package org.gcube.common.vomanagement.security.authorisation.impl.simple;

import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.gcube.common.core.contexts.GCUBEServiceContext;
import org.gcube.common.core.contexts.GHNContext;
import org.gcube.common.core.contexts.service.Consumer;
import org.gcube.common.core.informationsystem.client.ISClient;
import org.gcube.common.core.informationsystem.client.queries.GCUBEGenericResourceQuery;
import org.gcube.common.core.resources.GCUBEGenericResource;
import org.gcube.common.core.scope.GCUBEScope;
import org.gcube.common.core.utils.handlers.GCUBEHandler;
import org.gcube.common.core.utils.handlers.GCUBEScheduledHandler;
import org.gcube.common.core.utils.logging.GCUBELog;

/* loaded from: input_file:org/gcube/common/vomanagement/security/authorisation/impl/simple/GCUBEGenericResourceAuthZPolicyPIP.class */
public class GCUBEGenericResourceAuthZPolicyPIP {
    public static final String TRUSTED_PORTAL_CREDENTIALS = "TrustedPortalCredentials";
    public static final String TRUSTED_SERVICE_POLICY = "TrustedServicePolicy";
    public static final String POLICY_SECONDARY_TYPE = "AuthZPolicy";
    public static final String PORTAL_NAME = "PORTAL";
    public static final String SEPARATOR = "-&gt;";
    private static GCUBEGenericResourceAuthZPolicyPIP instance;
    private GCUBEServiceContext context;
    protected GCUBELog logger = new GCUBELog(this);
    private static final String DN_PREFIX = "DN='";
    private static final String DN_SUFFIX = "'";
    private static final String CA_PREFIX = "CA='";
    private static final String CA_SUFFIX = "'";
    private static Map<GCUBEScope, Scheduler> schedulers = new HashMap();

    /* loaded from: input_file:org/gcube/common/vomanagement/security/authorisation/impl/simple/GCUBEGenericResourceAuthZPolicyPIP$RIMonitor.class */
    private class RIMonitor extends Consumer {
        Scheduler scheduler;

        RIMonitor(Scheduler scheduler) {
            this.scheduler = scheduler;
        }

        protected synchronized void onRIFailed(GCUBEServiceContext.RILifetimeEvent rILifetimeEvent) throws Exception {
            this.scheduler.decreaseSharing();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/gcube/common/vomanagement/security/authorisation/impl/simple/GCUBEGenericResourceAuthZPolicyPIP$Scheduler.class */
    public class Scheduler extends GCUBEScheduledHandler<GCUBEScope> {
        private long POLLING_INTERVAL;
        private static final int ATTEMPTS_AT_START = 3;
        private List<GCUBEGenericResource> resources;
        private short sharing;

        /* loaded from: input_file:org/gcube/common/vomanagement/security/authorisation/impl/simple/GCUBEGenericResourceAuthZPolicyPIP$Scheduler$QueryTask.class */
        private class QueryTask extends GCUBEHandler<GCUBEScope> {
            QueryTask(GCUBEScope gCUBEScope) {
                setHandled(gCUBEScope);
            }

            public void run() throws Exception {
                ISClient iSClient = (ISClient) GHNContext.getImplementation(ISClient.class);
                GCUBEGenericResourceQuery query = iSClient.getQuery(GCUBEGenericResourceQuery.class);
                query.addGenericCondition("$result/Profile/SecondaryType/string() eq 'AuthZPolicy'");
                Scheduler.this.setPolicyGenericResources(iSClient.execute(query, (GCUBEScope) getHandled()));
            }
        }

