package pl.edu.icm.yadda.aas.proxy;

import java.util.HashMap;
import org.opensaml.lite.common.SAMLObject;
import org.opensaml.lite.saml2.core.Assertion;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Required;
import pl.edu.icm.yadda.aas.client.YaddaObligationsAwareResult;
import pl.edu.icm.yadda.aas.client.backend.BackendAuthorizerRequest;
import pl.edu.icm.yadda.aas.handler.HeaderFieldBasedSecurityRequestHandler;
import pl.edu.icm.yadda.aas.handler.ISecurityRequestHandler;
import pl.edu.icm.yadda.aas.proxy.AbstractBackendAuthorizerAware;
import pl.edu.icm.yadda.exports.zentralblatt.YElementToZentralBlattConverter;
import pl.edu.icm.yadda.service2.GenericRequest;
import pl.edu.icm.yadda.service2.GetFeaturesRequest;
import pl.edu.icm.yadda.service2.GetFeaturesResponse;
import pl.edu.icm.yadda.service2.GetVersionResponse;
import pl.edu.icm.yadda.service2.YaddaError;
import pl.edu.icm.yadda.service2.YaddaErrorCodeConstants;
import pl.edu.icm.yadda.service2.process.Constants;
import pl.edu.icm.yadda.service2.process.IProcessManagerService;
import pl.edu.icm.yadda.service2.process.protocol.FeedProcessRequest;
import pl.edu.icm.yadda.service2.process.protocol.ListProcessesResponse;
import pl.edu.icm.yadda.service2.process.protocol.ListProcessorsResponse;
import pl.edu.icm.yadda.service2.process.protocol.ProcessContextValueRequest;
import pl.edu.icm.yadda.service2.process.protocol.ProcessContextValueResponse;
import pl.edu.icm.yadda.service2.process.protocol.ProcessRequest;
import pl.edu.icm.yadda.service2.process.protocol.ProcessResponse;
import pl.edu.icm.yadda.service2.process.protocol.RunProcessRequest;

/* loaded from: input_file:WEB-INF/lib/yadda-aas2-common-1.12.4-SNAPSHOT.jar:pl/edu/icm/yadda/aas/proxy/SecuredProcessManagerService.class */
public class SecuredProcessManagerService extends AbstractBackendAuthorizerAware implements IProcessManagerService {
    public static final String BACKEND_RESOURCE_VALUE_PROCESS_MAN = "process-manager";
    public static final String BACKEND_ACTION_VALUE_MANAGE = "manage";
    protected IProcessManagerService service;
    protected final Logger log = LoggerFactory.getLogger(getClass());
    private ISecurityRequestHandler securityRequestHandler = new HeaderFieldBasedSecurityRequestHandler();

    @Override // pl.edu.icm.yadda.service2.process.IProcessManagerService
    public ProcessResponse cancelProcess(ProcessRequest processRequest) {
        AbstractBackendAuthorizerAware.ObligationContext obligationContext = new AbstractBackendAuthorizerAware.ObligationContext();
        YaddaObligationsAwareResult<Boolean> evaluateBackendAccess = evaluateBackendAccess(new BackendAuthorizerRequest("manage", "process-manager", this.securityRequestHandler.extract(processRequest)), obligationContext);
        if (evaluateBackendAccess.getData().booleanValue()) {
            if (obligationContext.understoodAll()) {
                return this.service.cancelProcess(processRequest);
            }
            this.log.error("some obligations were not understood" + YElementToZentralBlattConverter.SUGGESTED_DICTIONARY_VALUE_SEPARATOR + obligationContext.getObligsCVS());
            return new ProcessResponse(new YaddaError(YaddaErrorCodeConstants.ERROR_AUTH, "some obligations were not understood"));
        }
        if (evaluateBackendAccess.getError() != null) {
            return new ProcessResponse(evaluateBackendAccess.getError());
        }
        this.log.warn("Permission not granted to perform cancel process!");
        return new ProcessResponse(new YaddaError(YaddaErrorCodeConstants.ERROR_AUTH, "Permission not granted to perform cancel process!"));
    }

