package eu.unicore.uas.pdp.local;

import eu.unicore.security.Client;
import eu.unicore.services.ContainerProperties;
import eu.unicore.services.security.IContainerSecurityConfiguration;
import eu.unicore.services.security.pdp.ActionDescriptor;
import eu.unicore.services.security.pdp.PDPResult;
import eu.unicore.services.security.pdp.UnicoreXPDP;
import eu.unicore.services.security.util.ResourceDescriptor;
import eu.unicore.uas.pdp.request.creator.HerasafXacml2RequestCreator;
import eu.unicore.uas.pdp.request.profile.UnicoreInternalProfile;
import eu.unicore.util.Log;
import eu.unicore.util.configuration.ConfigurationException;
import eu.unicore.util.httpclient.IClientConfiguration;
import java.io.ByteArrayOutputStream;
import java.util.Iterator;
import java.util.List;
import java.util.concurrent.locks.Lock;
import java.util.concurrent.locks.ReadWriteLock;
import java.util.concurrent.locks.ReentrantReadWriteLock;
import org.apache.logging.log4j.Logger;
import org.herasaf.xacml.core.api.PDP;
import org.herasaf.xacml.core.context.RequestMarshaller;
import org.herasaf.xacml.core.context.ResponseMarshaller;
import org.herasaf.xacml.core.context.impl.DecisionType;
import org.herasaf.xacml.core.context.impl.MissingAttributeDetailType;
import org.herasaf.xacml.core.context.impl.RequestType;
import org.herasaf.xacml.core.context.impl.ResponseType;
import org.herasaf.xacml.core.context.impl.ResultType;
import org.herasaf.xacml.core.context.impl.StatusDetailType;
import org.herasaf.xacml.core.context.impl.StatusType;
import org.herasaf.xacml.core.converter.PolicyCombiningAlgorithmJAXBTypeAdapter;
import org.herasaf.xacml.core.policy.Evaluatable;
import org.herasaf.xacml.core.simplePDP.OrderedMapBasedSimplePolicyRepository;
import org.herasaf.xacml.core.simplePDP.SimplePDPConfiguration;
import org.herasaf.xacml.core.simplePDP.SimplePDPFactory;

/* loaded from: input_file:eu/unicore/uas/pdp/local/LocalHerasafPDP.class */
public class LocalHerasafPDP implements UnicoreXPDP, PolicyListener {
    private static final Logger log = Log.getLogger("unicore.security", LocalHerasafPDP.class);
    private PDP engine;
    protected HerasafXacml2RequestCreator requestMaker;
    private ReadWriteLock lock = new ReentrantReadWriteLock();

    public void initialize(String str, ContainerProperties containerProperties, IContainerSecurityConfiguration iContainerSecurityConfiguration, IClientConfiguration iClientConfiguration) throws Exception {
        if (str == null) {
            throw new ConfigurationException("For " + LocalHerasafPDP.class.getName() + " PDP a configuration file must be defined.");
        }
        this.requestMaker = new HerasafXacml2RequestCreator(new UnicoreInternalProfile(containerProperties.getContainerURL()));
        new LocalPolicyStore(this, str, containerProperties.getThreadingServices());
    }

    public void initialize(HerasafXacml2RequestCreator herasafXacml2RequestCreator) {
        this.requestMaker = herasafXacml2RequestCreator;
    }

    @Override // eu.unicore.uas.pdp.local.PolicyListener
    public void updateConfiguration(List<Evaluatable> list, String str) {
        SimplePDPConfiguration simplePDPConfiguration = new SimplePDPConfiguration();
        PolicyCombiningAlgorithmJAXBTypeAdapter policyCombiningAlgorithmJAXBTypeAdapter = new PolicyCombiningAlgorithmJAXBTypeAdapter();
        OrderedMapBasedSimplePolicyRepository orderedMapBasedSimplePolicyRepository = new OrderedMapBasedSimplePolicyRepository();
        orderedMapBasedSimplePolicyRepository.deploy(list);
        simplePDPConfiguration.setRootCombiningAlgorithm(policyCombiningAlgorithmJAXBTypeAdapter.unmarshal(str));
        simplePDPConfiguration.setPolicyRetrievalPoint(orderedMapBasedSimplePolicyRepository);
        Lock writeLock = this.lock.writeLock();
        writeLock.lock();
        try {
            this.engine = SimplePDPFactory.getSimplePDP(simplePDPConfiguration);
            writeLock.unlock();
        } catch (Throwable th) {
            writeLock.unlock();
            throw th;
        }
    }

    private ResponseType authorize(RequestType requestType) {
        Lock readLock = this.lock.readLock();
        readLock.lock();
        try {
            ResponseType evaluate = this.engine.evaluate(requestType);
            readLock.unlock();
            return evaluate;
        } catch (Throwable th) {
            readLock.unlock();
            throw th;
        }
    }

    public PDPResult checkAuthorisation(Client client, ActionDescriptor actionDescriptor, ResourceDescriptor resourceDescriptor) throws Exception {
        RequestType createRequest = this.requestMaker.createRequest(client, actionDescriptor, resourceDescriptor);
        if (log.isDebugEnabled()) {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            RequestMarshaller.marshal(createRequest, byteArrayOutputStream);
            log.debug("XACML request:" + byteArrayOutputStream.toString());
        }
        ResponseType authorize = authorize(createRequest);
        if (log.isDebugEnabled()) {
            ByteArrayOutputStream byteArrayOutputStream2 = new ByteArrayOutputStream();
            ResponseMarshaller.marshal(authorize, byteArrayOutputStream2);
            log.debug("XACML response:" + byteArrayOutputStream2.toString());
        }
        List results = authorize.getResults();
        if (results.size() != 1) {
            throw new Exception("XACML herasAF PDP BUG: got " + results.size() + " results after asking about one resource. Should get 1.");
        }
        ResultType resultType = (ResultType) results.get(0);
        return new PDPResult(getDecision(resultType), getComment(resultType));
    }

    private static PDPResult.Decision getDecision(ResultType resultType) {
        return resultType.getDecision().equals(DecisionType.DENY) ? PDPResult.Decision.DENY : resultType.getDecision().equals(DecisionType.PERMIT) ? PDPResult.Decision.PERMIT : PDPResult.Decision.UNCLEAR;
    }

    private static String getComment(ResultType resultType) {
        List missingAttributeDetails;
        StatusType status = resultType.getStatus();
        if (status == null) {
            return "";
        }
        StringBuilder sb = new StringBuilder();
        if (status.getStatusCode() != null) {
            sb.append("Decision status code: [");
            sb.append(status.getStatusCode().getValue()).append("]\n");
        }
        String statusMessage = status.getStatusMessage();
        if (statusMessage != null) {
            sb.append("Message: [").append(statusMessage).append("]\n");
        }
        StatusDetailType statusDetail = status.getStatusDetail();
        if (statusDetail != null && (missingAttributeDetails = statusDetail.getMissingAttributeDetails()) != null) {
            sb.append("The following attributes are missing: [");
            Iterator it = missingAttributeDetails.iterator();
            while (it.hasNext()) {
                sb.append(" ").append(((MissingAttributeDetailType) it.next()).getAttributeId());
            }
            sb.append(" ]");
        }
        return sb.toString().trim();
    }
}
