package pl.edu.icm.yadda.aas.client.authz.lic;

import java.util.HashSet;
import java.util.Set;
import org.opensaml.lite.common.SAMLObject;
import org.opensaml.lite.xacml.XACMLConstants;
import org.opensaml.lite.xacml.ctx.DecisionType;
import org.opensaml.lite.xacml.ctx.impl.ActionTypeImpl;
import org.opensaml.lite.xacml.ctx.impl.AttributeTypeImpl;
import org.opensaml.lite.xacml.ctx.impl.AttributeValueTypeImpl;
import org.opensaml.lite.xacml.ctx.impl.EnvironmentTypeImpl;
import org.opensaml.lite.xacml.ctx.impl.RequestTypeImpl;
import org.opensaml.lite.xacml.ctx.impl.ResourceTypeImpl;
import org.opensaml.lite.xacml.ctx.impl.SubjectTypeImpl;
import org.opensaml.lite.xacml.policy.ObligationType;
import org.opensaml.lite.xacml.profile.saml.impl.XACMLAuthzDecisionQueryTypeImpl;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import pl.edu.icm.yadda.aas.client.YaddaErrorAwareResult;
import pl.edu.icm.yadda.aas.handler.HeaderFieldBasedSecurityRequestHandler;
import pl.edu.icm.yadda.aas.handler.ISecurityRequestHandler;
import pl.edu.icm.yadda.service2.YaddaError;
import pl.edu.icm.yadda.service2.aas.AAError;
import pl.edu.icm.yadda.service2.aas.AuthorizeRequest;
import pl.edu.icm.yadda.service2.aas.AuthorizeResponse;
import pl.edu.icm.yadda.service2.aas.IAAService;

/* loaded from: input_file:WEB-INF/lib/yadda-aas2-common-1.12.0-SNAPSHOT.jar:pl/edu/icm/yadda/aas/client/authz/lic/LicensingAuthorizationFacadeImpl.class */
public class LicensingAuthorizationFacadeImpl implements LicensingAuthorizationFacade {
    protected IAAService aasService;
    protected String defaultDomain;
    private final Logger log = LoggerFactory.getLogger(getClass());
    protected ISecurityRequestHandler securityRequestHandler = new HeaderFieldBasedSecurityRequestHandler();

    @Override // pl.edu.icm.yadda.aas.client.authz.lic.LicensingAuthorizationFacade
    public YaddaErrorAwareResult<Set<ObligationType>> retrieveLicenseObligations(SAMLObject... sAMLObjectArr) {
        AuthorizeResponse authorize = this.aasService.authorize(buildLicensingAuthzRequest(this.securityRequestHandler, sAMLObjectArr));
        HashSet hashSet = null;
        HashSet hashSet2 = null;
        YaddaError yaddaError = null;
        for (AAError aAError : authorize.getErrors()) {
            this.log.error("authorization error occurred, error id: " + aAError.getErrorId() + ", error message: " + aAError.getMessage(), aAError.getThrowable());
            if (AAError.WARN_ASSERTION_OUTDATED.equals(aAError.getErrorId())) {
                if (hashSet == null) {
                    hashSet = new HashSet();
                }
                hashSet.add((String) aAError.getData());
            } else if (AAError.WARN_ASSERTION_PERM_EXPIRED.equals(aAError.getErrorId())) {
                if (hashSet2 == null) {
                    hashSet2 = new HashSet();
                }
                hashSet2.add((String) aAError.getData());
            } else {
                yaddaError = new YaddaError(aAError.getErrorId(), aAError.getMessage(), aAError.getThrowable() instanceof Exception ? (Exception) aAError.getThrowable() : new Exception(aAError.getThrowable()), aAError.getData());
            }
        }
        YaddaError yaddaError2 = null;
        if (hashSet != null && hashSet.size() > 0) {
            yaddaError2 = new YaddaError(AAError.WARN_ASSERTION_OUTDATED, AAError.WARN_ASSERTION_OUTDATED);
            if (hashSet.size() == 1) {
                yaddaError2.setData(hashSet.iterator().next());
            } else {
                yaddaError2.setData(hashSet.toArray(new String[hashSet.size()]));
            }
        }
        YaddaError yaddaError3 = null;
        if (hashSet2 != null && hashSet2.size() > 0) {
            yaddaError3 = new YaddaError(AAError.WARN_ASSERTION_PERM_EXPIRED, AAError.WARN_ASSERTION_PERM_EXPIRED);
            if (hashSet2.size() == 1) {
                yaddaError3.setData(hashSet2.iterator().next());
            } else {
                yaddaError3.setData(hashSet2.toArray(new String[hashSet2.size()]));
            }
        }
        YaddaError pickError = pickError(yaddaError3, yaddaError2, yaddaError);
        HashSet hashSet3 = new HashSet();
        if (authorize.getResult() == null) {
            return new YaddaErrorAwareResult<>(hashSet3, pickError != null ? pickError : new YaddaError(AAError.SYSTEM_ERROR, "invalid state: no authorization result in response!"));
        }
        if (authorize.getResult().getDecision() == null || authorize.getResult().getDecision().getDecision() != DecisionType.DECISION.Permit) {
            return new YaddaErrorAwareResult<>(hashSet3, pickError != null ? pickError : new YaddaError(AAError.EVALUATION_ERROR, "invalid decision: " + (authorize.getResult().getDecision() != null ? authorize.getResult().getDecision() : null) + ", expected: " + DecisionType.DECISION.Permit));
        }
        if (authorize.getResult().getObligations() != null) {
            for (ObligationType obligationType : authorize.getResult().getObligations().getObligations()) {
                if (obligationType.getObligationId().startsWith(LicensingAuthorizationConstants.OBLIGATION_LICENSE_PREFIX)) {
                    hashSet3.add(obligationType);
                }
            }
        }
        return new YaddaErrorAwareResult<>(hashSet3, pickError);
    }

