package org.n52.security.service.pdp.xacml.policyfinder;

import com.sun.xacml.EvaluationCtx;
import com.sun.xacml.MatchResult;
import com.sun.xacml.ParsingException;
import com.sun.xacml.PolicySet;
import com.sun.xacml.attr.BagAttribute;
import com.sun.xacml.cond.EvaluationResult;
import com.sun.xacml.ctx.Status;
import com.sun.xacml.finder.PolicyFinder;
import com.sun.xacml.finder.PolicyFinderModule;
import com.sun.xacml.finder.PolicyFinderResult;
import java.io.StringReader;
import java.net.URI;
import java.util.Calendar;
import java.util.Collections;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.n52.security.authentication.LicenseReference;
import org.n52.security.common.xml.XMLPrefixRemover;
import org.n52.security.decision.DecisionProcessingException;
import org.n52.security.enforcement.interceptors.obligation.wms.BoundingBox;
import org.n52.security.service.licman.license.LicenseType;
import org.n52.security.service.pdp.xacml.attributes.AnyXMLAttributeProxy;
import org.n52.security.service.pdp.xacml.attributes.AnyXMLAttributeValue;
import org.saml.assertion.ConditionsType;
import org.w3c.dom.Element;
import org.xacml.policy.PolicySetType;
import org.xacml.profile.saml.assertion.XACMLPolicyStatementType;

/* loaded from: input_file:org/n52/security/service/pdp/xacml/policyfinder/LicensePolicyFinderModule.class */
public class LicensePolicyFinderModule extends PolicyFinderModule {
    private static final Log LOG;
    private LicenseResolver m_licenseResolver = new LicenseManagerLicenseResolver();
    private long m_expiredLicenseTimeOffset = 5000;
    static Class class$org$n52$security$service$pdp$xacml$policyfinder$LicensePolicyFinderModule;

    public String getIdentifier() {
        return getClass().getName();
    }

    public LicenseResolver getLicenseResolver() {
        if (this.m_licenseResolver == null) {
            throw new IllegalStateException("property <licenseResolver> not configured properly");
        }
        return this.m_licenseResolver;
    }

    public void setLicenseResolver(LicenseResolver licenseResolver) {
        this.m_licenseResolver = licenseResolver;
    }

    public long getExpiredLicenseTimeOffset() {
        return this.m_expiredLicenseTimeOffset;
    }

    public void setExpiredLicenseTimeOffset(long j) {
        this.m_expiredLicenseTimeOffset = j;
    }

    public boolean isRequestSupported() {
        return true;
    }

    public PolicyFinderResult findPolicy(EvaluationCtx evaluationCtx) {
        EvaluationResult environmentAttribute = evaluationCtx.getEnvironmentAttribute(URI.create(AnyXMLAttributeProxy.TYPEURI_ANY), URI.create("urn:conterra:names:sdi-suite:policy:attribute:license-ref"), (URI) null);
        if (environmentAttribute.indeterminate()) {
            return new PolicyFinderResult(new Status(Collections.singletonList("urn:oasis:names:tc:xacml:1.0:status:processing-error"), "more than one license reference found, this is currently not supported"));
        }
        BagAttribute attributeValue = environmentAttribute.getAttributeValue();
        if (attributeValue == null || attributeValue.isEmpty()) {
            return new PolicyFinderResult();
        }
        AnyXMLAttributeValue anyXMLAttributeValue = (AnyXMLAttributeValue) attributeValue.iterator().next();
        if (LOG.isInfoEnabled()) {
            LOG.info(new StringBuffer().append("found licensereference: ").append(anyXMLAttributeValue.getXml()).toString());
        }
        return evaluateLicenseReference(LicenseReference.createFrom(new StringReader(anyXMLAttributeValue.getXml())), evaluationCtx);
    }

    private PolicyFinderResult evaluateLicenseReference(LicenseReference licenseReference, EvaluationCtx evaluationCtx) {
        try {
            licenseReference.validate(getExpiredLicenseTimeOffset());
            LicenseType resolveLicense = resolveLicense(licenseReference);
            validate(resolveLicense, getExpiredLicenseTimeOffset());
            return evaluatePolicies(resolveLicense, evaluationCtx);
        } catch (Exception e) {
            if (LOG.isWarnEnabled()) {
                LOG.warn(new StringBuffer().append("Error during license evaluation: ").append(e).toString(), e);
            }
            return new PolicyFinderResult(new Status(Collections.singletonList("urn:oasis:names:tc:xacml:1.0:status:processing-error"), new StringBuffer().append("<![CDATA[Error during License evaluation: ").append(e).append("]]>").toString()));
        }
    }

