package org.glite.authz.pep.profile;

import java.io.IOException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import org.glite.authz.common.model.Action;
import org.glite.authz.common.model.Attribute;
import org.glite.authz.common.model.AttributeAssignment;
import org.glite.authz.common.model.Environment;
import org.glite.authz.common.model.Obligation;
import org.glite.authz.common.model.Request;
import org.glite.authz.common.model.Resource;
import org.glite.authz.common.model.Response;
import org.glite.authz.common.model.Result;
import org.glite.authz.common.model.Subject;
import org.glite.authz.common.model.util.Strings;
import org.glite.authz.common.profile.AuthorizationProfileConstants;
import org.glite.authz.common.security.PEMUtils;

/* loaded from: input_file:WEB-INF/lib/pep-client-2.2.0.jar:org/glite/authz/pep/profile/AuthorizationProfile.class */
public abstract class AuthorizationProfile extends AuthorizationProfileConstants implements Profile {
    private String profileId_;

    public Request createRequest(Subject subject, Resource resource, Action action, Environment environment) {
        Request request = new Request();
        if (subject != null) {
            request.getSubjects().add(subject);
        }
        if (resource != null) {
            request.getResources().add(resource);
        }
        if (action != null) {
            request.setAction(action);
        }
        if (environment != null) {
            request.setEnvironment(environment);
        }
        return request;
    }

    public Resource createResourceId(String str) {
        Resource resource = new Resource();
        Attribute attribute = new Attribute();
        attribute.setId("urn:oasis:names:tc:xacml:1.0:resource:resource-id");
        attribute.setDataType("http://www.w3.org/2001/XMLSchema#string");
        attribute.getValues().add(str);
        resource.getAttributes().add(attribute);
        return resource;
    }

    public Action createActionId(String str) {
        Action action = new Action();
        Attribute attribute = new Attribute();
        attribute.setId("urn:oasis:names:tc:xacml:1.0:action:action-id");
        attribute.setDataType("http://www.w3.org/2001/XMLSchema#string");
        attribute.getValues().add(str);
        action.getAttributes().add(attribute);
        return action;
    }

    public Request createRequest(Subject subject, Resource resource, Action action) {
        return createRequest(subject, resource, action, createEnvironmentProfileId(getProfileId()));
    }

    public Obligation getObligation(Response response, int i, String str) throws ProfileException {
        Iterator<Result> it2 = response.getResults().iterator();
        if (!it2.hasNext()) {
            return null;
        }
        Result next = it2.next();
        if (next.getDecision() != i) {
            throw new ProfileException("No decision " + Result.decisionToString(i) + " found: " + next.getDecisionString());
        }
        for (Obligation obligation : next.getObligations()) {
            String id = obligation.getId();
            if (obligation.getFulfillOn() == i && str.equals(id)) {
                return obligation;
            }
        }
        throw new ProfileException("No obligation " + str + " found");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AuthorizationProfile(String str) {
        this.profileId_ = Strings.safeTrimOrNullString(str);
    }

    @Override // org.glite.authz.pep.profile.Profile
    public String getProfileId() {
        return this.profileId_;
    }

    public Environment createEnvironmentProfileId(String str) {
        Environment environment = new Environment();
        Attribute attribute = new Attribute();
        attribute.setId(AuthorizationProfileConstants.ID_ATTRIBUTE_PROFILE_ID);
        attribute.setDataType("http://www.w3.org/2001/XMLSchema#anyURI");
        attribute.getValues().add(str);
        environment.getAttributes().add(attribute);
        return environment;
    }

    public Request createRequest(X509Certificate[] x509CertificateArr, String str, String str2) throws ProfileException {
        return createRequest(createSubjectKeyInfo(x509CertificateArr), createResourceId(str), createActionId(str2));
    }

    public Subject createSubjectKeyInfo(X509Certificate x509Certificate) throws ProfileException {
        return createSubjectKeyInfo(x509Certificate, null);
    }

