package org.gcube.common.core.security.utils;

import java.io.File;
import java.io.StringReader;
import java.util.Iterator;
import java.util.Set;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import org.apache.axis.wsdl.symbolTable.SymbolTable;
import org.gcube.common.core.contexts.GCUBEServiceContext;
import org.gcube.common.core.security.GCUBEDefaultSecurityConfiguration;
import org.gcube.common.core.utils.logging.GCUBELog;
import org.globus.wsrf.impl.security.descriptor.ServiceSecurityDescriptor;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.NodeList;
import org.w3c.dom.Text;
import org.xml.sax.InputSource;

/* loaded from: input_file:org/gcube/common/core/security/utils/DefaultSecurityDescriptorBuilder.class */
public class DefaultSecurityDescriptorBuilder {
    private ServiceSecurityDescriptor incomingSecurityDescriptor;
    private ServiceSecurityDescriptor outgoingSecurityDescriptor;
    private DefaultSecurityConfigurationBean defaultIncomingConfiguration;
    private DefaultSecurityConfigurationBean defaultOutgoinfConfiguration;
    private CredentialPropagationStatus credentialPropagationStatus;
    private final String SERVICE_SEC_DESC_MODEL = "<securityConfig xmlns=\"%NAMESPACE%\"><auth-method>%AUTH_METHOD%<protection-level>%PROT_LEVELS%</protection-level>%_AUTH_METHOD%</auth-method></securityConfig>";
    private final String SD_NAMESPACE = "http://www.globus.org";
    private final String DS_IN_ELEMENT = "in";
    private final String DS_OUT_ELEMENT = "out";
    private final String DS_AUTH_METHOD_ELEMENT = "auth_method";
    private final String DS_PROTECTION_LEVEL_ELEMENT = "protection_level";
    private final String DS_ENABLED_ATTRIBUTE = "enabled";
    private final String DS_OVERRIDE_ATTRIBUTE = "override";
    private final String DS_CRED_PROP_ELEMENT = GCUBEServiceContext.PROPAGATE_CALLER_CREDENTIALS_JNDI_NAME;
    private final String DS_CRED_VALUE_ATTRIBUTE = "value";
    private GCUBELog logger = new GCUBELog(this);

    public DefaultSecurityDescriptorBuilder(String str) throws Exception {
        if (str == null) {
            throw new Exception("Null default path");
        }
        Element documentElement = loadDefaultSecConfigurationDocument(str).getDocumentElement();
        this.logger.debug("loading default ingoing security configuration");
        this.defaultIncomingConfiguration = generateDefaultSecurityConfiguration(documentElement, "in");
        this.logger.debug("default ingoing security configuration loaded");
        this.logger.debug("loading default outgoing security configuration");
        this.defaultOutgoinfConfiguration = generateDefaultSecurityConfiguration(documentElement, "out");
        this.logger.debug("default outgoing security configuration loaded");
        this.logger.debug("Trying to build default ingoing service security descriptor...");
        this.incomingSecurityDescriptor = buildServiceSecurityDescriptor(this.defaultIncomingConfiguration);
        this.logger.debug("Default ingoing service security descriptor generated");
        this.logger.debug("Trying to build default outgoing service security descriptor...");
        this.outgoingSecurityDescriptor = buildServiceSecurityDescriptor(this.defaultOutgoinfConfiguration);
        this.logger.debug("Default outgoing service security descriptor generated");
        this.logger.debug("Trying to get the credential propagation configuration");
        this.credentialPropagationStatus = buildCredentialPropagationConfiguration(documentElement);
        this.logger.debug("Credential propagation configuration gotten");
    }

    private ServiceSecurityDescriptor buildServiceSecurityDescriptor(DefaultSecurityConfigurationBean defaultSecurityConfigurationBean) throws Exception {
        this.logger.debug("Trying to build default service security descriptor...");
        ServiceSecurityDescriptor serviceSecurityDescriptor = null;
        if (defaultSecurityConfigurationBean.isEnabled()) {
            this.logger.debug("Default ingoing service security descriptor is enabled");
            serviceSecurityDescriptor = generateServiceSecurityDescriptor(defaultSecurityConfigurationBean);
        } else {
            this.logger.debug("Default service security configuration disabled");
        }
        return serviceSecurityDescriptor;
    }

