package org.wso2.carbon.appmgt.impl.entitlement;

import java.net.MalformedURLException;
import java.net.URL;
import java.rmi.RemoteException;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import javax.xml.namespace.QName;
import javax.xml.stream.XMLStreamException;
import org.apache.axiom.om.OMElement;
import org.apache.axiom.om.OMNamespace;
import org.apache.axiom.om.util.AXIOMUtil;
import org.apache.axis2.AxisFault;
import org.apache.axis2.client.Options;
import org.apache.axis2.context.ConfigurationContext;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.appmgt.api.AppManagementException;
import org.wso2.carbon.appmgt.api.EntitlementService;
import org.wso2.carbon.appmgt.api.model.entitlement.EntitlementDecisionRequest;
import org.wso2.carbon.appmgt.api.model.entitlement.EntitlementPolicy;
import org.wso2.carbon.appmgt.api.model.entitlement.EntitlementPolicyValidationResult;
import org.wso2.carbon.appmgt.api.model.entitlement.XACMLPolicyTemplateContext;
import org.wso2.carbon.authenticator.stub.AuthenticationAdminStub;
import org.wso2.carbon.authenticator.stub.LoginAuthenticationExceptionException;
import org.wso2.carbon.identity.entitlement.EntitlementUtil;
import org.wso2.carbon.identity.entitlement.proxy.Attribute;
import org.wso2.carbon.identity.entitlement.proxy.PEPProxy;
import org.wso2.carbon.identity.entitlement.proxy.PEPProxyConfig;
import org.wso2.carbon.identity.entitlement.proxy.exception.EntitlementProxyException;
import org.wso2.carbon.identity.entitlement.stub.EntitlementPolicyAdminServiceEntitlementException;
import org.wso2.carbon.identity.entitlement.stub.EntitlementPolicyAdminServiceStub;
import org.wso2.carbon.identity.entitlement.stub.dto.PolicyDTO;

/* loaded from: input_file:org/wso2/carbon/appmgt/impl/entitlement/XacmlEntitlementServiceImpl.class */
public class XacmlEntitlementServiceImpl implements EntitlementService {
    private static final String XACML_ATTRIBUTE_ID_SUBJECT_ID = "urn:oasis:names:tc:xacml:1.0:subject:subject-id";
    private static final String XACML_ATTRIBUTE_CATEGORY_SUBJECT = "urn:oasis:names:tc:xacml:1.0:subject-category:access-subject";
    private static final Log log = LogFactory.getLog(XacmlEntitlementServiceImpl.class);
    private static final String DECISION_DENY = "DENY";
    private static final String XML_ELEMENT_RESULT = "Result";
    private static final String XML_ELEMENT_DECISION = "Decision";
    private static final String XML_NS_XACML_RESULT = "urn:oasis:names:tc:xacml:3.0:core:schema:wd-17";
    private static final String XACML_ATTRIBUTE_CATEGORY_CUSTOM = "urn:wso2:appm:xacml:attribute-category:custom";
    private static final String XACML_ATTRIBUTE_ID_POLICY_ID = "urn:wso2:appm:xacml:custom:policy-id";
    private String serverUrl;
    private String username;
    private String password;
    private EntitlementPolicyAdminServiceStub entitlementPolicyAdminServiceStub;

    public XacmlEntitlementServiceImpl(String str, String str2, String str3) {
        this.serverUrl = str;
        this.username = str2;
        this.password = str3;
    }

    public void init() throws AppManagementException {
        try {
            String login = login(this.serverUrl, this.username, this.password);
            this.entitlementPolicyAdminServiceStub = new EntitlementPolicyAdminServiceStub(this.serverUrl + "/services/EntitlementPolicyAdminService");
            Options options = this.entitlementPolicyAdminServiceStub._getServiceClient().getOptions();
            options.setManageSession(true);
            options.setProperty("Cookie", login);
        } catch (AxisFault e) {
            log.error("Cannot initialize XACML entitlement service.", e);
            throw new AppManagementException("Cannot initialize XACML entitlement service.", e);
        }
    }

    public void savePolicy(EntitlementPolicy entitlementPolicy) {
        try {
            if (entitlementPolicy.isValid()) {
                PolicyDTO existingPolicy = getExistingPolicy(entitlementPolicy.getPolicyId());
                if (existingPolicy != null) {
                    doUpdatePolicy(existingPolicy, entitlementPolicy);
                } else {
                    doSavePolicy(entitlementPolicy);
                }
            }
        } catch (RemoteException e) {
            log.error("Error occurred while saving or publishing XACML policy with id : " + entitlementPolicy.getPolicyId(), e);
        } catch (EntitlementPolicyAdminServiceEntitlementException e2) {
            log.error("Cannot save or publish XACML policy with id : " + entitlementPolicy.getPolicyId() + ". Error occurred in EntitlementPolicyAdminService", e2);
        }
    }

