package eu.unicore.uas.pdp.argus;

import eu.unicore.services.ThreadingServices;
import eu.unicore.uas.pdp.local.LocalPolicyStore;
import eu.unicore.util.Log;
import eu.unicore.util.configuration.ConfigurationException;
import eu.unicore.util.configuration.FilePropertiesHelper;
import eu.unicore.util.configuration.PropertyMD;
import eu.unicore.util.httpclient.IClientConfiguration;
import java.io.File;
import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.HashMap;
import java.util.Map;
import java.util.concurrent.TimeUnit;
import org.apache.logging.log4j.Logger;
import org.apache.xmlbeans.XmlOptions;
import xmlbeans.oasis.xacml.x2.x0.policy.PolicySetDocument;
import xmlbeans.oasis.xacml.x2.x0.policy.PolicySetType;
import xmlbeans.oasis.xacml.x2.x0.saml.assertion.XACMLPolicyQueryDocument;
import xmlbeans.oasis.xacml.x2.x0.saml.assertion.XACMLPolicyStatementType;
import xmlbeans.org.oasis.saml2.assertion.AssertionType;
import xmlbeans.org.oasis.saml2.assertion.StatementAbstractType;
import xmlbeans.org.oasis.saml2.protocol.ResponseDocument;

/* loaded from: input_file:eu/unicore/uas/pdp/argus/ArgusPAPChecker.class */
public class ArgusPAPChecker {
    public static final String PREFIX = "argus.pap.";
    public static final String ADDR_KEY = "serverAddress";
    public static final String TIMEOUT_KEY = "queryTimeout";
    public static final String INTERVAL_KEY = "queryInterval";
    public static final String DENY_TIMEOUT_KEY = "denyTimeout";
    public static final String POLICY_FILENAME_KEY = "policysetFilename";
    private URL argusAddress;
    private int queryTimeout;
    private int queryInterval;
    private int denyTimeout;
    private ArgusPAPClient client;
    private XACMLPolicyQueryDocument req;
    private Object notification;
    private String argusFile;
    private long lastUpdate;
    private boolean denyAll;
    private ThreadingServices threadingSrv;
    private static final Logger log = Log.getLogger("unicore.security", ArgusPAPChecker.class);
    public static Map<String, PropertyMD> META = new HashMap();

    public ArgusPAPChecker(String str, Object obj, String str2, IClientConfiguration iClientConfiguration, ThreadingServices threadingServices) throws IOException {
        this.threadingSrv = threadingServices;
        loadConfiguration(str);
        this.client = new ArgusPAPClient(this.argusAddress, this.queryTimeout, iClientConfiguration);
        this.req = PolicyRequestCreator.createSAMLPolicyQuery(str2);
        this.notification = obj;
    }

    private void loadConfiguration(String str) throws ConfigurationException, IOException {
        FilePropertiesHelper filePropertiesHelper = new FilePropertiesHelper(PREFIX, str, META, log);
        String value = filePropertiesHelper.getValue(ADDR_KEY);
        try {
            this.argusAddress = new URL(value);
            this.queryTimeout = filePropertiesHelper.getIntValue(TIMEOUT_KEY).intValue();
            this.queryInterval = filePropertiesHelper.getIntValue(INTERVAL_KEY).intValue();
            this.denyTimeout = filePropertiesHelper.getIntValue(DENY_TIMEOUT_KEY).intValue();
            String value2 = filePropertiesHelper.getValue(POLICY_FILENAME_KEY);
            String rawProperty = filePropertiesHelper.getRawProperty("localpdp.directory");
            if (rawProperty == null) {
                rawProperty = ArgusHerasafPolicyStore.META.get(LocalPolicyStore.DIR_KEY).getDefault();
            }
            this.argusFile = rawProperty + File.separator + value2;
            if (log.isDebugEnabled()) {
                log.debug("ArgusPAPChecker loaded configuration from " + str);
                log.debug("ArgusPAPChecker query interval time is set to " + this.queryInterval);
            }
        } catch (MalformedURLException e) {
            throw new ConfigurationException("Argus PAP URL ('" + value + "') is invalid: " + e);
        }
    }

