package org.fcrepo.server.security.xacml.pep.ws;

import com.sun.xacml.ctx.RequestCtx;
import com.sun.xacml.ctx.ResponseCtx;
import com.sun.xacml.ctx.Result;
import java.io.File;
import java.io.FileInputStream;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
import javax.xml.parsers.DocumentBuilderFactory;
import org.apache.axis.AxisFault;
import org.apache.axis.MessageContext;
import org.apache.axis.description.OperationDesc;
import org.apache.axis.description.ServiceDesc;
import org.apache.axis.handlers.BasicHandler;
import org.fcrepo.common.Constants;
import org.fcrepo.server.security.xacml.pep.AuthzDeniedException;
import org.fcrepo.server.security.xacml.pep.ContextHandler;
import org.fcrepo.server.security.xacml.pep.ContextHandlerImpl;
import org.fcrepo.server.security.xacml.pep.PEPException;
import org.fcrepo.server.security.xacml.pep.ws.operations.OperationHandler;
import org.fcrepo.server.security.xacml.pep.ws.operations.OperationHandlerException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Document;
import org.w3c.dom.NodeList;

/* loaded from: input_file:WEB-INF/lib/fcrepo-security-pep-3.5.jar:org/fcrepo/server/security/xacml/pep/ws/PEP.class */
public class PEP extends BasicHandler {
    private static final long serialVersionUID = -3435060948149239989L;
    private static final Logger logger = LoggerFactory.getLogger(PEP.class);
    private Map<String, Map<String, OperationHandler>> serviceHandlers = null;
    ContextHandler ctxHandler;
    private Date ts;

    public PEP() throws PEPException {
        this.ctxHandler = null;
        this.ts = null;
        loadHandlers();
        this.ctxHandler = ContextHandlerImpl.getInstance();
        this.ts = new Date();
    }

    @Override // org.apache.axis.Handler
    public void invoke(MessageContext messageContext) throws AxisFault {
        if (logger.isDebugEnabled()) {
            logger.debug("AuthHandler executed: " + messageContext.getTargetService() + "/" + messageContext.getOperation().getName() + " [" + this.ts + "]");
        }
        ServiceDesc serviceDescription = messageContext.getService().getServiceDescription();
        OperationDesc operation = messageContext.getOperation();
        OperationHandler handler = getHandler(serviceDescription.getName(), operation.getName());
        if (handler == null) {
            logger.error("Missing handler for service/operation: " + serviceDescription.getName() + "/" + operation.getName());
            throw AxisFault.makeFault(new PEPException("Missing handler for service/operation: " + serviceDescription.getName() + "/" + operation.getName()));
        }
        try {
            RequestCtx handleResponse = messageContext.getPastPivot() ? handler.handleResponse(messageContext) : handler.handleRequest(messageContext);
            if (handleResponse == null) {
                return;
            }
            try {
                enforce(this.ctxHandler.evaluate(handleResponse));
            } catch (PEPException e) {
                logger.error("Error evaluating request", (Throwable) e);
                throw AxisFault.makeFault(new PEPException("Error evaluating request (operation: " + operation.getName() + ")", e));
            }
        } catch (OperationHandlerException e2) {
            logger.error("Error handling operation: " + operation.getName(), (Throwable) e2);
            throw AxisFault.makeFault(new PEPException("Error handling operation: " + operation.getName(), e2));
        }
    }

