package org.gcube.security.soa3.connector.impl;

import java.security.Principal;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import javax.security.auth.Subject;
import javax.ws.rs.core.MediaType;
import org.bouncycastle.util.encoders.Base64;
import org.gcube.security.soa3.cache.SOA3EhcacheWrapper;
import org.gcube.security.soa3.configuration.ConfigurationManagerFactory;
import org.gcube.security.soa3.connector.GCUBESecurityController;
import org.gcube.security.soa3.connector.engine.RestManager;
import org.gcube.security.soa3.connector.integration.utils.Utils;
import org.gcube.soa3.connector.common.security.CredentialManager;
import org.gcube.soa3.connector.common.security.impl.TicketCredentials;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Element;

/* loaded from: input_file:org/gcube/security/soa3/connector/impl/SOA3SecurityController.class */
public class SOA3SecurityController implements GCUBESecurityController {
    private static final String DN = "DN";
    private String serviceName;
    private String defaultSoa3Endpoint;
    private boolean credentialPropagationPolicy;
    private boolean securityEnabled;
    private final String AUTHORIZATION_HEADER = "Authorization";
    private final String SERVICE_STRING_HEADER = "Servicestring";
    private final String SERVICE_INSTANCE_HEADER = "Serviceinstance";
    private Logger log = LoggerFactory.getLogger(getClass());

    @Override // org.gcube.security.soa3.connector.GCUBESecurityController
    public void init(Map<String, String> map) {
        this.serviceName = map.get(GCUBESecurityController.SERVICE_NAME);
        this.log.debug("Initializing security manager for service " + this.serviceName);
        this.defaultSoa3Endpoint = ConfigurationManagerFactory.getConfigurationManager().getServerUrl(this.serviceName);
        this.credentialPropagationPolicy = ConfigurationManagerFactory.getConfigurationManager().getCredentialPropagationPolicy(this.serviceName);
        this.securityEnabled = ConfigurationManagerFactory.getConfigurationManager().isSecurityEnabled(this.serviceName);
    }

    @Override // org.gcube.security.soa3.connector.GCUBESecurityController
    public boolean checkAccess(Map<String, Object> map) {
        this.log.debug("Checking access");
        if (this.securityEnabled) {
            this.log.debug("Security enabled");
            return applySecurityPolicies(map);
        }
        this.log.debug("Security disabled");
        return true;
    }

    private boolean applySecurityPolicies(Map<String, Object> map) {
        this.log.debug("Checking the acces rights");
        String checkAccessPrivileges = checkAccessPrivileges(map);
        this.log.debug("Response = " + checkAccessPrivileges);
        setCredentials(checkAccessPrivileges, map);
        return checkAccessPrivileges != null;
    }

    private void setCredentials(String str, Map<String, Object> map) {
        this.log.debug("Setting credentials in the messageContext");
        if (str == null || !this.credentialPropagationPolicy) {
            this.log.debug("Propagation not set");
            return;
        }
        this.log.debug("Setting...");
        try {
            this.log.debug("Adding the credentials to the security manager");
            TicketCredentials ticketCredentials = new TicketCredentials(str);
            ticketCredentials.prepareCredentials();
            CredentialManager.instance.set(ticketCredentials);
            this.log.debug("Generating security header");
            Element generateBinaryTokenElement = Utils.generateBinaryTokenElement(ticketCredentials.getAuthenticationType(), str);
            this.log.debug("Security Header generated");
            map.put(Utils.SECURITY_TOKEN, generateBinaryTokenElement);
        } catch (Exception e) {
            this.log.debug("Unable to generate the security header", e);
        }
    }

