package pl.edu.icm.yadda.aas.proxy;

import java.util.Arrays;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import net.sf.json.util.JSONUtils;
import org.opensaml.lite.xacml.policy.ObligationType;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Required;
import pl.edu.icm.yadda.aas.client.YaddaErrorAwareResult;
import pl.edu.icm.yadda.aas.client.authz.lic.LicensingAuthorizationFacade;
import pl.edu.icm.yadda.aas.handler.HeaderFieldBasedSecurityRequestHandler;
import pl.edu.icm.yadda.aas.handler.ISecurityRequestHandler;
import pl.edu.icm.yadda.aas.proxy.criterion.ILicenseCriterionCreator;
import pl.edu.icm.yadda.aas.proxy.criterion.tags.TagsCriterionCreatorHelper;
import pl.edu.icm.yadda.aas.proxy.evaluator.EvaluatorResult;
import pl.edu.icm.yadda.aas.proxy.evaluator.ILicenseEvaluator;
import pl.edu.icm.yadda.aas.proxy.evaluator.LicenseEvaluatorContext;
import pl.edu.icm.yadda.service2.ArchiveContent;
import pl.edu.icm.yadda.service2.ArchiveContentDTO;
import pl.edu.icm.yadda.service2.GetFeaturesRequest;
import pl.edu.icm.yadda.service2.GetFeaturesResponse;
import pl.edu.icm.yadda.service2.YaddaError;
import pl.edu.icm.yadda.service2.YaddaErrorCodeConstants;
import pl.edu.icm.yadda.service2.archive.GetArchiveContentRequest;
import pl.edu.icm.yadda.service2.archive.GetArchiveContentResponse;
import pl.edu.icm.yadda.service2.archive.GetArchiveObjectRequest;
import pl.edu.icm.yadda.service2.archive.GetArchiveObjectResponse;
import pl.edu.icm.yadda.service2.archive.IArchive;
import pl.edu.icm.yadda.service2.archive.IdResponse;
import pl.edu.icm.yadda.service2.archive.ListArchiveContentsResponse;
import pl.edu.icm.yadda.service2.archive.ListArchiveObjectsResponse;
import pl.edu.icm.yadda.service2.archive.ListArchiveRequest;
import pl.edu.icm.yadda.service2.archive.PartRequest;
import pl.edu.icm.yadda.service2.archive.PartResponse;
import pl.edu.icm.yadda.service2.archive.RetrieveRequest;
import pl.edu.icm.yadda.service2.archive.RetrieveResponse;

/* loaded from: input_file:WEB-INF/lib/yadda-aas2-common-4.1.3.jar:pl/edu/icm/yadda/aas/proxy/SecuredArchive.class */
public class SecuredArchive implements IArchive {
    protected LicensingAuthorizationFacade licAuthzFacade;
    private IArchive archive;
    private List<ILicenseEvaluator<String[]>> evaluators;
    private List<ILicenseCriterionCreator<String[]>> tagsCreators;
    protected final Logger log = LoggerFactory.getLogger(getClass());
    private ISecurityRequestHandler securityRequestHandler = new HeaderFieldBasedSecurityRequestHandler();

    protected boolean evaluateAccess(Collection<ObligationType> collection, LicenseEvaluatorContext<String[]> licenseEvaluatorContext) {
        for (ILicenseEvaluator<String[]> iLicenseEvaluator : this.evaluators) {
            EvaluatorResult evaluate = iLicenseEvaluator.evaluate(collection, licenseEvaluatorContext);
            if (evaluate.getStatus() == EvaluatorResult.Status.PERMIT) {
                return true;
            }
            if (evaluate.getStatus() == EvaluatorResult.Status.DENY) {
                this.log.debug("evaluation with module " + iLicenseEvaluator.getClass().getName() + " failed");
            } else if (evaluate.getStatus() == EvaluatorResult.Status.ERROR) {
                this.log.warn("evaluation with module " + iLicenseEvaluator.getClass().getName() + " finished with error: " + evaluate.getError().getMssg(), (Throwable) evaluate.getError().getException());
            }
        }
        this.log.error("Permission not granted to retrieve resource id='" + licenseEvaluatorContext.getStoredObjectId() + JSONUtils.SINGLE_QUOTE);
        return false;
    }

