import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.log4j.Logger;

import ca.nrc.cadc.auth.AuthMethod;
import ca.nrc.cadc.auth.AuthenticationUtil;
import ca.nrc.cadc.auth.HttpPrincipal;
import ca.nrc.cadc.auth.NumericPrincipal;
import ca.nrc.cadc.log.ServletLogInfo;
import ca.nrc.cadc.reg.Standards;
import ca.nrc.cadc.reg.client.LocalAuthority;
import ca.nrc.cadc.reg.client.RegistryClient;
 * Servlet to handle GET requests asking for the current User.  This servlet
 * will implement the /whoami functionality to return details about the
 * currently authenticated user, or rather, the user whose Subject is currently
 * found in this context.
public class WhoAmIServlet extends HttpServlet
    private static final Logger log = Logger.getLogger(WhoAmIServlet.class);

    static final String USER_GET_PATH = "/%s?idType=%s";
     * Handle a /whoami GET operation.
     * @param request  The HTTP Request.
     * @param response The HTTP Response.
     * @throws ServletException Anything goes wrong at the Servlet level.
     * @throws IOException      Any reading/writing errors.
    protected void doGet(final HttpServletRequest request,
                         final HttpServletResponse response)
            throws ServletException, IOException
        final long start = System.currentTimeMillis();
        final ServletLogInfo logInfo = new ServletLogInfo(request);;
            final Subject subject = getSubject(request);
            AuthMethod authMethod = getAuthMethod(subject);
            if (AuthMethod.ANON.equals(authMethod))

            Principal principal = getPrincipalForRestCall(subject);
            if (principal == null)
                response.getWriter().print("No supported identities for /whoami");

            redirect(response, principal, authMethod);
        catch (IllegalArgumentException e)
            log.debug(e.getMessage(), e);
        catch (Throwable t)
            String message = "Internal Server Error: " + t.getMessage();
            log.error(message, t);
            logInfo.setElapsedTime(System.currentTimeMillis() - start);

    private Principal getPrincipalForRestCall(Subject s)
        // TODO: Would be better to add this type of checking to AuthenticationUtil.
        //       But: a better fix would probably be to remove the userid and
        //            authentication type from the get user REST call.  Only the
        //            calling user is allowed to get that user, so the information
        //            is already available.

        if (!s.getPrincipals(HttpPrincipal.class).isEmpty())
            return s.getPrincipals(HttpPrincipal.class).iterator().next();

        if (!s.getPrincipals(X500Principal.class).isEmpty())
            return s.getPrincipals(X500Principal.class).iterator().next();

        if (!s.getPrincipals(NumericPrincipal.class).isEmpty())
            return s.getPrincipals(NumericPrincipal.class).iterator().next();

        return null;

    public URI getServiceURI(URI standard)
        LocalAuthority localAuthority = new LocalAuthority();
        return localAuthority.getServiceURI(standard.toString());

    public AuthMethod getAuthMethod(Subject subject)
        return AuthenticationUtil.getAuthMethod(subject);

     * Forward on to the Service's user endpoint.
     * @param response     The HTTP response.
     * @param webPrincipal The HttpPrincipal instance.
     * @param scheme       The scheme
    void redirect(HttpServletResponse response, Principal principal, AuthMethod authMethod) throws IOException
        final RegistryClient registryClient = getRegistryClient();
        URI umsServiceURI = getServiceURI(Standards.UMS_WHOAMI_01);
        log.debug("ums service uri: " + umsServiceURI);

        final URL serviceURL = registryClient.getServiceURL(umsServiceURI, Standards.UMS_USERS_01, authMethod);
        final URL redirectURL = new URL(serviceURL.toExternalForm() + USER_GET_PATH);
        final String redirectUrl =
            String.format(redirectURL.toString(), principal.getName(), AuthenticationUtil.getPrincipalType(principal));
        final URI redirectURI = URI.create(redirectUrl);

        log.debug("redirecting to " + redirectURI.toASCIIString());

        response.sendRedirect(redirectURI.getPath() + "?" + redirectURI.getQuery());
     * Tests will need to override this method so as not to rely on the
     * environment.
     * @return      Registry Client instance.
    RegistryClient getRegistryClient()
     * Get and augment the Subject. Tests can override this method.
     * @param request Servlet request
     * @return augmented Subject
    Subject getSubject(final HttpServletRequest request)
        return AuthenticationUtil.getSubject(request);