    private ServiceSecurityDescriptor generateServiceSecurityDescriptor(DefaultSecurityConfigurationBean defaultSecurityConfigurationBean) throws Exception {
        this.logger.debug("Generating service security descriptor...");
        String generateServiceSecurityDescriptorDom = generateServiceSecurityDescriptorDom(defaultSecurityConfigurationBean.getIn_auth_method(), defaultSecurityConfigurationBean.getIn_protection_levels());
        this.logger.debug(generateServiceSecurityDescriptorDom);
        Element stringToElement = stringToElement(generateServiceSecurityDescriptorDom);
        this.logger.debug("Element generated");
        ServiceSecurityDescriptor serviceSecurityDescriptor = new ServiceSecurityDescriptor();
        serviceSecurityDescriptor.parse(stringToElement);
        this.logger.debug("Sec descriptor generated");
        return serviceSecurityDescriptor;
    }

    private CredentialPropagationStatus buildCredentialPropagationConfiguration(Element element) {
        this.logger.debug("Getting credential propagation configuration");
        CredentialPropagationStatus credentialPropagationStatus = new CredentialPropagationStatus();
        NodeList elementsByTagName = element.getElementsByTagName(GCUBEServiceContext.PROPAGATE_CALLER_CREDENTIALS_JNDI_NAME);
        if (elementsByTagName != null && elementsByTagName.getLength() > 0) {
            this.logger.debug("Credential propagation configuration found");
            Element element2 = (Element) elementsByTagName.item(0);
            String attribute = element2.getAttribute("value");
            if (attribute != null) {
                this.logger.debug("Credential propagation value = " + attribute);
                if (attribute.equalsIgnoreCase("false")) {
                    credentialPropagationStatus.setPropagate(false);
                    credentialPropagationStatus.setOverride(getCredentialPropagationOverrideAttribute(element2));
                } else if (attribute.equalsIgnoreCase("true")) {
                    credentialPropagationStatus.setPropagate(true);
                    credentialPropagationStatus.setOverride(getCredentialPropagationOverrideAttribute(element2));
                } else {
                    this.logger.warn("Unable to find a correct credential propagation value attribute: default credential propagation behaviour disabled");
                }
            } else {
                this.logger.warn("Unable to find a correct credential propagation value attribute: default credential propagation behaviour disabled");
            }
        }
        return credentialPropagationStatus;
    }

    private boolean getCredentialPropagationOverrideAttribute(Element element) {
        this.logger.debug("getting cred propagation override attribute");
        String attribute = element.getAttribute("override");
        this.logger.debug("override value = " + attribute);
        if (attribute == null) {
            this.logger.debug("Override value not set, returning false");
            return false;
        }
        if (attribute.equalsIgnoreCase("true")) {
            this.logger.debug("Override value true");
            return true;
        }
        if (attribute.equalsIgnoreCase("false")) {
            this.logger.debug("Override value false");
            return false;
        }
        this.logger.warn("Invalid override value " + attribute + " returning the default value false");
        return false;
    }

    public ServiceSecurityDescriptor getIncomingMessagesSecurityDescriptor() {
        return this.incomingSecurityDescriptor;
    }

    public ServiceSecurityDescriptor getOutgoingMessagesSecurityDescriptor() {
        return this.outgoingSecurityDescriptor;
    }

    public GCUBEDefaultSecurityConfiguration getGCUBEDefaultSecurityConfiguration() {
        GCUBEDefaultSecurityConfiguration gCUBEDefaultSecurityConfiguration = new GCUBEDefaultSecurityConfiguration();
        gCUBEDefaultSecurityConfiguration.setDefaultCredentialPropagationSet(this.credentialPropagationStatus.isSet());
        gCUBEDefaultSecurityConfiguration.setPropagateCallerCredentials(this.credentialPropagationStatus.isPropagate());
        gCUBEDefaultSecurityConfiguration.setPropagateCallerCredentialsOverride(this.credentialPropagationStatus.isOverride());
        gCUBEDefaultSecurityConfiguration.setInEnabled(this.defaultIncomingConfiguration.isEnabled());
        gCUBEDefaultSecurityConfiguration.setOutEnabled(this.defaultOutgoinfConfiguration.isEnabled());
        gCUBEDefaultSecurityConfiguration.setInOverride(this.defaultIncomingConfiguration.isOverride());
        gCUBEDefaultSecurityConfiguration.setOutOverride(this.defaultOutgoinfConfiguration.isOverride());
        return gCUBEDefaultSecurityConfiguration;
    }

