package org.n52.security.service.gatekeeper;

import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.HttpURLConnection;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Vector;
import javax.activation.DataHandler;
import javax.security.auth.Subject;
import javax.xml.stream.XMLStreamException;
import org.apache.axiom.om.OMAbstractFactory;
import org.apache.axiom.om.OMElement;
import org.apache.axiom.om.OMFactory;
import org.apache.axiom.soap.SOAPEnvelope;
import org.apache.axis2.AxisFault;
import org.apache.axis2.context.MessageContext;
import org.apache.axis2.util.XMLUtils;
import org.apache.log4j.Logger;
import org.apache.ws.security.WSSecurityEngineResult;
import org.apache.ws.security.handler.WSHandlerResult;
import org.n52.security.authentication.AuthenticationException;
import org.n52.security.authentication.AuthenticationFailedException;
import org.n52.security.authentication.principals.AttributePrincipal;
import org.n52.security.enforcement.artifact.Transferable;
import org.n52.security.enforcement.chain.SecuredServiceRequest;
import org.n52.security.enforcement.exception.ExceptionHandler;
import org.n52.security.service.base.ServiceException;
import org.n52.security.service.config.EnforcementPointConfig;
import org.n52.security.service.config.SecurityConfig;
import org.n52.security.service.config.ServiceConfig;
import org.n52.security.service.config.support.axis2.Axis2SecurityConfigUtil;
import org.n52.security.service.gatekeeper.adapter.EnforcementFacade;
import org.n52.security.service.gatekeeper.util.ByteArrayDataSource;
import org.opensaml.SAMLAssertion;
import org.opensaml.SAMLAttribute;
import org.opensaml.SAMLAttributeStatement;
import org.opensaml.SAMLStatement;

/* loaded from: input_file:org/n52/security/service/gatekeeper/Gatekeeper.class */
public class Gatekeeper {
    public static final String SUBJECT = "SUBJECT";
    public static final String HANDOVER = "HANDOVER";
    private static final String SERVICE_NAME = "Gatekeeper";
    private transient SecurityConfig m_securityConfig;
    private EnforcementFacade enforcementAdapter;
    private ExceptionHandler m_exceptionhandler;
    private OMElement m_gkResponse;
    private MessageContext m_msgCtx;
    private Logger sLogger = Logger.getLogger(Gatekeeper.class.getName());

    public OMElement method() throws AxisFault, ServiceException {
        this.m_msgCtx = MessageContext.getCurrentMessageContext();
        this.m_securityConfig = Axis2SecurityConfigUtil.getSecurityConfig(this.m_msgCtx);
        if (this.m_securityConfig == null) {
            throw new AxisFault("no SeWcurityConfiguration found in MessageContext");
        }
        if (getSecurityServiceConfig() == null) {
            throw new AxisFault("no ServiceConfiguration with id <" + this.m_msgCtx.getAxisService().getName() + "> found, please configure it appropriate.");
        }
        SOAPEnvelope envelope = this.m_msgCtx.getEnvelope();
        this.enforcementAdapter = getEnforcmentFacade();
        ArrayList arrayList = new ArrayList();
        Vector vector = (Vector) this.m_msgCtx.getProperty("RECV_RESULTS");
        if (vector == null) {
            throw new RuntimeException("No security results!!");
        }
        envelope.getBody();
        for (int i = 0; i < vector.size(); i++) {
            Vector results = ((WSHandlerResult) vector.get(i)).getResults();
            for (int i2 = 0; i2 < results.size(); i2++) {
                arrayList.add((WSSecurityEngineResult) results.get(i2));
            }
        }
        SAMLAssertion sAMLAssertion = null;
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            WSSecurityEngineResult wSSecurityEngineResult = (WSSecurityEngineResult) it.next();
            if (wSSecurityEngineResult.get("saml-assertion") != null) {
                sAMLAssertion = (SAMLAssertion) wSSecurityEngineResult.get("saml-assertion");
            }
        }
        HashSet hashSet = new HashSet(8);
        Iterator statements = sAMLAssertion.getStatements();
        while (statements.hasNext()) {
            SAMLAttributeStatement sAMLAttributeStatement = (SAMLStatement) statements.next();
            if (sAMLAttributeStatement instanceof SAMLAttributeStatement) {
                Iterator attributes = sAMLAttributeStatement.getAttributes();
                while (attributes.hasNext()) {
                    SAMLAttribute sAMLAttribute = (SAMLAttribute) attributes.next();
                    Iterator values = sAMLAttribute.getValues();
                    while (values.hasNext()) {
                        hashSet.add(new AttributePrincipal(sAMLAttribute.getName(), (String) values.next()));
                    }
                }
            }
        }
        Subject subject = new Subject();
        subject.getPrincipals().addAll(hashSet);
        SecuredServiceRequest securedServiceRequest = null;
        try {
            securedServiceRequest = this.enforcementAdapter.getSecureServiceRequest(envelope);
        } catch (Exception e) {
            if (e instanceof AuthenticationException) {
                throw new AuthenticationFailedException("Authentication failed", e);
            }
        }
        Transferable doAuthorization = doAuthorization(subject, securedServiceRequest);
        try {
            this.m_gkResponse = copyTransferableContentToSOAP(doAuthorization);
        } catch (IOException e2) {
            this.sLogger.debug("Cannot determine MIME-Type");
            getExceptionHandler().handleException(e2, doAuthorization);
        } catch (XMLStreamException e3) {
            this.sLogger.debug("Error copying Transferable to AXIOM", e3);
            getExceptionHandler().handleException(e3, doAuthorization);
        }
        return this.m_gkResponse;
    }

