package eu.unicore.uas.pdp.localsun;

import com.sun.xacml.ConfigurationStore;
import com.sun.xacml.Indenter;
import com.sun.xacml.PDP;
import com.sun.xacml.ParsingException;
import com.sun.xacml.UnknownIdentifierException;
import com.sun.xacml.ctx.RequestCtx;
import com.sun.xacml.ctx.ResponseCtx;
import com.sun.xacml.ctx.Result;
import de.fzj.unicore.wsrflite.ResourcePool;
import de.fzj.unicore.wsrflite.security.pdp.PDPResult;
import de.fzj.unicore.wsrflite.security.pdp.UnicoreXPDP;
import de.fzj.unicore.wsrflite.security.util.ResourceDescriptor;
import de.fzj.unicore.wsrflite.utils.FileWatcher;
import eu.unicore.security.Client;
import eu.unicore.security.util.Log;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.util.Set;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.locks.ReentrantReadWriteLock;
import org.apache.log4j.Logger;

/* loaded from: input_file:eu/unicore/uas/pdp/localsun/LocalSunPDP.class */
public class LocalSunPDP implements UnicoreXPDP {
    private static final Logger log = Log.getLogger("unicore.security", LocalSunPDP.class);
    private String configurationFile;
    private long lastModified;
    private PDP pdp;
    private RequestBuilder requestBuilder;
    private ReentrantReadWriteLock policyLock;

    public LocalSunPDP(String str) throws IOException, ParsingException, UnknownIdentifierException {
        this(str, 5000);
    }

    public LocalSunPDP(String str, int i) throws IOException, ParsingException, UnknownIdentifierException {
        this.lastModified = 0L;
        this.configurationFile = str;
        log.info("Initialising Local Sun XACML 1.1 PDP using config file " + this.configurationFile);
        this.policyLock = new ReentrantReadWriteLock();
        load();
        this.requestBuilder = new RequestBuilder();
        startConfigWatcher(i);
    }

    public PDPResult checkAuthorisation(Client client, String str, ResourceDescriptor resourceDescriptor) throws Exception {
        RequestCtx buildRequest = this.requestBuilder.buildRequest(client, str, resourceDescriptor);
        if (log.isDebugEnabled()) {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            buildRequest.encode(byteArrayOutputStream, new Indenter());
            log.debug("XACML request:\n" + byteArrayOutputStream.toString());
        }
        this.policyLock.readLock().lock();
        ResponseCtx evaluate = this.pdp.evaluate(buildRequest);
        this.policyLock.readLock().unlock();
        if (log.isDebugEnabled()) {
            ByteArrayOutputStream byteArrayOutputStream2 = new ByteArrayOutputStream();
            evaluate.encode(byteArrayOutputStream2, new Indenter());
            log.debug("XACML response:\n" + byteArrayOutputStream2.toString());
        }
        Set results = evaluate.getResults();
        if (results.size() != 1) {
            throw new Exception("XACML PDP returned more than one result.");
        }
        return convertResult((Result) results.iterator().next());
    }

    private PDPResult convertResult(Result result) {
        PDPResult.Decision decision;
        String str = "Access denied";
        if (result.getDecision() == 1) {
            decision = PDPResult.Decision.DENY;
        } else if (result.getDecision() == 0) {
            decision = PDPResult.Decision.PERMIT;
            str = "OK";
        } else {
            decision = PDPResult.Decision.UNCLEAR;
            str = "Probelm in policy evaluation";
        }
        return new PDPResult(decision, str);
    }

    protected void load() throws IOException, ParsingException, UnknownIdentifierException {
        File file = new File(this.configurationFile);
        if (!file.exists()) {
            throw new FileNotFoundException("Does not exist: <" + this.configurationFile + ">");
        }
        if (this.lastModified == file.lastModified()) {
            return;
        }
        log.info("XACML configuration " + file.getAbsolutePath() + " modified, re-reading...");
        this.lastModified = file.lastModified();
        ConfigurationStore configurationStore = new ConfigurationStore(file);
        configurationStore.useDefaultFactories();
        this.policyLock.writeLock().lock();
        this.pdp = new PDP(configurationStore.getDefaultPDPConfig());
        this.policyLock.writeLock().unlock();
    }

    private void startConfigWatcher(int i) {
        try {
            ResourcePool.getScheduledExecutorService().scheduleWithFixedDelay(new FileWatcher(new File(this.configurationFile), new Runnable() { // from class: eu.unicore.uas.pdp.localsun.LocalSunPDP.1
                @Override // java.lang.Runnable
                public void run() {
                    LocalSunPDP.log.info("Local XACML PDP configuration file was modified, re-configuring.");
                    try {
                        LocalSunPDP.this.load();
                    } catch (UnknownIdentifierException e) {
                        LocalSunPDP.log.error("Error parsing XAML policies: " + e.toString(), e);
                    } catch (ParsingException e2) {
                        LocalSunPDP.log.error("Error parsing XAML policies: " + e2.toString(), e2);
                    } catch (IOException e3) {
                        LocalSunPDP.log.error("Error reading XAML PDP configuration (file " + LocalSunPDP.this.configurationFile + "): " + e3.toString());
                    }
                }
            }), i, i, TimeUnit.MILLISECONDS);
        } catch (FileNotFoundException e) {
            log.error("Sun XAML PDP configuration file <" + this.configurationFile + "> not found.");
        }
    }
}
