package pl.edu.icm.yadda.aas.proxy;

import java.io.Serializable;
import java.util.HashMap;
import java.util.Map;
import pl.edu.icm.yadda.aas.client.YaddaObligationsAwareResult;
import pl.edu.icm.yadda.aas.client.backend.BackendAuthorizerRequest;
import pl.edu.icm.yadda.aas.handler.HeaderFieldBasedSecurityRequestHandler;
import pl.edu.icm.yadda.aas.handler.ISecurityRequestHandler;
import pl.edu.icm.yadda.aas.proxy.AbstractBackendAuthorizerAware;
import pl.edu.icm.yadda.exports.zentralblatt.YElementToZentralBlattConverter;
import pl.edu.icm.yadda.service2.GenericRequest;
import pl.edu.icm.yadda.service2.GenericResponse;
import pl.edu.icm.yadda.service2.GetFeaturesRequest;
import pl.edu.icm.yadda.service2.GetFeaturesResponse;
import pl.edu.icm.yadda.service2.GetVersionResponse;
import pl.edu.icm.yadda.service2.YaddaError;
import pl.edu.icm.yadda.service2.YaddaErrorCodeConstants;
import pl.edu.icm.yadda.service2.keyword.AddKeywordsRequest;
import pl.edu.icm.yadda.service2.keyword.GetChangelogRequest;
import pl.edu.icm.yadda.service2.keyword.GetChangelogResponse;
import pl.edu.icm.yadda.service2.keyword.GetKeywordObjectResponse;
import pl.edu.icm.yadda.service2.keyword.IKeywordServiceServer;
import pl.edu.icm.yadda.service2.keyword.ISReadyResponse;
import pl.edu.icm.yadda.service2.keyword.IdHelper;
import pl.edu.icm.yadda.service2.keyword.Keyword;
import pl.edu.icm.yadda.service2.keyword.KeywordCollection;
import pl.edu.icm.yadda.service2.keyword.KeywordObjectType;
import pl.edu.icm.yadda.service2.keyword.ListCollectionsRequest;
import pl.edu.icm.yadda.service2.keyword.ListCollectionsResponse;
import pl.edu.icm.yadda.service2.keyword.ListKeywordsRequest;
import pl.edu.icm.yadda.service2.keyword.ListKeywordsResponse;
import pl.edu.icm.yadda.service2.keyword.ListKeywordsValuesResponse;
import pl.edu.icm.yadda.service2.keyword.RemoveKeywordsResponse;
import pl.edu.icm.yadda.service2.keyword.StoreKeywordObjectRequest;
import pl.edu.icm.yadda.service2.keyword.StoreKeywordObjectResponse;
import pl.edu.icm.yadda.service2.keyword.TypedKeywordObjectRequest;

/* loaded from: input_file:WEB-INF/lib/yadda-aas2-common-0.7.0-SNAPSHOT.jar:pl/edu/icm/yadda/aas/proxy/SecuredKeywordService.class */
public class SecuredKeywordService extends AbstractBackendAuthorizerAware implements IKeywordServiceServer {
    public static final String BACKEND_RESOURCE_VALUE_KEYWORDS = "keywords";
    public static final String BACKEND_ACTION_VALUE_EDIT = "edit";
    public static final String BACKEND_ACTION_VALUE_MANAGE = "manage";
    public static final String BACKEND_ACTION_VALUE_VIEW = "view";
    public static final String AUX_PARAM_SUFFIX_COLL_ID = "coll-id";
    public static final String AUX_PARAM_SUFFIX_COLL_NAME = "coll-name";
    protected IKeywordServiceServer service;
    protected CollDiscrType collectionDiscriminatorType = CollDiscrType.COLL_NAME;
    protected boolean authorizeAccessInViewMode = false;
    private ISecurityRequestHandler securityRequestHandler = new HeaderFieldBasedSecurityRequestHandler();

    /* loaded from: input_file:WEB-INF/lib/yadda-aas2-common-0.7.0-SNAPSHOT.jar:pl/edu/icm/yadda/aas/proxy/SecuredKeywordService$CollDiscrType.class */
    public enum CollDiscrType {
        COLL_ID,
        COLL_NAME
    }

