package org.n52.security.service.pdp.xacml;

import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import javax.security.auth.Subject;
import org.apache.commons.collections.IteratorUtils;
import org.apache.commons.collections.Transformer;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.xmlbeans.XmlCursor;
import org.apache.xmlbeans.XmlException;
import org.apache.xmlbeans.XmlObject;
import org.apache.xmlbeans.XmlString;
import org.n52.security.authentication.LicensePrincipal;
import org.n52.security.authentication.LicenseReference;
import org.n52.security.authentication.principals.AttributePrincipal;
import org.n52.security.authentication.principals.RolePrincipal;
import org.n52.security.authentication.principals.UsernameIDPrincipal;
import org.n52.security.common.attributes.AnyObjectAttributeValue;
import org.n52.security.common.attributes.Attribute;
import org.n52.security.common.attributes.Attributes;
import org.n52.security.common.attributes.BooleanAttributeValue;
import org.n52.security.common.attributes.DoubleAttributeValue;
import org.n52.security.common.attributes.IntegerAttributeValue;
import org.n52.security.common.attributes.StringAttributeValue;
import org.n52.security.decision.DecisionProcessingException;
import org.n52.security.decision.DecisionService;
import org.n52.security.decision.Obligation;
import org.n52.security.decision.PDPProxy;
import org.n52.security.decision.PDPRequest;
import org.n52.security.decision.PDPRequestCollection;
import org.n52.security.decision.PDPResponse;
import org.n52.security.decision.PDPResponseCollection;
import org.n52.security.decision.Target;
import org.n52.security.service.pdp.xacml.attributes.AnyXMLAttributeProxy;
import org.w3c.dom.Attr;
import org.w3c.dom.Element;
import org.xacml1.context.AttributeType;
import org.xacml1.context.DecisionType;
import org.xacml1.context.EnvironmentType;
import org.xacml1.context.RequestDocument;
import org.xacml1.context.RequestType;
import org.xacml1.context.ResponseDocument;
import org.xacml1.context.ResponseType;
import org.xacml1.context.ResultType;
import org.xacml1.context.SubjectType;
import org.xacml1.policy.AttributeAssignmentType;
import org.xacml1.policy.AttributeValueType;
import org.xacml1.policy.EffectType;
import org.xacml1.policy.ObligationType;
import org.xacml1.policy.ObligationsType;

/* loaded from: input_file:org/n52/security/service/pdp/xacml/XACML1PDPClient.class */
public class XACML1PDPClient implements DecisionService, PDPProxy {
    private static final String DATATYPE_STRING = "http://www.w3.org/2001/XMLSchema#string";
    private static final String DATATYPE_BOOLEAN = "http://www.w3.org/2001/XMLSchema#boolean";
    private static final String DATATYPE_INT = "http://www.w3.org/2001/XMLSchema#int";
    private static final String DATATYPE_DOUBLE = "http://www.w3.org/2001/XMLSchema#double";
    private static final String XACML_1_SUBJECT_ID = "urn:oasis:names:tc:xacml:1.0:subject:subject-id";
    private static final String XACML_1_RESOURCE_ID = "urn:oasis:names:tc:xacml:1.0:resource:resource-id";
    private static final String XACML_1_ACTION_ID = "urn:oasis:names:tc:xacml:1.0:action:action-id";
    private static final String CT_ROLE_ID = "urn:conterra:names:sdi-suite:policy:attribute:role";
    protected XACML1PDPRequestor m_requestor;
    private static final Log LOG = LogFactory.getLog(XACML1PDPClient.class);
    protected static volatile int m_reqCounter = 0;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/n52/security/service/pdp/xacml/XACML1PDPClient$RequestJob.class */
    public class RequestJob implements Runnable {
        private PDPRequest mRequest;
        private PDPResponse mResponse;
        private Exception mError;
        private XACML1PDPRequestor mRequestor;

        public RequestJob(PDPRequest pDPRequest, XACML1PDPRequestor xACML1PDPRequestor) {
            this.mRequest = pDPRequest;
            this.mRequestor = xACML1PDPRequestor;
        }

