package org.gcube.vomagement.policymanagement.service.impl;

import java.util.ArrayList;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import org.gcube.common.core.utils.logging.GCUBELog;
import org.gcube.vomagement.policymanagement.PolicyManagementClient;
import org.gcube.vomagement.policymanagement.bean.PolicyBean;
import org.gcube.vomagement.policymanagement.bean.PolicySetBean;
import org.gcube.vomagement.policymanagement.bean.RuleBean;
import org.gcube.vomagement.policymanagement.impl.ArgusPolicyManagementClient;
import org.gcube.vomagement.policymanagement.service.RuleManager;
import org.ietf.jgss.GSSCredential;
import os.schema.policy._0._2.xacml.tc.names.oasis.EffectType;
import os.schema.policy._0._2.xacml.tc.names.oasis.IdReferenceType;
import os.schema.policy._0._2.xacml.tc.names.oasis.PolicySetType;
import os.schema.policy._0._2.xacml.tc.names.oasis.PolicyType;
import os.schema.policy._0._2.xacml.tc.names.oasis.RuleType;
import os.schema.policy._0._2.xacml.tc.names.oasis.TargetType;

/* loaded from: input_file:org/gcube/vomagement/policymanagement/service/impl/ArgusRuleManager.class */
public class ArgusRuleManager implements RuleManager {
    private GCUBELog logger = new GCUBELog(this);
    private String papUrl;
    private GSSCredential credential;

    public ArgusRuleManager(String str, GSSCredential gSSCredential) throws Exception {
        this.papUrl = str;
        this.credential = gSSCredential;
    }

    @Override // org.gcube.vomagement.policymanagement.service.RuleManager
    public boolean addRule(String str, String str2, String str3, boolean z) {
        return addRule(str, str2, str3, z, false);
    }

    @Override // org.gcube.vomagement.policymanagement.service.RuleManager
    public boolean addRule(String str, String str2, String str3, boolean z, boolean z2) {
        this.logger.debug("Adding new rule");
        this.logger.debug("Role " + str);
        this.logger.debug("Resource " + str2);
        this.logger.debug("Operation " + str3);
        PolicyBean findPolicy = findPolicy(str, str2, str3);
        if (findPolicy != null && z2) {
            this.logger.debug("Rule exists: the policy will be updated");
            return internalUpdateRule(findPolicy, z);
        }
        if (findPolicy != null) {
            this.logger.debug("Rule exists: use update policy instead");
            return false;
        }
        boolean z3 = new ArgusPolicyManagementClient(this.papUrl, this.credential).addRule(str, str3, str2, z) != null;
        this.logger.debug("Operation completed with result " + z3);
        return z3;
    }

    public boolean removePolicy(String str, String str2) {
        this.logger.debug("Remove Policy");
        PolicySetType[] listPolicySets = new ArgusPolicyManagementClient(this.papUrl, this.credential).listPolicySets();
        List<PolicySetBean> findPolicySetsFromResource = findPolicySetsFromResource(listPolicySets, str);
        List<PolicySetBean> findPolicyTypesFromOperation = findPolicyTypesFromOperation(findPolicySetsFromResource, str, str2);
        boolean z = true;
        if (findPolicyTypesFromOperation != null) {
            this.logger.debug("Triyng to remove policies");
            for (PolicySetBean policySetBean : findPolicyTypesFromOperation) {
                String id = policySetBean.getId();
                this.logger.debug("Policy set id " + id);
                boolean z2 = false;
                int i = 0;
                while (i < findPolicySetsFromResource.size() && !z2) {
                    if (listPolicySets[i].getPolicySetId().equals(id)) {
                        this.logger.debug("Policy set reference found");
                        z2 = true;
                    }
                    i++;
                }
                if (z2) {
                    this.logger.debug("Removing policy reference");
                    IdReferenceType[] policyIdReference = listPolicySets[i].getPolicyIdReference();
                    List<String> policyIdReference2 = policySetBean.getPolicyIdReference();
                    this.logger.debug("Building reference list");
                    int i2 = 0;
                    IdReferenceType[] idReferenceTypeArr = new IdReferenceType[policyIdReference.length - policyIdReference2.size()];
                    for (int i3 = 0; i3 < idReferenceTypeArr.length; i3++) {
                        if (!policyIdReference2.contains(policyIdReference[i2].get_value())) {
                            this.logger.debug("Adding in the new references list " + policyIdReference[i2].get_value());
                            idReferenceTypeArr[i3] = policyIdReference[i2];
                        }
                        i2++;
                    }
                    listPolicySets[i].setPolicyIdReference(idReferenceTypeArr);
                    boolean updatePolicySet = new ArgusPolicyManagementClient(this.papUrl, this.credential).updatePolicySet(listPolicySets[i]);
                    this.logger.debug("Policy references deleted " + updatePolicySet);
                    z = z && updatePolicySet;
                }
            }
            this.logger.debug("Purge operation completed " + new ArgusPolicyManagementClient(this.papUrl, this.credential).purge(true, true, true, true));
        } else {
            this.logger.debug("No policy found");
        }
        return z;
    }