    @Override // pl.edu.icm.yadda.service2.archive.IArchive
    public GetArchiveObjectResponse<ArchiveContent> getSingleObject(GetArchiveObjectRequest getArchiveObjectRequest) {
        GetArchiveObjectResponse<ArchiveContent> singleObject = this.archive.getSingleObject(getArchiveObjectRequest);
        if (singleObject.isOK() && singleObject.getObject() != null) {
            YaddaErrorAwareResult<Set<ObligationType>> retrieveLicenseObligations = this.licAuthzFacade.retrieveLicenseObligations(this.securityRequestHandler.extract(getArchiveObjectRequest));
            if (retrieveLicenseObligations.getError() != null) {
                this.log.error("got error from security client: " + retrieveLicenseObligations.getError().getCode() + ", " + retrieveLicenseObligations.getError().getMssg());
                return new GetArchiveObjectResponse<>(retrieveLicenseObligations.getError());
            }
            if (evaluateAccess(retrieveLicenseObligations.getData(), new LicenseEvaluatorContext<>(getArchiveObjectRequest.getId().getId(), singleObject.getObject().getTags()))) {
                return singleObject;
            }
            GetArchiveObjectResponse<ArchiveContent> getArchiveObjectResponse = new GetArchiveObjectResponse<>();
            getArchiveObjectResponse.setError(new YaddaError(YaddaErrorCodeConstants.ERROR_AUTH, "Permission not granted to retrieve resource id='" + getArchiveObjectRequest.getId().getId() + "'!"));
            return getArchiveObjectResponse;
        }
        return singleObject;
    }

    @Override // pl.edu.icm.yadda.service2.archive.IArchive
    public GetArchiveContentResponse getSingleContent(GetArchiveContentRequest getArchiveContentRequest) {
        GetArchiveContentResponse singleContent = this.archive.getSingleContent(getArchiveContentRequest);
        if (singleContent.isOK() && singleContent.getContent() != null) {
            YaddaErrorAwareResult<Set<ObligationType>> retrieveLicenseObligations = this.licAuthzFacade.retrieveLicenseObligations(this.securityRequestHandler.extract(getArchiveContentRequest));
            if (retrieveLicenseObligations.getError() != null) {
                this.log.error("got error from security client: " + retrieveLicenseObligations.getError().getCode() + ", " + retrieveLicenseObligations.getError().getMssg());
                GetArchiveContentResponse getArchiveContentResponse = new GetArchiveContentResponse();
                getArchiveContentResponse.setError(retrieveLicenseObligations.getError());
                return getArchiveContentResponse;
            }
            if (evaluateAccess(retrieveLicenseObligations.getData(), new LicenseEvaluatorContext<>(getArchiveContentRequest.getContentId(), singleContent.getContent().getTags()))) {
                return singleContent;
            }
            GetArchiveContentResponse getArchiveContentResponse2 = new GetArchiveContentResponse();
            getArchiveContentResponse2.setError(new YaddaError(YaddaErrorCodeConstants.ERROR_AUTH, "Permission not granted to retrieve resource id='" + getArchiveContentRequest.getContentId().getId() + "'!"));
            return getArchiveContentResponse2;
        }
        return singleContent;
    }

