package pl.edu.icm.yadda.aas.service;

import an.xacml.ExtendedRequest;
import an.xacml.context.Request;
import an.xacml.context.Response;
import an.xacml.engine.PDP;
import an.xacml.oblig.InternalObligationExtractor;
import java.io.Serializable;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import org.opensaml.lite.common.SAMLObject;
import org.opensaml.lite.xacml.policy.ObligationType;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import pl.edu.icm.yadda.aas.err.holder.IErrorHolder;
import pl.edu.icm.yadda.aas.handler.HeaderFieldBasedSecurityRequestHandler;
import pl.edu.icm.yadda.aas.handler.ISecurityRequestHandler;
import pl.edu.icm.yadda.aas.oblig.analyzer.AnalyzerResultObject;
import pl.edu.icm.yadda.aas.oblig.analyzer.IInternalObligationAnalyzer;
import pl.edu.icm.yadda.aas.oblig.analyzer.InternalObligationAnalyzerException;
import pl.edu.icm.yadda.aas.proxy.InternalCallMarkerProxy;
import pl.edu.icm.yadda.saml2.converter.an.xacml.context.XACMLConverterException;
import pl.edu.icm.yadda.saml2.converter.an.xacml.context.XACMLRequestConverter;
import pl.edu.icm.yadda.saml2.converter.an.xacml.context.XACMLResponseConverter;
import pl.edu.icm.yadda.service2.GenericMessage;
import pl.edu.icm.yadda.service2.GenericRequest;
import pl.edu.icm.yadda.service2.GetFeaturesRequest;
import pl.edu.icm.yadda.service2.GetFeaturesResponse;
import pl.edu.icm.yadda.service2.GetVersionResponse;
import pl.edu.icm.yadda.service2.HeaderFieldTypes;
import pl.edu.icm.yadda.service2.SecureRequest;
import pl.edu.icm.yadda.service2.VersionHelper;
import pl.edu.icm.yadda.service2.aas.AAError;
import pl.edu.icm.yadda.service2.aas.AAResponse;
import pl.edu.icm.yadda.service2.aas.AASConstants;
import pl.edu.icm.yadda.service2.aas.AuthenticateRequest;
import pl.edu.icm.yadda.service2.aas.AuthenticateResponse;
import pl.edu.icm.yadda.service2.aas.AuthorizeRequest;
import pl.edu.icm.yadda.service2.aas.AuthorizeResponse;
import pl.edu.icm.yadda.service2.aas.IAAService;
import pl.edu.icm.yadda.service2.aas.IAAServiceBackend;
import pl.edu.icm.yadda.service2.aas.acl.IACLObject;

/* loaded from: input_file:WEB-INF/lib/yadda-aas2-1.12.7.jar:pl/edu/icm/yadda/aas/service/AAServiceImpl.class */
public class AAServiceImpl implements IAAService, IAAServiceBackend {
    private PDP yaddaPDP;
    private IInternalObligationAnalyzer internalObligationAnalyzer;
    private IErrorHolder auxErrorHolder;
    protected final Logger log = LoggerFactory.getLogger(getClass());
    protected final Set<String> FEATURES = new HashSet();
    private boolean allowAuditObligationsPassthrough = false;
    private ISecurityRequestHandler securityRequestHandler = new HeaderFieldBasedSecurityRequestHandler();

