package org.n52.security.enforcement.interceptors.sos.simplepermission;

import java.util.Iterator;
import java.util.Map;
import javax.security.auth.Subject;
import org.apache.log4j.Logger;
import org.n52.security.common.xml.DOMParser;
import org.n52.security.decision.DecisionProcessingException;
import org.n52.security.decision.PDPRequest;
import org.n52.security.decision.PDPRequestCollection;
import org.n52.security.decision.PDPResponse;
import org.n52.security.decision.PDPResponseCollection;
import org.n52.security.decision.Target;
import org.n52.security.enforcement.artifact.Payload;
import org.n52.security.enforcement.artifact.QueryStringPayload;
import org.n52.security.enforcement.artifact.TextualPayload;
import org.n52.security.enforcement.artifact.TransferAttribute;
import org.n52.security.enforcement.artifact.Transferable;
import org.n52.security.enforcement.chain.AuthzInterceptor;
import org.n52.security.enforcement.chain.InterceptorException;
import org.n52.security.enforcement.chain.InterceptorRequest;
import org.n52.security.enforcement.chain.InterceptorResponse;
import org.n52.security.enforcement.chain.SecuredServiceRequest;
import org.n52.security.enforcement.exception.EnforcementServiceException;
import org.xml.sax.InputSource;

/* loaded from: input_file:org/n52/security/enforcement/interceptors/sos/simplepermission/SOSAllowedOperationInterceptor.class */
public class SOSAllowedOperationInterceptor extends AuthzInterceptor {
    private static Logger LOGGER = Logger.getLogger(SOSAllowedOperationInterceptor.class);

    public SOSAllowedOperationInterceptor(Map<String, Object> map) {
        super(map);
        LOGGER.info("Initialized SOS AllowedOperation Interceptor");
    }

    @Override // org.n52.security.enforcement.chain.Interceptor
    public SecuredServiceRequest doRequest(Subject subject, InterceptorRequest interceptorRequest) throws InterceptorException, EnforcementServiceException {
        String localName;
        String str = (String) interceptorRequest.getRequest().getAttributeValue(TransferAttribute.SERVICE_BASE_URL);
        String str2 = str.endsWith("/") ? str : str + "/";
        SecuredServiceRequest request = interceptorRequest.getRequest();
        Payload payload = request.getPayload();
        if (payload instanceof QueryStringPayload) {
            localName = ((QueryStringPayload) payload).getParameterValue("REQUEST");
        } else {
            if (!(payload instanceof TextualPayload)) {
                throw new EnforcementServiceException("Unsupported request type");
            }
            localName = DOMParser.createNew().parse(new InputSource(payload.getAsStream())).getDocumentElement().getLocalName();
        }
        if (localName == null || localName.length() == 0) {
            throw new InterceptorException("Could not identify request!");
        }
        String stringBuffer = new StringBuffer(str2).append("operations/" + localName).toString();
        try {
            String stringBuffer2 = new StringBuffer(str2).append("allowedOperations/" + localName).toString();
            PDPRequestCollection pDPRequestCollection = new PDPRequestCollection();
            pDPRequestCollection.add(new PDPRequest(new Target(subject, stringBuffer2, stringBuffer)));
            try {
                PDPResponseCollection request2 = getDecisionService().request(pDPRequestCollection);
                if (request2 != null && request2.size() > 0) {
                    Iterator it = request2.iterator();
                    while (it.hasNext()) {
                        if (((PDPResponse) it.next()).isPermit()) {
                            return request;
                        }
                    }
                }
                throw new EnforcementServiceException("Operation <" + localName + "> is not permitted!");
            } catch (DecisionProcessingException e) {
                throw new InterceptorException("Exception during policy decision request", e);
            }
        } catch (Exception e2) {
            throw new InterceptorException("Error while requesting policy decision!", e2);
        }
    }

    @Override // org.n52.security.enforcement.chain.Interceptor
    public Transferable doResponse(Subject subject, InterceptorResponse interceptorResponse) {
        return interceptorResponse.getResponse();
    }
}