    @Override // pl.edu.icm.yadda.service2.archive.IArchive
    public GetArchiveObjectResponse<ArchiveContentDTO> getObjectWithContents(GetArchiveObjectRequest getArchiveObjectRequest) {
        GetArchiveObjectResponse<ArchiveContentDTO> objectWithContents = this.archive.getObjectWithContents(getArchiveObjectRequest);
        if (objectWithContents.isOK() && objectWithContents.getObject() != null) {
            YaddaErrorAwareResult<Set<ObligationType>> retrieveLicenseObligations = this.licAuthzFacade.retrieveLicenseObligations(this.securityRequestHandler.extract(getArchiveObjectRequest));
            if (retrieveLicenseObligations.getError() != null) {
                this.log.error("got error from security client: " + retrieveLicenseObligations.getError().getCode() + ", " + retrieveLicenseObligations.getError().getMssg());
                GetArchiveObjectResponse<ArchiveContentDTO> getArchiveObjectResponse = new GetArchiveObjectResponse<>();
                getArchiveObjectResponse.setError(retrieveLicenseObligations.getError());
                return getArchiveObjectResponse;
            }
            if (evaluateAccess(retrieveLicenseObligations.getData(), new LicenseEvaluatorContext<>(getArchiveObjectRequest.getId().getId(), objectWithContents.getObject().getTags()))) {
                return objectWithContents;
            }
            GetArchiveObjectResponse<ArchiveContentDTO> getArchiveObjectResponse2 = new GetArchiveObjectResponse<>();
            getArchiveObjectResponse2.setError(new YaddaError(YaddaErrorCodeConstants.ERROR_AUTH, "Permission not granted to retrieve resource id='" + getArchiveObjectRequest.getId().getId() + "'!"));
            return getArchiveObjectResponse2;
        }
        return objectWithContents;
    }

    @Override // pl.edu.icm.yadda.service2.archive.IArchive
    public GetArchiveContentResponse getContentTree(GetArchiveContentRequest getArchiveContentRequest) {
        GetArchiveContentResponse contentTree = this.archive.getContentTree(getArchiveContentRequest);
        if (contentTree.isOK() && contentTree.getContent() != null) {
            YaddaErrorAwareResult<Set<ObligationType>> retrieveLicenseObligations = this.licAuthzFacade.retrieveLicenseObligations(this.securityRequestHandler.extract(getArchiveContentRequest));
            if (retrieveLicenseObligations.getError() != null) {
                this.log.error("got error from security client: " + retrieveLicenseObligations.getError().getCode() + ", " + retrieveLicenseObligations.getError().getMssg());
                GetArchiveContentResponse getArchiveContentResponse = new GetArchiveContentResponse();
                getArchiveContentResponse.setError(retrieveLicenseObligations.getError());
                return getArchiveContentResponse;
            }
            if (evaluateAccess(retrieveLicenseObligations.getData(), new LicenseEvaluatorContext<>(getArchiveContentRequest.getContentId().getId(), contentTree.getContent().getTags()))) {
                return contentTree;
            }
            GetArchiveContentResponse getArchiveContentResponse2 = new GetArchiveContentResponse();
            getArchiveContentResponse2.setError(new YaddaError(YaddaErrorCodeConstants.ERROR_AUTH, "Permission not granted to retrieve resource id='" + getArchiveContentRequest.getContentId().getId() + "'!"));
            return getArchiveContentResponse2;
        }
        return contentTree;
    }

    @Override // pl.edu.icm.yadda.service2.archive.IArchive
    public ListArchiveObjectsResponse listObjects(ListArchiveRequest listArchiveRequest) {
        YaddaErrorAwareResult<Set<ObligationType>> retrieveLicenseObligations = this.licAuthzFacade.retrieveLicenseObligations(this.securityRequestHandler.extract(listArchiveRequest));
        if (retrieveLicenseObligations.getError() != null) {
            this.log.error("got error from security client: " + retrieveLicenseObligations.getError().getCode() + ", " + retrieveLicenseObligations.getError().getMssg());
            return new ListArchiveObjectsResponse(retrieveLicenseObligations.getError());
        }
        Set<ObligationType> data = retrieveLicenseObligations.getData();
        String[] strArr = null;
        Iterator<ILicenseCriterionCreator<String[]>> it = this.tagsCreators.iterator();
        while (it.hasNext()) {
            strArr = TagsCriterionCreatorHelper.merge(strArr, it.next().createCriterion(data));
        }
        if (strArr == null) {
            this.log.debug("no permission to list objects");
            return new ListArchiveObjectsResponse(new YaddaError(YaddaErrorCodeConstants.ERROR_AUTH, "no permission to list objects"));
        }
        if (listArchiveRequest.getTags() == null) {
            listArchiveRequest.setTags(new HashSet(Arrays.asList(strArr)));
        } else {
            listArchiveRequest.setTags((Set) TagsCriterionCreatorHelper.removeSecurityTags(listArchiveRequest.getTags()));
            listArchiveRequest.getTags().addAll(Arrays.asList(strArr));
        }
        return this.archive.listObjects(listArchiveRequest);
    }

