package pl.edu.icm.yadda.aas.client.backend;

import java.io.Serializable;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Map;
import org.opensaml.lite.common.SAMLObject;
import org.opensaml.lite.xacml.XACMLConstants;
import org.opensaml.lite.xacml.ctx.DecisionType;
import org.opensaml.lite.xacml.ctx.impl.ActionTypeImpl;
import org.opensaml.lite.xacml.ctx.impl.AttributeTypeImpl;
import org.opensaml.lite.xacml.ctx.impl.AttributeValueTypeImpl;
import org.opensaml.lite.xacml.ctx.impl.EnvironmentTypeImpl;
import org.opensaml.lite.xacml.ctx.impl.RequestTypeImpl;
import org.opensaml.lite.xacml.ctx.impl.ResourceTypeImpl;
import org.opensaml.lite.xacml.ctx.impl.SubjectTypeImpl;
import org.opensaml.lite.xacml.profile.saml.impl.XACMLAuthzDecisionQueryTypeImpl;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import pl.edu.icm.yadda.aas.client.YaddaObligationsAwareResult;
import pl.edu.icm.yadda.aas.handler.HeaderFieldBasedSecurityRequestHandler;
import pl.edu.icm.yadda.aas.handler.ISecurityRequestHandler;
import pl.edu.icm.yadda.service2.HeaderField;
import pl.edu.icm.yadda.service2.HeaderFieldTypes;
import pl.edu.icm.yadda.service2.aas.AAError;
import pl.edu.icm.yadda.service2.aas.AuthorizeRequest;
import pl.edu.icm.yadda.service2.aas.AuthorizeResponse;
import pl.edu.icm.yadda.service2.aas.IAAService;
import pl.edu.icm.yadda.service2.aas.acl.IACLObject;

/* loaded from: input_file:WEB-INF/lib/yadda-aas2-common-4.4.8.jar:pl/edu/icm/yadda/aas/client/backend/BackendAuthorizer.class */
public class BackendAuthorizer implements IBackendAuthorizer {
    public static final String SUBJECT_BACKEND_ACCESS = "backend-access";
    protected IAAService aaService;
    protected String defaultDomain;
    protected final Logger log = LoggerFactory.getLogger(getClass());
    private ISecurityRequestHandler securityRequestHandler = new HeaderFieldBasedSecurityRequestHandler();

    @Override // pl.edu.icm.yadda.aas.client.backend.IBackendAuthorizer
    public YaddaObligationsAwareResult<Boolean> evaluateAccess(BackendAuthorizerRequest backendAuthorizerRequest) {
        AuthorizeResponse authorize = this.aaService.authorize(buildAuthzRequest(backendAuthorizerRequest.getAction(), backendAuthorizerRequest.getResource(), backendAuthorizerRequest.getSamlObjects(), backendAuthorizerRequest.getAclObject(), backendAuthorizerRequest.getAuxiliaryParams()));
        if (authorize == null) {
            this.log.error("got null response after authorization!");
            return new YaddaObligationsAwareResult<>(false, null);
        }
        if (authorize.getResult() != null && authorize.getResult().getDecision() != null && authorize.getResult().getDecision().getDecision() == DecisionType.DECISION.Permit) {
            return new YaddaObligationsAwareResult<>(true, authorize.getResult().getObligations() != null ? authorize.getResult().getObligations().getObligations() : null);
        }
        if (authorize.getErrors() != null) {
            for (AAError aAError : authorize.getErrors()) {
                this.log.warn(aAError.getErrorId() + ':' + aAError.getMessage(), aAError.getThrowable());
            }
        }
        if (authorize.getResult() == null || authorize.getResult().getDecision() == null) {
            this.log.error("got null decision!");
        } else {
            this.log.trace("got decision: " + authorize.getResult().getDecision().getDecision());
        }
        return new YaddaObligationsAwareResult<>(false, authorize.getError(), (authorize.getResult() == null || authorize.getResult().getObligations() == null) ? null : authorize.getResult().getObligations().getObligations());
    }