    @Override // pl.edu.icm.yadda.service2.aas.IAAService
    public AuthenticateResponse authenticate(AuthenticateRequest authenticateRequest) {
        AuthenticateResponse authenticateResponse = new AuthenticateResponse();
        try {
            try {
                try {
                    if (authenticateRequest == null) {
                        authenticateResponse.addError(new AAError(AAError.INVALID_REQ_ERROR, "Null request object!"));
                        if (this.auxErrorHolder != null && !isInternalCall(authenticateRequest)) {
                            this.auxErrorHolder.clean();
                        }
                        if (!this.allowAuditObligationsPassthrough) {
                            removeAuditObligations(authenticateResponse);
                        }
                        return authenticateResponse;
                    }
                    Request convert2XACML = new XACMLRequestConverter().convert2XACML(authenticateRequest.getAuthnQuery());
                    if (convert2XACML == null) {
                        authenticateResponse.addError(new AAError(AAError.INVALID_REQ_ERROR, "Couldn't retrieve valid XACML Request context!"));
                        if (this.auxErrorHolder != null && !isInternalCall(authenticateRequest)) {
                            this.auxErrorHolder.clean();
                        }
                        if (!this.allowAuditObligationsPassthrough) {
                            removeAuditObligations(authenticateResponse);
                        }
                        return authenticateResponse;
                    }
                    SAMLObject[] extract = this.securityRequestHandler.extract(authenticateRequest);
                    Response response = (Response) this.yaddaPDP.handleRequest(new ExtendedRequest(convert2XACML, extract != null ? Arrays.asList(extract) : null, null));
                    if (response == null) {
                        authenticateResponse.addError(new AAError(AAError.EVALUATION_ERROR, "Couldn't evaluate proper XACML Response!"));
                        if (this.auxErrorHolder != null && !isInternalCall(authenticateRequest)) {
                            this.auxErrorHolder.clean();
                        }
                        if (!this.allowAuditObligationsPassthrough) {
                            removeAuditObligations(authenticateResponse);
                        }
                        return authenticateResponse;
                    }
                    AnalyzerResultObject processInternalObligations = processInternalObligations(response, extract != null ? Arrays.asList(extract) : null);
                    authenticateResponse.setSAMLObject(processInternalObligations.getCurrentSAMLObject());
                    authenticateResponse.addErrors(processErrors(processInternalObligations.getErrors()));
                    authenticateResponse.setXacmlResponse(new XACMLResponseConverter().convert2SAML(response));
                    if (this.auxErrorHolder != null && !isInternalCall(authenticateRequest)) {
                        this.auxErrorHolder.clean();
                    }
                    if (!this.allowAuditObligationsPassthrough) {
                        removeAuditObligations(authenticateResponse);
                    }
                    return authenticateResponse;
                } catch (InternalObligationAnalyzerException e) {
                    AuthenticateResponse authenticateResponse2 = new AuthenticateResponse();
                    if (e.getConveyedError() != null) {
                        authenticateResponse2.addError(e.getConveyedError());
                    } else {
                        authenticateResponse2.addError(new AAError(AAError.SYSTEM_ERROR, "Exception occured when processing obligations!.", e));
                    }
                    if (this.auxErrorHolder != null && !isInternalCall(authenticateRequest)) {
                        this.auxErrorHolder.clean();
                    }
                    if (!this.allowAuditObligationsPassthrough) {
                        removeAuditObligations(authenticateResponse2);
                    }
                    return authenticateResponse2;
                }
            } catch (XACMLConverterException e2) {
                AuthenticateResponse authenticateResponse3 = new AuthenticateResponse();
                authenticateResponse3.addError(new AAError(AAError.SYSTEM_ERROR, "Exception occured during XACML<->SAML model convertion.", e2));
                if (this.auxErrorHolder != null && !isInternalCall(authenticateRequest)) {
                    this.auxErrorHolder.clean();
                }
                if (!this.allowAuditObligationsPassthrough) {
                    removeAuditObligations(authenticateResponse3);
                }
                return authenticateResponse3;
            } catch (Exception e3) {
                AuthenticateResponse authenticateResponse4 = new AuthenticateResponse();
                authenticateResponse4.addError(new AAError(AAError.SYSTEM_ERROR, null, e3));
                if (this.auxErrorHolder != null && !isInternalCall(authenticateRequest)) {
                    this.auxErrorHolder.clean();
                }
                if (!this.allowAuditObligationsPassthrough) {
                    removeAuditObligations(authenticateResponse4);
                }
                return authenticateResponse4;
            }
        } catch (Throwable th) {
            if (this.auxErrorHolder != null && !isInternalCall(authenticateRequest)) {
                this.auxErrorHolder.clean();
            }
            if (!this.allowAuditObligationsPassthrough) {
                removeAuditObligations(authenticateResponse);
            }
            throw th;
        }
    }

