package org.glite.authz.pep.client;

import com.caucho.hessian.io.HessianInput;
import com.caucho.hessian.io.HessianOutput;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.util.List;
import org.apache.commons.httpclient.HttpClient;
import org.apache.commons.httpclient.methods.PostMethod;
import org.apache.commons.httpclient.methods.StringRequestEntity;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.glite.authz.common.model.Request;
import org.glite.authz.common.model.Response;
import org.glite.authz.common.model.Result;
import org.glite.authz.common.util.Base64;
import org.glite.authz.pep.client.config.PEPClientConfiguration;
import org.glite.authz.pep.client.http.HttpClientBuilder;
import org.glite.authz.pep.client.http.TLSProtocolSocketFactory;
import org.glite.authz.pep.obligation.ObligationHandler;
import org.glite.authz.pep.obligation.ObligationProcessingException;
import org.glite.authz.pep.pip.PIPProcessingException;
import org.glite.authz.pep.pip.PolicyInformationPoint;

/* loaded from: input_file:org/glite/authz/pep/client/PEPClient.class */
public class PEPClient {
    private final Log log = LogFactory.getLog(PEPClient.class);
    private List<PolicyInformationPoint> pips_;
    private List<ObligationHandler> obligationHandlers_;
    private List<String> pepdEndpoints_;
    private HttpClient httpClient_;

    public PEPClient(PEPClientConfiguration pEPClientConfiguration) throws PEPClientException {
        this.pips_ = null;
        this.obligationHandlers_ = null;
        this.pepdEndpoints_ = null;
        this.httpClient_ = null;
        HttpClientBuilder httpClientBuilder = new HttpClientBuilder();
        httpClientBuilder.setConnectionTimeout(pEPClientConfiguration.getConnectionTimeout());
        httpClientBuilder.setMaxConnectionsPerHost(pEPClientConfiguration.getMaxConnectionsPerHost());
        httpClientBuilder.setMaxTotalConnections(pEPClientConfiguration.getMaxTotalConnections());
        if (pEPClientConfiguration.getTrustManager() != null) {
            httpClientBuilder.setHttpsProtocolSocketFactory(new TLSProtocolSocketFactory(pEPClientConfiguration.getKeyManager(), pEPClientConfiguration.getTrustManager()));
        }
        this.httpClient_ = httpClientBuilder.buildClient();
        this.pepdEndpoints_ = pEPClientConfiguration.getPEPDaemonEndpoints();
        if (this.pepdEndpoints_.isEmpty()) {
            throw new PEPClientException("Configuration doesn't contain any PEP daemon endpoint URL");
        }
        this.pips_ = pEPClientConfiguration.getPolicyInformationPoints();
        this.obligationHandlers_ = pEPClientConfiguration.getObligationHandlers();
    }

    public Response authorize(Request request) throws PEPClientException {
        Response response = null;
        try {
            runPolicyInformationPoints(request);
            for (String str : this.pepdEndpoints_) {
                try {
                    response = performRequest(str, request);
                    break;
                } catch (PEPClientException e) {
                    this.log.warn("request failed for PEP daemon " + str, e);
                }
            }
            if (response == null) {
                String str2 = "No PEP daemon(s) " + this.pepdEndpoints_ + " was able to process the request";
                this.log.error(str2);
                throw new PEPClientException(str2);
            }
            try {
                runObligationHandlers(request, response);
                return response;
            } catch (ObligationProcessingException e2) {
                throw new PEPClientException("ObligationHandler processing failure", e2);
            }
        } catch (PIPProcessingException e3) {
            throw new PEPClientException("PIP processing failure", e3);
        }
    }

    protected Response performRequest(String str, Request request) throws PEPClientException {
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            HessianOutput hessianOutput = new HessianOutput(byteArrayOutputStream);
            hessianOutput.writeObject(request);
            hessianOutput.flush();
            String encodeBytes = Base64.encodeBytes(byteArrayOutputStream.toByteArray());
            PostMethod postMethod = new PostMethod(str);
            try {
                postMethod.setRequestEntity(new StringRequestEntity(encodeBytes, "application/octet-stream", "UTF-8"));
                try {
                    try {
                        this.httpClient_.executeMethod(postMethod);
                        if (postMethod.getStatusCode() != 200) {
                            String str2 = postMethod.getStatusCode() + " status code response from the PEP daemon " + str;
                            this.log.error(str2);
                            throw new PEPClientException(str2);
                        }
                        try {
                            return (Response) new HessianInput(new Base64.InputStream(postMethod.getResponseBodyAsStream())).readObject(Response.class);
                        } catch (IOException e) {
                            this.log.error("Unable to deserialize response object", e);
                            throw new PEPClientException("Unable to deserialize response object", e);
                        }
                    } catch (IOException e2) {
                        this.log.error("Unable to read response from PEP daemon " + str, e2);
                        throw new PEPClientException("Unable to read response from PEP daemon " + str, e2);
                    }
                } finally {
                    this.log.debug("release connection");
                    postMethod.releaseConnection();
                }
            } catch (UnsupportedEncodingException e3) {
                throw new PEPClientException(e3);
            }
        } catch (IOException e4) {
            this.log.error("Unable to serialize request object", e4);
            throw new PEPClientException("Unable to serialize request object", e4);
        }
    }

    protected void runPolicyInformationPoints(Request request) throws PIPProcessingException {
        for (PolicyInformationPoint policyInformationPoint : this.pips_) {
            if (this.log.isDebugEnabled()) {
                this.log.debug("applying PIP " + policyInformationPoint.getId());
            }
            boolean populateRequest = policyInformationPoint.populateRequest(request);
            if (this.log.isErrorEnabled()) {
                this.log.debug("PIP " + policyInformationPoint.getId() + " applied: " + populateRequest);
            }
        }
    }

    protected void runObligationHandlers(Request request, Response response) throws ObligationProcessingException {
        if (response == null) {
            return;
        }
        for (Result result : response.getResults()) {
            for (ObligationHandler obligationHandler : this.obligationHandlers_) {
                if (this.log.isDebugEnabled()) {
                    this.log.debug("applying OH " + obligationHandler.getObligationId());
                }
                boolean evaluateObligation = obligationHandler.evaluateObligation(request, result);
                if (this.log.isDebugEnabled()) {
                    this.log.debug("OH " + obligationHandler.getObligationId() + " applied: " + evaluateObligation);
                }
            }
        }
    }
}
