package org.n52.security.service.wss;

import java.io.IOException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.dom4j.DocumentException;
import org.n52.security.authentication.AuthenticationContext;
import org.n52.security.authentication.AuthenticationException;
import org.n52.security.authentication.AuthenticationMethod;
import org.n52.security.authentication.AuthenticationService;
import org.n52.security.authentication.Credential;
import org.n52.security.authentication.SessionIDCredential;
import org.n52.security.authentication.callbacks.CredentialsCallbackHandler;
import org.n52.security.common.util.FileFinder;
import org.n52.security.enforcement.artifact.Transferable;
import org.n52.security.enforcement.chain.Interceptor;
import org.n52.security.enforcement.chain.InterceptorException;
import org.n52.security.enforcement.chain.InterceptorHandover;
import org.n52.security.enforcement.chain.SecuredServiceRequest;
import org.n52.security.enforcement.exception.EnforcementServiceException;
import org.n52.security.enforcement.exception.ExceptionHandler;
import org.n52.security.service.base.ServiceException;
import org.n52.security.service.session.SessionClosedException;
import org.n52.security.service.session.SessionException;
import org.n52.security.service.session.SessionExpiredException;
import org.n52.security.service.session.SessionInfo;
import org.n52.security.service.session.SessionService;
import org.n52.security.service.session.UnknownSessionException;

/* loaded from: input_file:org/n52/security/service/wss/PolicyEnforcementServiceImpl.class */
public class PolicyEnforcementServiceImpl implements PolicyEnforcementService {
    private static final Log LOG;
    private ExceptionHandler m_exceptionHandler;
    private List m_interceptors;
    private AuthenticationService m_authenticationService;
    private SessionService m_sessionService;
    private String m_capabilitiesFileName;
    private String m_endpoint;
    private String m_endpointType;
    static Class class$org$n52$security$service$wss$PolicyEnforcementServiceImpl;
    private Collection m_authenticationMethods = Collections.EMPTY_LIST;
    private Map m_serviceScopeAttributes = new HashMap();

    public AuthenticationService getAuthenticationService() {
        if (this.m_authenticationService == null) {
            throw new IllegalStateException("property <authenticationService> not configured properly");
        }
        return this.m_authenticationService;
    }

    public void setAuthenticationService(AuthenticationService authenticationService) {
        this.m_authenticationService = authenticationService;
    }

    public String getCapabilitiesFileName() {
        if (this.m_capabilitiesFileName == null) {
            throw new IllegalStateException("property <capabilitiesFileName> not configured properly");
        }
        return this.m_capabilitiesFileName;
    }

    public void setCapabilitiesFileName(String str) {
        this.m_capabilitiesFileName = str;
    }

    public Collection getAuthenticationMethods() {
        if (this.m_authenticationMethods == null) {
            throw new IllegalStateException("property <authenticationMethods> not configured properly");
        }
        return this.m_authenticationMethods;
    }

    public void setAuthenticationMethods(Collection collection) {
        this.m_authenticationMethods = collection;
    }

    public String getEndpoint() {
        if (this.m_endpoint == null) {
            throw new IllegalStateException("property <endpoint> not configured properly");
        }
        return this.m_endpoint;
    }

    public void setEndpoint(String str) {
        this.m_endpoint = str;
    }

    public String getEndpointType() {
        if (this.m_endpointType == null) {
            throw new IllegalStateException("property <endpointType> not configured properly");
        }
        return this.m_endpointType;
    }

    public void setEndpointType(String str) {
        this.m_endpointType = str;
    }

    public ExceptionHandler getExceptionHandler() {
        if (this.m_exceptionHandler == null) {
            throw new IllegalStateException("property <exceptionHandler> not configured properly");
        }
        return this.m_exceptionHandler;
    }

    public void setExceptionHandler(ExceptionHandler exceptionHandler) {
        this.m_exceptionHandler = exceptionHandler;
    }

    public List getInterceptors() {
        if (this.m_interceptors == null) {
            this.m_interceptors = new ArrayList();
        }
        return this.m_interceptors;
    }

    public void setInterceptors(List list) {
        this.m_interceptors = list;
    }

    public PolicyEnforcementServiceCapabilities getPesCapabilities() {
        try {
            PolicyEnforcementServiceCapabilities policyEnforcementServiceCapabilities = new PolicyEnforcementServiceCapabilities(new FileFinder(getCapabilitiesFileName()).getInputStream());
            policyEnforcementServiceCapabilities.setSecuredServiceType(getEndpointType());
            policyEnforcementServiceCapabilities.addAuthenticationMethods((AuthenticationMethod[]) getAuthenticationMethods().toArray(new AuthenticationMethod[getAuthenticationMethods().size()]));
            return policyEnforcementServiceCapabilities;
        } catch (IOException e) {
            throw new IllegalStateException(new StringBuffer().append("Capabilities can't be read").append(e).toString());
        } catch (DocumentException e2) {
            throw new IllegalStateException(new StringBuffer().append("Capabilities can't be read: ").append(e2).toString());
        }
    }

    public Map getServiceScopeAttributes() {
        return this.m_serviceScopeAttributes;
    }

    public void setServiceScopeAttributes(Map map) {
        this.m_serviceScopeAttributes = map;
    }

    public SessionService getSessionService() {
        if (this.m_sessionService == null) {
            throw new IllegalStateException("property <sessionService> not configured properly");
        }
        return this.m_sessionService;
    }

    public void setSessionService(SessionService sessionService) {
        this.m_sessionService = sessionService;
    }

