package eu.emi.emir.security;

import eu.emi.emir.client.util.Log;
import eu.emi.emir.pdp.RegistryPDP;
import eu.emi.emir.pdp.local.AcceptingPDP;
import eu.emi.emir.security.SecurityManager;
import eu.emi.emir.security.util.AttributeSourcesChain;
import eu.unicore.security.canl.AuthnAndTrustProperties;
import eu.unicore.security.canl.IAuthnAndTrustConfiguration;
import eu.unicore.util.configuration.ConfigurationException;
import eu.unicore.util.configuration.DocumentationReferenceMeta;
import eu.unicore.util.configuration.DocumentationReferencePrefix;
import eu.unicore.util.configuration.PropertiesHelper;
import eu.unicore.util.configuration.PropertyMD;
import java.lang.reflect.Constructor;
import java.util.HashMap;
import java.util.Map;
import java.util.Properties;
import org.apache.log4j.Logger;

/* loaded from: input_file:eu/emi/emir/security/ServerSecurityProperties.class */
public class ServerSecurityProperties extends DefaultServerSecurityConfiguration {
    public static final String SECURITY_PREFIX = "security.";

    @DocumentationReferencePrefix
    public static final String PREFIX = "emir.security.";
    public static final String PROP_SSL_ENABLED = "sslEnabled";
    public static final String PROP_CHECKACCESS = "accesscontrol";
    public static final String PROP_CHECKACCESS_PDP = "accesscontrol.pdp";
    public static final String PROP_CHECKACCESS_PDPCONFIG = "accesscontrol.pdpConfig";
    public static final String PROP_AIP_PREFIX = "attributes";
    public static final String PROP_AIP_ORDER = "attributes.order";
    private static final String PROP_AIP_COMBINING_POLICY = "attributes.combiningPolicy";
    public static final String PROP_CHECKACCESS_ACL = "accesscontrol.acl";
    private PropertiesHelper properties;
    private Properties source;
    private static final Logger logger = Log.getLogger("emir.security", ServerSecurityProperties.class);

    @DocumentationReferenceMeta
    public static final Map<String, PropertyMD> META = new HashMap();

    public ServerSecurityProperties(Properties properties) throws Exception {
        this(properties, null);
    }

    public ServerSecurityProperties(Properties properties, IAuthnAndTrustConfiguration iAuthnAndTrustConfiguration) throws Exception {
        if (properties.getProperty("emir.address").startsWith("https")) {
            setSslEnabled(true);
        }
        this.source = properties;
        this.properties = new PropertiesHelper(PREFIX, properties, META, logger);
        if (isSslEnabled()) {
            if (this.properties.getValue(PROP_CHECKACCESS_ACL) != null) {
                setAclAccessControlEnabled(true);
            }
            if (this.properties.getValue(PROP_CHECKACCESS_PDPCONFIG) != null) {
                setXACMLAccessControlEnabled(true);
            }
            if (this.properties.getValue(PROP_CHECKACCESS_ACL) != null && this.properties.getValue(PROP_CHECKACCESS_PDPCONFIG) != null) {
                setAclAccessControlEnabled(true);
                setXACMLAccessControlEnabled(false);
            } else if (this.properties.getValue(PROP_CHECKACCESS_ACL) == null && this.properties.getValue(PROP_CHECKACCESS_PDPCONFIG) == null) {
                Log.logException("Access control properties must be provided in the configuration file", new ConfigurationException(), logger);
            }
        }
        boolean isSslEnabled = isSslEnabled();
        boolean z = isSslEnabled() || isXACMLAccessControlEnabled() || isACLAccessControlEnabled();
        if (iAuthnAndTrustConfiguration == null) {
            iAuthnAndTrustConfiguration = new AuthnAndTrustProperties(properties, "emir.security.truststore.", "emir.security.credential.", !z, !isSslEnabled);
        }
        if (isSslEnabled()) {
            setValidator(iAuthnAndTrustConfiguration.getValidator());
            setCredential(iAuthnAndTrustConfiguration.getCredential());
            if (isXACMLAccessControlEnabled()) {
                setAip(createAttributeSource(properties));
                setPdp(createPDP(this.properties));
            }
            if (isACLAccessControlEnabled()) {
                setAclConfigurationFile(this.properties.getValue(PROP_CHECKACCESS_ACL));
            }
        }
    }