    private Document loadDefaultSecConfigurationDocument(String str) throws Exception {
        this.logger.debug("Building dom...");
        Document parse = DocumentBuilderFactory.newInstance().newDocumentBuilder().parse(new File(str));
        this.logger.debug("document loaded");
        return parse;
    }

    private DefaultSecurityConfigurationBean generateDefaultSecurityConfiguration(Element element, String str) throws Exception {
        this.logger.debug("Parsing default sec configuration...");
        DefaultSecurityConfigurationBean defaultSecurityConfigurationBean = new DefaultSecurityConfigurationBean();
        this.logger.debug("Default Security document root " + element.getNamespaceURI() + " " + element.getNodeName());
        NodeList elementsByTagName = element.getElementsByTagName(str);
        if (elementsByTagName != null && elementsByTagName.getLength() != 0) {
            this.logger.debug("security configuration");
            Element element2 = (Element) elementsByTagName.item(0);
            String attribute = element2.getAttribute("enabled");
            if (attribute == null || attribute.equalsIgnoreCase("true")) {
                defaultSecurityConfigurationBean.setEnabled(true);
                String attribute2 = element2.getAttribute("override");
                this.logger.debug("override = " + attribute2);
                defaultSecurityConfigurationBean.setOverride(attribute2);
                this.logger.debug("loading auth method element...");
                defaultSecurityConfigurationBean.setAuth_method(getText("auth_method", element2, true));
                this.logger.debug("auth method element loaded");
                this.logger.debug("loading protection level element...");
                for (String str2 : getText("protection_level", element2, true).split(",")) {
                    defaultSecurityConfigurationBean.addProtection_level(str2);
                }
                this.logger.debug("protetion level loaded");
            } else {
                this.logger.debug("default security configuration disabled");
            }
        }
        return defaultSecurityConfigurationBean;
    }

    private String findInternalText(Element element, boolean z) throws Exception {
        this.logger.debug("Adding text");
        Text text = (Text) element.getFirstChild();
        if (text != null) {
            String data = text.getData();
            this.logger.debug("data " + data);
            return data;
        }
        if (z) {
            this.logger.error("No text found");
            throw new Exception("No text found");
        }
        this.logger.debug("Text element not found");
        return null;
    }

    private String getText(String str, Element element, boolean z) throws Exception {
        this.logger.debug("Founding text element " + str);
        String str2 = null;
        NodeList elementsByTagName = element.getElementsByTagName(str);
        if (elementsByTagName != null && elementsByTagName.getLength() > 0) {
            str2 = findInternalText((Element) elementsByTagName.item(0), z);
        } else {
            if (z) {
                this.logger.error("Root Element not found");
                throw new Exception("Invalid auth configuration: required element not found");
            }
            this.logger.debug("Delegation element not found");
        }
        return str2;
    }

    private String generateServiceSecurityDescriptorDom(String str, Set<String> set) throws ParserConfigurationException {
        this.logger.debug("Building dom...");
        String replace = new String("<securityConfig xmlns=\"%NAMESPACE%\"><auth-method>%AUTH_METHOD%<protection-level>%PROT_LEVELS%</protection-level>%_AUTH_METHOD%</auth-method></securityConfig>").replace("%NAMESPACE%", "http://www.globus.org").replace("%AUTH_METHOD%", "<" + str + SymbolTable.ANON_TOKEN).replace("%_AUTH_METHOD%", "</" + str + SymbolTable.ANON_TOKEN);
        StringBuilder sb = new StringBuilder();
        Iterator<String> it = set.iterator();
        while (it.hasNext()) {
            sb.append("<").append(it.next()).append("/>");
        }
        return replace.replace("%PROT_LEVELS%", sb.toString());
    }

    private Element stringToElement(String str) throws Exception {
        return string2Document(str).getDocumentElement();
    }

    private Document string2Document(String str) {
        Document document = null;
        try {
            DocumentBuilderFactory newInstance = DocumentBuilderFactory.newInstance();
            newInstance.setNamespaceAware(true);
            document = newInstance.newDocumentBuilder().parse(new InputSource(new StringReader(str)));
        } catch (Exception e) {
            e.printStackTrace();
        }
        return document;
    }
}