    @Override // pl.edu.icm.yadda.service2.keyword.IKeywordServiceServer
    public GetChangelogResponse getChangelog(GetChangelogRequest getChangelogRequest) {
        if (!this.authorizeAccessInViewMode) {
            return this.service.getChangelog(getChangelogRequest);
        }
        this.log.error("VIEW operation mode authorization is not implemented yet!");
        return new GetChangelogResponse(new YaddaError("error", "VIEW operation mode authorization is not implemented yet!"));
    }

    protected Map<String, Serializable> prepareCollAuxParams(String str, String str2) {
        if (str == null && str2 == null) {
            return null;
        }
        if (this.collectionDiscriminatorType == CollDiscrType.COLL_ID) {
            if (str == null) {
                this.log.warn("no collection id provided for aux params!");
                return null;
            }
            HashMap hashMap = new HashMap();
            hashMap.put(AUX_PARAM_SUFFIX_COLL_ID, str);
            return hashMap;
        }
        if (str2 != null) {
            HashMap hashMap2 = new HashMap();
            hashMap2.put(AUX_PARAM_SUFFIX_COLL_NAME, str2);
            return hashMap2;
        }
        GetKeywordObjectResponse object = this.service.getObject(new TypedKeywordObjectRequest(str, KeywordObjectType.COLLECTION));
        if (!object.isOK()) {
            this.log.warn("unable to infer collection name based on id: " + str + ", cause: " + object.getError().getMssg(), (Throwable) object.getError().getException());
            return null;
        }
        if (object.getObject() == null) {
            this.log.warn("no collection object found for id: " + str);
            return null;
        }
        KeywordCollection keywordCollection = (KeywordCollection) object.getObject();
        if (keywordCollection.getName() == null) {
            this.log.warn("name unspecified in collection object found for id: " + str);
            return null;
        }
        HashMap hashMap3 = new HashMap();
        hashMap3.put(AUX_PARAM_SUFFIX_COLL_NAME, keywordCollection.getName());
        return hashMap3;
    }

    @Override // pl.edu.icm.yadda.service2.keyword.IKeywordService
    public GenericResponse addKeywords(AddKeywordsRequest addKeywordsRequest) {
        AbstractBackendAuthorizerAware.ObligationContext obligationContext = new AbstractBackendAuthorizerAware.ObligationContext();
        YaddaObligationsAwareResult<Boolean> evaluateBackendAccess = evaluateBackendAccess(new BackendAuthorizerRequest("edit", "keywords", this.securityRequestHandler.extract(addKeywordsRequest), null, prepareCollAuxParams(IdHelper.tokenizeIdentifier(addKeywordsRequest.getDictId())[0], null)), obligationContext);
        if (evaluateBackendAccess.getData().booleanValue()) {
            if (obligationContext.understoodAll()) {
                return this.service.addKeywords(addKeywordsRequest);
            }
            this.log.error("some obligations were not understood" + YElementToZentralBlattConverter.SUGGESTED_DICTIONARY_VALUE_SEPARATOR + obligationContext.getObligsCVS());
            return new GenericResponse(new YaddaError(YaddaErrorCodeConstants.ERROR_AUTH, "some obligations were not understood"));
        }
        if (evaluateBackendAccess.getError() != null) {
            return new GenericResponse(evaluateBackendAccess.getError());
        }
        this.log.warn("Permission not granted to add keywords!");
        return new GenericResponse(new YaddaError(YaddaErrorCodeConstants.ERROR_AUTH, "Permission not granted to add keywords!"));
    }

    @Override // pl.edu.icm.yadda.service2.keyword.IKeywordService
    public GetKeywordObjectResponse getObject(TypedKeywordObjectRequest typedKeywordObjectRequest) {
        if (!this.authorizeAccessInViewMode) {
            return this.service.getObject(typedKeywordObjectRequest);
        }
        this.log.error("VIEW operation mode authorization is not implemented yet!");
        return new GetKeywordObjectResponse(new YaddaError("error", "VIEW operation mode authorization is not implemented yet!"));
    }

    @Override // pl.edu.icm.yadda.service2.keyword.IKeywordService
    public ListCollectionsResponse listCollections(ListCollectionsRequest listCollectionsRequest) {
        if (!this.authorizeAccessInViewMode) {
            return this.service.listCollections(listCollectionsRequest);
        }
        this.log.error("VIEW operation mode authorization is not implemented yet!");
        return new ListCollectionsResponse(new YaddaError("error", "VIEW operation mode authorization is not implemented yet!"));
    }