    @Override // pl.edu.icm.yadda.service2.aas.IAAService
    public AuthorizeResponse authorize(AuthorizeRequest authorizeRequest) {
        AuthorizeResponse authorizeResponse = new AuthorizeResponse();
        try {
            try {
                try {
                    try {
                        if (authorizeRequest == null) {
                            authorizeResponse.addError(new AAError(AAError.INVALID_REQ_ERROR, "Null request object!"));
                            if (this.auxErrorHolder != null && !isInternalCall(authorizeRequest)) {
                                this.auxErrorHolder.clean();
                            }
                            if (!this.allowAuditObligationsPassthrough) {
                                removeAuditObligations(authorizeResponse);
                            }
                            return authorizeResponse;
                        }
                        Request convert2XACML = new XACMLRequestConverter().convert2XACML(authorizeRequest.getAuthzQuery());
                        if (convert2XACML == null) {
                            authorizeResponse.addError(new AAError(AAError.INVALID_REQ_ERROR, "Couldn't retrieve valid XACML Request context!"));
                            if (this.auxErrorHolder != null && !isInternalCall(authorizeRequest)) {
                                this.auxErrorHolder.clean();
                            }
                            if (!this.allowAuditObligationsPassthrough) {
                                removeAuditObligations(authorizeResponse);
                            }
                            return authorizeResponse;
                        }
                        SAMLObject[] extract = this.securityRequestHandler.extract(authorizeRequest);
                        Response response = (Response) this.yaddaPDP.handleRequest(new ExtendedRequest(convert2XACML, extract != null ? Arrays.asList(extract) : null, extractACL(authorizeRequest)));
                        if (response == null) {
                            authorizeResponse.addError(new AAError(AAError.EVALUATION_ERROR, "Couldn't evaluate proper XACML Response!"));
                            if (this.auxErrorHolder != null && !isInternalCall(authorizeRequest)) {
                                this.auxErrorHolder.clean();
                            }
                            if (!this.allowAuditObligationsPassthrough) {
                                removeAuditObligations(authorizeResponse);
                            }
                            return authorizeResponse;
                        }
                        AnalyzerResultObject processInternalObligations = processInternalObligations(response, extract != null ? Arrays.asList(extract) : null);
                        authorizeResponse.setSAMLObject(processInternalObligations.getCurrentSAMLObject());
                        authorizeResponse.addErrors(processErrors(processInternalObligations.getErrors()));
                        authorizeResponse.setXacmlResponse(new XACMLResponseConverter().convert2SAML(response));
                        if (this.auxErrorHolder != null && !isInternalCall(authorizeRequest)) {
                            this.auxErrorHolder.clean();
                        }
                        if (!this.allowAuditObligationsPassthrough) {
                            removeAuditObligations(authorizeResponse);
                        }
                        return authorizeResponse;
                    } catch (Exception e) {
                        AuthorizeResponse authorizeResponse2 = new AuthorizeResponse();
                        authorizeResponse2.addError(new AAError(AAError.SYSTEM_ERROR, null, e));
                        if (this.auxErrorHolder != null && !isInternalCall(authorizeRequest)) {
                            this.auxErrorHolder.clean();
                        }
                        if (!this.allowAuditObligationsPassthrough) {
                            removeAuditObligations(authorizeResponse2);
                        }
                        return authorizeResponse2;
                    }
                } catch (InternalObligationAnalyzerException e2) {
                    AuthorizeResponse authorizeResponse3 = new AuthorizeResponse();
                    if (e2.getConveyedError() != null) {
                        authorizeResponse3.addError(e2.getConveyedError());
                    } else {
                        authorizeResponse3.addError(new AAError(AAError.SYSTEM_ERROR, "Exception occured when processing obligations!.", e2));
                    }
                    if (this.auxErrorHolder != null && !isInternalCall(authorizeRequest)) {
                        this.auxErrorHolder.clean();
                    }
                    if (!this.allowAuditObligationsPassthrough) {
                        removeAuditObligations(authorizeResponse3);
                    }
                    return authorizeResponse3;
                }
            } catch (XACMLConverterException e3) {
                AuthorizeResponse authorizeResponse4 = new AuthorizeResponse();
                authorizeResponse4.addError(new AAError(AAError.SYSTEM_ERROR, "Exception occured during XACML<->SAML model convertion.", e3));
                if (this.auxErrorHolder != null && !isInternalCall(authorizeRequest)) {
                    this.auxErrorHolder.clean();
                }
                if (!this.allowAuditObligationsPassthrough) {
                    removeAuditObligations(authorizeResponse4);
                }
                return authorizeResponse4;
            }
        } catch (Throwable th) {
            if (this.auxErrorHolder != null && !isInternalCall(authorizeRequest)) {
                this.auxErrorHolder.clean();
            }
            if (!this.allowAuditObligationsPassthrough) {
                removeAuditObligations(authorizeResponse);
            }
            throw th;
        }
    }

