package org.glite.authz.pep.profile;

import java.io.IOException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import org.glite.authz.common.model.Action;
import org.glite.authz.common.model.Attribute;
import org.glite.authz.common.model.AttributeAssignment;
import org.glite.authz.common.model.Environment;
import org.glite.authz.common.model.Obligation;
import org.glite.authz.common.model.Request;
import org.glite.authz.common.model.Resource;
import org.glite.authz.common.model.Response;
import org.glite.authz.common.model.Result;
import org.glite.authz.common.model.Subject;
import org.glite.authz.common.model.util.Strings;
import org.glite.authz.common.security.PEMUtils;

/* loaded from: input_file:org/glite/authz/pep/profile/AbstractAuthorizationProfile.class */
public abstract class AbstractAuthorizationProfile implements AuthorizationProfile {
    private String profileId_;

    @Override // org.glite.authz.pep.profile.AuthorizationProfile
    public Request createRequest(Subject subject, Resource resource, Action action, Environment environment) {
        Request request = new Request();
        if (subject != null) {
            request.getSubjects().add(subject);
        }
        if (resource != null) {
            request.getResources().add(resource);
        }
        if (action != null) {
            request.setAction(action);
        }
        if (environment != null) {
            request.setEnvironment(environment);
        }
        return request;
    }

    @Override // org.glite.authz.pep.profile.AuthorizationProfile
    public Resource createResourceId(String str) {
        Attribute attribute = new Attribute();
        attribute.setId(getResourceIdAttributeIdentifer());
        attribute.setDataType(getResourceIdDatatype());
        attribute.getValues().add(str);
        Resource resource = new Resource();
        resource.getAttributes().add(attribute);
        return resource;
    }

    protected String getSubjectIdAttributeIdentifier() {
        return "urn:oasis:names:tc:xacml:1.0:subject:subject-id";
    }

    protected String getSubjectIdAttributeDatatype() {
        return "urn:oasis:names:tc:xacml:1.0:data-type:x500Name";
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getSubjectKeyInfoAttributeIdentifer() {
        return "urn:oasis:names:tc:xacml:1.0:subject:key-info";
    }

    protected abstract String getSubjectKeyInfoAttributeDatatype();

    protected abstract String getProfileIdAttributeIdentifer();

    protected String getProfileIdDatatype() {
        return "http://www.w3.org/2001/XMLSchema#anyURI";
    }

    protected String getResourceIdAttributeIdentifer() {
        return "urn:oasis:names:tc:xacml:1.0:resource:resource-id";
    }

    protected String getResourceIdDatatype() {
        return "http://www.w3.org/2001/XMLSchema#string";
    }

    protected String getActionIdAttributeIdentifer() {
        return "urn:oasis:names:tc:xacml:1.0:action:action-id";
    }

    protected String getActionIdDatatype() {
        return "http://www.w3.org/2001/XMLSchema#string";
    }

    protected abstract String getMapUserToPOSIXEnvironmentObligationIdentifier();

    protected abstract String getUserIdAttributeAssignmentIdentifier();

    protected abstract String getGroupIdAttributeAssignmentIdentifier();

    protected abstract String getPrimaryGroupIdAttributeAssignmentIdentifier();

    @Override // org.glite.authz.pep.profile.AuthorizationProfile
    public Action createActionId(String str) {
        Action action = new Action();
        Attribute attribute = new Attribute();
        attribute.setId(getActionIdAttributeIdentifer());
        attribute.setDataType(getActionIdDatatype());
        attribute.getValues().add(str);
        action.getAttributes().add(attribute);
        return action;
    }

    @Override // org.glite.authz.pep.profile.AuthorizationProfile
    public Request createRequest(Subject subject, Resource resource, Action action) {
        return createRequest(subject, resource, action, createEnvironmentProfileId(getProfileId()));
    }

