1 package club.wpia.gigi.util;
3 import java.io.PrintWriter;
4 import java.io.Serializable;
5 import java.util.Arrays;
8 import club.wpia.gigi.GigiApiException;
9 import club.wpia.gigi.dbObjects.CertificateOwner;
10 import club.wpia.gigi.dbObjects.Group;
11 import club.wpia.gigi.dbObjects.Organisation;
12 import club.wpia.gigi.dbObjects.User;
13 import club.wpia.gigi.localisation.Language;
14 import club.wpia.gigi.output.template.Outputable;
15 import club.wpia.gigi.output.template.SprintfCommand;
17 public class AuthorizationContext implements Outputable, Serializable {
19 private static final long serialVersionUID = -2596733469159940154L;
21 private final CertificateOwner target;
23 private final User actor;
25 private final String supporterTicketId;
27 private final boolean isStronglyAuthenticated;
29 public AuthorizationContext(CertificateOwner target, User actor, boolean isStronglyAuthenticated) {
31 throw new Error("Internal Error: The actor of an AuthorizationContext must not be null!");
34 throw new Error("Internal Error: The target of an AuthorizationContext must not be null!");
38 this.supporterTicketId = null;
39 this.isStronglyAuthenticated = isStronglyAuthenticated;
42 public AuthorizationContext(User actor, String supporterTicket) throws GigiApiException {
44 throw new Error("Internal Error: The actor of an AuthorizationContext must not be null!");
46 if (supporterTicket == null) {
47 throw new Error("Internal Error: The AuthorizationContext for a Support Engineer requires a valid ticket!");
51 if ( !isInGroup(Group.SUPPORTER)) {
52 throw new GigiApiException("requires a supporter");
54 this.supporterTicketId = supporterTicket;
55 this.isStronglyAuthenticated = true;
58 public CertificateOwner getTarget() {
62 public User getActor() {
66 public boolean isInGroup(Group g) {
67 return actor.isInGroup(g);
70 public static User getActor(AuthorizationContext ac) {
77 public String getSupporterTicketId() {
78 return supporterTicketId;
81 public boolean canSupport() {
82 return getSupporterTicketId() != null && isInGroup(Group.SUPPORTER) && isStronglyAuthenticated() && ((User) target).hasValidSupportChallenge();
85 private static final SprintfCommand sp = new SprintfCommand("Logged in as {0} via {1}.", Arrays.asList("${username", "${loginMethod"));
87 private static final SprintfCommand inner = new SprintfCommand("{0}, acting as {1},", Arrays.asList("${user", "${target"));
90 public void output(PrintWriter out, Language l, Map<String, Object> vars) {
92 vars.put("username", new Outputable() {
95 public void output(PrintWriter out, Language l, Map<String, Object> vars) {
96 if (target != actor) {
97 vars.put("target", ((Organisation) target).getName().toString());
98 vars.put("user", actor.getPreferredName().toString());
99 inner.output(out, l, vars);
101 out.println(actor.getPreferredName().toString());
105 sp.output(out, l, vars);
106 out.println("</div>");
107 if (supporterTicketId != null) {
108 out.println("<div>");
109 out.println(l.getTranslation("SupportTicket: "));
110 out.println(HTMLEncoder.encodeHTML(supporterTicketId));
111 out.println("</div>");
115 public boolean canVerify() {
116 return target instanceof User && ((User) target).canVerify() && isStronglyAuthenticated() && ((User) target).hasValidRAChallenge();
119 public boolean isStronglyAuthenticated() {
120 return isStronglyAuthenticated;