        Scheduler(GCUBEScope gCUBEScope) {
            super(0L, GCUBEScheduledHandler.Mode.LAZY, new GCUBEHandler[0]);
            this.POLLING_INTERVAL = GHNContext.getContext().getTrustedGHNSynchInterval();
            this.sharing = (short) 1;
            setScheduled(new QueryTask(gCUBEScope));
        }

        synchronized void increaseSharing() {
            this.sharing = (short) (this.sharing + 1);
        }

        synchronized void decreaseSharing() {
            this.sharing = (short) (this.sharing - 1);
            if (this.sharing == 0) {
                stop();
            }
        }

        synchronized List<GCUBEGenericResource> getPolicyGenericResources() {
            return this.resources;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public synchronized void setPolicyGenericResources(List<GCUBEGenericResource> list) {
            this.resources = list;
        }

        protected boolean repeat(Exception exc, int i) {
            setInterval(this.POLLING_INTERVAL);
            GCUBEGenericResourceAuthZPolicyPIP.this.context.getLogger().info("TrustedGHNSynchInterval set to " + (getInterval() / 1000) + " seconds");
            if (exc == null) {
                synchronized (this) {
                    notify();
                }
                this.exceptionCount = 0;
                return true;
            }
            if (this.resources != null || i < ATTEMPTS_AT_START) {
                GCUBEGenericResourceAuthZPolicyPIP.this.context.getLogger().warn("could not refresh GCUBEGenericResourceAuthZPolicyPIP state (failure n." + this.exceptionCount + ")", this.exception);
                return true;
            }
            synchronized (this) {
                notify();
            }
            return false;
        }
    }

    public static GCUBEGenericResourceAuthZPolicyPIP getInstance(GCUBEServiceContext gCUBEServiceContext) throws Exception {
        if (instance == null) {
            instance = new GCUBEGenericResourceAuthZPolicyPIP(gCUBEServiceContext);
        }
        return instance;
    }

    private GCUBEGenericResourceAuthZPolicyPIP(GCUBEServiceContext gCUBEServiceContext) throws Exception {
        this.context = gCUBEServiceContext;
        for (GCUBEScope gCUBEScope : gCUBEServiceContext.getInstance().getScopes().values()) {
            gCUBEServiceContext.getLogger().trace("acquiring AuthZPolicy resources from IS for scope " + gCUBEScope);
            synchronized (schedulers) {
                Scheduler scheduler = schedulers.get(gCUBEScope);
                if (scheduler == null) {
                    scheduler = new Scheduler(gCUBEScope);
                    scheduler.run();
                    synchronized (scheduler) {
                        scheduler.wait();
                        if (scheduler.getPolicyGenericResources() == null) {
                            throw new Exception("cannot acquire AuthZPolicy resources from IS for scope " + gCUBEScope);
                        }
                    }
                    schedulers.put(gCUBEScope, scheduler);
                } else {
                    gCUBEServiceContext.getLogger().trace("increasing sharing for GCUBEGenericResourceAuthZPolicyPIP in " + gCUBEScope);
                    scheduler.increaseSharing();
                }
                try {
                    gCUBEServiceContext.subscribeLifetTime(new RIMonitor(scheduler), new GCUBEServiceContext.RILifetimeTopic[]{GCUBEServiceContext.RILifetimeTopic.FAILED});
                } catch (Exception e) {
                    gCUBEServiceContext.getLogger().warn("could not subscribe GCUBEGenericResourceAuthZPolicyPIP to RI lifetime");
                }
            }
        }
    }

    public GCUBEServiceContext getContext() {
        return this.context;
    }

    public void setContext(GCUBEServiceContext gCUBEServiceContext) {
        this.context = gCUBEServiceContext;
    }

    public List<GHNCredentials> getPortalCredentials(GCUBEScope gCUBEScope) {
        List<GCUBEGenericResource> policyGenericResources = schedulers.get(gCUBEScope).getPolicyGenericResources();
        ArrayList arrayList = new ArrayList();
        for (GCUBEGenericResource gCUBEGenericResource : policyGenericResources) {
            if (TRUSTED_PORTAL_CREDENTIALS.equals(gCUBEGenericResource.getName())) {
                arrayList.add(parseResource(gCUBEGenericResource));
            }
        }
        return arrayList;
    }

    private GHNCredentials parseResource(GCUBEGenericResource gCUBEGenericResource) {
        String body = gCUBEGenericResource.getBody();
        return new GHNCredentials(extractNamefrom(body, DN_PREFIX, "'"), extractNamefrom(body, CA_PREFIX, "'"));
    }