    protected AAResponse removeAuditObligations(AAResponse aAResponse) {
        if (aAResponse.getResult() != null && aAResponse.getResult().getObligations() != null && aAResponse.getResult().getObligations().getObligations() != null) {
            Iterator<ObligationType> it = aAResponse.getResult().getObligations().getObligations().iterator();
            while (it.hasNext()) {
                if (it.next().getObligationId().startsWith(AASConstants.AUDIT_OBLIGATION_ID)) {
                    it.remove();
                }
            }
        }
        return aAResponse;
    }

    protected IACLObject extractACL(SecureRequest secureRequest) {
        Serializable firstApplicableHeaderValue;
        if (secureRequest == null || (firstApplicableHeaderValue = secureRequest.getFirstApplicableHeaderValue(HeaderFieldTypes.TYPE_AAS_ACL)) == null) {
            return null;
        }
        if (firstApplicableHeaderValue instanceof IACLObject) {
            return (IACLObject) firstApplicableHeaderValue;
        }
        throw new RuntimeException("unsupported instance of ACL object: " + firstApplicableHeaderValue.getClass().getName());
    }

    protected boolean isInternalCall(GenericMessage genericMessage) {
        return (genericMessage == null || genericMessage.getFirstApplicableHeaderValue(InternalCallMarkerProxy.INTERNAL_CALL_MARKUP_HEADER) == null) ? false : true;
    }

    protected List<AAError> processErrors(List<AAError> list) {
        if (this.auxErrorHolder == null) {
            this.log.warn("Cannot process aux errors: no ErrorHolder module set!");
            return list;
        }
        List<AAError> allErrors = this.auxErrorHolder.getAllErrors();
        if (allErrors.isEmpty()) {
            return list;
        }
        if (list == null) {
            return new ArrayList(allErrors);
        }
        list.addAll(allErrors);
        return list;
    }

    protected AnalyzerResultObject processInternalObligations(Response response, List<SAMLObject> list) throws XACMLConverterException, InternalObligationAnalyzerException {
        return this.internalObligationAnalyzer.analyze(null, list, InternalObligationExtractor.extractInternalObligations(response));
    }

    @Override // pl.edu.icm.yadda.service2.IYaddaService
    public GetFeaturesResponse getFeatures(GetFeaturesRequest getFeaturesRequest) {
        return new GetFeaturesResponse(this.FEATURES);
    }

    @Override // pl.edu.icm.yadda.service2.IYaddaService
    public GetVersionResponse getVersionResponse(GenericRequest genericRequest) {
        return new GetVersionResponse(VersionHelper.currentAPIVersion());
    }

    @Override // pl.edu.icm.yadda.service2.aas.IAAServiceBackend
    public boolean setWorkingMode(String str, boolean z, Object[] objArr) {
        if (!AASConstants.MODE_AUDIT_OBLIGATIONS_PASSTHROUGH.equals(str)) {
            return false;
        }
        this.allowAuditObligationsPassthrough = z;
        return true;
    }

    public PDP getYaddaPDP() {
        return this.yaddaPDP;
    }

    public void setYaddaPDP(PDP pdp) {
        this.yaddaPDP = pdp;
    }

    public IInternalObligationAnalyzer getInternalObligationAnalyzer() {
        return this.internalObligationAnalyzer;
    }

    public void setInternalObligationAnalyzer(IInternalObligationAnalyzer iInternalObligationAnalyzer) {
        this.internalObligationAnalyzer = iInternalObligationAnalyzer;
    }

    public void setAuxErrorHolder(IErrorHolder iErrorHolder) {
        this.auxErrorHolder = iErrorHolder;
    }

    public void setSecurityRequestHandler(ISecurityRequestHandler iSecurityRequestHandler) {
        this.securityRequestHandler = iSecurityRequestHandler;
    }
}