    @Override // org.n52.security.service.wss.PolicyEnforcementService
    public PolicyEnforcementServiceCapabilities getCapabilities(String str, String str2) throws ServiceException {
        return getPesCapabilities();
    }

    @Override // org.n52.security.service.wss.PolicyEnforcementService
    public void closeSession(String str, String str2) throws ServiceException {
        try {
            try {
                AuthenticationContext authenticationContext = getSessionService().closeSession(str2).getAuthenticationContext();
                if (authenticationContext != null) {
                    getAuthenticationService().logout(authenticationContext);
                }
            } catch (AuthenticationException e) {
                if (LOG.isWarnEnabled()) {
                    LOG.warn("logout failed during close session request", e);
                }
            }
        } catch (SessionException e2) {
            throw new ServiceException("Invalid Session. Session may already be closed.", ServiceException.INVALID_SESSION, e2);
        }
    }

    @Override // org.n52.security.service.wss.PolicyEnforcementService
    public SessionInfo getSession(String str, Credential credential) throws ServiceException {
        return getSessionService().createSession(login(credential));
    }

    @Override // org.n52.security.service.wss.PolicyEnforcementService
    public Transferable doService(String str, Transferable transferable, Credential credential) throws ServiceException {
        SecuredServiceRequest securedServiceRequest = (SecuredServiceRequest) transferable;
        securedServiceRequest.getForward().setServiceEndpoint(getEndpoint());
        try {
            if (LOG.isDebugEnabled()) {
                LOG.debug("Authentication started");
            }
            AuthenticationContext login = login(credential);
            if (LOG.isDebugEnabled()) {
                LOG.debug("Authentication finished");
                LOG.debug("Interceptor chain started");
            }
            Transferable doChain = doChain(securedServiceRequest, login);
            if (LOG.isDebugEnabled()) {
                LOG.debug("Interceptor chain finished");
            }
            return doChain;
        } catch (InterceptorException e) {
            LOG.error("Interceptor chain interrupted. Request is blocked", e);
            return getExceptionHandler().handleException(e, securedServiceRequest);
        } catch (EnforcementServiceException e2) {
            LOG.warn(new StringBuffer().append("Unauthorized request: ").append(e2.getMessage()).toString(), e2);
            return getExceptionHandler().handleException(e2, securedServiceRequest);
        } catch (Exception e3) {
            LOG.error(new StringBuffer().append("Internal service error (backend not reachable): ").append(e3.getMessage()).toString(), e3);
            return getExceptionHandler().handleException(e3, securedServiceRequest);
        }
    }

    private Transferable doChain(SecuredServiceRequest securedServiceRequest, AuthenticationContext authenticationContext) throws EnforcementServiceException, ServiceException {
        InterceptorHandover interceptorHandover = new InterceptorHandover(getServiceScopeAttributes());
        interceptorHandover.setRequest(securedServiceRequest);
        if (LOG.isTraceEnabled()) {
            LOG.trace("chain (intercept) request");
        }
        Iterator it = getInterceptors().iterator();
        while (it.hasNext()) {
            interceptorHandover.setRequest(((Interceptor) it.next()).doRequest(authenticationContext.getSubject(), interceptorHandover));
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("forward request");
        }
        interceptorHandover.setResponse(interceptorHandover.getRequest().forward());
        if (LOG.isTraceEnabled()) {
            LOG.trace("chain (intercept) response");
        }
        Iterator it2 = getInterceptors().iterator();
        while (it2.hasNext()) {
            interceptorHandover.setResponse(((Interceptor) it2.next()).doResponse(authenticationContext.getSubject(), interceptorHandover));
        }
        return interceptorHandover.getResponse();
    }

    private AuthenticationContext login(Credential credential) throws ServiceException {
        AuthenticationContext login;
        if (credential instanceof SessionIDCredential) {
            login = loginViaSessionId((SessionIDCredential) credential);
        } else {
            try {
                login = getAuthenticationService().login(new CredentialsCallbackHandler().add(credential));
            } catch (AuthenticationException e) {
                if (LOG.isWarnEnabled()) {
                    LOG.warn(new StringBuffer().append("Login failed for credentials ").append(credential).toString(), e);
                }
                throw new ServiceException(e.getMessage(), ServiceException.AUTHENTICATION_FAILED);
            }
        }
        return login;
    }

    private AuthenticationContext loginViaSessionId(SessionIDCredential sessionIDCredential) throws ServiceException {
        try {
            SessionInfo session = getSessionService().getSession(sessionIDCredential.getSessionId());
            AuthenticationContext authenticationContext = session.getAuthenticationContext();
            if (authenticationContext != null && authenticationContext.isAuthenticated()) {
                getSessionService().touchSession(session.getId());
            }
            return authenticationContext;
        } catch (SessionClosedException e) {
            throw new ServiceException("Session already closed.", ServiceException.INVALID_SESSION);
        } catch (SessionExpiredException e2) {
            throw new ServiceException("Session expired, please reauthenticate.", ServiceException.SESSION_EXPIRED);
        } catch (UnknownSessionException e3) {
            throw new ServiceException("No matching session found. Session may already be closed.", ServiceException.INVALID_SESSION);
        }
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        if (class$org$n52$security$service$wss$PolicyEnforcementServiceImpl == null) {
            cls = class$("org.n52.security.service.wss.PolicyEnforcementServiceImpl");
            class$org$n52$security$service$wss$PolicyEnforcementServiceImpl = cls;
        } else {
            cls = class$org$n52$security$service$wss$PolicyEnforcementServiceImpl;
        }
        LOG = LogFactory.getLog(cls);
    }
}
