package eu.unicore.uas.pdp.argus;

import eu.unicore.security.Client;
import eu.unicore.services.ContainerProperties;
import eu.unicore.services.security.IContainerSecurityConfiguration;
import eu.unicore.services.security.pdp.ActionDescriptor;
import eu.unicore.services.security.pdp.PDPResult;
import eu.unicore.services.security.util.ResourceDescriptor;
import eu.unicore.uas.pdp.local.LocalHerasafPDP;
import eu.unicore.uas.pdp.request.creator.HerasafXacml2RequestCreator;
import eu.unicore.uas.pdp.request.profile.EMI1Profile;
import eu.unicore.util.Log;
import eu.unicore.util.httpclient.IClientConfiguration;
import java.io.IOException;
import javax.naming.ConfigurationException;
import javax.xml.bind.JAXBException;
import org.apache.logging.log4j.Logger;
import org.herasaf.xacml.core.SyntaxException;
import org.xml.sax.SAXException;

/* loaded from: input_file:eu/unicore/uas/pdp/argus/ArgusPAP.class */
public class ArgusPAP extends LocalHerasafPDP {
    private static final Logger log = Log.getLogger("unicore.security", ArgusPAP.class);
    private ArgusPAPChecker checker;

    @Override // eu.unicore.uas.pdp.local.LocalHerasafPDP
    public void initialize(String str, ContainerProperties containerProperties, IContainerSecurityConfiguration iContainerSecurityConfiguration, IClientConfiguration iClientConfiguration) throws IOException, SyntaxException, JAXBException, SAXException, ConfigurationException {
        if (str == null) {
            throw new ConfigurationException("For " + ArgusPAP.class.getName() + " PDP a configuration file must be defined.");
        }
        String containerURL = containerProperties.getContainerURL();
        super.initialize(new HerasafXacml2RequestCreator(new EMI1Profile(containerURL)));
        Object obj = new Object();
        new ArgusHerasafPolicyStore(this, str, obj, containerProperties.getThreadingServices());
        this.checker = new ArgusPAPChecker(str, obj, containerURL, iClientConfiguration, containerProperties.getThreadingServices());
        this.checker.start();
    }

    @Override // eu.unicore.uas.pdp.local.LocalHerasafPDP
    public PDPResult checkAuthorisation(Client client, ActionDescriptor actionDescriptor, ResourceDescriptor resourceDescriptor) throws Exception {
        if (!this.checker.isDenyAllMode()) {
            return super.checkAuthorisation(client, actionDescriptor, resourceDescriptor);
        }
        if (log.isDebugEnabled()) {
            log.debug("User: " + client.getDistinguishedName() + " are banned, (DENY ALL MODE ON)");
        }
        return new PDPResult(PDPResult.Decision.DENY, "PDP DENY ALL MODE ON");
    }
}