    private String checkAccessPrivileges(Map<String, Object> map) {
        String performDnBasedAuthentication;
        this.log.debug("Get Credentials bean");
        String str = (String) map.get(Utils.BINARY_SECURITY_TOKEN_LABEL);
        String str2 = (String) map.get(GCUBESecurityController.SERVICE_STRING);
        String str3 = (String) map.get(GCUBESecurityController.SERVICE_INSTANCE);
        this.log.debug("Security Header " + str);
        this.log.debug("Service string " + str2);
        this.log.debug("Service instance " + str3);
        if (str != null) {
            this.log.debug("Security Header not null");
            try {
                String[] split = str.split(" ");
                String str4 = split[0];
                String str5 = split[1];
                this.log.debug("Type = " + str4);
                this.log.debug("id = " + str5);
                performDnBasedAuthentication = performAuthentication(str4, str5, str2, str3);
            } catch (Exception e) {
                this.log.error("Invalid auth header, triyng to find DN");
                performDnBasedAuthentication = performDnBasedAuthentication((Subject) map.get(GCUBESecurityController.PEER_SUBJECT), str2, str3);
                this.log.debug("ticket = " + performDnBasedAuthentication);
            }
        } else {
            this.log.debug("Security Header null, trying to find DN");
            performDnBasedAuthentication = performDnBasedAuthentication((Subject) map.get(GCUBESecurityController.PEER_SUBJECT), str2, str3);
            this.log.debug("Ticket = " + performDnBasedAuthentication);
        }
        this.log.debug("Operation completed");
        return performDnBasedAuthentication;
    }

    private String performDnBasedAuthentication(Subject subject, String str, String str2) {
        this.log.debug("No security header found");
        this.log.debug("Looking for the Distinguished Name");
        String str3 = null;
        if (subject == null) {
            this.log.error("No Distinguished name found");
        } else {
            this.log.debug("External subject " + subject);
            Set<Principal> principals = subject.getPrincipals();
            if (principals == null || principals.isEmpty()) {
                this.log.error("Unable to find subject identity");
            } else {
                this.log.debug("Identities found, looking for the DNs");
                Iterator<Principal> it = principals.iterator();
                while (it.hasNext() && str3 == null) {
                    String name = it.next().getName();
                    this.log.debug("Distinguished name " + name);
                    str3 = performAuthentication(DN, new String(Base64.encode(name.getBytes())), str, str2);
                    this.log.debug("Response = " + str3);
                }
            }
        }
        return str3;
    }

    private String performAuthentication(String str, String str2, String str3, String str4) {
        if (str3 == null || str4 == null) {
            this.log.error("Unable to find service string or operation name");
            return null;
        }
        this.log.debug("Asking the cache...");
        String str5 = str + str2 + str3 + str4;
        this.log.debug("Cache string " + str5);
        String str6 = SOA3EhcacheWrapper.getInstance().get(str5);
        if (str6 == null) {
            this.log.debug("Response null, asking SOA3");
            str6 = askSoa3(str, str2, str3, str4);
            if (str6 != null) {
                this.log.debug("Response found populating the cache");
                SOA3EhcacheWrapper.getInstance().put(str5, str6);
                this.log.debug("Cache populated");
            } else {
                this.log.debug("No response from SOA3");
            }
        } else {
            this.log.debug("Response found in the cache");
        }
        this.log.debug("Response = " + str6);
        return str6;
    }

    private String askSoa3(String str, String str2, String str3, String str4) {
        this.log.debug("Sending authentication message to SOA3");
        HashMap hashMap = new HashMap();
        hashMap.put("Authorization", str + " " + str2);
        hashMap.put("Servicestring", str3);
        hashMap.put("Serviceinstance", str4);
        String sendMessage = RestManager.getInstance(getSoa3Endpoint()).sendMessage(Utils.SOA3_ACCESS_SERVICE, hashMap, null, MediaType.APPLICATION_JSON_TYPE, MediaType.APPLICATION_JSON_TYPE);
        this.log.debug("Authentication response = " + sendMessage);
        return sendMessage;
    }

    @Override // org.gcube.security.soa3.connector.GCUBESecurityController
    public boolean isSecurityEnabled() {
        return this.securityEnabled;
    }

    @Override // org.gcube.security.soa3.connector.GCUBESecurityController
    public void setSecurityEnabled(boolean z) {
        this.securityEnabled = z;
    }

    private String getSoa3Endpoint() {
        this.log.debug("Loading soa3 endpoint for the current operation and service");
        String serverUrl = ConfigurationManagerFactory.getConfigurationManager().getServerUrl(this.serviceName);
        if (serverUrl == null) {
            serverUrl = this.defaultSoa3Endpoint;
        }
        this.log.debug("Actual endpoint " + serverUrl);
        return serverUrl;
    }
}