        public PDPRequest getRequest() {
            return this.mRequest;
        }

        public PDPResponse getResponse() {
            return this.mResponse;
        }

        public Exception getError() {
            return this.mError;
        }

        @Override // java.lang.Runnable
        public void run() {
            try {
                if (XACML1PDPClient.LOG.isDebugEnabled()) {
                    XACML1PDPClient.LOG.debug("XACML1PDPClient$RequestJob.run start");
                }
                this.mResponse = XACML1PDPClient.this.convertXACMLResponseToPDPResponse(this.mRequestor.executeRequest(XACML1PDPClient.this.convert52nRequestToXACMLRequest(getRequest())), getRequest());
            } catch (Exception e) {
                this.mError = e;
            }
            if (XACML1PDPClient.LOG.isDebugEnabled()) {
                XACML1PDPClient.LOG.debug("XACML1PDPClient$RequestJob.run stop");
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/n52/security/service/pdp/xacml/XACML1PDPClient$RunnableThread.class */
    public static class RunnableThread extends Thread {
        private Runnable mTarget;

        public RunnableThread(Runnable runnable) {
            super(runnable);
            this.mTarget = runnable;
        }

        public Runnable getTarget() {
            return this.mTarget;
        }
    }

    public XACML1PDPClient() {
        this.m_requestor = new XACML1PDPRequestor();
    }

    public XACML1PDPClient(String str) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("XACML1PDPClient constructed");
        }
        this.m_requestor = new XACML1PDPRequestor(str);
    }

    public PDPResponseCollection request(PDPRequestCollection pDPRequestCollection) throws DecisionProcessingException {
        if (LOG.isDebugEnabled()) {
            LOG.debug("XACML1PDPClient.request");
        }
        return isUseRequestSet() ? executeSingleRequest(pDPRequestCollection) : joinRequests(forkRequests(pDPRequestCollection.iterator()));
    }

    private PDPResponseCollection executeSingleRequest(PDPRequestCollection pDPRequestCollection) {
        final ArrayList arrayList = new ArrayList();
        ResponseDocument[] executeRequest = this.m_requestor.executeRequest((RequestDocument[]) IteratorUtils.toArray(IteratorUtils.transformedIterator(pDPRequestCollection.iterator(), new Transformer() { // from class: org.n52.security.service.pdp.xacml.XACML1PDPClient.1
            public Object transform(Object obj) {
                PDPRequest pDPRequest = (PDPRequest) obj;
                arrayList.add(pDPRequest);
                try {
                    return XACML1PDPClient.this.convert52nRequestToXACMLRequest(pDPRequest);
                } catch (XmlException e) {
                    throw new DecisionProcessingException("can't convert pdp request: " + e, e);
                }
            }
        }), RequestDocument.class));
        PDPResponseCollection pDPResponseCollection = new PDPResponseCollection();
        int length = executeRequest.length;
        for (int i = 0; i < length; i++) {
            pDPResponseCollection.add(convertXACMLResponseToPDPResponse(executeRequest[i], (PDPRequest) arrayList.get(i)));
        }
        return pDPResponseCollection;
    }

    private Collection forkRequests(Iterator it) {
        LinkedList linkedList = new LinkedList();
        while (it.hasNext()) {
            enqueRequest((PDPRequest) it.next(), linkedList);
        }
        return linkedList;
    }

    private void enqueRequest(PDPRequest pDPRequest, List list) {
        RunnableThread runnableThread = new RunnableThread(new RequestJob(pDPRequest, this.m_requestor));
        StringBuilder append = new StringBuilder().append("PDP-Request ");
        int i = m_reqCounter + 1;
        m_reqCounter = i;
        runnableThread.setName(append.append(i).toString());
        runnableThread.start();
        list.add(runnableThread);
    }

    private PDPResponseCollection joinRequests(Collection collection) throws DecisionProcessingException {
        PDPResponseCollection pDPResponseCollection = new PDPResponseCollection();
        Iterator it = collection.iterator();
        while (it.hasNext()) {
            RunnableThread runnableThread = (RunnableThread) it.next();
            try {
                runnableThread.join();
                RequestJob requestJob = (RequestJob) runnableThread.getTarget();
                if (requestJob.getError() != null) {
                    throw new DecisionProcessingException("error during pdp request", requestJob.getError());
                }
                pDPResponseCollection.add(requestJob.getResponse());
            } catch (InterruptedException e) {
                throw new DecisionProcessingException("error during pdp request", e);
            }
        }
        return pDPResponseCollection;
    }

    public void setPdpUrl(String str) {
        this.m_requestor.setUrl(str);
    }

    public String getPdpUrl() {
        return this.m_requestor.getUrl();
    }

    public boolean isUseRequestSet() {
        return this.m_requestor.isUseRequestSet();
    }