    public void updatePolicy(EntitlementPolicy entitlementPolicy) {
        EntitlementPolicy preProcess = preProcess(entitlementPolicy);
        if (preProcess == null) {
            return;
        }
        try {
            doUpdatePolicy(getExistingPolicy(entitlementPolicy.getPolicyId()), preProcess);
        } catch (RemoteException e) {
            log.error("Error occurred while updating XACML policy with id : " + entitlementPolicy.getPolicyId(), e);
        } catch (EntitlementPolicyAdminServiceEntitlementException e2) {
            log.error("Cannot update XACML policy with id : " + entitlementPolicy.getPolicyId() + ". Error occurred in EntitlementPolicyAdminService", e2);
        }
    }

    public EntitlementPolicyValidationResult validatePolicyPartial(String str) {
        org.wso2.carbon.identity.entitlement.dto.PolicyDTO policyDTO = new org.wso2.carbon.identity.entitlement.dto.PolicyDTO();
        policyDTO.setPolicy(generateMockPolicy(str));
        EntitlementPolicyValidationResult entitlementPolicyValidationResult = new EntitlementPolicyValidationResult();
        entitlementPolicyValidationResult.setValid(EntitlementUtil.validatePolicy(policyDTO));
        return entitlementPolicyValidationResult;
    }

    public EntitlementPolicyValidationResult validatePolicy(EntitlementPolicy entitlementPolicy) {
        org.wso2.carbon.identity.entitlement.dto.PolicyDTO policyDTO = new org.wso2.carbon.identity.entitlement.dto.PolicyDTO();
        policyDTO.setPolicy(entitlementPolicy.getPolicyContent());
        EntitlementPolicyValidationResult entitlementPolicyValidationResult = new EntitlementPolicyValidationResult();
        entitlementPolicyValidationResult.setValid(EntitlementUtil.validatePolicy(policyDTO));
        return entitlementPolicyValidationResult;
    }

    public void generateAndSaveEntitlementPolicies(List<XACMLPolicyTemplateContext> list) {
        XACMLTemplateBuilder xACMLTemplateBuilder = new XACMLTemplateBuilder();
        Iterator<XACMLPolicyTemplateContext> it = list.iterator();
        while (it.hasNext()) {
            generateAndSaveEntitlementPolicy(it.next(), xACMLTemplateBuilder);
        }
    }

    public boolean isPermitted(EntitlementDecisionRequest entitlementDecisionRequest) throws AppManagementException {
        PEPProxy pepProxy = getPepProxy();
        if (pepProxy == null) {
            throw new AppManagementException("Cannot create PEP proxy.");
        }
        try {
            String text = AXIOMUtil.stringToOM(pepProxy.getDecision(getEntitlementAttributes(entitlementDecisionRequest))).getFirstChildWithName(new QName(XML_NS_XACML_RESULT, XML_ELEMENT_RESULT)).getFirstChildWithName(new QName(XML_NS_XACML_RESULT, XML_ELEMENT_DECISION)).getText();
            if (text != null) {
                return !DECISION_DENY.equals(text.toUpperCase());
            }
            return true;
        } catch (Exception e) {
            String format = String.format("Error while evaluating entitlement for the policy id '%s'.", entitlementDecisionRequest.getPolicyId());
            log.error(format, e);
            throw new AppManagementException(format, e);
        }
    }

    public String getPolicyContent(String str) {
        try {
            return getPolicy(str).getPolicy();
        } catch (RemoteException e) {
            log.error("Error occurred while retrieving policy with policy id : " + str, e);
            return null;
        } catch (EntitlementPolicyAdminServiceEntitlementException e2) {
            log.error("Error occurred while retrieving policy with id : " + str + " from EntitlementPolicyAdmin Service ", e2);
            return null;
        }
    }

    public void removePolicy(String str) {
        try {
            if (getExistingPolicy(str) != null) {
                deletePolicy(str);
            }
        } catch (EntitlementPolicyAdminServiceEntitlementException e) {
            log.error("Error occurred while removing policy from EntitlementPolicyAdmin Service ", e);
        } catch (RemoteException e2) {
            log.error("Error occurred while deleting policy with policy id : " + str, e2);
        }
    }

    private void generateAndSaveEntitlementPolicy(XACMLPolicyTemplateContext xACMLPolicyTemplateContext, XACMLTemplateBuilder xACMLTemplateBuilder) {
        savePolicy(xACMLTemplateBuilder.generatePolicy(xACMLPolicyTemplateContext));
    }

    private PolicyDTO getExistingPolicy(String str) throws RemoteException, EntitlementPolicyAdminServiceEntitlementException {
        return this.entitlementPolicyAdminServiceStub.getLightPolicy(str);
    }

