package org.apache.airavata.api.server.security.xacml;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.rmi.RemoteException;
import java.util.Map;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import org.apache.airavata.model.security.AuthzToken;
import org.apache.airavata.security.AiravataSecurityException;
import org.apache.axis2.AxisFault;
import org.apache.axis2.context.ConfigurationContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.wso2.carbon.identity.entitlement.stub.EntitlementServiceException;
import org.wso2.carbon.identity.entitlement.stub.EntitlementServiceStub;
import org.wso2.carbon.utils.CarbonUtils;
import org.xml.sax.SAXException;

/* loaded from: input_file:org/apache/airavata/api/server/security/xacml/DefaultXACMLPEP.class */
public class DefaultXACMLPEP {
    private static final Logger logger = LoggerFactory.getLogger(DefaultXACMLPEP.class);
    private EntitlementServiceStub entitlementServiceStub;

    public DefaultXACMLPEP(String str, String str2, String str3, ConfigurationContext configurationContext) throws AiravataSecurityException {
        try {
            this.entitlementServiceStub = new EntitlementServiceStub(configurationContext, str + "EntitlementService");
            CarbonUtils.setBasicAccessSecurityHeaders(str2, str3, true, this.entitlementServiceStub._getServiceClient());
        } catch (AxisFault e) {
            logger.error(e.getMessage(), e);
            throw new AiravataSecurityException("Error initializing XACML PEP client.");
        }
    }

    public boolean getAuthorizationDecision(AuthzToken authzToken, Map<String, String> map) throws AiravataSecurityException {
        try {
            String parseDecisionString = parseDecisionString(this.entitlementServiceStub.getDecisionByAttributes((String) authzToken.getClaimsMap().get("userName"), (String) null, "/airavata/" + map.get("api.method.name"), (String[]) null));
            if ("Permit".equals(parseDecisionString)) {
                return true;
            }
            logger.error("Authorization decision is: " + parseDecisionString);
            return false;
        } catch (RemoteException e) {
            logger.error(e.getMessage(), e);
            throw new AiravataSecurityException("Error in authorizing the user.");
        } catch (EntitlementServiceException e2) {
            logger.error(e2.getMessage(), e2);
            throw new AiravataSecurityException("Error in authorizing the user.");
        }
    }

    private String parseDecisionString(String str) throws AiravataSecurityException {
        try {
            DocumentBuilderFactory newInstance = DocumentBuilderFactory.newInstance();
            return newInstance.newDocumentBuilder().parse(new ByteArrayInputStream(str.getBytes("UTF-8"))).getDocumentElement().getFirstChild().getFirstChild().getTextContent();
        } catch (UnsupportedEncodingException e) {
            logger.error(e.getMessage(), e);
            throw new AiravataSecurityException("Error in parsing XACML authorization response.");
        } catch (IOException e2) {
            logger.error("Error in parsing XACML authorization response.");
            throw new AiravataSecurityException("Error in parsing XACML authorization response.");
        } catch (ParserConfigurationException e3) {
            logger.error(e3.getMessage(), e3);
            throw new AiravataSecurityException("Error in parsing XACML authorization response.");
        } catch (SAXException e4) {
            logger.error(e4.getMessage(), e4);
            throw new AiravataSecurityException("Error in parsing XACML authorization response.");
        }
    }
}
