package eu.unicore.uas.pdp.argus;

import de.fzj.unicore.wsrflite.Kernel;
import de.fzj.unicore.wsrflite.security.pdp.PDPResult;
import de.fzj.unicore.wsrflite.security.pdp.UnicoreXPDP;
import de.fzj.unicore.wsrflite.security.util.ResourceDescriptor;
import eu.unicore.security.Client;
import eu.unicore.security.util.Log;
import java.io.FileInputStream;
import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.Properties;
import org.apache.log4j.Logger;
import org.apache.xmlbeans.XmlObject;
import org.apache.xmlbeans.XmlOptions;
import xmlbeans.oasis.xacml.x2.x0.context.DecisionType;
import xmlbeans.oasis.xacml.x2.x0.context.MissingAttributeDetailType;
import xmlbeans.oasis.xacml.x2.x0.context.ResponseType;
import xmlbeans.oasis.xacml.x2.x0.context.ResultType;
import xmlbeans.oasis.xacml.x2.x0.context.StatusDetailType;
import xmlbeans.oasis.xacml.x2.x0.context.StatusType;
import xmlbeans.oasis.xacml.x2.x0.saml.assertion.XACMLAuthzDecisionQueryDocument;
import xmlbeans.oasis.xacml.x2.x0.saml.assertion.XACMLAuthzDecisionStatementType;
import xmlbeans.org.oasis.saml2.assertion.AssertionType;
import xmlbeans.org.oasis.saml2.assertion.StatementAbstractType;
import xmlbeans.org.oasis.saml2.protocol.ResponseDocument;

/* loaded from: input_file:eu/unicore/uas/pdp/argus/ArgusPDP.class */
public class ArgusPDP implements UnicoreXPDP {
    private static final Logger log = Log.getLogger("unicore.security", ArgusPDP.class);
    public static final String ADDR_KEY = "arguspdp.serverAddress";
    public static final String ADDR_DEF = "http://localhost:8152/authz";
    public static final String TIMEOUT_KEY = "arguspdp.queryTimeout";
    public static final String TIMEOUT_DEF = "5000";
    private URL argusAddress;
    private int queryTimeout;
    private ArgusClient client;
    private RequestCreator requestCreator;
    private String myUrl;

    public ArgusPDP(String str) throws IOException {
        loadConfiguration(str);
        this.client = new ArgusClient(this.argusAddress, this.queryTimeout);
        this.requestCreator = new RequestCreator();
        this.myUrl = Kernel.getKernel().getProperty("unicore.wsrflite.baseurl");
        if (this.myUrl == null) {
            throw new IllegalStateException("Can't retrieve unicore.wsrflite.baseurlproperty from WSRFLite configuration. Authorization query can not be performed.");
        }
    }

    private void loadConfiguration(String str) throws IOException {
        Properties properties = new Properties();
        properties.load(new FileInputStream(str));
        String property = properties.getProperty(ADDR_KEY, ADDR_DEF);
        try {
            this.argusAddress = new URL(property);
            try {
                this.queryTimeout = Integer.parseInt(properties.getProperty(TIMEOUT_KEY, TIMEOUT_DEF));
            } catch (NumberFormatException e) {
                throw new IOException("Timeout for Argus query is not a valid number: " + e);
            }
        } catch (MalformedURLException e2) {
            throw new IOException("Argus PDP URL ('" + property + "') is invalid: " + e2);
        }
    }

    public PDPResult checkAuthorisation(Client client, String str, ResourceDescriptor resourceDescriptor) throws Exception {
        XACMLAuthzDecisionQueryDocument createSAMLAuthZRequest = this.requestCreator.createSAMLAuthZRequest(this.myUrl, client, str, resourceDescriptor);
        if (log.isDebugEnabled()) {
            log.debug("XACML request for Argus PDP:\n" + createSAMLAuthZRequest.xmlText(new XmlOptions().setSavePrettyPrint()));
        }
        ResponseDocument sendRequest = this.client.sendRequest(createSAMLAuthZRequest);
        if (log.isDebugEnabled()) {
            log.debug("XACML response received from Argus:\n" + sendRequest.xmlText(new XmlOptions().setSavePrettyPrint()));
        }
        ResultType processResponse = processResponse(sendRequest);
        return new PDPResult(getDecision(processResponse), getComment(processResponse));
    }

    private static ResultType processResponse(ResponseDocument responseDocument) throws Exception {
        AssertionType[] assertionArray = responseDocument.getResponse().getAssertionArray();
        if (assertionArray == null || assertionArray.length == 0) {
            throw new Exception("Argus service error: got response (not a fault) without a SAML assertion");
        }
        StatementAbstractType[] statementArray = assertionArray[0].getStatementArray();
        if (statementArray == null || statementArray.length == 0) {
            throw new Exception("Argus service error: response's SAML assertion has no XACML statement inside.");
        }
        if (!(statementArray[0] instanceof XACMLAuthzDecisionStatementType)) {
            throw new Exception("Argus service error: response's SAML assertion has statement should be XACMLAuthzDecisionStatementType, while is of " + statementArray[0].schemaType().getName());
        }
        ResponseType response = ((XACMLAuthzDecisionStatementType) statementArray[0]).getResponse();
        if (response == null) {
            throw new Exception("Argus service error: got no XACML response in XACMLAuthzDecision statement.");
        }
        ResultType[] resultArray = response.getResultArray();
        if (resultArray == null || resultArray.length == 0) {
            throw new Exception("Argus service error: got no results in XACML response.");
        }
        return resultArray[0];
    }

    private static PDPResult.Decision getDecision(ResultType resultType) {
        return resultType.getDecision().equals(DecisionType.DENY) ? PDPResult.Decision.DENY : resultType.getDecision().equals(DecisionType.PERMIT) ? PDPResult.Decision.PERMIT : PDPResult.Decision.UNCLEAR;
    }

    private static String getComment(ResultType resultType) {
        XmlObject[] selectChildren;
        StatusType status = resultType.getStatus();
        if (status == null) {
            return "";
        }
        StringBuilder sb = new StringBuilder();
        if (status.getStatusCode() != null) {
            sb.append("Decission status code: [");
            sb.append(status.getStatusCode().getValue() + "]\n");
        }
        String statusMessage = status.getStatusMessage();
        if (statusMessage != null) {
            sb.append("Message: [" + statusMessage + "]\n");
        }
        StatusDetailType statusDetail = status.getStatusDetail();
        if (statusDetail != null && (selectChildren = statusDetail.selectChildren(MissingAttributeDetailType.type.getName())) != null) {
            sb.append("The following attributes are missing: [");
            for (XmlObject xmlObject : selectChildren) {
                sb.append(" " + ((MissingAttributeDetailType) xmlObject).getAttributeId());
            }
            sb.append(" ]");
        }
        return sb.toString().trim();
    }
}