    public void setUseRequestSet(boolean z) {
        this.m_requestor.setUseRequestSet(z);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public RequestDocument convert52nRequestToXACMLRequest(PDPRequest pDPRequest) throws XmlException {
        RequestDocument newInstance = RequestDocument.Factory.newInstance();
        RequestType addNewRequest = newInstance.addNewRequest();
        Target target = pDPRequest.getTarget();
        convertEnvironmentToXACMLEnvironment(pDPRequest.getEnvironment(), addNewRequest);
        convertSubjectToXACMLSubject(target.getSubject(), addNewRequest);
        convertLicensePrincipalofSubjectToXACMLEnvironment(target.getSubject(), addNewRequest);
        convertResourceToXACMLResource(target.getResourceId(), addNewRequest);
        convertActionToXACMLAction(target.getActionId(), addNewRequest);
        return newInstance;
    }

    private void convertEnvironmentToXACMLEnvironment(Attributes attributes, RequestType requestType) {
        if (attributes.isEmpty()) {
            return;
        }
        EnvironmentType environment = requestType.isSetEnvironment() ? requestType.getEnvironment() : requestType.addNewEnvironment();
        for (String str : attributes.getAttributeNames()) {
            addStringAttribute(environment.addNewAttribute(), str, attributes.getStringAttributeValue(str));
        }
    }

    private void convertLicensePrincipalofSubjectToXACMLEnvironment(Subject subject, RequestType requestType) throws XmlException {
        XmlObject parse;
        if (subject != null) {
            Iterator it = subject.getPrincipals(LicensePrincipal.class).iterator();
            while (it.hasNext()) {
                LicenseReference licenseReference = ((LicensePrincipal) it.next()).getLicenseReference();
                AttributeType addNewAttribute = (requestType.isSetEnvironment() ? requestType.getEnvironment() : requestType.addNewEnvironment()).addNewAttribute();
                addNewAttribute.setAttributeId("urn:conterra:names:sdi-suite:policy:attribute:license-ref");
                addNewAttribute.setDataType(AnyXMLAttributeProxy.TYPEURI_ANY);
                Element reference = licenseReference.getReference();
                synchronized (reference) {
                    parse = XmlObject.Factory.parse(reference);
                }
                appendXML(addNewAttribute.addNewAttributeValue(), parse);
            }
        }
    }

    private void convertActionToXACMLAction(String str, RequestType requestType) {
        addStringAttribute(requestType.addNewAction().addNewAttribute(), XACML_1_ACTION_ID, str);
    }

    private void convertResourceToXACMLResource(String str, RequestType requestType) {
        addStringAttribute(requestType.addNewResource().addNewAttribute(), XACML_1_RESOURCE_ID, str);
    }

    private void convertSubjectToXACMLSubject(Subject subject, RequestType requestType) {
        if (subject != null) {
            SubjectType addNewSubject = requestType.addNewSubject();
            for (AttributePrincipal attributePrincipal : subject.getPrincipals(AttributePrincipal.class)) {
                addStringAttribute(addNewSubject.addNewAttribute(), attributePrincipal.getName(), attributePrincipal.getValue());
            }
            Iterator it = subject.getPrincipals(UsernameIDPrincipal.class).iterator();
            while (it.hasNext()) {
                addStringAttribute(addNewSubject.addNewAttribute(), XACML_1_SUBJECT_ID, ((UsernameIDPrincipal) it.next()).getName());
            }
            Iterator it2 = subject.getPrincipals(RolePrincipal.class).iterator();
            while (it2.hasNext()) {
                addStringAttribute(addNewSubject.addNewAttribute(), CT_ROLE_ID, ((RolePrincipal) it2.next()).getName());
            }
        }
    }

    private void addStringAttribute(AttributeType attributeType, String str, String str2) {
        attributeType.setAttributeId(str);
        attributeType.setDataType(DATATYPE_STRING);
        XmlString newInstance = XmlString.Factory.newInstance();
        newInstance.setStringValue(str2);
        attributeType.addNewAttributeValue().set(newInstance);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public PDPResponse convertXACMLResponseToPDPResponse(ResponseDocument responseDocument, PDPRequest pDPRequest) {
        ResponseType response;
        int sizeOfResultArray;
        Attr attr;
        if (responseDocument == null || (sizeOfResultArray = (response = responseDocument.getResponse()).sizeOfResultArray()) < 1) {
            return null;
        }
        if (sizeOfResultArray > 1 && LOG.isWarnEnabled()) {
            LOG.warn("more than one result recieved, only first is processed!");
        }
        ResultType resultArray = response.getResultArray(0);
        int i = to52nDecision(resultArray.getDecision());
        String resource = pDPRequest.getTarget().getResource();
        if (!resource.equals(resultArray.getResourceId()) && ((attr = (Attr) resultArray.getDomNode().getAttributes().getNamedItem("ResourceID")) == null || !resource.equals(attr.getValue()))) {
            if (LOG.isWarnEnabled()) {
                LOG.warn("requested resource id does not equal response resource id -> deny");
            }
            i = 1;
        }
        return new PDPResponse(i, pDPRequest, convertXACMLTo52nObligations(resultArray.getObligations()));
    }

