package pl.edu.icm.yadda.aas.proxy;

import java.util.Arrays;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import org.apache.log4j.Logger;
import org.opensaml.lite.xacml.policy.ObligationType;
import org.springframework.beans.factory.annotation.Required;
import pl.edu.icm.yadda.aas.client.IClientSecurityService;
import pl.edu.icm.yadda.aas.proxy.criterion.ILicenseCriterionCreator;
import pl.edu.icm.yadda.aas.proxy.criterion.tags.TagsCriterionCreatorHelper;
import pl.edu.icm.yadda.aas.proxy.evaluator.EvaluatorResult;
import pl.edu.icm.yadda.aas.proxy.evaluator.ILicenseEvaluator;
import pl.edu.icm.yadda.aas.proxy.evaluator.LicenseEvaluatorContext;
import pl.edu.icm.yadda.service2.ArchiveContent;
import pl.edu.icm.yadda.service2.ArchiveContentDTO;
import pl.edu.icm.yadda.service2.GetFeaturesRequest;
import pl.edu.icm.yadda.service2.GetFeaturesResponse;
import pl.edu.icm.yadda.service2.YaddaError;
import pl.edu.icm.yadda.service2.archive.GetArchiveContentRequest;
import pl.edu.icm.yadda.service2.archive.GetArchiveContentResponse;
import pl.edu.icm.yadda.service2.archive.GetArchiveObjectRequest;
import pl.edu.icm.yadda.service2.archive.GetArchiveObjectResponse;
import pl.edu.icm.yadda.service2.archive.IArchive;
import pl.edu.icm.yadda.service2.archive.IdResponse;
import pl.edu.icm.yadda.service2.archive.ListArchiveContentsResponse;
import pl.edu.icm.yadda.service2.archive.ListArchiveObjectsResponse;
import pl.edu.icm.yadda.service2.archive.ListArchiveRequest;
import pl.edu.icm.yadda.service2.archive.PartRequest;
import pl.edu.icm.yadda.service2.archive.PartResponse;
import pl.edu.icm.yadda.service2.archive.RetrieveRequest;
import pl.edu.icm.yadda.service2.archive.RetrieveResponse;

/* loaded from: input_file:pl/edu/icm/yadda/aas/proxy/SecuredArchive.class */
public class SecuredArchive implements IArchive {
    protected final Logger log = Logger.getLogger(getClass());
    private IClientSecurityService secClient;
    private IArchive archive;
    private List<ILicenseEvaluator<String[]>> evaluators;
    private List<ILicenseCriterionCreator<String[]>> tagsCreators;

    protected boolean evaluateAccess(Collection<ObligationType> collection, LicenseEvaluatorContext<String[]> licenseEvaluatorContext) {
        for (ILicenseEvaluator<String[]> iLicenseEvaluator : this.evaluators) {
            EvaluatorResult evaluate = iLicenseEvaluator.evaluate(collection, licenseEvaluatorContext);
            if (evaluate.getStatus() == EvaluatorResult.Status.PERMIT) {
                return true;
            }
            if (evaluate.getStatus() == EvaluatorResult.Status.DENY) {
                this.log.debug("evaluation with module " + iLicenseEvaluator.getClass().getName() + " failed");
            } else if (evaluate.getStatus() == EvaluatorResult.Status.ERROR) {
                this.log.warn("evaluation with module " + iLicenseEvaluator.getClass().getName() + " finished with error: " + evaluate.getError().getMssg(), evaluate.getError().getException());
            }
        }
        this.log.error("Permission not granted to retrieve resource id='" + licenseEvaluatorContext.getStoredObjectId() + "'");
        return false;
    }

    public GetArchiveObjectResponse<ArchiveContent> getSingleObject(GetArchiveObjectRequest getArchiveObjectRequest) {
        GetArchiveObjectResponse<ArchiveContent> singleObject = this.archive.getSingleObject(getArchiveObjectRequest);
        if (singleObject.isOK() && singleObject.getObject() != null && !evaluateAccess(this.secClient.retrieveLicenseObligations(getArchiveObjectRequest.getAuthHeaders()), new LicenseEvaluatorContext<>(getArchiveObjectRequest.getId().getId(), singleObject.getObject().getTags()))) {
            GetArchiveObjectResponse<ArchiveContent> getArchiveObjectResponse = new GetArchiveObjectResponse<>();
            getArchiveObjectResponse.setError(new YaddaError(SecurityConstants.ERROR_AUTH, "Permission not granted to retrieve resource id='" + getArchiveObjectRequest.getId().getId() + "'!"));
            return getArchiveObjectResponse;
        }
        return singleObject;
    }

    public GetArchiveContentResponse getSingleContent(GetArchiveContentRequest getArchiveContentRequest) {
        GetArchiveContentResponse singleContent = this.archive.getSingleContent(getArchiveContentRequest);
        if (singleContent.isOK() && singleContent.getContent() != null && !evaluateAccess(this.secClient.retrieveLicenseObligations(getArchiveContentRequest.getAuthHeaders()), new LicenseEvaluatorContext<>(getArchiveContentRequest.getContentId(), singleContent.getContent().getTags()))) {
            GetArchiveContentResponse getArchiveContentResponse = new GetArchiveContentResponse();
            getArchiveContentResponse.setError(new YaddaError(SecurityConstants.ERROR_AUTH, "Permission not granted to retrieve resource id='" + getArchiveContentRequest.getContentId().getId() + "'!"));
            return getArchiveContentResponse;
        }
        return singleContent;
    }