    @Override // org.glite.authz.pep.profile.AuthorizationProfile
    public Obligation getObligation(Response response, int i, String str) throws ProfileException {
        Iterator it = response.getResults().iterator();
        if (!it.hasNext()) {
            return null;
        }
        Result result = (Result) it.next();
        if (result.getDecision() != i) {
            String str2 = "No decision " + Result.decisionToString(i) + " found: " + result.getDecisionString();
            String message = result.getStatus().getMessage();
            if (message != null) {
                str2 = str2 + ". Status: " + message;
            }
            throw new ProfileException(str2);
        }
        for (Obligation obligation : result.getObligations()) {
            String id = obligation.getId();
            if (obligation.getFulfillOn() == i && str.equals(id)) {
                return obligation;
            }
        }
        throw new ProfileException("No obligation " + str + " found");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AbstractAuthorizationProfile(String str) {
        this.profileId_ = Strings.safeTrimOrNullString(str);
    }

    @Override // org.glite.authz.pep.profile.Profile
    public String getProfileId() {
        return this.profileId_;
    }

    @Override // org.glite.authz.pep.profile.AuthorizationProfile
    public Environment createEnvironmentProfileId(String str) {
        Environment environment = new Environment();
        Attribute attribute = new Attribute();
        attribute.setId(getProfileIdAttributeIdentifer());
        attribute.setDataType(getProfileIdDatatype());
        attribute.getValues().add(str);
        environment.getAttributes().add(attribute);
        return environment;
    }

    @Override // org.glite.authz.pep.profile.AuthorizationProfile
    public Request createRequest(X509Certificate[] x509CertificateArr, String str, String str2) throws ProfileException {
        return createRequest(createSubjectKeyInfo(x509CertificateArr), createResourceId(str), createActionId(str2));
    }

    @Override // org.glite.authz.pep.profile.AuthorizationProfile
    public Request createRequest(X509Certificate[] x509CertificateArr, String str, String str2, String str3) throws ProfileException {
        return createRequest(createSubjectKeyInfo(x509CertificateArr), createResourceId(str), createActionId(str2), createEnvironmentProfileId(str3));
    }

    @Override // org.glite.authz.pep.profile.AuthorizationProfile
    public Subject createSubjectId(String str) {
        Subject subject = new Subject();
        Attribute attribute = new Attribute(getSubjectIdAttributeIdentifier(), getSubjectIdAttributeDatatype());
        attribute.getValues().add(str);
        subject.getAttributes().add(attribute);
        return subject;
    }

    @Override // org.glite.authz.pep.profile.AuthorizationProfile
    public Subject createSubjectKeyInfo(X509Certificate x509Certificate) throws ProfileException {
        return createSubjectKeyInfo(x509Certificate, null);
    }

    @Override // org.glite.authz.pep.profile.AuthorizationProfile
    public Subject createSubjectKeyInfo(X509Certificate[] x509CertificateArr) throws ProfileException {
        return createSubjectKeyInfo(null, x509CertificateArr);
    }

    @Override // org.glite.authz.pep.profile.AuthorizationProfile
    public Subject createSubjectKeyInfo(X509Certificate x509Certificate, X509Certificate[] x509CertificateArr) throws ProfileException {
        ArrayList arrayList = new ArrayList();
        if (x509Certificate != null) {
            arrayList.add(x509Certificate);
        }
        if (x509CertificateArr != null) {
            for (X509Certificate x509Certificate2 : x509CertificateArr) {
                arrayList.add(x509Certificate2);
            }
        }
        try {
            String certificatesToPEMString = PEMUtils.certificatesToPEMString(arrayList);
            Subject subject = new Subject();
            Attribute attribute = new Attribute();
            attribute.setId(getSubjectKeyInfoAttributeIdentifer());
            attribute.setDataType(getSubjectKeyInfoAttributeDatatype());
            attribute.getValues().add(certificatesToPEMString);
            subject.getAttributes().add(attribute);
            return subject;
        } catch (IOException e) {
            throw new ProfileException("Can not convert certificate to PEM format", e);
        }
    }

