package com.mobi.security.policy.rest;

import com.fasterxml.jackson.databind.node.ArrayNode;
import com.mobi.exception.MobiException;
import com.mobi.jaas.api.engines.EngineManager;
import com.mobi.rest.util.ErrorUtils;
import com.mobi.rest.util.RestUtils;
import com.mobi.security.policy.api.PDP;
import com.mobi.security.policy.api.Request;
import io.swagger.v3.oas.annotations.Operation;
import io.swagger.v3.oas.annotations.Parameter;
import io.swagger.v3.oas.annotations.responses.ApiResponse;
import java.util.Arrays;
import java.util.List;
import java.util.Map;
import java.util.stream.Collectors;
import javax.annotation.security.RolesAllowed;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.Consumes;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Response;
import net.sf.json.JSONObject;
import org.apache.commons.lang3.StringUtils;
import org.eclipse.rdf4j.model.IRI;
import org.eclipse.rdf4j.model.ValueFactory;
import org.eclipse.rdf4j.model.impl.SimpleValueFactory;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Reference;
import org.osgi.service.jaxrs.whiteboard.propertytypes.JaxrsResource;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Path("/pep")
@JaxrsResource
@Component(service = {PolicyEnforcementRest.class}, immediate = true)
/* loaded from: input_file:com/mobi/security/policy/rest/PolicyEnforcementRest.class */
public class PolicyEnforcementRest {
    private PDP pdp;
    private EngineManager engineManager;
    private final Logger log = LoggerFactory.getLogger(PolicyEnforcementRest.class);
    private final ValueFactory vf = SimpleValueFactory.getInstance();

    @Reference
    void setPdp(PDP pdp) {
        this.pdp = pdp;
    }

    @Reference
    void setEngineManager(EngineManager engineManager) {
        this.engineManager = engineManager;
    }

    @Consumes({"application/json"})
    @Operation(tags = {"pep"}, summary = "Converts user provided request into XACML and evaluates", responses = {@ApiResponse(responseCode = "200", description = "the decision of the XACML request evaluation"), @ApiResponse(responseCode = "400", description = "BAD REQUEST"), @ApiResponse(responseCode = "500", description = "INTERNAL SERVER ERROR")})
    @POST
    @Produces({"text/plain"})
    @RolesAllowed({"user"})
    public Response evaluateRequest(@Context HttpServletRequest httpServletRequest, @Parameter(description = "A JSON object containing XACML required fields", required = true) String str) {
        this.log.debug("Authorizing...");
        long currentTimeMillis = System.currentTimeMillis();
        try {
            JSONObject fromObject = JSONObject.fromObject(str);
            IRI iri = (IRI) RestUtils.optActiveUser(httpServletRequest, this.engineManager).map((v0) -> {
                return v0.getResource();
            }).orElse(this.vf.createIRI("http://mobi.com/users/anon"));
            String optString = fromObject.optString("actionId");
            String optString2 = fromObject.optString("resourceId");
            if (StringUtils.isEmpty(optString) || StringUtils.isEmpty(optString2)) {
                throw ErrorUtils.sendError("ID is required.", Response.Status.BAD_REQUEST);
            }
            IRI createIRI = this.vf.createIRI(optString);
            IRI createIRI2 = this.vf.createIRI(optString2);
            Request createRequest = this.pdp.createRequest(Arrays.asList(iri), (Map) fromObject.getJSONObject("subjectAttrs").entrySet().stream().collect(Collectors.toMap(entry -> {
                return (String) entry.getKey();
            }, entry2 -> {
                return this.vf.createLiteral((String) entry2.getValue());
            })), Arrays.asList(createIRI2), (Map) fromObject.getJSONObject("resourceAttrs").entrySet().stream().collect(Collectors.toMap(entry3 -> {
                return (String) entry3.getKey();
            }, entry4 -> {
                return this.vf.createLiteral((String) entry4.getValue());
            })), Arrays.asList(createIRI), (Map) fromObject.getJSONObject("actionAttrs").entrySet().stream().collect(Collectors.toMap(entry5 -> {
                return (String) entry5.getKey();
            }, entry6 -> {
                return this.vf.createLiteral((String) entry6.getValue());
            })));
            this.log.debug(createRequest.toString());
            com.mobi.security.policy.api.Response evaluate = this.pdp.evaluate(createRequest, this.vf.createIRI("urn:oasis:names:tc:xacml:3.0:policy-combining-algorithm:permit-overrides"));
            this.log.debug(evaluate.toString());
            this.log.debug(String.format("Request Evaluated. %dms", Long.valueOf(System.currentTimeMillis() - currentTimeMillis)));
            return Response.ok(evaluate.getDecision().toString()).build();
        } catch (IllegalArgumentException | MobiException e) {
            throw ErrorUtils.sendError("Request could not be evaluated", Response.Status.INTERNAL_SERVER_ERROR);
        }
    }