    @Override // pl.edu.icm.yadda.service2.keyword.IKeywordService
    public ListKeywordsResponse listKeywords(ListKeywordsRequest listKeywordsRequest) {
        if (!this.authorizeAccessInViewMode) {
            return this.service.listKeywords(listKeywordsRequest);
        }
        this.log.error("VIEW operation mode authorization is not implemented yet!");
        return new ListKeywordsResponse(new YaddaError("error", "VIEW operation mode authorization is not implemented yet!"));
    }

    @Override // pl.edu.icm.yadda.service2.keyword.IKeywordService
    public ListKeywordsValuesResponse listKeywordsValues(ListKeywordsRequest listKeywordsRequest) {
        if (!this.authorizeAccessInViewMode) {
            return this.service.listKeywordsValues(listKeywordsRequest);
        }
        this.log.error("VIEW operation mode authorization is not implemented yet!");
        return new ListKeywordsValuesResponse(new YaddaError("error", "VIEW operation mode authorization is not implemented yet!"));
    }

    @Override // pl.edu.icm.yadda.service2.keyword.IKeywordService
    public RemoveKeywordsResponse removeKeywords(ListKeywordsRequest listKeywordsRequest) {
        AbstractBackendAuthorizerAware.ObligationContext obligationContext = new AbstractBackendAuthorizerAware.ObligationContext();
        YaddaObligationsAwareResult<Boolean> evaluateBackendAccess = evaluateBackendAccess(new BackendAuthorizerRequest("edit", "keywords", this.securityRequestHandler.extract(listKeywordsRequest), null, prepareCollAuxParams(IdHelper.tokenizeIdentifier(listKeywordsRequest.getDictId())[0], null)), obligationContext);
        if (evaluateBackendAccess.getData().booleanValue()) {
            if (obligationContext.understoodAll()) {
                return this.service.removeKeywords(listKeywordsRequest);
            }
            this.log.error("some obligations were not understood" + YElementToZentralBlattConverter.SUGGESTED_DICTIONARY_VALUE_SEPARATOR + obligationContext.getObligsCVS());
            return new RemoveKeywordsResponse(new YaddaError(YaddaErrorCodeConstants.ERROR_AUTH, "some obligations were not understood"));
        }
        if (evaluateBackendAccess.getError() != null) {
            return new RemoveKeywordsResponse(evaluateBackendAccess.getError());
        }
        this.log.warn("Permission not granted to remove keywords!");
        return new RemoveKeywordsResponse(new YaddaError(YaddaErrorCodeConstants.ERROR_AUTH, "Permission not granted to remove keywords!"));
    }

    @Override // pl.edu.icm.yadda.service2.keyword.IKeywordService
    public GenericResponse removeObject(TypedKeywordObjectRequest typedKeywordObjectRequest) {
        AbstractBackendAuthorizerAware.ObligationContext obligationContext = new AbstractBackendAuthorizerAware.ObligationContext();
        YaddaObligationsAwareResult<Boolean> evaluateBackendAccess = evaluateBackendAccess(new BackendAuthorizerRequest(getActionType(typedKeywordObjectRequest), "keywords", this.securityRequestHandler.extract(typedKeywordObjectRequest), null, prepareCollAuxParams(getCollectionId(typedKeywordObjectRequest), null)), obligationContext);
        if (evaluateBackendAccess.getData().booleanValue()) {
            if (obligationContext.understoodAll()) {
                return this.service.removeObject(typedKeywordObjectRequest);
            }
            this.log.error("some obligations were not understood" + YElementToZentralBlattConverter.SUGGESTED_DICTIONARY_VALUE_SEPARATOR + obligationContext.getObligsCVS());
            return new GenericResponse(new YaddaError(YaddaErrorCodeConstants.ERROR_AUTH, "some obligations were not understood"));
        }
        if (evaluateBackendAccess.getError() != null) {
            return new GenericResponse(evaluateBackendAccess.getError());
        }
        this.log.warn("Permission not granted to remove object!");
        return new GenericResponse(new YaddaError(YaddaErrorCodeConstants.ERROR_AUTH, "Permission not granted to remove object!"));
    }

    protected String getCollectionId(TypedKeywordObjectRequest typedKeywordObjectRequest) {
        return KeywordObjectType.COLLECTION.equals(typedKeywordObjectRequest.getType()) ? typedKeywordObjectRequest.getId() : IdHelper.tokenizeIdentifier(typedKeywordObjectRequest.getId())[0];
    }

    protected String getActionType(TypedKeywordObjectRequest typedKeywordObjectRequest) {
        return KeywordObjectType.KEYWORD.equals(typedKeywordObjectRequest.getType()) ? "edit" : "manage";
    }