    private String extractNamefrom(String str, String str2, String str3) {
        this.logger.trace("Extracting name from '" + str + "' with prefix " + str2 + " and suffix " + str3);
        int indexOf = str.indexOf(str2) + str2.length();
        int indexOf2 = str.indexOf(str3, indexOf);
        String substring = str.substring(indexOf, indexOf2);
        this.logger.trace("Extracting name (" + indexOf + "," + indexOf2 + ") returned: " + substring);
        return substring;
    }

    public Map<String, List<String>> getTrustedServicePolicies(GCUBEScope gCUBEScope, String str) {
        List<GCUBEGenericResource> policyGenericResources = schedulers.get(gCUBEScope).getPolicyGenericResources();
        HashMap hashMap = new HashMap();
        for (GCUBEGenericResource gCUBEGenericResource : policyGenericResources) {
            if (TRUSTED_SERVICE_POLICY.equals(gCUBEGenericResource.getName()) && str.equals(getInvokedServiceFrom(gCUBEGenericResource))) {
                String operationFrom = getOperationFrom(gCUBEGenericResource);
                if (!hashMap.containsKey(operationFrom)) {
                    hashMap.put(operationFrom, new ArrayList());
                }
                ((List) hashMap.get(operationFrom)).add(getInvokerFrom(gCUBEGenericResource));
            }
        }
        return hashMap;
    }

    private String getInvokerFrom(GCUBEGenericResource gCUBEGenericResource) {
        this.logger.trace("Getting invoker from resource body: " + gCUBEGenericResource.getBody());
        return gCUBEGenericResource.getBody().split(SEPARATOR)[0].trim();
    }

    private String getOperationFrom(GCUBEGenericResource gCUBEGenericResource) {
        this.logger.trace("Getting operation from resource body: " + gCUBEGenericResource.getBody());
        return gCUBEGenericResource.getBody().split(SEPARATOR)[1].trim();
    }

    private Object getInvokedServiceFrom(GCUBEGenericResource gCUBEGenericResource) {
        this.logger.trace("Getting invoked from resource body: " + gCUBEGenericResource.getBody());
        return gCUBEGenericResource.getBody().split(SEPARATOR)[2].trim();
    }

    public List<String> getTrustedPortalPolicies(GCUBEScope gCUBEScope, String str) {
        Map<String, List<String>> trustedServicePolicies = getTrustedServicePolicies(gCUBEScope, str);
        ArrayList arrayList = new ArrayList();
        for (String str2 : trustedServicePolicies.keySet()) {
            if (trustedServicePolicies.get(str2).contains(PORTAL_NAME)) {
                arrayList.add(str2);
            }
        }
        return arrayList;
    }

    private List<GCUBEGenericResource> generateDummyResourceList() throws Exception {
        ArrayList arrayList = new ArrayList();
        GCUBEGenericResource gCUBEGenericResource = (GCUBEGenericResource) GHNContext.getImplementation(GCUBEGenericResource.class);
        gCUBEGenericResource.setID("1");
        gCUBEGenericResource.setSecondaryType(POLICY_SECONDARY_TYPE);
        gCUBEGenericResource.setName(TRUSTED_PORTAL_CREDENTIALS);
        gCUBEGenericResource.setBody("DN='/O=Grid/OU=GlobusTest/OU=simpleCA-gauss.eng.it/CN=grids05.eng.it',CA='/O=Grid/OU=GlobusTest/OU=simpleCA-gauss.eng.it/CN=Globus Simple CA'");
        arrayList.add(gCUBEGenericResource);
        GCUBEGenericResource gCUBEGenericResource2 = (GCUBEGenericResource) GHNContext.getImplementation(GCUBEGenericResource.class);
        gCUBEGenericResource2.setID("1");
        gCUBEGenericResource2.setSecondaryType(POLICY_SECONDARY_TYPE);
        gCUBEGenericResource2.setName(TRUSTED_SERVICE_POLICY);
        gCUBEGenericResource2.setBody("PORTAL-&gt;about-&gt;Samples:SampleService");
        arrayList.add(gCUBEGenericResource2);
        return arrayList;
    }
}
