package pl.edu.icm.yadda.aas.proxy;

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.opensaml.lite.common.SAMLObject;
import org.opensaml.lite.xacml.ctx.DecisionType;
import org.opensaml.lite.xacml.ctx.impl.ActionTypeImpl;
import org.opensaml.lite.xacml.ctx.impl.AttributeTypeImpl;
import org.opensaml.lite.xacml.ctx.impl.AttributeValueTypeImpl;
import org.opensaml.lite.xacml.ctx.impl.EnvironmentTypeImpl;
import org.opensaml.lite.xacml.ctx.impl.RequestTypeImpl;
import org.opensaml.lite.xacml.ctx.impl.ResourceTypeImpl;
import org.opensaml.lite.xacml.ctx.impl.SubjectTypeImpl;
import org.opensaml.lite.xacml.profile.saml.impl.XACMLAuthzDecisionQueryTypeImpl;
import pl.edu.icm.yadda.aas.XACMLConstants;
import pl.edu.icm.yadda.service2.GenericRequest;
import pl.edu.icm.yadda.service2.GenericResponse;
import pl.edu.icm.yadda.service2.GetFeaturesRequest;
import pl.edu.icm.yadda.service2.GetFeaturesResponse;
import pl.edu.icm.yadda.service2.YaddaError;
import pl.edu.icm.yadda.service2.aas.AAError;
import pl.edu.icm.yadda.service2.aas.AuthorizeRequest;
import pl.edu.icm.yadda.service2.aas.AuthorizeRequestHeader;
import pl.edu.icm.yadda.service2.aas.AuthorizeResponse;
import pl.edu.icm.yadda.service2.aas.IAAService;

/* loaded from: input_file:pl/edu/icm/yadda/aas/proxy/SecuredCite.class */
public class SecuredCite implements DummyCiteService {
    private final Log log = LogFactory.getLog(getClass());
    public static final String RESOURCE_VALUE_CITE = "cite";
    public static final String ACTION_VALUE_EDIT = "edit";
    private DummyCiteService citeService;
    private IAAService aaService;

    @Override // pl.edu.icm.yadda.aas.proxy.DummyCiteService
    public GenericResponse doEdit(GenericRequest genericRequest) {
        if (evaluateAccess(genericRequest)) {
            return this.citeService.doEdit(genericRequest);
        }
        this.log.warn("Permission not granted to edit cite!");
        GenericResponse genericResponse = new GenericResponse();
        genericResponse.setError(new YaddaError(SecurityConstants.ERROR_AUTH, "Permission not granted to edit cite!"));
        return genericResponse;
    }

    @Override // pl.edu.icm.yadda.aas.proxy.DummyCiteService
    public GenericResponse doRead(GenericRequest genericRequest) {
        return this.citeService.doRead(genericRequest);
    }

    @Override // pl.edu.icm.yadda.aas.proxy.DummyCiteService
    public GetFeaturesResponse getFeatures(GetFeaturesRequest getFeaturesRequest) {
        GetFeaturesResponse features = this.citeService.getFeatures(getFeaturesRequest);
        features.getFeatures().add(SecurityConstants.FEATURE_REQUIRES_AUTHORIZATION);
        return features;
    }

    protected boolean evaluateAccess(GenericRequest genericRequest) {
        if (genericRequest == null) {
            this.log.warn("got null request object!");
            return false;
        }
        AuthorizeResponse authorize = this.aaService.authorize(buildAuthzRequest(genericRequest.getAuthHeaders()));
        if (authorize == null) {
            this.log.error("got null response after authorization!");
            return false;
        }
        if (authorize.getResult() != null && authorize.getResult().getDecision() != null && authorize.getResult().getDecision().getDecision() == DecisionType.DECISION.Permit) {
            return true;
        }
        if (authorize.getErrors() != null) {
            for (AAError aAError : authorize.getErrors()) {
                this.log.warn(aAError.getErrorId() + ':' + aAError.getMessage(), aAError.getThrowable());
            }
        }
        if (authorize.getResult() == null || authorize.getResult().getDecision() == null) {
            this.log.error("got null decision!");
            return false;
        }
        this.log.warn("got decision: " + authorize.getResult().getDecision().getDecision());
        return false;
    }

    protected AuthorizeRequest buildAuthzRequest(SAMLObject[] sAMLObjectArr) {
        XACMLAuthzDecisionQueryTypeImpl xACMLAuthzDecisionQueryTypeImpl = new XACMLAuthzDecisionQueryTypeImpl();
        AuthorizeRequest authorizeRequest = new AuthorizeRequest(xACMLAuthzDecisionQueryTypeImpl);
        authorizeRequest.setHeader(new AuthorizeRequestHeader(sAMLObjectArr));
        RequestTypeImpl requestTypeImpl = new RequestTypeImpl();
        xACMLAuthzDecisionQueryTypeImpl.setRequest(requestTypeImpl);
        requestTypeImpl.getSubjects().add(new SubjectTypeImpl());
        ResourceTypeImpl resourceTypeImpl = new ResourceTypeImpl();
        AttributeTypeImpl attributeTypeImpl = new AttributeTypeImpl();
        attributeTypeImpl.setAttributeID(XACMLConstants.RESOURCE_ID);
        attributeTypeImpl.setDataType(XACMLConstants.DATATYPE_STRING);
        AttributeValueTypeImpl attributeValueTypeImpl = new AttributeValueTypeImpl();
        attributeValueTypeImpl.setValue(RESOURCE_VALUE_CITE);
        attributeTypeImpl.getAttributeValues().add(attributeValueTypeImpl);
        resourceTypeImpl.getAttributes().add(attributeTypeImpl);
        requestTypeImpl.getResources().add(resourceTypeImpl);
        ActionTypeImpl actionTypeImpl = new ActionTypeImpl();
        AttributeTypeImpl attributeTypeImpl2 = new AttributeTypeImpl();
        attributeTypeImpl2.setAttributeID(XACMLConstants.ACTION_ID);
        attributeTypeImpl2.setDataType(XACMLConstants.DATATYPE_STRING);
        AttributeValueTypeImpl attributeValueTypeImpl2 = new AttributeValueTypeImpl();
        attributeValueTypeImpl2.setValue(ACTION_VALUE_EDIT);
        attributeTypeImpl2.getAttributeValues().add(attributeValueTypeImpl2);
        actionTypeImpl.getAttributes().add(attributeTypeImpl2);
        requestTypeImpl.setAction(actionTypeImpl);
        requestTypeImpl.setEnvironment(new EnvironmentTypeImpl());
        return authorizeRequest;
    }

    public void setCiteService(DummyCiteService dummyCiteService) {
        this.citeService = dummyCiteService;
    }

    public void setAaService(IAAService iAAService) {
        this.aaService = iAAService;
    }
}
