package org.n52.security.service.enforcement;

import java.io.IOException;
import java.net.URL;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.httpclient.HttpConnectionManager;
import org.apache.commons.httpclient.SimpleHttpConnectionManager;
import org.n52.security.authentication.AuthenticationContextUtil;
import org.n52.security.common.artifact.ServiceException;
import org.n52.security.common.artifact.SimpleTransferAttribute;
import org.n52.security.common.util.ServletUtils;
import org.n52.security.common.util.TransferableServletWriter;
import org.n52.security.enforcement.chain.SecuredServiceRequest;
import org.n52.security.service.config.SecurityConfig;
import org.n52.security.service.config.SecurityConfigListener;
import org.n52.security.service.config.ServiceConfig;
import org.n52.security.service.config.support.AbstractSecurityServiceServlet;
import org.n52.security.service.wss.PolicyEnforcementServiceImpl;
import org.n52.security.service.wss.PolicyEnforcementServiceLocator;
import org.n52.security.service.wss.SecurityConfigPolicyEnforcementServiceLocator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/n52/security/service/enforcement/EnforcementServiceServlet.class */
public class EnforcementServiceServlet extends AbstractSecurityServiceServlet implements SecurityConfigListener {
    private static final long serialVersionUID = 9085866663075970881L;
    private static final Logger LOG = LoggerFactory.getLogger(EnforcementServiceServlet.class);
    private PolicyEnforcementServiceLocator m_pesLocator;
    private WSSRequestUrlFactory m_wssRequestUrlFactory = new WSSRequestUrlFactory();
    private HttpConnectionManager m_apacheConnectionManager;

    protected void init(ServletConfig servletConfig, ServiceConfig serviceConfig, SecurityConfig securityConfig) {
        if (serviceConfig.getInstance() instanceof PolicyEnforcementServiceLocator) {
            this.m_pesLocator = (PolicyEnforcementServiceLocator) serviceConfig.getInstance();
        }
        if (this.m_pesLocator == null) {
            this.m_pesLocator = (PolicyEnforcementServiceLocator) serviceConfig.getProperties().get("policyEnforcementServiceLocator");
        }
        if (this.m_pesLocator == null) {
            SecurityConfigPolicyEnforcementServiceLocator securityConfigPolicyEnforcementServiceLocator = new SecurityConfigPolicyEnforcementServiceLocator();
            securityConfigPolicyEnforcementServiceLocator.setServiceConfig(serviceConfig);
            this.m_pesLocator = securityConfigPolicyEnforcementServiceLocator;
        }
        this.m_apacheConnectionManager = (HttpConnectionManager) serviceConfig.getProperties().get("http.apache.connectionManager");
        if (this.m_apacheConnectionManager == null) {
            this.m_apacheConnectionManager = new SimpleHttpConnectionManager();
        }
    }

    protected void service(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        WSSRequestUrl wSSRequestUrlFactory = getWssRequestUrlFactory().getInstance(ServletUtils.getServletLocation(httpServletRequest), httpServletRequest.getServletPath(), httpServletRequest.getPathInfo());
        String enforcementPointId = wSSRequestUrlFactory.getEnforcementPointId();
        String authenticationScheme = wSSRequestUrlFactory.getAuthenticationScheme();
        PolicyEnforcementServiceImpl locate = this.m_pesLocator.locate(enforcementPointId, authenticationScheme);
        if (locate == null) {
            httpServletResponse.sendError(404, String.format("No enforcement point configuration for id <%s> and authentication scheme <%s> found", enforcementPointId, authenticationScheme));
            return;
        }
        ForwardingSecuredServiceRequestBuilder forwardingSecuredServiceRequestBuilder = new ForwardingSecuredServiceRequestBuilder(wSSRequestUrlFactory);
        forwardingSecuredServiceRequestBuilder.setProtectedServiceEndpoint(new URL(locate.getEndpoint()));
        forwardingSecuredServiceRequestBuilder.setRedirectionAuthenticationUrl(buildRedirectionUrl(wSSRequestUrlFactory, locate.getRedirectionAuthenticationScheme()));
        SecuredServiceRequest build = forwardingSecuredServiceRequestBuilder.build(httpServletRequest, httpServletResponse, getServletContext());
        build.addAttribute(new SimpleTransferAttribute("http.apache.connectionManager", getApacheConnectionManager()));
        authorize(httpServletResponse, locate, build);
    }

    public void authorize(HttpServletResponse httpServletResponse, PolicyEnforcementServiceImpl policyEnforcementServiceImpl, SecuredServiceRequest securedServiceRequest) {
        try {
            new TransferableServletWriter(policyEnforcementServiceImpl.doService(securedServiceRequest, AuthenticationContextUtil.getCurrentAuthenticationContext())).write(httpServletResponse);
        } catch (ServiceException e) {
            new TransferableServletWriter(e.getAsTransferable()).write(httpServletResponse);
        }
    }

    private String buildRedirectionUrl(WSSRequestUrl wSSRequestUrl, String str) {
        if (str == null || !existsEnforcementPointForAuthenticationScheme(wSSRequestUrl.getEnforcementPointId(), str)) {
            return null;
        }
        return wSSRequestUrl.buildServiceUrlForAuthScheme(str);
    }

    private boolean existsEnforcementPointForAuthenticationScheme(String str, String str2) {
        return this.m_pesLocator.locate(str, str2) != null;
    }

    public void setWssRequestUrlFactory(WSSRequestUrlFactory wSSRequestUrlFactory) {
        this.m_wssRequestUrlFactory = wSSRequestUrlFactory;
    }

    public WSSRequestUrlFactory getWssRequestUrlFactory() {
        return this.m_wssRequestUrlFactory;
    }

    public void destroy() {
        super.destroy();
    }

    public HttpConnectionManager getApacheConnectionManager() {
        return this.m_apacheConnectionManager;
    }

    public void setApacheConnectionManager(HttpConnectionManager httpConnectionManager) {
        this.m_apacheConnectionManager = httpConnectionManager;
    }
}
