package org.n52.security.enforcement.interceptors.wps.simplepermission;

import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import java.util.Iterator;
import java.util.Map;
import javax.security.auth.Subject;
import org.apache.log4j.Logger;
import org.n52.security.common.xml.DOMParser;
import org.n52.security.common.xml.DOMParserException;
import org.n52.security.common.xml.DOMParserOptions;
import org.n52.security.common.xml.XMLPathCtx;
import org.n52.security.decision.PDPRequest;
import org.n52.security.decision.PDPRequestCollection;
import org.n52.security.decision.PDPResponse;
import org.n52.security.decision.Target;
import org.n52.security.enforcement.artifact.Payload;
import org.n52.security.enforcement.artifact.QueryStringPayload;
import org.n52.security.enforcement.artifact.TextualPayload;
import org.n52.security.enforcement.artifact.TransferAttribute;
import org.n52.security.enforcement.artifact.Transferable;
import org.n52.security.enforcement.chain.AuthzInterceptor;
import org.n52.security.enforcement.chain.InterceptorException;
import org.n52.security.enforcement.chain.InterceptorRequest;
import org.n52.security.enforcement.chain.InterceptorResponse;
import org.n52.security.enforcement.chain.SecuredServiceRequest;
import org.n52.security.enforcement.exception.EnforcementServiceException;
import org.w3c.dom.Document;
import org.xml.sax.InputSource;

/* loaded from: input_file:org/n52/security/enforcement/interceptors/wps/simplepermission/WPSExecuteInterceptor.class */
public class WPSExecuteInterceptor extends AuthzInterceptor {
    private static Logger LOGGER = Logger.getLogger(WPSExecuteInterceptor.class);

    public WPSExecuteInterceptor(Map<String, Object> map) {
        super(map);
        LOGGER.info("Initialized WPS Execute Interceptor");
    }

    @Override // org.n52.security.enforcement.chain.Interceptor
    public SecuredServiceRequest doRequest(Subject subject, InterceptorRequest interceptorRequest) throws InterceptorException, EnforcementServiceException {
        SecuredServiceRequest request = interceptorRequest.getRequest();
        Payload payload = request.getPayload();
        String str = (String) interceptorRequest.getRequest().getAttributeValue(TransferAttribute.SERVICE_BASE_URL);
        String str2 = str.endsWith("/") ? str : str + "/";
        String stringBuffer = new StringBuffer(str2).append("operations/Execute").toString();
        if (payload instanceof QueryStringPayload) {
            if (((QueryStringPayload) payload).getParameterValue("REQUEST").equalsIgnoreCase("Execute")) {
                throw new EnforcementServiceException("No support for Execute KVP encoding");
            }
            return request;
        }
        if (!(payload instanceof TextualPayload)) {
            throw new EnforcementServiceException("Unsupported request type");
        }
        try {
            Document parse = DOMParser.createNew(DOMParserOptions.getDefault()).parse(new InputSource(payload.getAsStream()));
            String localName = parse.getDocumentElement().getLocalName();
            if (localName == null) {
                throw new EnforcementServiceException("Could not determine requested WPS operation");
            }
            if (!localName.equalsIgnoreCase("Execute")) {
                return request;
            }
            String nodeValue = XMLPathCtx.createNew().addNamespace("ows", "http://www.opengis.net/ows/1.1").addNamespace("wps", "http://www.opengis.net/wps/1.0.0").findIn(parse).node("/wps:Execute/ows:Identifier/text()").get().getNodeValue();
            try {
                String stringBuffer2 = new StringBuffer(str2).append("process/").append(URLEncoder.encode(nodeValue, "UTF-8")).toString();
                PDPRequestCollection pDPRequestCollection = new PDPRequestCollection();
                pDPRequestCollection.add(new PDPRequest(new Target(subject, stringBuffer2, stringBuffer)));
                Iterator it = getDecisionService().request(pDPRequestCollection).iterator();
                while (it.hasNext()) {
                    if (!((PDPResponse) it.next()).isPermit()) {
                        throw new EnforcementServiceException("Execute process for process id <" + nodeValue + "> not allowed");
                    }
                }
                return interceptorRequest.getRequest();
            } catch (UnsupportedEncodingException e) {
                throw new InterceptorException("Could not encode resource" + nodeValue, e);
            }
        } catch (DOMParserException e2) {
            throw new EnforcementServiceException("Could not parse request document", e2);
        }
    }

    @Override // org.n52.security.enforcement.chain.Interceptor
    public Transferable doResponse(Subject subject, InterceptorResponse interceptorResponse) throws InterceptorException, EnforcementServiceException {
        return interceptorResponse.getResponse();
    }
}
