package org.ow2.petals.jbi.messaging.routing.module;

import java.io.IOException;
import java.net.URISyntaxException;
import java.net.URL;
import java.security.Principal;
import java.util.ArrayList;
import java.util.Map;
import java.util.Set;
import javax.jbi.messaging.ExchangeStatus;
import javax.jbi.messaging.MessageExchange;
import javax.security.auth.Subject;
import org.objectweb.fractal.api.NoSuchInterfaceException;
import org.objectweb.fractal.api.control.BindingController;
import org.objectweb.fractal.api.control.IllegalBindingException;
import org.objectweb.fractal.api.control.IllegalLifeCycleException;
import org.objectweb.fractal.api.control.LifeCycleController;
import org.objectweb.fractal.fraclet.annotation.annotations.FractalComponent;
import org.objectweb.fractal.fraclet.annotation.annotations.Interface;
import org.objectweb.fractal.fraclet.annotation.annotations.LifeCycle;
import org.objectweb.fractal.fraclet.annotation.annotations.Provides;
import org.objectweb.fractal.fraclet.annotation.annotations.type.LifeCycleType;
import org.objectweb.util.monolog.api.BasicLevel;
import org.objectweb.util.monolog.api.Logger;
import org.objectweb.util.monolog.api.LoggerFactory;
import org.ow2.petals.jaas.GroupPrincipal;
import org.ow2.petals.jbi.component.context.ComponentContext;
import org.ow2.petals.jbi.messaging.endpoint.ServiceEndpoint;
import org.ow2.petals.jbi.messaging.exchange.MessageExchangeDecorator;
import org.ow2.petals.jbi.messaging.exchange.MessageExchangeImpl;
import org.ow2.petals.jbi.messaging.routing.RoutingException;
import org.ow2.petals.jbi.security.AuthorizationException;
import org.ow2.petals.jbi.security.AuthorizationMap;
import org.ow2.petals.jbi.security.DefaultAuthorizationMap;
import org.ow2.petals.jbi.security.DefaultAuthorizationParser;
import org.ow2.petals.transport.util.TransportSendContext;
import org.ow2.petals.util.LoggingUtil;

@FractalComponent
@Provides(interfaces = {@Interface(name = "service", signature = SenderModule.class)})
/* loaded from: input_file:org/ow2/petals/jbi/messaging/routing/module/AuthorizationModule.class */
public class AuthorizationModule implements BindingController, LifeCycleController, SenderModule {
    private LoggerFactory loggerFactory;
    protected LoggingUtil log;
    protected Logger logger;
    public static final String CONFIGURATION = "authorization.cfg";
    private AuthorizationMap authorizationMap;

    public Logger getLogger() {
        return this.logger;
    }

    public void setLogger(Logger logger) {
        this.logger = logger;
    }

    public LoggerFactory getLoggerFactory() {
        return this.loggerFactory;
    }

    public String getFcState() {
        return null;
    }

    public void setLoggerFactory(LoggerFactory loggerFactory) {
        this.loggerFactory = loggerFactory;
        this.logger = getLoggerFactory().getLogger("logger");
    }

    public void startFc() throws IllegalLifeCycleException {
        try {
            start();
        } catch (Exception e) {
            throw new IllegalLifeCycleException(e.getMessage());
        }
    }

    @LifeCycle(on = LifeCycleType.START)
    protected void start() throws IOException, URISyntaxException, AuthorizationException {
        this.log = new LoggingUtil(this.logger);
        this.log.call();
        URL resource = getClass().getResource("/authorization.cfg");
        if (resource == null) {
            IOException iOException = new IOException("Can not load the authorization resource from classpath");
            this.log.error("Failed to start Authorization Module", iOException);
            throw iOException;
        }
        try {
            this.authorizationMap = new DefaultAuthorizationParser(resource.toURI()).parse();
            if (this.authorizationMap == null) {
                this.authorizationMap = new DefaultAuthorizationMap(new ArrayList(0));
            }
        } catch (URISyntaxException e) {
            this.log.error("Failed to start Authorization Module", e);
            throw e;
        } catch (AuthorizationException e2) {
            this.log.error("Failed to start Authorization Module", e2);
            throw e2;
        }
    }

    public void stopFc() throws IllegalLifeCycleException {
        try {
            stop();
        } catch (Exception e) {
            throw new IllegalLifeCycleException(e.getMessage());
        }
    }

    @LifeCycle(on = LifeCycleType.STOP)
    protected void stop() throws RoutingException {
        this.log.call();
    }

    @Override // org.ow2.petals.jbi.messaging.routing.module.SenderModule
    public void electEndpoints(Map<ServiceEndpoint, TransportSendContext> map, ComponentContext componentContext, MessageExchangeDecorator messageExchangeDecorator) throws RoutingException {
        authorizeSend(messageExchangeDecorator);
    }

    protected void authorizeSend(MessageExchangeDecorator messageExchangeDecorator) throws RoutingException {
        javax.jbi.servicedesc.ServiceEndpoint endpoint;
        if (messageExchangeDecorator.getRole() != MessageExchange.Role.PROVIDER || messageExchangeDecorator.getStatus() == ExchangeStatus.DONE || (endpoint = messageExchangeDecorator.getEndpoint()) == null) {
            return;
        }
        Set<Principal> accessControlList = this.authorizationMap.getAccessControlList(endpoint, messageExchangeDecorator.getOperation());
        if (this.logger.isLoggable(BasicLevel.DEBUG)) {
            for (Principal principal : accessControlList) {
                this.log.debug("Server defined ACL for operation : " + messageExchangeDecorator.getOperation().toString());
                this.log.debug(String.valueOf(principal.getName()) + "(" + principal.getClass().getName() + ")");
            }
        }
        if (accessControlList.contains(GroupPrincipal.ALL)) {
            return;
        }
        Subject securitySubject = messageExchangeDecorator.getMessage(MessageExchangeImpl.IN_MSG).getSecuritySubject();
        if (securitySubject == null) {
            throw new SecurityException("User not authenticated (security subject is null)");
        }
        accessControlList.retainAll(securitySubject.getPrincipals());
        this.log.debug("ACLS size after retain is : " + accessControlList.size());
        if (accessControlList.size() == 0) {
            throw new SecurityException("Endpoint '" + endpoint.getEndpointName() + "' / Operation '" + messageExchangeDecorator.getOperation() + "' is not authorized for this user");
        }
    }

    public void bindFc(String str, Object obj) throws NoSuchInterfaceException, IllegalBindingException, IllegalLifeCycleException {
        if (str.equals("logger")) {
            this.logger = (Logger) obj;
        } else {
            if (!str.equals("logger-factory")) {
                throw new NoSuchInterfaceException("Client interface '" + str + "' is undefined.");
            }
            setLoggerFactory((LoggerFactory) obj);
        }
    }

    public String[] listFc() {
        return (String[]) new ArrayList().toArray(new String[0]);
    }

    public Object lookupFc(String str) throws NoSuchInterfaceException {
        throw new NoSuchInterfaceException("Client interface '" + str + "' is undefined.");
    }

    public void unbindFc(String str) throws NoSuchInterfaceException, IllegalBindingException, IllegalLifeCycleException {
        throw new NoSuchInterfaceException("Client interface '" + str + "' is undefined.");
    }
}