    private PolicyDTO getPolicy(String str) throws RemoteException, EntitlementPolicyAdminServiceEntitlementException {
        return this.entitlementPolicyAdminServiceStub.getPolicy(str, false);
    }

    private void doUpdatePolicy(PolicyDTO policyDTO, EntitlementPolicy entitlementPolicy) throws RemoteException, EntitlementPolicyAdminServiceEntitlementException {
        policyDTO.setPolicy(entitlementPolicy.getPolicyContent());
        this.entitlementPolicyAdminServiceStub.updatePolicy(policyDTO);
        this.entitlementPolicyAdminServiceStub.publishToPDP(new String[]{policyDTO.getPolicyId()}, "UPDATE", (String) null, true, 0);
    }

    private void deletePolicy(String str) throws RemoteException, EntitlementPolicyAdminServiceEntitlementException {
        this.entitlementPolicyAdminServiceStub.dePromotePolicy(str);
        this.entitlementPolicyAdminServiceStub.removePolicy(str, false);
    }

    private void doSavePolicy(EntitlementPolicy entitlementPolicy) throws RemoteException, EntitlementPolicyAdminServiceEntitlementException {
        PolicyDTO createNewPolicyDTO = createNewPolicyDTO(entitlementPolicy);
        this.entitlementPolicyAdminServiceStub.addPolicy(createNewPolicyDTO);
        this.entitlementPolicyAdminServiceStub.publishToPDP(new String[]{createNewPolicyDTO.getPolicyId()}, "CREATE", (String) null, true, 0);
    }

    private PolicyDTO createNewPolicyDTO(EntitlementPolicy entitlementPolicy) {
        PolicyDTO policyDTO = new PolicyDTO();
        policyDTO.setPolicyId(entitlementPolicy.getPolicyId());
        policyDTO.setPolicy(entitlementPolicy.getPolicyContent());
        policyDTO.setPolicyEditor("XML");
        return policyDTO;
    }

    private String generateMockPolicy(String str) {
        return new XACMLTemplateBuilder().generateMockPolicy(str);
    }

    private PEPProxy getPepProxy() {
        HashMap hashMap = new HashMap();
        HashMap hashMap2 = new HashMap();
        hashMap2.put("client", "soap");
        hashMap2.put("serverUrl", this.serverUrl + "/services");
        hashMap2.put("userName", this.username);
        hashMap2.put("password", this.password);
        hashMap2.put("reuseSession", "yes");
        hashMap.put("AppManagerGateway", hashMap2);
        PEPProxy pEPProxy = null;
        try {
            pEPProxy = new PEPProxy(new PEPProxyConfig(hashMap, "AppManagerGateway", "simple", 0, 0));
        } catch (EntitlementProxyException e) {
            log.error("Cannot create PEP proxy");
        }
        return pEPProxy;
    }

    private EntitlementPolicy preProcess(EntitlementPolicy entitlementPolicy) {
        try {
            OMElement stringToOM = AXIOMUtil.stringToOM(entitlementPolicy.getPolicyContent());
            stringToOM.addAttribute("PolicyId", entitlementPolicy.getPolicyId(), (OMNamespace) null);
            entitlementPolicy.setPolicyContent(stringToOM.toStringWithConsume());
            return entitlementPolicy;
        } catch (XMLStreamException e) {
            log.error("Cannot process XACML policy content.");
            return null;
        }
    }

    private String login(String str, String str2, String str3) throws AxisFault {
        try {
            String host = new URL(str).getHost();
            AuthenticationAdminStub authenticationAdminStub = new AuthenticationAdminStub((ConfigurationContext) null, str + "/services/AuthenticationAdmin");
            authenticationAdminStub._getServiceClient().getOptions().setManageSession(true);
            try {
                authenticationAdminStub.login(str2, str3, host);
                return (String) authenticationAdminStub._getServiceClient().getLastOperationContext().getServiceContext().getProperty("Cookie");
            } catch (RemoteException e) {
                throw new AxisFault("Error while contacting the authentication admin services", e);
            } catch (LoginAuthenticationExceptionException e2) {
                throw new AxisFault("Error while authenticating against the entitlement service", e2);
            }
        } catch (MalformedURLException e3) {
            throw new AxisFault("Entitlement service URL is malformed.", e3);
        }
    }

    private Attribute[] getEntitlementAttributes(EntitlementDecisionRequest entitlementDecisionRequest) {
        return new Attribute[]{new Attribute(XACML_ATTRIBUTE_CATEGORY_CUSTOM, XACML_ATTRIBUTE_ID_POLICY_ID, "string", entitlementDecisionRequest.getPolicyId()), new Attribute(XACML_ATTRIBUTE_CATEGORY_SUBJECT, XACML_ATTRIBUTE_ID_SUBJECT_ID, "string", entitlementDecisionRequest.getSubject())};
    }
}