    @Override // org.gcube.vomagement.policymanagement.service.RuleManager
    public boolean updateRule(String str, String str2, String str3, boolean z) {
        this.logger.debug("Updating rule...");
        return internalUpdateRule(findPolicy(str, str2, str3), z);
    }

    @Override // org.gcube.vomagement.policymanagement.service.RuleManager
    public boolean removeRule(String str, String str2, String str3) {
        this.logger.debug("Removing rule...");
        PolicyBean findPolicy = findPolicy(str, str2, str3);
        boolean z = false;
        if (findPolicy != null) {
            this.logger.debug("Policy reference found");
            this.logger.debug("Finding references");
            PolicyType policyReference = findPolicy.getPolicyReference();
            String ruleId = findPolicy.getRuleReference().getRuleId();
            this.logger.debug("Rule id " + ruleId);
            RuleType[] rule = policyReference.getRule();
            RuleType[] ruleTypeArr = new RuleType[rule.length - 1];
            this.logger.debug("Removing rule...");
            int i = 0;
            for (int i2 = 0; i2 < ruleTypeArr.length; i2++) {
                if (!rule[i].getRuleId().equals(ruleId)) {
                    this.logger.debug("Adding in the new list rule " + rule[i].getRuleId());
                    ruleTypeArr[i2] = rule[i];
                }
                i++;
            }
            this.logger.debug("New Rule list ready, updating Argus");
            policyReference.setRule(ruleTypeArr);
            z = new ArgusPolicyManagementClient(this.papUrl, this.credential).updatePolicy(policyReference);
            this.logger.debug("Operation completed with result " + z);
            this.logger.debug("Purge Operation completed with result " + new ArgusPolicyManagementClient(this.papUrl, this.credential).purge(true, true, true, true));
        }
        return z;
    }

    @Override // org.gcube.vomagement.policymanagement.service.RuleManager
    public boolean resetPolicyManager() {
        this.logger.debug("Resetting Argus");
        boolean eraseRepository = new ArgusPolicyManagementClient(this.papUrl, this.credential).eraseRepository();
        this.logger.debug("Operation completed with result " + eraseRepository);
        return eraseRepository;
    }

    @Override // org.gcube.vomagement.policymanagement.service.RuleManager
    public List<RuleBean> listRules() {
        this.logger.debug("Loading all rules");
        return listRules(null, null, null);
    }

    @Override // org.gcube.vomagement.policymanagement.service.RuleManager
    public List<RuleBean> listRules(String str, String str2, String str3) {
        this.logger.debug("Finding policy ");
        if (str != null) {
            str = PolicyManagementClient.D4SCIENCE_ROLE_PREFIX + str;
        }
        this.logger.debug("Role " + str);
        this.logger.debug("Resource " + str2);
        this.logger.debug("Operation " + str3);
        ArrayList arrayList = new ArrayList();
        PolicySetType[] listPolicySets = new ArgusPolicyManagementClient(this.papUrl, this.credential).listPolicySets();
        this.logger.debug("Policy set loaded");
        List<PolicySetBean> findPolicySetsFromResource = findPolicySetsFromResource(listPolicySets, str2);
        if (findPolicySetsFromResource != null) {
            for (PolicySetBean policySetBean : findPolicySetsFromResource) {
                this.logger.debug("Policy set " + policySetBean.getId());
                Iterator<PolicyBean> it = findPoliciesFromOperationAndRole(getPolicyIds(policySetBean), str, policySetBean.getResource(), str3).iterator();
                while (it.hasNext()) {
                    arrayList.add(it.next().getRuleBean());
                }
            }
        } else {
            this.logger.debug("No policy set found");
        }
        return arrayList;
    }

