#ifndef __ARC_USERNAMETOKEN_H__
#define __ARC_USERNAMETOKEN_H__

#include <arc/XMLNode.h>
#include <arc/message/SOAPEnvelope.h>

// WS-Security Username Token Profile v1.1
// wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"

namespace Arc {

/// Interface for manipulation of WS-Security according to Username Token Profile. 
class UsernameToken {
protected:
  XMLNode header_; /** SOAP header element */
public:
  typedef enum {
    PasswordText,
    PasswordDigest
  } PasswordType;

  /** Link to existing SOAP header and parse Username Token information.
    Username Token related information is extracted from SOAP header and
    stored in class variables. */
  UsernameToken(SOAPEnvelope& soap);
  /** Add Username Token information into the SOAP header.
     Generated token contains elements Username and Password and is
    meant to be used for authentication.
    @param soap  the SOAP message
    @param username  <wsse:Username>...</wsse:Username> - if empty it is entered interactively from stdin
    @param password <wsse:Password Type="...">...</wsse:Password> - if empty it is entered interactively from stdin
    @param uid   <wsse:UsernameToken wsu:ID="...">
    @param pwdtype <wsse:Password Type="...">...</wsse:Password>
  */
  UsernameToken(SOAPEnvelope& soap, const std::string& username, const std::string& password,const std::string& uid, PasswordType pwdtype);

  /** Add Username Token information into the SOAP header.
     Generated token contains elements Username and Salt and is
    meant to be used for deriving Key Derivation.
  @param soap  the SOAP message
  @param username  <wsse:Username>...</wsse:Username>
  @param mac if derived key is meant to be used for Message Authentication Code
  @param iteration <wsse11:Iteration>...</wsse11:Iteration>
  */
  UsernameToken(SOAPEnvelope& soap, const std::string& username, const std::string& id, bool mac, int iteration);
  
  /** Returns true of constructor succeeded */
  operator bool(void);

  /** Returns username associated with this instance */
  std::string Username(void);

  /** Checks parsed/generated token against specified password.
    If token is meant to be used for deriving a key then key is returned in derived_key.
   In that case authentication is performed outside of UsernameToken class using 
   obtained derived_key. */
  bool Authenticate(const std::string& password,std::string& derived_key);

  /** Checks parsed token against password stored in specified stream.
    If token is meant to be used for deriving a key then key is returned in derived_key */
  bool Authenticate(std::istream& password,std::string& derived_key);

private:
  /** Tells if specified SOAP header has WSSE element and UsernameToken inside the WSSE element */
  static bool Check(SOAPEnvelope& soap);
private:
  std::string username_;
  std::string uid_;
  std::string password_;
  std::string passwdtype_;
  std::string nonce_;
  std::string created_;
  std::string salt_;
  int iteration_;
};

} // namespace Arc

#endif /* __ARC_USERNAMETOKEN_H__ */