package org.n52.security.service.web.access.condition;

import javax.security.auth.Subject;
import org.n52.security.decision.DecisionService;
import org.n52.security.decision.PDPRequest;
import org.n52.security.decision.PDPRequestCollection;
import org.n52.security.decision.PDPResponse;
import org.n52.security.decision.Target;
import org.n52.security.service.web.WebContext;
import org.n52.security.service.web.WebSecurityProcessingContext;
import org.n52.security.service.web.WebSecurityProcessingException;

/* loaded from: input_file:org/n52/security/service/web/access/condition/AccessPermittedCondition.class */
public class AccessPermittedCondition implements Condition {
    private String m_resourceIdPrefix;
    private String m_actionId;
    private DecisionService m_decisionService;
    private boolean m_encodeRequestParameterInResourceId = false;

    @Override // org.n52.security.service.web.access.condition.Condition
    public boolean isSatisfied(WebSecurityProcessingContext webSecurityProcessingContext, WebContext webContext) {
        return isAccessPermitted(webSecurityProcessingContext, webContext);
    }

    protected boolean isAccessPermitted(WebSecurityProcessingContext webSecurityProcessingContext, WebContext webContext) {
        String buildResourceId = buildResourceId(webContext);
        String buildActionId = buildActionId(webContext.getRequest().getMethod());
        try {
            PDPResponse pDPResponse = (PDPResponse) this.m_decisionService.request(new PDPRequestCollection().add(new PDPRequest(buildPolicyTarget(webSecurityProcessingContext.getSubject(), buildResourceId, buildActionId)))).iterator().next();
            if (!pDPResponse.isPermit()) {
                return false;
            }
            webSecurityProcessingContext.setSharedProcessingState("url.processing.obligations", pDPResponse.getObligations());
            return true;
        } catch (Throwable th) {
            throw new WebSecurityProcessingException("error during policy decision processing of ressourceId <" + buildResourceId + "> action <" + buildActionId + "> blocking access!" + th, th);
        }
    }

    protected Target buildPolicyTarget(Subject subject, String str, String str2) {
        return new Target(subject, str, str2);
    }

    protected String buildActionId(String str) {
        return this.m_actionId == null ? str : this.m_actionId;
    }

    protected String buildResourceId(WebContext webContext) {
        String requestLocationIncludingParameter = isEncodeRequestParameterInResourceId() ? webContext.getRequestLocationIncludingParameter() : webContext.getRequestLocation();
        String str = this.m_resourceIdPrefix;
        if (str == null || str.isEmpty()) {
            return requestLocationIncludingParameter;
        }
        return str + requestLocationIncludingParameter.substring(webContext.getContextLocation().length());
    }

    public String getResourceIdPrefix() {
        return this.m_resourceIdPrefix;
    }

    public void setResourceIdPrefix(String str) {
        this.m_resourceIdPrefix = str;
    }

    public String getActionId() {
        return this.m_actionId;
    }

    public void setActionId(String str) {
        this.m_actionId = str;
    }

    public DecisionService getDecisionService() {
        return this.m_decisionService;
    }

    public void setDecisionService(DecisionService decisionService) {
        this.m_decisionService = decisionService;
    }

    public boolean isEncodeRequestParameterInResourceId() {
        return this.m_encodeRequestParameterInResourceId;
    }

    public void setEncodeRequestParameterInResourceId(boolean z) {
        this.m_encodeRequestParameterInResourceId = z;
    }
}
