package org.gcube.common.vomanagement.security.authorisation.control.impl.xacml;

import com.sun.xacml.ctx.ResponseCtx;
import com.sun.xacml.ctx.Result;
import java.net.MalformedURLException;
import java.net.URL;
import javax.security.auth.Subject;
import javax.xml.namespace.QName;
import javax.xml.rpc.handler.MessageContext;
import org.gcube.common.core.utils.logging.GCUBELog;
import org.gcube.common.vomanagement.security.authorisation.control.AuthorizationConstants;
import org.gcube.common.vomanagement.security.authorisation.control.impl.xacml.utils.messages.NamespaceAwareRequestCtx;
import org.gcube.common.vomanagement.security.authorisation.control.impl.xacml.utils.messages.XACMLAuthzDecisionQueryBuilder;
import org.gcube.common.vomanagement.security.authorisation.control.impl.xacml.utils.messages.XACMLRequestBuilder;
import org.gcube.common.vomanagement.security.authorisation.control.impl.xacml.utils.soap.SoapAxisConnectionEngine;
import org.gcube.common.vomanagement.security.authorisation.utils.Utils;
import org.gcube.vomanagement.utils.ehcache.DecisionEhcacheWrapper;
import org.globus.wsrf.impl.security.authorization.exceptions.AuthorizationException;
import org.globus.wsrf.impl.security.authorization.exceptions.CloseException;
import org.globus.wsrf.impl.security.authorization.exceptions.InitializeException;
import org.globus.wsrf.impl.security.authorization.exceptions.InvalidPolicyException;
import org.globus.wsrf.security.authorization.PDP;
import org.globus.wsrf.security.authorization.PDPConfig;
import org.w3c.dom.Document;
import org.w3c.dom.Node;

/* loaded from: input_file:org/gcube/common/vomanagement/security/authorisation/control/impl/xacml/XACMLBasedPDP.class */
public class XACMLBasedPDP implements PDP, AuthorizationConstants {
    private static final long serialVersionUID = 1;
    private boolean multiroleSupport;
    private String authzServiceUrl = null;
    private GCUBELog logger = new GCUBELog(this);

    public void initialize(PDPConfig pDPConfig, String str, String str2) throws InitializeException {
        this.logger.debug("initialization...");
        this.logger.debug("Chain name " + str);
        String str3 = (String) pDPConfig.getProperty(str, AuthorizationConstants.MULTI_ROLE_SUPPORT);
        if (str3 == null || !str3.equalsIgnoreCase("false")) {
            this.multiroleSupport = true;
        } else {
            this.multiroleSupport = false;
        }
        this.logger.debug("Multi role support " + this.multiroleSupport);
        String str4 = (String) pDPConfig.getProperty(str, AuthorizationConstants.AUTHZ_SERVICE_PROPERTY);
        this.logger.debug("Authz service " + str4);
        if (str4 == null || str4.trim().equals("")) {
            this.logger.error("Authz service Url null");
            throw new InitializeException("Authz service Url null");
        }
        try {
            this.authzServiceUrl = str4.trim();
            new URL(this.authzServiceUrl);
            this.logger.debug("initialization completed");
        } catch (MalformedURLException e) {
            this.logger.error("invalid authz service Url");
            throw new InitializeException("invalid authz service Url", e);
        }
    }

    public Node getPolicy(Node node) throws InvalidPolicyException {
        this.logger.warn("Unable to retrieve the policy");
        return null;
    }

    public String[] getPolicyNames() {
        this.logger.warn("Unable to retrieve policy names");
        return null;
    }

    public Node setPolicy(Node node) throws InvalidPolicyException {
        this.logger.warn("Unable to set the policies");
        return null;
    }

    private String[] getRoles(String str) {
        this.logger.debug("Role string " + str);
        String[] strArr = null;
        if (str != null) {
            strArr = this.multiroleSupport ? str.split(",") : new String[]{str};
        } else {
            this.logger.error("Role string null!");
        }
        return strArr;
    }