    @Override // pl.edu.icm.yadda.service2.keyword.IKeywordService
    public StoreKeywordObjectResponse storeObject(StoreKeywordObjectRequest storeKeywordObjectRequest) {
        AbstractBackendAuthorizerAware.ObligationContext obligationContext = new AbstractBackendAuthorizerAware.ObligationContext();
        YaddaObligationsAwareResult<Boolean> evaluateBackendAccess = evaluateBackendAccess(new BackendAuthorizerRequest(getActionType(storeKeywordObjectRequest), "keywords", this.securityRequestHandler.extract(storeKeywordObjectRequest), null, prepareCollAuxParams(getCollectionId(storeKeywordObjectRequest), getCollectionName(storeKeywordObjectRequest))), obligationContext);
        if (evaluateBackendAccess.getData().booleanValue()) {
            if (obligationContext.understoodAll()) {
                return this.service.storeObject(storeKeywordObjectRequest);
            }
            this.log.error("some obligations were not understood" + YElementToZentralBlattConverter.SUGGESTED_DICTIONARY_VALUE_SEPARATOR + obligationContext.getObligsCVS());
            return new StoreKeywordObjectResponse(new YaddaError(YaddaErrorCodeConstants.ERROR_AUTH, "some obligations were not understood"));
        }
        if (evaluateBackendAccess.getError() != null) {
            return new StoreKeywordObjectResponse(evaluateBackendAccess.getError());
        }
        this.log.warn("Permission not granted to store object!");
        return new StoreKeywordObjectResponse(new YaddaError(YaddaErrorCodeConstants.ERROR_AUTH, "Permission not granted to store object!"));
    }

    protected String getActionType(StoreKeywordObjectRequest storeKeywordObjectRequest) {
        return storeKeywordObjectRequest.getObject() instanceof Keyword ? "edit" : "manage";
    }

    protected String getCollectionName(StoreKeywordObjectRequest storeKeywordObjectRequest) {
        if (storeKeywordObjectRequest.getObject() instanceof KeywordCollection) {
            return ((KeywordCollection) storeKeywordObjectRequest.getObject()).getName();
        }
        return null;
    }

    protected String getCollectionId(StoreKeywordObjectRequest storeKeywordObjectRequest) {
        return storeKeywordObjectRequest.getObject() instanceof KeywordCollection ? storeKeywordObjectRequest.getObject().getId() : IdHelper.tokenizeIdentifier(storeKeywordObjectRequest.getObject().getId())[0];
    }

    @Override // pl.edu.icm.yadda.service2.IYaddaService
    public GetFeaturesResponse getFeatures(GetFeaturesRequest getFeaturesRequest) {
        GetFeaturesResponse features = this.service.getFeatures(getFeaturesRequest);
        features.getFeatures().add(SecurityConstants.FEATURE_REQUIRES_AUTHORIZATION);
        return features;
    }

    @Override // pl.edu.icm.yadda.service2.IYaddaService
    public GetVersionResponse getVersionResponse(GenericRequest genericRequest) {
        return this.service.getVersionResponse(genericRequest);
    }

    @Override // pl.edu.icm.yadda.service2.keyword.IKeywordService
    public ISReadyResponse isReady(GenericRequest genericRequest) {
        return this.service.isReady(genericRequest);
    }

    public void setService(IKeywordServiceServer iKeywordServiceServer) {
        this.service = iKeywordServiceServer;
    }

    public void setCollectionDiscriminatorType(CollDiscrType collDiscrType) {
        this.collectionDiscriminatorType = collDiscrType;
    }

    public void setAuthorizeAccessInViewMode(boolean z) {
        this.authorizeAccessInViewMode = z;
    }

    public void setSecurityRequestHandler(ISecurityRequestHandler iSecurityRequestHandler) {
        this.securityRequestHandler = iSecurityRequestHandler;
    }
}
