package an.xacml;

import org.opensaml.lite.common.SAMLObject;
import org.opensaml.xml.security.Criteria;
import org.opensaml.xml.security.CriteriaSet;
import org.opensaml.xml.security.credential.UsageType;
import org.opensaml.xml.security.criteria.UsageCriteria;

import pl.edu.icm.yadda.aas.xacml.policy.parser.cond.TypeCondition;
import an.xacml.engine.AttributeRetriever;
import eu.dnetlib.enabling.aas.security.criteria.TrustLevelCriteria;

/**
 * DNet version of invoker based {@link SAMLObject} attribute retriever module.
 * @author mhorst
 *
 */
public class DNetSAMLObjectAttributeRetriever extends AbstractSAMLObjectAttributeRetriever<CriteriaSet> 
	implements AttributeRetriever {

	/* (non-Javadoc)
	 * @see an.xacml.AbstractSAMLObjectAttributeRetriever#provideSigningCriteria(pl.edu.icm.yadda.aas.xacml.policy.parser.cond.TypeCondition)
	 */
	@Override
	protected CriteriaSet provideSigningCriteria(
			TypeCondition signatureTypeCondition) throws IndeterminateException {
		CriteriaSet criteriaSet = new CriteriaSet();
		criteriaSet.add(new UsageCriteria(UsageType.SIGNING));
		criteriaSet.add(new TrustLevelCriteria(getTrustLevel(
				signatureTypeCondition)));
		CriteriaSet fixedCriteriaSet = getSamlObjectValidator().getFixedCriteriaSet();
		if (fixedCriteriaSet!=null) {
			for(Criteria fixedCriterion : fixedCriteriaSet) {
				criteriaSet.add(fixedCriterion);
			}
		}
		return criteriaSet;
	}
	
}