    @Override // org.glite.authz.pep.profile.AuthorizationProfile
    public Obligation getObligationPosixMapping(Response response) throws ProfileException {
        return getObligation(response, 1, getMapUserToPOSIXEnvironmentObligationIdentifier());
    }

    @Override // org.glite.authz.pep.profile.AuthorizationProfile
    public String getAttributeAssignmentUserId(Obligation obligation) throws ProfileException {
        String mapUserToPOSIXEnvironmentObligationIdentifier = getMapUserToPOSIXEnvironmentObligationIdentifier();
        if (!mapUserToPOSIXEnvironmentObligationIdentifier.equals(obligation.getId())) {
            throw new ProfileException("Obligation is not " + mapUserToPOSIXEnvironmentObligationIdentifier + " but " + obligation.getId());
        }
        List<AttributeAssignment> attributeAssignments = obligation.getAttributeAssignments();
        String userIdAttributeAssignmentIdentifier = getUserIdAttributeAssignmentIdentifier();
        for (AttributeAssignment attributeAssignment : attributeAssignments) {
            if (userIdAttributeAssignmentIdentifier.equals(attributeAssignment.getAttributeId())) {
                String safeTrimOrNullString = Strings.safeTrimOrNullString(attributeAssignment.getValue());
                if (safeTrimOrNullString == null) {
                    throw new ProfileException("Attribute assignment " + userIdAttributeAssignmentIdentifier + " found in obligation, but with an empty or null value");
                }
                return safeTrimOrNullString;
            }
        }
        throw new ProfileException("Mandatory attribute assignment " + userIdAttributeAssignmentIdentifier + " not found in obligation " + mapUserToPOSIXEnvironmentObligationIdentifier);
    }

    @Override // org.glite.authz.pep.profile.AuthorizationProfile
    public List<String> getAttributeAssignmentGroupIds(Obligation obligation) throws ProfileException {
        String mapUserToPOSIXEnvironmentObligationIdentifier = getMapUserToPOSIXEnvironmentObligationIdentifier();
        if (!mapUserToPOSIXEnvironmentObligationIdentifier.equals(obligation.getId())) {
            throw new ProfileException("Obligation is not " + mapUserToPOSIXEnvironmentObligationIdentifier);
        }
        ArrayList arrayList = new ArrayList();
        List<AttributeAssignment> attributeAssignments = obligation.getAttributeAssignments();
        String groupIdAttributeAssignmentIdentifier = getGroupIdAttributeAssignmentIdentifier();
        for (AttributeAssignment attributeAssignment : attributeAssignments) {
            if (groupIdAttributeAssignmentIdentifier.equals(attributeAssignment.getAttributeId())) {
                arrayList.add(attributeAssignment.getValue());
            }
        }
        return arrayList;
    }

    @Override // org.glite.authz.pep.profile.AuthorizationProfile
    public String getAttributeAssignmentPrimaryGroupId(Obligation obligation) throws ProfileException {
        String mapUserToPOSIXEnvironmentObligationIdentifier = getMapUserToPOSIXEnvironmentObligationIdentifier();
        if (!mapUserToPOSIXEnvironmentObligationIdentifier.equals(obligation.getId())) {
            throw new ProfileException("Obligation is not " + mapUserToPOSIXEnvironmentObligationIdentifier);
        }
        List<AttributeAssignment> attributeAssignments = obligation.getAttributeAssignments();
        String primaryGroupIdAttributeAssignmentIdentifier = getPrimaryGroupIdAttributeAssignmentIdentifier();
        for (AttributeAssignment attributeAssignment : attributeAssignments) {
            if (primaryGroupIdAttributeAssignmentIdentifier.equals(attributeAssignment.getAttributeId())) {
                return attributeAssignment.getValue();
            }
        }
        return null;
    }
}