    public Subject createSubjectKeyInfo(X509Certificate[] x509CertificateArr) throws ProfileException {
        return createSubjectKeyInfo(null, x509CertificateArr);
    }

    public Subject createSubjectKeyInfo(X509Certificate x509Certificate, X509Certificate[] x509CertificateArr) throws ProfileException {
        ArrayList arrayList = new ArrayList();
        if (x509Certificate != null) {
            arrayList.add(x509Certificate);
        }
        if (x509CertificateArr != null) {
            for (X509Certificate x509Certificate2 : x509CertificateArr) {
                arrayList.add(x509Certificate2);
            }
        }
        try {
            String certificatesToPEMString = PEMUtils.certificatesToPEMString(arrayList);
            Subject subject = new Subject();
            Attribute attribute = new Attribute();
            attribute.setId("urn:oasis:names:tc:xacml:1.0:subject:key-info");
            attribute.setDataType("http://www.w3.org/2001/XMLSchema#string");
            attribute.getValues().add(certificatesToPEMString);
            subject.getAttributes().add(attribute);
            return subject;
        } catch (IOException e) {
            throw new ProfileException("Can not convert certificate to PEM format", e);
        }
    }

    public Obligation getObligationPosixMapping(Response response) throws ProfileException {
        return getObligation(response, 1, AuthorizationProfileConstants.ID_OBLIGATION_POSIX_ENV_MAP);
    }

    public String getAttributeAssignmentUserId(Obligation obligation) throws ProfileException {
        if (!AuthorizationProfileConstants.ID_OBLIGATION_POSIX_ENV_MAP.equals(obligation.getId())) {
            throw new ProfileException("Obligation is not http://glite.org/xacml/obligation/local-environment-map/posix but " + obligation.getId());
        }
        for (AttributeAssignment attributeAssignment : obligation.getAttributeAssignments()) {
            if (AuthorizationProfileConstants.ID_ATTRIBUTE_USER_ID.equals(attributeAssignment.getAttributeId())) {
                String safeTrimOrNullString = Strings.safeTrimOrNullString(attributeAssignment.getValue());
                if (safeTrimOrNullString == null) {
                    throw new ProfileException("Attribute assignment http://glite.org/xacml/attribute/user-id found in obligation, but with an empty or null value");
                }
                return safeTrimOrNullString;
            }
        }
        throw new ProfileException("Mandatory attribute assignment http://glite.org/xacml/attribute/user-id not found in obligation http://glite.org/xacml/obligation/local-environment-map/posix");
    }

    public List<String> getAttributeAssignmentGroupIds(Obligation obligation) throws ProfileException {
        if (!AuthorizationProfileConstants.ID_OBLIGATION_POSIX_ENV_MAP.equals(obligation.getId())) {
            throw new ProfileException("Obligation is not http://glite.org/xacml/obligation/local-environment-map/posix");
        }
        ArrayList arrayList = new ArrayList();
        for (AttributeAssignment attributeAssignment : obligation.getAttributeAssignments()) {
            if (AuthorizationProfileConstants.ID_ATTRIBUTE_GROUP_ID.equals(attributeAssignment.getAttributeId())) {
                arrayList.add(attributeAssignment.getValue());
            }
        }
        return arrayList;
    }

    public String getAttributeAssignmentPrimaryGroupId(Obligation obligation) throws ProfileException {
        if (!AuthorizationProfileConstants.ID_OBLIGATION_POSIX_ENV_MAP.equals(obligation.getId())) {
            throw new ProfileException("Obligation is not http://glite.org/xacml/obligation/local-environment-map/posix");
        }
        for (AttributeAssignment attributeAssignment : obligation.getAttributeAssignments()) {
            if (AuthorizationProfileConstants.ID_ATTRIBUTE_PRIMARY_GROUP_ID.equals(attributeAssignment.getAttributeId())) {
                return attributeAssignment.getValue();
            }
        }
        return null;
    }
}