    @Override // org.gcube.vomagement.policymanagement.service.RuleManager
    public RuleBean getRule(String str, String str2, String str3) {
        this.logger.debug("Getting requested rule...");
        List<RuleBean> listRules = listRules(str, str2, str3);
        if (listRules == null || listRules.size() <= 0) {
            this.logger.debug("Rule not found");
            return null;
        }
        this.logger.debug("Rule found");
        return listRules.get(0);
    }

    private PolicyBean findPolicy(String str, String str2, String str3) {
        this.logger.debug("Finding policy ");
        String str4 = PolicyManagementClient.D4SCIENCE_ROLE_PREFIX + str;
        this.logger.debug("Role " + str4);
        this.logger.debug("Resource " + str2);
        this.logger.debug("Operation " + str3);
        List<PolicySetBean> findPolicySetsFromResource = findPolicySetsFromResource(new ArgusPolicyManagementClient(this.papUrl, this.credential).listPolicySets(), str2);
        if (findPolicySetsFromResource == null || findPolicySetsFromResource.size() <= 0) {
            return null;
        }
        List<PolicyBean> findPoliciesFromOperationAndRole = findPoliciesFromOperationAndRole(getPolicyIds(findPolicySetsFromResource), str4, str2, str3);
        if (findPoliciesFromOperationAndRole.size() > 0) {
            return findPoliciesFromOperationAndRole.get(0);
        }
        return null;
    }

    private List<PolicySetBean> findPolicySetsFromResource(PolicySetType[] policySetTypeArr, String str) {
        IdReferenceType[] policyIdReference;
        if (str == null) {
            this.logger.debug("Resource filter disabled");
        }
        ArrayList arrayList = new ArrayList();
        if (policySetTypeArr != null) {
            for (PolicySetType policySetType : policySetTypeArr) {
                TargetType target = policySetType.getTarget();
                if (target != null && target.getResources() != null) {
                    try {
                        String asString = target.getResources().getResource(0).getResourceMatch(0).getAttributeValue().get_any()[0].getAsString();
                        this.logger.debug("Resource found = " + asString);
                        if ((str == null || (asString != null && asString.equals(str))) && (policyIdReference = policySetType.getPolicyIdReference()) != null) {
                            PolicySetBean policySetBean = new PolicySetBean();
                            policySetBean.setId(policySetType.getPolicySetId());
                            policySetBean.setResource(asString);
                            for (IdReferenceType idReferenceType : policyIdReference) {
                                String str2 = idReferenceType.get_value();
                                this.logger.debug("Policy Id reference " + str2);
                                policySetBean.addPolicyId(str2);
                            }
                            arrayList.add(policySetBean);
                        }
                    } catch (Exception e) {
                        this.logger.warn("Unable to find a resource ", e);
                    }
                }
            }
        }
        return arrayList;
    }

    private Set<String> getPolicyIds(List<PolicySetBean> list) {
        this.logger.debug("Finding policy ids");
        HashSet hashSet = new HashSet();
        Iterator<PolicySetBean> it = list.iterator();
        while (it.hasNext()) {
            hashSet.addAll(it.next().getPolicyIdReference());
        }
        this.logger.debug("Policy ids found");
        return hashSet;
    }

    private Set<String> getPolicyIds(PolicySetBean policySetBean) {
        this.logger.debug("Finding policy ids");
        HashSet hashSet = new HashSet();
        hashSet.addAll(policySetBean.getPolicyIdReference());
        this.logger.debug("Policy ids found");
        return hashSet;
    }

    private List<PolicyBean> findPoliciesFromOperationAndRole(Set<String> set, String str, String str2, String str3) {
        this.logger.debug("Finding the policies");
        if (str3 == null) {
            this.logger.debug("Operation filter disabled");
        }
        ArrayList arrayList = new ArrayList();
        Iterator<String> it = set.iterator();
        while (it.hasNext()) {
            PolicyType policy = new ArgusPolicyManagementClient(this.papUrl, this.credential).getPolicy(it.next());
            TargetType target = policy.getTarget();
            if (target != null && target.getActions() != null) {
                try {
                    String asString = target.getActions().getAction(0).getActionMatch(0).getAttributeValue().get_any()[0].getAsString();
                    this.logger.debug("Action found = " + asString);
                    if (str3 == null || (asString != null && asString.equals(str3))) {
                        this.logger.debug("Action found");
                        findPoliciesFromRole(arrayList, policy.getRule(), str, str2, asString, policy);
                    }
                } catch (Exception e) {
                    this.logger.warn("Unable to find a resource ", e);
                }
            }
        }
        return arrayList;
    }