    @Override // pl.edu.icm.yadda.service2.process.IProcessManagerService
    public ProcessResponse checkProcessStatus(ProcessRequest processRequest) {
        AbstractBackendAuthorizerAware.ObligationContext obligationContext = new AbstractBackendAuthorizerAware.ObligationContext();
        YaddaObligationsAwareResult<Boolean> evaluateBackendAccess = evaluateBackendAccess(new BackendAuthorizerRequest("manage", "process-manager", this.securityRequestHandler.extract(processRequest)), obligationContext);
        if (evaluateBackendAccess.getData().booleanValue()) {
            if (obligationContext.understoodAll()) {
                return this.service.checkProcessStatus(processRequest);
            }
            this.log.error("some obligations were not understood" + YElementToZentralBlattConverter.SUGGESTED_DICTIONARY_VALUE_SEPARATOR + obligationContext.getObligsCVS());
            return new ProcessResponse(new YaddaError(YaddaErrorCodeConstants.ERROR_AUTH, "some obligations were not understood"));
        }
        if (evaluateBackendAccess.getError() != null) {
            return new ProcessResponse(evaluateBackendAccess.getError());
        }
        this.log.warn("Permission not granted to check process status!");
        return new ProcessResponse(new YaddaError(YaddaErrorCodeConstants.ERROR_AUTH, "Permission not granted to check process status!"));
    }

    @Override // pl.edu.icm.yadda.service2.process.IProcessManagerService
    public <I> ProcessResponse feedProcess(FeedProcessRequest<I> feedProcessRequest) {
        AbstractBackendAuthorizerAware.ObligationContext obligationContext = new AbstractBackendAuthorizerAware.ObligationContext();
        YaddaObligationsAwareResult<Boolean> evaluateBackendAccess = evaluateBackendAccess(new BackendAuthorizerRequest("manage", "process-manager", this.securityRequestHandler.extract(feedProcessRequest)), obligationContext);
        if (evaluateBackendAccess.getData().booleanValue()) {
            if (obligationContext.understoodAll()) {
                return this.service.feedProcess(feedProcessRequest);
            }
            this.log.error("some obligations were not understood" + YElementToZentralBlattConverter.SUGGESTED_DICTIONARY_VALUE_SEPARATOR + obligationContext.getObligsCVS());
            return new ProcessResponse(new YaddaError(YaddaErrorCodeConstants.ERROR_AUTH, "some obligations were not understood"));
        }
        if (evaluateBackendAccess.getError() != null) {
            return new ProcessResponse(evaluateBackendAccess.getError());
        }
        this.log.warn("Permission not granted to feed process!");
        return new ProcessResponse(new YaddaError(YaddaErrorCodeConstants.ERROR_AUTH, "Permission not granted to feed process!"));
    }

    @Override // pl.edu.icm.yadda.service2.process.IProcessManagerService
    public ListProcessesResponse listProcesses() {
        return this.service.listProcesses();
    }

    @Override // pl.edu.icm.yadda.service2.process.IProcessManagerService
    public ListProcessorsResponse listProcessors() {
        return this.service.listProcessors();
    }