    public GetArchiveObjectResponse<ArchiveContentDTO> getObjectWithContents(GetArchiveObjectRequest getArchiveObjectRequest) {
        GetArchiveObjectResponse<ArchiveContentDTO> objectWithContents = this.archive.getObjectWithContents(getArchiveObjectRequest);
        if (objectWithContents.isOK() && objectWithContents.getObject() != null && !evaluateAccess(this.secClient.retrieveLicenseObligations(getArchiveObjectRequest.getAuthHeaders()), new LicenseEvaluatorContext<>(getArchiveObjectRequest.getId().getId(), objectWithContents.getObject().getTags()))) {
            GetArchiveObjectResponse<ArchiveContentDTO> getArchiveObjectResponse = new GetArchiveObjectResponse<>();
            getArchiveObjectResponse.setError(new YaddaError(SecurityConstants.ERROR_AUTH, "Permission not granted to retrieve resource id='" + getArchiveObjectRequest.getId().getId() + "'!"));
            return getArchiveObjectResponse;
        }
        return objectWithContents;
    }

    public GetArchiveContentResponse getContentTree(GetArchiveContentRequest getArchiveContentRequest) {
        GetArchiveContentResponse contentTree = this.archive.getContentTree(getArchiveContentRequest);
        if (contentTree.isOK() && contentTree.getContent() != null && !evaluateAccess(this.secClient.retrieveLicenseObligations(getArchiveContentRequest.getAuthHeaders()), new LicenseEvaluatorContext<>(getArchiveContentRequest.getContentId().getId(), contentTree.getContent().getTags()))) {
            GetArchiveContentResponse getArchiveContentResponse = new GetArchiveContentResponse();
            getArchiveContentResponse.setError(new YaddaError(SecurityConstants.ERROR_AUTH, "Permission not granted to retrieve resource id='" + getArchiveContentRequest.getContentId().getId() + "'!"));
            return getArchiveContentResponse;
        }
        return contentTree;
    }

    public ListArchiveObjectsResponse listObjects(ListArchiveRequest listArchiveRequest) {
        Set<ObligationType> retrieveLicenseObligations = this.secClient.retrieveLicenseObligations(listArchiveRequest.getAuthHeaders());
        String[] strArr = null;
        Iterator<ILicenseCriterionCreator<String[]>> it = this.tagsCreators.iterator();
        while (it.hasNext()) {
            strArr = TagsCriterionCreatorHelper.merge(strArr, it.next().createCriterion(retrieveLicenseObligations));
        }
        if (strArr == null) {
            this.log.debug("no permission to list objects");
            return new ListArchiveObjectsResponse(new YaddaError(SecurityConstants.ERROR_AUTH, "no permission to list objects"));
        }
        if (listArchiveRequest.getTags() == null) {
            listArchiveRequest.setTags(new HashSet(Arrays.asList(strArr)));
        } else {
            listArchiveRequest.setTags((Set) TagsCriterionCreatorHelper.removeSecurityTags(listArchiveRequest.getTags()));
            listArchiveRequest.getTags().addAll(Arrays.asList(strArr));
        }
        return this.archive.listObjects(listArchiveRequest);
    }

    public ListArchiveContentsResponse listContents(ListArchiveRequest listArchiveRequest) {
        Set<ObligationType> retrieveLicenseObligations = this.secClient.retrieveLicenseObligations(listArchiveRequest.getAuthHeaders());
        String[] strArr = null;
        Iterator<ILicenseCriterionCreator<String[]>> it = this.tagsCreators.iterator();
        while (it.hasNext()) {
            strArr = TagsCriterionCreatorHelper.merge(strArr, it.next().createCriterion(retrieveLicenseObligations));
        }
        if (strArr == null) {
            this.log.debug("no permission to list contents");
            return new ListArchiveContentsResponse(new YaddaError(SecurityConstants.ERROR_AUTH, "no permission to list contents"));
        }
        if (listArchiveRequest.getTags() == null) {
            listArchiveRequest.setTags(new HashSet(Arrays.asList(strArr)));
        } else {
            listArchiveRequest.setTags((Set) TagsCriterionCreatorHelper.removeSecurityTags(listArchiveRequest.getTags()));
            listArchiveRequest.getTags().addAll(Arrays.asList(strArr));
        }
        return this.archive.listContents(listArchiveRequest);
    }

    public PartResponse getPart(PartRequest partRequest) {
        return this.archive.getPart(partRequest);
    }

    public RetrieveResponse retrieve(RetrieveRequest retrieveRequest) {
        return this.archive.retrieve(retrieveRequest);
    }

    public GetFeaturesResponse getFeatures(GetFeaturesRequest getFeaturesRequest) {
        GetFeaturesResponse features = this.archive.getFeatures(getFeaturesRequest);
        features.getFeatures().add(SecurityConstants.FEATURE_REQUIRES_AUTHORIZATION);
        return features;
    }

    public IdResponse getServiceId() {
        return this.archive.getServiceId();
    }

    @Required
    public void setArchive(IArchive iArchive) {
        this.archive = iArchive;
    }

    @Required
    public void setSecClient(IClientSecurityService iClientSecurityService) {
        this.secClient = iClientSecurityService;
    }

    @Required
    public void setEvaluators(List<ILicenseEvaluator<String[]>> list) {
        this.evaluators = list;
    }

    @Required
    public void setTagsCreators(List<ILicenseCriterionCreator<String[]>> list) {
        this.tagsCreators = list;
    }
}