    private Boolean checkCache(String[] strArr, String str, String str2) {
        this.logger.debug("Checking the cache...");
        Boolean bool = null;
        boolean z = false;
        for (int i = 0; i < strArr.length && !z; i++) {
            String str3 = strArr[i];
            this.logger.debug("Checking if for " + str3 + " is possible to do " + str + " on " + str2);
            StringBuilder sb = new StringBuilder(str3);
            sb.append(":").append(str).append(":").append(str2);
            String sb2 = sb.toString();
            this.logger.debug("Asking the decision cache...");
            Boolean bool2 = DecisionEhcacheWrapper.getInstance().get(sb2);
            if (bool2 != null) {
                bool = bool2;
                if (bool2.booleanValue()) {
                    z = true;
                }
            }
            this.logger.debug("Response = " + bool);
        }
        this.logger.debug("Final cache decision is " + bool);
        return bool;
    }

    private boolean askToArgus(String[] strArr, String str, String str2) throws AuthorizationException {
        this.logger.debug("Decision not found in the cache: asking Argus...");
        boolean z = false;
        for (int i = 0; i < strArr.length && !z; i++) {
            String str3 = strArr[i];
            this.logger.debug("Asking to Argus for role " + str3);
            StringBuilder sb = new StringBuilder(str3);
            sb.append(":").append(str).append(":").append(str2);
            String sb2 = sb.toString();
            XACMLRequestBuilder xACMLRequestBuilder = new XACMLRequestBuilder();
            xACMLRequestBuilder.setAction(str);
            xACMLRequestBuilder.setResource(str2);
            xACMLRequestBuilder.setRole(str3);
            try {
                this.logger.debug("Generating request context");
                NamespaceAwareRequestCtx generateRequest = xACMLRequestBuilder.generateRequest();
                this.logger.debug("Request context generated");
                XACMLAuthzDecisionQueryBuilder xACMLAuthzDecisionQueryBuilder = new XACMLAuthzDecisionQueryBuilder();
                this.logger.debug("Decision quesry builder with default values generated");
                Document generateAuthzQuery = xACMLAuthzDecisionQueryBuilder.generateAuthzQuery(generateRequest);
                this.logger.debug("Request document generated");
                this.logger.debug(Utils.document2String(generateAuthzQuery));
                this.logger.debug("Opening connection manager...");
                SoapAxisConnectionEngine soapAxisConnectionEngine = new SoapAxisConnectionEngine();
                soapAxisConnectionEngine.setTargetUrl(this.authzServiceUrl);
                soapAxisConnectionEngine.setBodyDocument(generateAuthzQuery);
                this.logger.debug("Sending message...");
                ResponseCtx sendMessage = soapAxisConnectionEngine.sendMessage();
                this.logger.debug("Response received");
                if (sendMessage.getResults().isEmpty()) {
                    this.logger.error("No result received!!!");
                } else {
                    int decision = ((Result) sendMessage.getResults().iterator().next()).getDecision();
                    if (decision == 0) {
                        this.logger.debug("Operation allowed");
                        z = true;
                    } else {
                        this.logger.debug("Operation not allowed");
                        this.logger.debug("Decision code = " + decision);
                    }
                    this.logger.debug("Inserting result in the cache");
                    DecisionEhcacheWrapper.getInstance().put(sb2, Boolean.valueOf(z));
                    this.logger.debug("Result inserted");
                }
            } catch (Exception e) {
                this.logger.error("Exception in generating and sending XACML request", e);
                throw new AuthorizationException(e.getCause().toString());
            }
        }
        return z;
    }

    public boolean isPermitted(Subject subject, MessageContext messageContext, QName qName) throws AuthorizationException {
        boolean askToArgus;
        this.logger.debug("checking authorizations");
        String[] roles = getRoles((String) messageContext.getProperty(AuthorizationConstants.ROLE_VALUE));
        if (roles == null) {
            throw new AuthorizationException("No roles found in the request!!!");
        }
        String str = (String) messageContext.getProperty(AuthorizationConstants.ACTION_ATTR);
        String str2 = (String) messageContext.getProperty(AuthorizationConstants.RESOURCE_ATTR);
        Boolean checkCache = checkCache(roles, str, str2);
        if (checkCache != null) {
            this.logger.debug("Decision found in the cache!");
            askToArgus = checkCache.booleanValue();
        } else {
            askToArgus = askToArgus(roles, str, str2);
        }
        return askToArgus;
    }

    public void close() throws CloseException {
    }
}
