package org.gcube.common.vomanagement.security.authorisation.impl.simple;

import com.thoughtworks.xstream.XStream;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.gcube.common.core.contexts.GCUBEServiceContext;
import org.gcube.common.core.utils.logging.GCUBELog;
import org.gcube.common.vomanagement.security.authorisation.control.impl.policies.GCUBEPolicy;
import org.gcube.common.vomanagement.security.authorisation.control.impl.policies.GCUBEPolicyEvaluationRequest;
import org.gcube.common.vomanagement.security.authorisation.control.impl.policies.GCUBEPolicyEvaluationResponse;
import org.gcube.common.vomanagement.security.authorisation.core.PolicyEvaluationException;
import org.gcube.common.vomanagement.security.authorisation.core.PolicyEvaluationRequest;
import org.gcube.common.vomanagement.security.authorisation.core.PolicyEvaluationResponse;
import org.gcube.common.vomanagement.security.authorisation.core.PolicySerializationException;
import org.gcube.common.vomanagement.security.authorisation.core.impl.XStreamPolicySerializationHelper;

/* loaded from: input_file:org/gcube/common/vomanagement/security/authorisation/impl/simple/TrustedPortalPolicy.class */
public class TrustedPortalPolicy implements GCUBEPolicy {
    protected GCUBELog logger = new GCUBELog(this);
    private Set<GHNCredentials> trustedPortalsCredentials = new HashSet();
    private XStreamPolicySerializationHelper helper = new XStreamPolicySerializationHelper(new XStream());
    private Map<String, String> paramsMap = new HashMap();
    private GCUBEGenericResourceAuthZPolicyPIP genResAuthZPolicyPIP;
    private GCUBEServiceContext context;
    private String serviceClass;
    private String serviceName;

    public Set<GHNCredentials> getTrustedPortals() {
        return this.trustedPortalsCredentials;
    }

    public void setTrustedPortals(Set<GHNCredentials> set) {
        this.trustedPortalsCredentials = set;
    }

    @Override // org.gcube.common.vomanagement.security.authorisation.control.impl.policies.GCUBEPolicy
    public void initialise(GCUBEServiceContext gCUBEServiceContext) throws Exception {
        this.logger.info("initialising TrustedPortalPolicy for service " + gCUBEServiceContext.getServiceClass() + ":" + gCUBEServiceContext.getName());
        this.context = gCUBEServiceContext;
        this.serviceClass = gCUBEServiceContext.getServiceClass();
        this.serviceName = gCUBEServiceContext.getName();
        this.genResAuthZPolicyPIP = GCUBEGenericResourceAuthZPolicyPIP.getInstance(gCUBEServiceContext);
    }

    @Override // org.gcube.common.vomanagement.security.authorisation.control.impl.policies.GCUBEPolicy
    public void initialise(GCUBEServiceContext gCUBEServiceContext, String str) throws Exception {
        this.paramsMap = this.helper.getParameters(str);
        initialise(gCUBEServiceContext);
    }

    @Override // org.gcube.common.vomanagement.security.authorisation.core.Policy
    public PolicyEvaluationResponse evaluate(PolicyEvaluationRequest policyEvaluationRequest) throws PolicyEvaluationException {
        List<GHNCredentials> portalCredentials = this.genResAuthZPolicyPIP.getPortalCredentials(this.context.getScope());
        List<String> trustedPortalPolicies = this.genResAuthZPolicyPIP.getTrustedPortalPolicies(this.context.getScope(), this.serviceClass + ":" + this.serviceName);
        String str = policyEvaluationRequest.getActionAttributes().get(GCUBEPolicyEvaluationRequest.ACTION_NAME);
        GHNCredentials gHNCredentials = new GHNCredentials(policyEvaluationRequest.getSubjectAttributes().get(GCUBEPolicyEvaluationRequest.SUBJECT_DN), policyEvaluationRequest.getSubjectAttributes().get(GCUBEPolicyEvaluationRequest.SUBJECT_CA));
        this.logger.info("The caller service " + gHNCredentials + " is requesting to invoke " + str);
        if (!trustedPortalPolicies.contains(str)) {
            this.logger.info("The caller service " + gHNCredentials + " is NOT authorised to invoke " + str);
            return new GCUBEPolicyEvaluationResponse(PolicyEvaluationResponse.RESPONSE.DENY);
        }
        this.logger.info("The operation requested (" + str + ") can be invoked only by trusted portals.");
        if (portalCredentials.contains(gHNCredentials)) {
            this.logger.info("The caller " + gHNCredentials + " is a trusted portal, and is authorised to invoke: " + str);
            return new GCUBEPolicyEvaluationResponse(PolicyEvaluationResponse.RESPONSE.PERMIT);
        }
        this.logger.info("The caller " + gHNCredentials + " is not a trusted portal, and is NOT authorised to invoke: " + str);
        return new GCUBEPolicyEvaluationResponse(PolicyEvaluationResponse.RESPONSE.DENY);
    }

    public String toString() {
        return "TrustedPortal";
    }

    @Override // org.gcube.common.vomanagement.security.authorisation.core.Policy
    public String serialize() throws PolicySerializationException {
        return this.helper.getPolicyExpression(getClass().getCanonicalName(), null);
    }
}