    public Properties getRawProperties() {
        return this.source;
    }

    private RegistryPDP createPDP(PropertiesHelper propertiesHelper) {
        if (!isXACMLAccessControlEnabled()) {
            return new AcceptingPDP();
        }
        if (propertiesHelper.isSet(PROP_CHECKACCESS_PDPCONFIG)) {
            setPdpConfigFile(propertiesHelper.getValue(PROP_CHECKACCESS_PDPCONFIG));
        }
        String value = propertiesHelper.getValue(PROP_CHECKACCESS_PDP);
        try {
            try {
                Constructor<?> constructor = Class.forName(value).getConstructor(String.class);
                logger.info("Using PDP class <" + value + ">");
                return (RegistryPDP) constructor.newInstance(getPdpConfigurationFile());
            } catch (Exception e) {
                throw new ConfigurationException("Can't create a PDP.", e);
            }
        } catch (ClassNotFoundException e2) {
            throw new ConfigurationException("Cannot load PDP class <" + value + ">: ", e2);
        }
    }

    private IAttributeSource createAttributeSource(Properties properties) throws Exception {
        String value = this.properties.getValue(PROP_AIP_ORDER);
        if (value == null) {
            logger.info("No attribute source is defined in the configuration, users won't have any authorisation attributes assigned");
            return new SecurityManager.NullAuthoriser();
        }
        logger.debug("Creating main attribute sources chain");
        AttributeSourcesChain attributeSourcesChain = new AttributeSourcesChain();
        attributeSourcesChain.setCombiningPolicy(this.properties.getValue(PROP_AIP_COMBINING_POLICY));
        attributeSourcesChain.setOrder(value);
        attributeSourcesChain.setProperties(properties);
        attributeSourcesChain.init(null);
        return attributeSourcesChain;
    }

    @Override // eu.emi.emir.security.DefaultServerSecurityConfiguration, eu.emi.emir.security.IServerSecurityConfiguration
    public boolean isAccessControlEnabled(String str) {
        return this.properties.getSubkeyBooleanValue(PROP_CHECKACCESS, str).booleanValue();
    }

    static {
        META.put(PROP_SSL_ENABLED, new PropertyMD("false").setDescription("Controls whether secure SSL mode is enabled.").setBoolean());
        META.put(PROP_CHECKACCESS, new PropertyMD("false").setDescription("Controls whether access checking (authorisation) is enabled."));
        META.put(PROP_CHECKACCESS_PDP, new PropertyMD("eu.emi.emir.pdp.local.LocalHerasafPDP").setDescription("Controls which Policy Decision Point (PDP, the authorisation engine) should be used."));
        META.put(PROP_CHECKACCESS_PDPCONFIG, new PropertyMD().setPath().setDescription("Path of the PDP configuration file"));
        META.put(PROP_AIP_ORDER, new PropertyMD("FILE").setDescription("Attribute sources in invocation order."));
        META.put(PROP_AIP_COMBINING_POLICY, new PropertyMD(AttributeSourcesChain.MergeLastOverrides.NAME).setDescription("What algorithm should be used for combining the attributes from multiple attribute sources (if more then one is defined)."));
        META.put(PROP_CHECKACCESS_ACL, new PropertyMD().setPath().setDescription("Path of the acl file. Enabling this would initiate ACL file based authorisation instead of XACML"));
        META.put(PROP_AIP_PREFIX, new PropertyMD().setCanHaveSubkeys().setDescription("blah blah prefix"));
        META.put("truststore.", new PropertyMD().setCanHaveSubkeys().setDescription("Properties with this prefix are used to configure container's trust settings and certificates validation. See separate documentation for details."));
        META.put("credential.", new PropertyMD().setCanHaveSubkeys().setDescription("Properties with this prefix are used to configure the credential used by the container. See separate documentation for details."));
    }
}
