContextProperties(MessageContext msgContext) {

        Object tmp;

        // Make sure this method is called by a HTTP Servlet.
        tmp = msgContext.getProperty(HTTPConstants.MC_HTTP_SERVLETREQUEST);
        if ((tmp == null) || !(tmp instanceof HttpServletRequest)) {
            return;
        }

        HttpServletRequest req = (HttpServletRequest)tmp;
        
        /* When 'httpg' is the communcation protocol in the servlet engine,
         * Axis does not correctly set the TRANS_URL property.  This is a
         * workaround for that problem.
         */
        String url = req.getRequestURL().toString();
        tmp = msgContext.getProperty(MessageContext.TRANS_URL);
        if (tmp == null && url != null) {
            msgContext.setProperty(MessageContext.TRANS_URL, url);
        }

        // Get the delegated credential for Tomcat 4 setup.
        tmp = req.getAttribute(GSIConstants.GSI_CREDENTIALS);
        if (tmp != null) {
            msgContext.setProperty(GSIConstants.GSI_CREDENTIALS, tmp);
        }

        // Make available the delegated credential for Tomcat 5 setup.
        tmp = req.getAttribute(GSIConstants.GSI_CONTEXT);
        if (tmp != null) {
            msgContext.setProperty(GSIConstants.GSI_CONTEXT,tmp);
        }
        
        // Get the locally authorized username (i.e. set by grid-mapfile).
        // Note that for Tomcat 5.x, this attribute is set ONLY if you
        // have configured Tomcat's server.xml file with the
        // GridmapFilterValve to read the grid-mapfile.
        tmp = req.getAttribute(GSIConstants.GSI_AUTH_USERNAME);
        if (tmp != null) {
            msgContext.setProperty(GSIConstants.GSI_AUTH_USERNAME, tmp);
        }
        
        // Get the Distinguished Name used for authentication.
        tmp = req.getAttribute(GSIConstants.GSI_USER_DN);
        if (tmp != null) {
            msgContext.setProperty(GSIConstants.GSI_USER_DN, tmp);
        }
    }

}