    protected AuthorizeRequest buildAuthzRequest(String str, String str2, SAMLObject[] sAMLObjectArr, IACLObject iACLObject, Map<String, Serializable> map) {
        if (this.defaultDomain != null) {
            if (map == null) {
                map = new HashMap();
                map.put(XACMLConstants.SUBJECT_AUX_PARAM_DOMAIN_ROOT_SUFFIX, this.defaultDomain);
            } else if (!map.containsKey(XACMLConstants.SUBJECT_AUX_PARAM_DOMAIN_ROOT_SUFFIX)) {
                map.put(XACMLConstants.SUBJECT_AUX_PARAM_DOMAIN_ROOT_SUFFIX, this.defaultDomain);
            }
        }
        XACMLAuthzDecisionQueryTypeImpl xACMLAuthzDecisionQueryTypeImpl = new XACMLAuthzDecisionQueryTypeImpl();
        AuthorizeRequest authorizeRequest = new AuthorizeRequest(xACMLAuthzDecisionQueryTypeImpl);
        if (sAMLObjectArr != null && sAMLObjectArr.length > 0) {
            this.securityRequestHandler.attach(authorizeRequest, sAMLObjectArr);
        }
        if (iACLObject != null) {
            authorizeRequest.addHeaders(new HeaderField(HeaderFieldTypes.TYPE_AAS_ACL, iACLObject, true));
        }
        RequestTypeImpl requestTypeImpl = new RequestTypeImpl();
        xACMLAuthzDecisionQueryTypeImpl.setRequest(requestTypeImpl);
        if (map != null && !map.isEmpty()) {
            ArrayList<String> arrayList = new ArrayList();
            SubjectTypeImpl subjectTypeImpl = null;
            for (Map.Entry<String, Serializable> entry : map.entrySet()) {
                if (!entry.getKey().equals(BackendAuthorizerRequest.UNSUFFIXED_GENERIC_PARAM_VALUE)) {
                    if (subjectTypeImpl == null) {
                        subjectTypeImpl = new SubjectTypeImpl();
                        subjectTypeImpl.setSubjectCategory(XACMLConstants.SUBJECT_AUX_PARAM_CATEGORY);
                    }
                    this.log.debug("attaching: " + entry.getKey() + " value: " + entry.getValue() + ", as aux parameter");
                    AttributeTypeImpl attributeTypeImpl = new AttributeTypeImpl();
                    attributeTypeImpl.setAttributeID(XACMLConstants.SUBJECT_AUX_PARAM_PREFIX + entry.getKey().toLowerCase());
                    attributeTypeImpl.setDataType(XACMLConstants.DATATYPE_STRING);
                    if (entry.getValue() instanceof String[]) {
                        for (String str3 : (String[]) entry.getValue()) {
                            AttributeValueTypeImpl attributeValueTypeImpl = new AttributeValueTypeImpl();
                            attributeValueTypeImpl.setValue(str3);
                            attributeTypeImpl.getAttributeValues().add(attributeValueTypeImpl);
                        }
                    } else {
                        AttributeValueTypeImpl attributeValueTypeImpl2 = new AttributeValueTypeImpl();
                        attributeValueTypeImpl2.setValue((String) entry.getValue());
                        attributeTypeImpl.getAttributeValues().add(attributeValueTypeImpl2);
                    }
                    subjectTypeImpl.getAttributes().add(attributeTypeImpl);
                } else if (entry.getValue() instanceof String[]) {
                    for (String str4 : (String[]) entry.getValue()) {
                        arrayList.add(str4);
                    }
                } else {
                    arrayList.add((String) entry.getValue());
                }
            }
            if (arrayList.size() > 0) {