    private PolicySetDocument processResponse(ResponseDocument responseDocument) throws Exception {
        PolicySetDocument policySetDocument = null;
        AssertionType[] assertionArray = responseDocument.getResponse().getAssertionArray();
        if (assertionArray == null || assertionArray.length == 0) {
            throw new Exception("Argus service error: got response (not a fault) without a SAML assertion");
        }
        StatementAbstractType[] statementArray = assertionArray[0].getStatementArray();
        if (statementArray == null || statementArray.length == 0) {
            throw new Exception("Argus PAP service error: response's SAML assertion has no XACML statement inside.");
        }
        for (StatementAbstractType statementAbstractType : statementArray) {
            if (!(statementAbstractType instanceof XACMLPolicyStatementType)) {
                throw new Exception("Argus PAP service error: response's SAML assertion has statement should be XACMLPolicyStatmentType, while is of " + statementArray[0].schemaType().getName());
            }
            PolicySetType[] policySetArray = ((XACMLPolicyStatementType) statementAbstractType).getPolicySetArray();
            if (policySetArray.length > 1) {
                log.warn("Argus PAP send more than 1 policySet, check configuration");
            }
            policySetDocument = PolicySetDocument.Factory.newInstance();
            policySetDocument.setPolicySet(policySetArray[0]);
        }
        return policySetDocument;
    }

    private void argusPAPQuery() {
        try {
            if (log.isDebugEnabled()) {
                log.debug("XACML request for Argus PAP:\n" + this.req.xmlText(new XmlOptions().setSavePrettyPrint()));
            }
            ResponseDocument sendRequest = this.client.sendRequest(this.req);
            if (log.isDebugEnabled()) {
                log.debug("XACML answer from Argus PAP:\n" + sendRequest.xmlText(new XmlOptions().setSavePrettyPrint()));
            }
            PolicySetDocument processResponse = processResponse(sendRequest);
            if (!comparePolicySet(processResponse)) {
                if (log.isDebugEnabled()) {
                    log.debug("Save new policySet in argus file: " + this.argusFile);
                }
                processResponse.save(new File(this.argusFile), new XmlOptions().setSavePrettyPrint());
                synchronized (this.notification) {
                    this.notification.notifyAll();
                }
            }
            if (this.denyTimeout > 0) {
                synchronized (this) {
                    if (this.denyAll) {
                        log.info("DENY ALL mode OFF");
                        this.denyAll = false;
                    }
                }
            }
            this.lastUpdate = System.currentTimeMillis();
        } catch (Exception e) {
            log.error("Argus PAP callout error, check connection or start argus pap server:", e);
            if (this.denyTimeout > 0) {
                synchronized (this) {
                    if (!this.denyAll && System.currentTimeMillis() - this.lastUpdate > this.denyTimeout) {
                        log.info("DENY ALL mode ON. Argus PAP did not respond for more than " + this.denyTimeout + " ms");
                        this.denyAll = true;
                    }
                }
            }
        }
    }

    public void start() {
        this.lastUpdate = System.currentTimeMillis();
        Runnable runnable = new Runnable() { // from class: eu.unicore.uas.pdp.argus.ArgusPAPChecker.1
            @Override // java.lang.Runnable
            public void run() {
                ArgusPAPChecker.this.argusPAPQuery();
            }
        };
        log.info("ArgusPAPChecker started");
        this.threadingSrv.getScheduledExecutorService().scheduleWithFixedDelay(runnable, this.queryInterval, this.queryInterval, TimeUnit.MILLISECONDS);
    }

    public boolean isDenyAllMode() {
        boolean z;
        synchronized (this) {
            z = this.denyAll;
        }
        return z;
    }

    private boolean comparePolicySet(PolicySetDocument policySetDocument) throws Exception {
        boolean equals;
        File file = new File(this.argusFile);
        if (log.isDebugEnabled()) {
            log.debug("Comparing local policy from file: " + this.argusFile + " and Argus PAP policy");
        }
        if (file.exists()) {
            try {
                equals = policySetDocument.toString().equals(PolicySetDocument.Factory.parse(file).toString());
            } catch (Exception e) {
                throw new Exception("Cannot parse policy xml file " + this.argusFile);
            }
        } else {
            equals = false;
        }
        if (log.isDebugEnabled()) {
            if (equals) {
                log.debug("Policy in " + this.argusFile + " is the same as Argus PAP server policy");
            } else {
                log.debug("Policy in " + this.argusFile + " is not the same as Argus PAP server policy");
            }
        }
        return equals;
    }

    static {
        META.put(ADDR_KEY, new PropertyMD("https://localhost:8150/pap/services/ProvisioningService"));
        META.put(TIMEOUT_KEY, new PropertyMD("5000"));
        META.put(INTERVAL_KEY, new PropertyMD("300000"));
        META.put(DENY_TIMEOUT_KEY, new PropertyMD("-1"));
        META.put(POLICY_FILENAME_KEY, new PropertyMD("argus_pap.xml").setPath());
    }
}