    YaddaError pickError(YaddaError yaddaError, YaddaError yaddaError2, YaddaError yaddaError3) {
        return yaddaError != null ? yaddaError : yaddaError2 != null ? yaddaError2 : yaddaError3;
    }

    private AuthorizeRequest buildLicensingAuthzRequest(ISecurityRequestHandler iSecurityRequestHandler, SAMLObject... sAMLObjectArr) {
        XACMLAuthzDecisionQueryTypeImpl xACMLAuthzDecisionQueryTypeImpl = new XACMLAuthzDecisionQueryTypeImpl();
        AuthorizeRequest authorizeRequest = new AuthorizeRequest(xACMLAuthzDecisionQueryTypeImpl);
        if (sAMLObjectArr != null && sAMLObjectArr.length > 0) {
            iSecurityRequestHandler.attach(authorizeRequest, sAMLObjectArr);
        }
        RequestTypeImpl requestTypeImpl = new RequestTypeImpl();
        xACMLAuthzDecisionQueryTypeImpl.setRequest(requestTypeImpl);
        SubjectTypeImpl subjectTypeImpl = new SubjectTypeImpl();
        subjectTypeImpl.setSubjectCategory("urn:oasis:names:tc:xacml:1.0:subject-category:license-subject");
        AttributeTypeImpl attributeTypeImpl = new AttributeTypeImpl();
        attributeTypeImpl.setAttributeID(XACMLConstants.SUBJECT_ID);
        attributeTypeImpl.setDataType(XACMLConstants.DATATYPE_STRING);
        AttributeValueTypeImpl attributeValueTypeImpl = new AttributeValueTypeImpl();
        attributeValueTypeImpl.setValue("*");
        attributeTypeImpl.getAttributeValues().add(attributeValueTypeImpl);
        subjectTypeImpl.getAttributes().add(attributeTypeImpl);
        requestTypeImpl.getSubjects().add(subjectTypeImpl);
        if (this.defaultDomain != null) {
            SubjectTypeImpl subjectTypeImpl2 = new SubjectTypeImpl();
            subjectTypeImpl2.setSubjectCategory(XACMLConstants.SUBJECT_AUX_PARAM_CATEGORY);
            AttributeTypeImpl attributeTypeImpl2 = new AttributeTypeImpl();
            attributeTypeImpl2.setAttributeID(XACMLConstants.DOMAIN_ROOT_AUX_PARAM);
            attributeTypeImpl2.setDataType(XACMLConstants.DATATYPE_STRING);
            AttributeValueTypeImpl attributeValueTypeImpl2 = new AttributeValueTypeImpl();
            attributeValueTypeImpl2.setValue(this.defaultDomain);
            attributeTypeImpl2.getAttributeValues().add(attributeValueTypeImpl2);
            subjectTypeImpl2.getAttributes().add(attributeTypeImpl2);
            requestTypeImpl.getSubjects().add(subjectTypeImpl2);
        }
        requestTypeImpl.getResources().add(new ResourceTypeImpl());
        ActionTypeImpl actionTypeImpl = new ActionTypeImpl();
        AttributeTypeImpl attributeTypeImpl3 = new AttributeTypeImpl();
        attributeTypeImpl3.setAttributeID(XACMLConstants.ACTION_ID);
        attributeTypeImpl3.setDataType(XACMLConstants.DATATYPE_STRING);
        AttributeValueTypeImpl attributeValueTypeImpl3 = new AttributeValueTypeImpl();
        attributeValueTypeImpl3.setValue("evaluate-license");
        attributeTypeImpl3.getAttributeValues().add(attributeValueTypeImpl3);
        actionTypeImpl.getAttributes().add(attributeTypeImpl3);
        requestTypeImpl.setAction(actionTypeImpl);
        requestTypeImpl.setEnvironment(new EnvironmentTypeImpl());
        return authorizeRequest;
    }

    public void setAasService(IAAService iAAService) {
        this.aasService = iAAService;
    }

    public void setSecurityRequestHandler(ISecurityRequestHandler iSecurityRequestHandler) {
        this.securityRequestHandler = iSecurityRequestHandler;
    }

    public void setDefaultDomain(String str) {
        this.defaultDomain = str;
    }
}