    private List<PolicySetBean> findPolicyTypesFromOperation(List<PolicySetBean> list, String str, String str2) {
        this.logger.debug("Finding the policies");
        ArrayList arrayList = new ArrayList();
        for (PolicySetBean policySetBean : list) {
            List<String> policyIdReference = policySetBean.getPolicyIdReference();
            PolicySetBean policySetBean2 = new PolicySetBean();
            policySetBean2.setId(policySetBean.getId());
            for (String str3 : policyIdReference) {
                TargetType target = new ArgusPolicyManagementClient(this.papUrl, this.credential).getPolicy(str3).getTarget();
                if (target != null && target.getActions() != null) {
                    try {
                        String asString = target.getActions().getAction(0).getActionMatch(0).getAttributeValue().get_any()[0].getAsString();
                        this.logger.debug("Action found = " + asString);
                        if (asString != null && asString.equals(str2)) {
                            policySetBean2.addPolicyId(str3);
                        }
                    } catch (Exception e) {
                        this.logger.warn("Unable to find a resource ", e);
                    }
                }
                arrayList.add(policySetBean2);
            }
        }
        return arrayList;
    }

    private void findPoliciesFromRole(List<PolicyBean> list, RuleType[] ruleTypeArr, String str, String str2, String str3, PolicyType policyType) {
        if (str == null) {
            this.logger.debug("Role Filter disabled");
        }
        if (ruleTypeArr != null) {
            for (RuleType ruleType : ruleTypeArr) {
                TargetType target = ruleType.getTarget();
                if (target != null && target.getSubjects() != null) {
                    try {
                        String asString = target.getSubjects().getSubject(0).getSubjectMatch(0).getAttributeValue().get_any()[0].getAsString();
                        this.logger.debug("Subject found = " + asString);
                        if (str == null || (asString != null && asString.equals(str))) {
                            this.logger.debug("Rule match");
                            this.logger.debug("Subject found");
                            PolicyBean policyBean = new PolicyBean();
                            if (asString != null && asString.startsWith(PolicyManagementClient.D4SCIENCE_ROLE_PREFIX)) {
                                asString = asString.substring(PolicyManagementClient.D4SCIENCE_ROLE_PREFIX.length());
                            }
                            policyBean.setRole(asString);
                            policyBean.setResource(str2);
                            policyBean.setOperation(str3);
                            policyBean.setPolicyReference(policyType);
                            policyBean.setRuleReference(ruleType);
                            list.add(policyBean);
                        }
                    } catch (Exception e) {
                        this.logger.warn("Unable to find a resource ", e);
                    }
                }
            }
        }
    }

    private boolean internalUpdateRule(PolicyBean policyBean, boolean z) {
        this.logger.debug("Updating rule");
        boolean z2 = false;
        if (policyBean != null) {
            this.logger.debug("Policy reference found");
            if (z == policyBean.isPermit()) {
                this.logger.debug(Boolean.valueOf(policyBean.isPermit()));
                this.logger.debug("Rule altready updated, nothing to do");
                z2 = true;
            } else {
                this.logger.debug("Finding references");
                PolicyType policyReference = policyBean.getPolicyReference();
                RuleType ruleReference = policyBean.getRuleReference();
                if (z) {
                    ruleReference.setEffect(EffectType.Permit);
                } else {
                    ruleReference.setEffect(EffectType.Deny);
                }
                this.logger.debug("Updating permissions");
                this.logger.debug("Updating Argus");
                z2 = new ArgusPolicyManagementClient(this.papUrl, this.credential).updatePolicy(policyReference);
                this.logger.debug("Operation completed with result " + z2);
            }
        }
        return z2;
    }

    public static void main(String[] strArr) throws Exception {
        ArgusRuleManager argusRuleManager = new ArgusRuleManager("https://grid16.4dsoft.hu:8443/pap/services", null);
        System.out.println("Rule manager ok");
        for (RuleBean ruleBean : argusRuleManager.listRules()) {
            System.out.println("Subject " + ruleBean.getSubject());
            System.out.println("Operation " + ruleBean.getOperation());
            System.out.println("Resource " + ruleBean.getResource());
            System.out.println("Permit " + ruleBean.isPermit());
        }
    }
}