    @Path("/multiDecisionRequest")
    @Consumes({"application/json"})
    @Operation(tags = {"pep"}, summary = "Converts user provided requests into XACML and evaluates", responses = {@ApiResponse(responseCode = "200", description = "the XACML Responses for the corresponding XACML requests"), @ApiResponse(responseCode = "400", description = "BAD REQUEST"), @ApiResponse(responseCode = "500", description = "INTERNAL SERVER ERROR")})
    @POST
    @Produces({"text/plain"})
    @RolesAllowed({"user"})
    public Response evaluateMultiDecisionRequest(@Context HttpServletRequest httpServletRequest, @Parameter(description = "A JSON object with XACML required fields", required = true) String str) {
        this.log.debug("Authorizing...");
        long currentTimeMillis = System.currentTimeMillis();
        try {
            JSONObject fromObject = JSONObject.fromObject(str);
            IRI iri = (IRI) RestUtils.optActiveUser(httpServletRequest, this.engineManager).map((v0) -> {
                return v0.getResource();
            }).orElse(this.vf.createIRI("http://mobi.com/users/anon"));
            List list = (List) Arrays.stream(fromObject.optJSONArray("actionId").stream().toArray()).map((v0) -> {
                return v0.toString();
            }).map(str2 -> {
                return this.vf.createIRI(str2);
            }).collect(Collectors.toList());
            List list2 = (List) Arrays.stream(fromObject.optJSONArray("resourceId").stream().toArray()).map((v0) -> {
                return v0.toString();
            }).map(str3 -> {
                return this.vf.createIRI(str3);
            }).collect(Collectors.toList());
            if (list2.size() > 1 && list.size() > 1) {
                throw ErrorUtils.sendError("Only one field may have more than one value.", Response.Status.BAD_REQUEST);
            }
            Request createRequest = this.pdp.createRequest(Arrays.asList(iri), (Map) fromObject.getJSONObject("subjectAttrs").entrySet().stream().collect(Collectors.toMap(entry -> {
                return (String) entry.getKey();
            }, entry2 -> {
                return this.vf.createLiteral((String) entry2.getValue());
            })), list2, (Map) fromObject.getJSONObject("resourceAttrs").entrySet().stream().collect(Collectors.toMap(entry3 -> {
                return (String) entry3.getKey();
            }, entry4 -> {
                return this.vf.createLiteral((String) entry4.getValue());
            })), list, (Map) fromObject.getJSONObject("actionAttrs").entrySet().stream().collect(Collectors.toMap(entry5 -> {
                return (String) entry5.getKey();
            }, entry6 -> {
                return this.vf.createLiteral((String) entry6.getValue());
            })));
            this.log.debug(createRequest.toString());
            ArrayNode evaluateMultiResponse = this.pdp.evaluateMultiResponse(createRequest, this.vf.createIRI("urn:oasis:names:tc:xacml:3.0:policy-combining-algorithm:permit-overrides"));
            this.log.debug(evaluateMultiResponse.toString());
            this.log.debug(String.format("Request Evaluated. %dms", Long.valueOf(System.currentTimeMillis() - currentTimeMillis)));
            return Response.ok(evaluateMultiResponse.toString()).build();
        } catch (IllegalArgumentException | MobiException e) {
            throw ErrorUtils.sendError("Request could not be evaluated", Response.Status.INTERNAL_SERVER_ERROR);
        }
    }

    private String getMessageOrDefault(com.mobi.security.policy.api.Response response, String str) {
        return StringUtils.isEmpty(response.getStatusMessage()) ? str : response.getStatusMessage();
    }
}