    private EnforcementFacade getEnforcmentFacade() {
        EnforcementFacade enforcementFacade = null;
        EnforcementPointConfig enforcementPointConfig = getSecurityServiceConfig().getEnforcementPointConfig(getEnforcementPointId());
        ArrayList arrayList = new ArrayList();
        Iterator interceptors = enforcementPointConfig.getInterceptors();
        while (interceptors.hasNext()) {
            arrayList.add(interceptors.next());
        }
        try {
            enforcementFacade = new EnforcementFacade(enforcementPointConfig.getEndpoint(), getSecurityServiceConfig().getAuthenticationService(), arrayList);
        } catch (Exception e) {
            this.sLogger.debug("Failed to create EnforcementFacade, e");
        }
        return enforcementFacade;
    }

    private Transferable doAuthorization(Subject subject, SecuredServiceRequest securedServiceRequest) {
        try {
            Transferable authorize = this.enforcementAdapter.authorize(subject, securedServiceRequest);
            if (authorize == null) {
                throw new Exception("Error: Authorization failed");
            }
            return authorize;
        } catch (Exception e) {
            return getExceptionHandler().handleException(e, securedServiceRequest);
        }
    }

    private OMElement copyTransferableContentToSOAP(Transferable transferable) throws IOException, XMLStreamException {
        InputStream asStream = transferable.getPayload().getAsStream();
        String str = (String) transferable.getAttribute("Content-Type").getValue();
        if (str == null) {
            str = HttpURLConnection.guessContentTypeFromStream(asStream);
        }
        if (str == null) {
            str = "";
        }
        if (str.indexOf("xml") != -1 || str.indexOf("gml") != -1) {
            setDoingMTOM(false);
            return XMLUtils.toOM(asStream);
        }
        setDoingMTOM(true);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        while (true) {
            int read = asStream.read();
            if (read == -1) {
                DataHandler dataHandler = new DataHandler(new ByteArrayDataSource("Image Data", byteArrayOutputStream.toByteArray(), str));
                OMFactory oMFactory = OMAbstractFactory.getOMFactory();
                OMElement createOMElement = oMFactory.createOMElement("image", oMFactory.createOMNamespace("http://52n.org/image", "qk"));
                createOMElement.addChild(oMFactory.createOMText(dataHandler, true));
                return createOMElement;
            }
            byteArrayOutputStream.write((char) read);
        }
    }

    private ExceptionHandler getExceptionHandler() {
        return this.m_exceptionhandler;
    }

    protected ServiceConfig getSecurityServiceConfig() {
        return getSecurityConfig().getServiceConfig(SERVICE_NAME);
    }

    protected SecurityConfig getSecurityConfig() {
        return this.m_securityConfig;
    }

    private String getEnforcementPointId() {
        return this.m_msgCtx.getAxisService().getName();
    }

    private void setDoingMTOM(boolean z) {
        if (z) {
            this.m_msgCtx.getConfigurationContext().setProperty("enableMTOM", "true");
        } else {
            this.m_msgCtx.getConfigurationContext().setProperty("enableMTOM", "false");
        }
    }
}