    protected LicenseType resolveLicense(LicenseReference licenseReference) {
        return getLicenseResolver().resolveLicense(licenseReference);
    }

    protected void validate(LicenseType licenseType, long j) throws DecisionProcessingException {
        if (licenseType.isSetConditions()) {
            ConditionsType conditions = licenseType.getConditions();
            Calendar calendar = Calendar.getInstance();
            if (conditions.isSetNotBefore()) {
                Calendar notBefore = conditions.getNotBefore();
                notBefore.setTimeInMillis(notBefore.getTimeInMillis() - j);
                if (calendar.before(notBefore)) {
                    throw new DecisionProcessingException(new StringBuffer().append("Rejecting license since it cannot be applied before <").append(conditions.getNotBefore().getTime()).append(">").toString());
                }
            }
            if (conditions.isSetNotOnOrAfter()) {
                Calendar notOnOrAfter = conditions.getNotOnOrAfter();
                notOnOrAfter.setTimeInMillis(notOnOrAfter.getTimeInMillis() + j);
                if (calendar.equals(notOnOrAfter) || calendar.after(notOnOrAfter)) {
                    throw new DecisionProcessingException(new StringBuffer().append("Rejecting license since it cannot be applied on or after <").append(conditions.getNotOnOrAfter().getTime()).append(">").toString());
                }
            }
        }
    }

    /* JADX WARN: Failed to find 'out' block for switch in B:15:0x00aa. Please report as an issue. */
    protected PolicyFinderResult evaluatePolicies(LicenseType licenseType, EvaluationCtx evaluationCtx) {
        PolicyFinderResult policyFinderResult = null;
        int sizeOfStatementArray = licenseType.sizeOfStatementArray();
        for (int i = 0; i < sizeOfStatementArray; i++) {
            XACMLPolicyStatementType statementArray = licenseType.getStatementArray(i);
            if (statementArray instanceof XACMLPolicyStatementType) {
                XACMLPolicyStatementType xACMLPolicyStatementType = statementArray;
                int sizeOfPolicySetArray = xACMLPolicyStatementType.sizeOfPolicySetArray();
                for (int i2 = 0; i2 < sizeOfPolicySetArray; i2++) {
                    PolicySetType policySetArray = xACMLPolicyStatementType.getPolicySetArray(i2);
                    if (LOG.isInfoEnabled()) {
                        LOG.info(new StringBuffer().append("check if policyset with id <").append(policySetArray.getPolicySetId()).append("> matches the xacml request").toString());
                    }
                    try {
                        PolicySet policySet = PolicySet.getInstance(new XMLPrefixRemover().removePrefixes((Element) policySetArray.getDomNode()));
                        MatchResult match = policySet.match(evaluationCtx);
                        switch (match.getResult()) {
                            case BoundingBox.FIT_MINIMUM /* 0 */:
                                if (policyFinderResult != null) {
                                    return new PolicyFinderResult(new Status(Collections.singletonList("urn:oasis:names:tc:xacml:1.0:status:processing-error"), "too many applicable top-level policies"));
                                }
                                policyFinderResult = new PolicyFinderResult(policySet);
                            case 1:
                            default:
                            case 2:
                                return new PolicyFinderResult(match.getStatus());
                        }
                    } catch (ParsingException e) {
                        throw new DecisionProcessingException(new StringBuffer().append("can't read policyset within license: ").append(e).toString(), e);
                    }
                }
            }
        }
        if (policyFinderResult == null) {
            return new PolicyFinderResult(new Status(Collections.singletonList("urn:oasis:names:tc:xacml:1.0:status:processing-error"), "no matching policy found in license"));
        }
        if (LOG.isInfoEnabled()) {
            LOG.info(new StringBuffer().append("found matching policyset: <").append(policyFinderResult.getPolicy().getId()).append(">").toString());
        }
        return policyFinderResult;
    }

    public void init(PolicyFinder policyFinder) {
        if (LOG.isTraceEnabled()) {
            LOG.trace(new StringBuffer().append("LicensePolicyFinderModule.init(").append(policyFinder).append(")").toString());
        }
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        if (class$org$n52$security$service$pdp$xacml$policyfinder$LicensePolicyFinderModule == null) {
            cls = class$("org.n52.security.service.pdp.xacml.policyfinder.LicensePolicyFinderModule");
            class$org$n52$security$service$pdp$xacml$policyfinder$LicensePolicyFinderModule = cls;
        } else {
            cls = class$org$n52$security$service$pdp$xacml$policyfinder$LicensePolicyFinderModule;
        }
        LOG = LogFactory.getLog(cls);
    }
}