    private Collection convertXACMLTo52nObligations(ObligationsType obligationsType) {
        if (obligationsType == null || obligationsType.sizeOfObligationArray() == 0) {
            return Collections.EMPTY_LIST;
        }
        LinkedList linkedList = new LinkedList();
        int sizeOfObligationArray = obligationsType.sizeOfObligationArray();
        for (int i = 0; i < sizeOfObligationArray; i++) {
            ObligationType obligationArray = obligationsType.getObligationArray(i);
            linkedList.add(new Obligation(to52nFullFillOn(obligationArray.getFulfillOn()), obligationArray.getObligationId(), convertXACMLto52nAttributes(obligationArray)));
        }
        return linkedList;
    }

    private Collection convertXACMLto52nAttributes(ObligationType obligationType) {
        LinkedList linkedList = new LinkedList();
        int sizeOfAttributeAssignmentArray = obligationType.sizeOfAttributeAssignmentArray();
        for (int i = 0; i < sizeOfAttributeAssignmentArray; i++) {
            linkedList.add(convertXACMLTo52nAttr(obligationType.getAttributeAssignmentArray(i)));
        }
        return linkedList;
    }

    private Attribute convertXACMLTo52nAttr(AttributeAssignmentType attributeAssignmentType) {
        return new Attribute(attributeAssignmentType.getAttributeId(), DATATYPE_STRING.equals(attributeAssignmentType.getDataType()) ? new StringAttributeValue(getTextContent(attributeAssignmentType)) : DATATYPE_INT.equals(attributeAssignmentType.getDataType()) ? new IntegerAttributeValue(Integer.parseInt(getTextContent(attributeAssignmentType))) : DATATYPE_BOOLEAN.equals(attributeAssignmentType.getDataType()) ? new BooleanAttributeValue(Boolean.valueOf(getTextContent(attributeAssignmentType))) : DATATYPE_DOUBLE.equals(attributeAssignmentType.getDataType()) ? new DoubleAttributeValue(Double.parseDouble(getTextContent(attributeAssignmentType))) : new AnyObjectAttributeValue(getXMLContent(attributeAssignmentType).xmlText(), attributeAssignmentType.getDataType()));
    }

    private int to52nDecision(DecisionType.Enum r3) {
        switch (r3.intValue()) {
            case 1:
                return 2;
            case 2:
                return 1;
            default:
                return 0;
        }
    }

    private int to52nFullFillOn(EffectType.Enum r3) {
        switch (r3.intValue()) {
            case 1:
                return 1;
            case 2:
                return 2;
            default:
                return 2;
        }
    }

    private XmlObject getXMLContent(AttributeValueType attributeValueType) {
        if (attributeValueType == null) {
            return null;
        }
        XmlCursor newCursor = attributeValueType.newCursor();
        XmlObject xmlObject = null;
        if (newCursor.toFirstChild()) {
            try {
                xmlObject = XmlObject.Factory.parse(newCursor.getDomNode());
            } catch (XmlException e) {
                if (LOG.isErrorEnabled()) {
                    LOG.error("Error during evaluatation of xml content", e);
                }
            }
        }
        newCursor.dispose();
        return xmlObject;
    }

    private String getTextContent(XmlObject xmlObject) {
        if (xmlObject == null) {
            return "";
        }
        XmlCursor newCursor = xmlObject.newCursor();
        newCursor.toFirstContentToken();
        String textValue = newCursor.isText() ? newCursor.getTextValue() : "";
        newCursor.dispose();
        return textValue;
    }

    private void appendXML(XmlObject xmlObject, XmlObject xmlObject2) {
        if (xmlObject2 == null) {
            return;
        }
        XmlCursor newCursor = xmlObject2.newCursor();
        newCursor.toFirstContentToken();
        if (newCursor.isEnd()) {
            newCursor.dispose();
            return;
        }
        XmlCursor newCursor2 = xmlObject.newCursor();
        newCursor2.toFirstContentToken();
        newCursor.moveXml(newCursor2);
        newCursor.dispose();
        newCursor2.dispose();
    }
}