    @Override // pl.edu.icm.yadda.service2.archive.IArchive
    public ListArchiveContentsResponse listContents(ListArchiveRequest listArchiveRequest) {
        YaddaErrorAwareResult<Set<ObligationType>> retrieveLicenseObligations = this.licAuthzFacade.retrieveLicenseObligations(this.securityRequestHandler.extract(listArchiveRequest));
        if (retrieveLicenseObligations.getError() != null) {
            this.log.error("got error from security client: " + retrieveLicenseObligations.getError().getCode() + ", " + retrieveLicenseObligations.getError().getMssg());
            return new ListArchiveContentsResponse(retrieveLicenseObligations.getError());
        }
        Set<ObligationType> data = retrieveLicenseObligations.getData();
        String[] strArr = null;
        Iterator<ILicenseCriterionCreator<String[]>> it = this.tagsCreators.iterator();
        while (it.hasNext()) {
            strArr = TagsCriterionCreatorHelper.merge(strArr, it.next().createCriterion(data));
        }
        if (strArr == null) {
            this.log.debug("no permission to list contents");
            return new ListArchiveContentsResponse(new YaddaError(YaddaErrorCodeConstants.ERROR_AUTH, "no permission to list contents"));
        }
        if (listArchiveRequest.getTags() == null) {
            listArchiveRequest.setTags(new HashSet(Arrays.asList(strArr)));
        } else {
            listArchiveRequest.setTags((Set) TagsCriterionCreatorHelper.removeSecurityTags(listArchiveRequest.getTags()));
            listArchiveRequest.getTags().addAll(Arrays.asList(strArr));
        }
        return this.archive.listContents(listArchiveRequest);
    }

    @Override // pl.edu.icm.yadda.service2.archive.IArchive
    public PartResponse getPart(PartRequest partRequest) {
        return this.archive.getPart(partRequest);
    }

    @Override // pl.edu.icm.yadda.service2.archive.IArchive
    public RetrieveResponse retrieve(RetrieveRequest retrieveRequest) {
        return this.archive.retrieve(retrieveRequest);
    }

    @Override // pl.edu.icm.yadda.service2.archive.IArchive
    public GetFeaturesResponse getFeatures(GetFeaturesRequest getFeaturesRequest) {
        GetFeaturesResponse features = this.archive.getFeatures(getFeaturesRequest);
        features.getFeatures().add(SecurityConstants.FEATURE_REQUIRES_AUTHORIZATION);
        return features;
    }

    @Override // pl.edu.icm.yadda.service2.archive.IArchive
    public IdResponse getServiceId() {
        return this.archive.getServiceId();
    }

    @Required
    public void setArchive(IArchive iArchive) {
        this.archive = iArchive;
    }

    @Required
    public void setLicAuthzFacade(LicensingAuthorizationFacade licensingAuthorizationFacade) {
        this.licAuthzFacade = licensingAuthorizationFacade;
    }

    @Required
    public void setEvaluators(List<ILicenseEvaluator<String[]>> list) {
        this.evaluators = list;
    }

    @Required
    public void setTagsCreators(List<ILicenseCriterionCreator<String[]>> list) {
        this.tagsCreators = list;
    }

    public void setSecurityRequestHandler(ISecurityRequestHandler iSecurityRequestHandler) {
        this.securityRequestHandler = iSecurityRequestHandler;
    }
}
