package org.gcube.common.vomanagement.security.authorisation.impl.simple;

import com.thoughtworks.xstream.XStream;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import org.gcube.common.core.contexts.GCUBEServiceContext;
import org.gcube.common.core.resources.GCUBEHostingNode;
import org.gcube.common.core.utils.logging.GCUBELog;
import org.gcube.common.vomanagement.security.authorisation.control.impl.policies.GCUBEPolicy;
import org.gcube.common.vomanagement.security.authorisation.control.impl.policies.GCUBEPolicyEvaluationRequest;
import org.gcube.common.vomanagement.security.authorisation.control.impl.policies.GCUBEPolicyEvaluationResponse;
import org.gcube.common.vomanagement.security.authorisation.core.PolicyEvaluationException;
import org.gcube.common.vomanagement.security.authorisation.core.PolicyEvaluationRequest;
import org.gcube.common.vomanagement.security.authorisation.core.PolicyEvaluationResponse;
import org.gcube.common.vomanagement.security.authorisation.core.PolicySerializationException;
import org.gcube.common.vomanagement.security.authorisation.core.impl.XStreamPolicySerializationHelper;

/* loaded from: input_file:org/gcube/common/vomanagement/security/authorisation/impl/simple/TrustedGHNPolicy.class */
public class TrustedGHNPolicy implements GCUBEPolicy {
    private GCUBEServiceContext context;
    private GCUBEGhnListPIP ghnListPIP;
    protected GCUBELog logger = new GCUBELog(this);
    private XStreamPolicySerializationHelper helper = new XStreamPolicySerializationHelper(new XStream());

    @Override // org.gcube.common.vomanagement.security.authorisation.control.impl.policies.GCUBEPolicy
    public void initialise(GCUBEServiceContext gCUBEServiceContext) throws Exception {
        this.logger.info("initialising TrustedGHNPolicy for service " + gCUBEServiceContext.getServiceClass() + ":" + gCUBEServiceContext.getName());
        this.context = gCUBEServiceContext;
        this.ghnListPIP = GCUBEGhnListPIP.getInstance(gCUBEServiceContext);
    }

    @Override // org.gcube.common.vomanagement.security.authorisation.control.impl.policies.GCUBEPolicy
    public void initialise(GCUBEServiceContext gCUBEServiceContext, String str) throws Exception {
        initialise(gCUBEServiceContext);
    }

    @Override // org.gcube.common.vomanagement.security.authorisation.core.Policy
    public PolicyEvaluationResponse evaluate(PolicyEvaluationRequest policyEvaluationRequest) throws PolicyEvaluationException {
        try {
            Set<GHNCredentials> gHNCredentialsFrom = getGHNCredentialsFrom(this.ghnListPIP.getGHNListForScope(this.context.getScope()));
            GHNCredentials gHNCredentials = new GHNCredentials(policyEvaluationRequest.getSubjectAttributes().get(GCUBEPolicyEvaluationRequest.SUBJECT_DN), policyEvaluationRequest.getSubjectAttributes().get(GCUBEPolicyEvaluationRequest.SUBJECT_CA));
            Iterator<GHNCredentials> it = gHNCredentialsFrom.iterator();
            while (it.hasNext()) {
                if (it.next().equals(gHNCredentials)) {
                    this.logger.debug("Authorized call from " + gHNCredentials);
                    return new GCUBEPolicyEvaluationResponse(PolicyEvaluationResponse.RESPONSE.PERMIT);
                }
            }
            this.logger.warn("The caller host with credentials " + gHNCredentials + " is not part of the trusted network for scope " + this.context.getScope());
            return new GCUBEPolicyEvaluationResponse(PolicyEvaluationResponse.RESPONSE.DENY);
        } catch (Exception e) {
            throw new PolicyEvaluationException(e);
        }
    }

    protected Set<GHNCredentials> getGHNCredentialsFrom(List<GCUBEHostingNode> list) {
        HashSet hashSet = new HashSet();
        for (GCUBEHostingNode gCUBEHostingNode : list) {
            if (gCUBEHostingNode.getNodeDescription().isSecurityEnabled()) {
                GHNCredentials gHNCredentials = new GHNCredentials(gCUBEHostingNode.getNodeDescription().getSecurityData().getCredentialsDistinguishedName(), gCUBEHostingNode.getNodeDescription().getSecurityData().getCA());
                hashSet.add(gHNCredentials);
                this.logger.info("Added " + gCUBEHostingNode.getNodeDescription().getName() + " with credentials " + gHNCredentials + " to the trusted set");
            } else {
                this.logger.info("The host " + gCUBEHostingNode.getNodeDescription().getName() + " is not trusted (security is disabled) ");
            }
        }
        return hashSet;
    }

    @Override // org.gcube.common.vomanagement.security.authorisation.core.Policy
    public String serialize() throws PolicySerializationException {
        return this.helper.getPolicyExpression(getClass().getCanonicalName(), "");
    }

    public String toString() {
        return "trustedGHNs";
    }
}