                SubjectTypeImpl subjectTypeImpl2 = new SubjectTypeImpl();
                subjectTypeImpl2.setSubjectCategory(XACMLConstants.SUBJECT_PARAM_CATEGORY);
                AttributeTypeImpl attributeTypeImpl2 = new AttributeTypeImpl();
                attributeTypeImpl2.setAttributeID(XACMLConstants.SUBJECT_PARAM_ID);
                attributeTypeImpl2.setDataType(XACMLConstants.DATATYPE_STRING);
                for (String str5 : arrayList) {
                    AttributeValueTypeImpl attributeValueTypeImpl3 = new AttributeValueTypeImpl();
                    attributeValueTypeImpl3.setValue(str5);
                    attributeTypeImpl2.getAttributeValues().add(attributeValueTypeImpl3);
                }
                subjectTypeImpl2.getAttributes().add(attributeTypeImpl2);
                requestTypeImpl.getSubjects().add(subjectTypeImpl2);
            }
            if (subjectTypeImpl != null) {
                requestTypeImpl.getSubjects().add(subjectTypeImpl);
            }
        }
        SubjectTypeImpl subjectTypeImpl3 = new SubjectTypeImpl();
        AttributeTypeImpl attributeTypeImpl3 = new AttributeTypeImpl();
        attributeTypeImpl3.setAttributeID(XACMLConstants.SUBJECT_ID);
        attributeTypeImpl3.setDataType(XACMLConstants.DATATYPE_STRING);
        AttributeValueTypeImpl attributeValueTypeImpl4 = new AttributeValueTypeImpl();
        attributeValueTypeImpl4.setValue(SUBJECT_BACKEND_ACCESS);
        attributeTypeImpl3.getAttributeValues().add(attributeValueTypeImpl4);
        subjectTypeImpl3.getAttributes().add(attributeTypeImpl3);
        requestTypeImpl.getSubjects().add(subjectTypeImpl3);
        ResourceTypeImpl resourceTypeImpl = new ResourceTypeImpl();
        if (str2 != null) {
            AttributeTypeImpl attributeTypeImpl4 = new AttributeTypeImpl();
            attributeTypeImpl4.setAttributeID(XACMLConstants.RESOURCE_ID);
            attributeTypeImpl4.setDataType(XACMLConstants.DATATYPE_STRING);
            AttributeValueTypeImpl attributeValueTypeImpl5 = new AttributeValueTypeImpl();
            attributeValueTypeImpl5.setValue(str2);
            attributeTypeImpl4.getAttributeValues().add(attributeValueTypeImpl5);
            resourceTypeImpl.getAttributes().add(attributeTypeImpl4);
        }
        requestTypeImpl.getResources().add(resourceTypeImpl);
        ActionTypeImpl actionTypeImpl = new ActionTypeImpl();
        if (str != null) {
            AttributeTypeImpl attributeTypeImpl5 = new AttributeTypeImpl();
            attributeTypeImpl5.setAttributeID(XACMLConstants.ACTION_ID);
            attributeTypeImpl5.setDataType(XACMLConstants.DATATYPE_STRING);
            AttributeValueTypeImpl attributeValueTypeImpl6 = new AttributeValueTypeImpl();
            attributeValueTypeImpl6.setValue(str);
            attributeTypeImpl5.getAttributeValues().add(attributeValueTypeImpl6);
            actionTypeImpl.getAttributes().add(attributeTypeImpl5);
        }
        requestTypeImpl.setAction(actionTypeImpl);
        requestTypeImpl.setEnvironment(new EnvironmentTypeImpl());
        return authorizeRequest;
    }

    public void setAaService(IAAService iAAService) {
        this.aaService = iAAService;
    }

    public void setSecurityRequestHandler(ISecurityRequestHandler iSecurityRequestHandler) {
        this.securityRequestHandler = iSecurityRequestHandler;
    }

    public void setDefaultDomain(String str) {
        this.defaultDomain = str;
    }
}