    @Override // pl.edu.icm.yadda.service2.process.IProcessManagerService
    public ProcessContextValueResponse retrieveProcessContextValue(ProcessContextValueRequest processContextValueRequest) {
        AbstractBackendAuthorizerAware.ObligationContext obligationContext = new AbstractBackendAuthorizerAware.ObligationContext();
        YaddaObligationsAwareResult<Boolean> evaluateBackendAccess = evaluateBackendAccess(new BackendAuthorizerRequest("manage", "process-manager", this.securityRequestHandler.extract(processContextValueRequest)), obligationContext);
        if (evaluateBackendAccess.getData().booleanValue()) {
            if (obligationContext.understoodAll()) {
                return this.service.retrieveProcessContextValue(processContextValueRequest);
            }
            this.log.error("some obligations were not understood" + YElementToZentralBlattConverter.SUGGESTED_DICTIONARY_VALUE_SEPARATOR + obligationContext.getObligsCVS());
            return new ProcessContextValueResponse(new YaddaError(YaddaErrorCodeConstants.ERROR_AUTH, "some obligations were not understood"));
        }
        if (evaluateBackendAccess.getError() != null) {
            return new ProcessContextValueResponse(evaluateBackendAccess.getError());
        }
        this.log.warn("Permission not granted to retrieve process context value!");
        return new ProcessContextValueResponse(new YaddaError(YaddaErrorCodeConstants.ERROR_AUTH, "Permission not granted to retrieve process context value!"));
    }

    @Override // pl.edu.icm.yadda.service2.process.IProcessManagerService
    public <I> ProcessResponse runProcess(RunProcessRequest<I> runProcessRequest) {
        AbstractBackendAuthorizerAware.ObligationContext obligationContext = new AbstractBackendAuthorizerAware.ObligationContext();
        YaddaObligationsAwareResult<Boolean> evaluateBackendAccess = evaluateBackendAccess(new BackendAuthorizerRequest("manage", "process-manager", this.securityRequestHandler.extract(runProcessRequest)), obligationContext);
        if (!evaluateBackendAccess.getData().booleanValue()) {
            if (evaluateBackendAccess.getError() != null) {
                return new ProcessResponse(evaluateBackendAccess.getError());
            }
            this.log.warn("Permission not granted to run process!");
            return new ProcessResponse(new YaddaError(YaddaErrorCodeConstants.ERROR_AUTH, "Permission not granted to run process!"));
        }
        if (!obligationContext.understoodAll()) {
            this.log.error("some obligations were not understood" + YElementToZentralBlattConverter.SUGGESTED_DICTIONARY_VALUE_SEPARATOR + obligationContext.getObligsCVS());
            return new ProcessResponse(new YaddaError(YaddaErrorCodeConstants.ERROR_AUTH, "some obligations were not understood"));
        }
        HashMap hashMap = new HashMap();
        if (runProcessRequest.getMap() != null) {
            hashMap.putAll(runProcessRequest.getMap());
        }
        SAMLObject[] extract = this.securityRequestHandler.extract(runProcessRequest);
        hashMap.put(Constants.CONTEXT_ENTRY_ASSERTIONS, extract);
        hashMap.remove(Constants.CONTEXT_ENTRY_SESSION_ID);
        if (extract != null) {
            for (SAMLObject sAMLObject : extract) {
                if (sAMLObject instanceof Assertion) {
                    hashMap.put(Constants.CONTEXT_ENTRY_SESSION_ID, ((Assertion) sAMLObject).getID());
                }
            }
        }
        RunProcessRequest<I> runProcessRequest2 = new RunProcessRequest<>(runProcessRequest.getProcessorId(), runProcessRequest.getTags(), hashMap, runProcessRequest.getData());
        this.securityRequestHandler.attach(runProcessRequest2, extract);
        return this.service.runProcess(runProcessRequest2);
    }

    @Override // pl.edu.icm.yadda.service2.IYaddaService
    public GetFeaturesResponse getFeatures(GetFeaturesRequest getFeaturesRequest) {
        return this.service.getFeatures(getFeaturesRequest);
    }

    @Override // pl.edu.icm.yadda.service2.IYaddaService
    public GetVersionResponse getVersionResponse(GenericRequest genericRequest) {
        return this.service.getVersionResponse(genericRequest);
    }

    @Required
    public void setService(IProcessManagerService iProcessManagerService) {
        this.service = iProcessManagerService;
    }

    public void setSecurityRequestHandler(ISecurityRequestHandler iSecurityRequestHandler) {
        this.securityRequestHandler = iSecurityRequestHandler;
    }
}
