package org.gcube.security.soa3.connector;

import java.security.Principal;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import javax.security.auth.Subject;
import javax.ws.rs.core.MediaType;
import javax.xml.rpc.handler.MessageContext;
import org.gcube.common.core.contexts.GCUBEServiceContext;
import org.gcube.common.core.security.GCUBESecurityController;
import org.gcube.common.core.utils.logging.GCUBELog;
import org.gcube.security.soa3.cache.SOA3EhcacheWrapper;
import org.gcube.security.soa3.configuration.ConfigurationManager;
import org.gcube.security.soa3.connector.credentials.TicketCredentials;
import org.gcube.security.soa3.connector.engine.RestManager;
import org.gcube.security.soa3.connector.integration.utils.Utils;
import org.w3c.dom.Element;

/* loaded from: input_file:org/gcube/security/soa3/connector/SOA3SecurityController.class */
public class SOA3SecurityController implements GCUBESecurityController {
    private static final String DN = "DN";
    private String serviceName;
    private String soa3Endpoint;
    private boolean credentialPropagationPolicy;
    private final String AUTHORIZATION_HEADER = "Authorization";
    private GCUBELog log = new GCUBELog(this);

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/gcube/security/soa3/connector/SOA3SecurityController$CredentialsBean.class */
    public class CredentialsBean {
        public String type;
        public String credentialString;
        public boolean propagate;

        private CredentialsBean() {
            this.propagate = true;
        }
    }

    public void init(GCUBEServiceContext gCUBEServiceContext) {
        this.serviceName = gCUBEServiceContext.getName();
        this.log.debug("Initializing security manager for service " + this.serviceName);
        this.soa3Endpoint = ConfigurationManager.getInstance().getServerUrl(this.serviceName);
        this.credentialPropagationPolicy = ConfigurationManager.getInstance().getCredentialPropagationPolicy(this.serviceName);
    }

    public boolean checkAccess(Map<String, Object> map) {
        this.log.debug("Checking access");
        if (ConfigurationManager.getInstance().isSecurityEnabled(this.serviceName)) {
            this.log.debug("Security enabled");
            return applySecurityPolicies(map);
        }
        this.log.debug("Security disabled");
        return true;
    }

    private boolean applySecurityPolicies(Map<String, Object> map) {
        this.log.debug("Checking the acces rights");
        String str = (String) ((Map) map.get("HEADERS")).get(Utils.BINARY_SECURITY_TOKEN_LABEL);
        MessageContext messageContext = (MessageContext) map.get("MESSAGE_CONTEXT");
        CredentialsBean credentialsBean = getCredentialsBean(messageContext, str);
        this.log.debug("Response = " + credentialsBean.credentialString);
        setCredentials(credentialsBean, messageContext);
        return credentialsBean.credentialString != null;
    }

    private void setCredentials(CredentialsBean credentialsBean, MessageContext messageContext) {
        this.log.debug("Setting credentials in the messageContext");
        if (credentialsBean.credentialString == null || !credentialsBean.propagate || !this.credentialPropagationPolicy) {
            this.log.debug("Propagation not set");
            return;
        }
        this.log.debug("Setting...");
        try {
            this.log.debug("Generating security header");
            Element generateBinaryTokenElement = Utils.generateBinaryTokenElement(TicketCredentials.SES, credentialsBean.credentialString);
            this.log.debug("Security Header generated");
            messageContext.setProperty(Utils.SECURITY_TOKEN, generateBinaryTokenElement);
        } catch (Exception e) {
            this.log.debug("Unable to generate the security header", e);
        }
    }

    private CredentialsBean getCredentialsBean(MessageContext messageContext, String str) {
        this.log.debug("Get Credentials bean");
        CredentialsBean credentialsBean = new CredentialsBean();
        if (str != null) {
            this.log.debug("Security Header not null");
            try {
                String[] split = str.split(" ");
                credentialsBean.type = split[0];
                String str2 = split[1];
                this.log.debug("Type = " + credentialsBean.type);
                this.log.debug("id = " + str2);
                credentialsBean.credentialString = getAuthenticationString(credentialsBean.type, str2);
            } catch (Exception e) {
                this.log.error("Invalid auth header, triyng to find DN");
                credentialsBean.type = DN;
                credentialsBean.credentialString = getDn(messageContext);
                credentialsBean.propagate = false;
                this.log.debug("DN = " + credentialsBean.credentialString);
            }
        } else {
            this.log.debug("Security Header null, trying to find DN");
            credentialsBean.type = DN;
            credentialsBean.credentialString = getDn(messageContext);
            credentialsBean.propagate = false;
            this.log.debug("DN = " + credentialsBean.credentialString);
        }
        this.log.debug("Credentials bean generated");
        return credentialsBean;
    }

    private String getDn(MessageContext messageContext) {
        this.log.debug("No security header found");
        this.log.debug("Looking for the Distinguished Name");
        String str = null;
        Subject subject = (Subject) messageContext.getProperty("callerSubject");
        if (subject == null) {
            this.log.error("No Distinguished name found");
        } else {
            this.log.debug("External subject " + subject);
            Set<Principal> principals = subject.getPrincipals();
            if (principals == null || principals.isEmpty()) {
                this.log.error("Unable to find subject identity");
            } else {
                this.log.debug("Identities found, looking for the DNs");
                Iterator<Principal> it = principals.iterator();
                while (it.hasNext() && str == null) {
                    String name = it.next().getName();
                    this.log.debug("Distinguished name " + name);
                    str = getAuthenticationString(DN, name);
                    this.log.debug("Response = " + str);
                }
            }
        }
        return str;
    }

    private String getAuthenticationString(String str, String str2) {
        this.log.debug("Asking the cache...");
        String str3 = str + str2;
        this.log.debug("Cache string " + str3);
        String str4 = SOA3EhcacheWrapper.getInstance().get(str3);
        if (str4 == null) {
            this.log.debug("Response null, asking to SOA3");
            str4 = askSoa3(str, str2);
            if (str4 != null) {
                this.log.debug("Response found populating the cache");
                SOA3EhcacheWrapper.getInstance().put(str3, str4);
                this.log.debug("Cache populated");
            }
        } else {
            this.log.debug("Response found in the cache");
        }
        this.log.debug("Response = " + str4);
        return str4;
    }

    private String askSoa3(String str, String str2) {
        this.log.debug("Sending authentication message to SOA3");
        HashMap hashMap = new HashMap();
        hashMap.put("Authorization", str + " " + str2);
        String sendMessage = RestManager.getInstance(this.soa3Endpoint).sendMessage("access", hashMap, null, MediaType.APPLICATION_JSON_TYPE, MediaType.APPLICATION_JSON_TYPE);
        this.log.debug("Authentication response = " + sendMessage);
        return sendMessage;
    }
}