    private void loadHandlers() throws PEPException {
        this.serviceHandlers = new HashMap();
        try {
            FileInputStream fileInputStream = new FileInputStream(new File(Constants.FEDORA_HOME, "server/config/config-melcoe-pep.xml"));
            if (fileInputStream == null) {
                throw new PEPException("Could not locate config file: config-melcoe-pep.xml");
            }
            Document parse = DocumentBuilderFactory.newInstance().newDocumentBuilder().parse(fileInputStream);
            HashMap hashMap = new HashMap();
            NodeList elementsByTagName = parse.getElementsByTagName("handlers-ws");
            for (int i = 0; i < elementsByTagName.getLength(); i++) {
                String nodeValue = elementsByTagName.item(i).getAttributes().getNamedItem("service").getNodeValue();
                if (nodeValue == null || "".equals(nodeValue)) {
                    throw new PEPException("Error in config file: service name missing.");
                }
                Map<String, OperationHandler> map = this.serviceHandlers.get(nodeValue);
                if (map == null) {
                    map = new HashMap();
                    this.serviceHandlers.put(nodeValue, map);
                }
                NodeList childNodes = elementsByTagName.item(i).getChildNodes();
                for (int i2 = 0; i2 < childNodes.getLength(); i2++) {
                    if (childNodes.item(i2).getNodeType() == 1) {
                        String nodeValue2 = childNodes.item(i2).getAttributes().getNamedItem("operation").getNodeValue();
                        String nodeValue3 = childNodes.item(i2).getAttributes().getNamedItem("class").getNodeValue();
                        if (nodeValue2 == null || "".equals(nodeValue2)) {
                            throw new PEPException("Cannot have a missing or empty operation attribute");
                        }
                        if (nodeValue3 == null || "".equals(nodeValue3)) {
                            throw new PEPException("Cannot have a missing or empty class attribute");
                        }
                        OperationHandler operationHandler = (OperationHandler) hashMap.get(nodeValue3);
                        if (operationHandler == null) {
                            try {
                                try {
                                    operationHandler = (OperationHandler) Class.forName(nodeValue3).newInstance();
                                    hashMap.put(nodeValue3, operationHandler);
                                } catch (InstantiationException e) {
                                    logger.error("Could not instantiate handler: " + nodeValue3);
                                    throw new PEPException(e);
                                }
                            } catch (ClassNotFoundException e2) {
                                logger.debug("handlerClass not found: " + nodeValue3);
                            } catch (IllegalAccessException e3) {
                                logger.error("Could not instantiate handler: " + nodeValue3);
                                throw new PEPException(e3);
                            }
                        }
                        map.put(nodeValue2, operationHandler);
                        if (logger.isDebugEnabled()) {
                            logger.debug("handler added to handler map: " + nodeValue + "/" + nodeValue2 + "/" + nodeValue3);
                        }
                    }
                }
            }
        } catch (Exception e4) {
            logger.error("Failed to initialse the PEP for WS", (Throwable) e4);
            throw new PEPException(e4.getMessage(), e4);
        }
    }

    private OperationHandler getHandler(String str, String str2) {
        if (str == null) {
            if (!logger.isDebugEnabled()) {
                return null;
            }
            logger.debug("Service Name was null!");
            return null;
        }
        if (str2 == null) {
            if (!logger.isDebugEnabled()) {
                return null;
            }
            logger.debug("Operation Name was null!");
            return null;
        }
        Map<String, OperationHandler> map = this.serviceHandlers.get(str);
        if (map == null) {
            if (!logger.isDebugEnabled()) {
                return null;
            }
            logger.debug("No Service Handlers found for: " + str);
            return null;
        }
        OperationHandler operationHandler = map.get(str2);
        if (operationHandler == null && logger.isDebugEnabled()) {
            logger.debug("Handler not found for: " + str + "/" + str2);
        }
        return operationHandler;
    }

    private void enforce(ResponseCtx responseCtx) throws AxisFault {
        for (Result result : responseCtx.getResults()) {
            if (result.getDecision() != 0) {
                if (logger.isDebugEnabled()) {
                    logger.debug("Denying access: " + result.getDecision());
                }
                switch (result.getDecision()) {
                    case 1:
                        throw AxisFault.makeFault(new AuthzDeniedException("Deny"));
                    case 2:
                        throw AxisFault.makeFault(new AuthzDeniedException("Indeterminate"));
                    case 3:
                        throw AxisFault.makeFault(new AuthzDeniedException("NotApplicable"));
                }
            }
        }
        if (logger.isDebugEnabled()) {
            logger.debug("Permitting access!");
        }
    }
}
