package org.eclipse.scada.sec.authz.signature;

import java.util.HashMap;
import java.util.concurrent.ScheduledExecutorService;
import java.util.concurrent.ScheduledFuture;
import java.util.concurrent.TimeUnit;
import javax.script.SimpleScriptContext;
import org.eclipse.scada.sec.AuthenticationImplementation;
import org.eclipse.scada.sec.AuthorizationResult;
import org.eclipse.scada.sec.audit.AuditLogService;
import org.eclipse.scada.sec.authz.AuthorizationContext;
import org.eclipse.scada.sec.authz.AuthorizationRule;
import org.eclipse.scada.sec.authz.signature.RequestValidator;
import org.eclipse.scada.sec.callback.Callback;
import org.eclipse.scada.sec.callback.Callbacks;
import org.eclipse.scada.sec.callback.XMLSignatureCallback;
import org.eclipse.scada.utils.concurrent.InstantErrorFuture;
import org.eclipse.scada.utils.concurrent.NotifyFuture;
import org.eclipse.scada.utils.concurrent.TransformResultFuture;
import org.eclipse.scada.utils.script.ScriptExecutor;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Document;

/* loaded from: input_file:org/eclipse/scada/sec/authz/signature/RequestSignatureRuleImpl.class */
public class RequestSignatureRuleImpl implements AuthorizationRule {
    private static final Logger logger = LoggerFactory.getLogger(RequestSignatureRuleImpl.class);
    private final SignatureRequestBuilder builder;
    private final RequestValidator validator;
    private final AuditLogService auditLogService;
    private final boolean indent;
    private final ScriptExecutor postProcessor;
    private final AuthenticationImplementation authenticator;
    private ScheduledFuture<?> job;
    private final X509KeySelector keySelector;

    public RequestSignatureRuleImpl(ScheduledExecutorService scheduledExecutorService, SignatureRequestBuilder signatureRequestBuilder, RequestValidator requestValidator, X509KeySelector x509KeySelector, AuditLogService auditLogService, boolean z, ScriptExecutor scriptExecutor, AuthenticationImplementation authenticationImplementation, int i) {
        this.builder = signatureRequestBuilder;
        this.validator = requestValidator;
        this.auditLogService = auditLogService;
        this.indent = z;
        this.postProcessor = scriptExecutor;
        this.authenticator = authenticationImplementation;
        this.keySelector = x509KeySelector;
        if (i > 0) {
            logger.debug("Starting reload job: {} ms", Integer.valueOf(i));
            this.job = scheduledExecutorService.scheduleWithFixedDelay(new Runnable() { // from class: org.eclipse.scada.sec.authz.signature.RequestSignatureRuleImpl.1
                @Override // java.lang.Runnable
                public void run() {
                    RequestSignatureRuleImpl.this.reload();
                }
            }, 0L, i, TimeUnit.MILLISECONDS);
        } else {
            logger.debug("Reloading once");
            reload();
        }
    }

    protected void reload() {
        logger.debug("Reloading");
        this.keySelector.reload();
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v0 */
    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r0v5 */
    public void dispose() {
        ?? r0 = this;
        synchronized (r0) {
            ScheduledFuture<?> scheduledFuture = this.job;
            this.job = null;
            r0 = r0;
            if (scheduledFuture != null) {
                logger.debug("Cancelling reload job");
                scheduledFuture.cancel(true);
            }
        }
    }

    public NotifyFuture<AuthorizationResult> authorize(final AuthorizationContext authorizationContext) {
        final Document buildFromRequest = this.builder.buildFromRequest(authorizationContext.getRequest());
        try {
            return new TransformResultFuture<Callback[], AuthorizationResult>(Callbacks.callback(authorizationContext.getCallbackHandler(), new XMLSignatureCallback(this.builder.toString(buildFromRequest, this.indent)))) { // from class: org.eclipse.scada.sec.authz.signature.RequestSignatureRuleImpl.2
                /* JADX INFO: Access modifiers changed from: protected */
                public AuthorizationResult transform(Callback[] callbackArr) throws Exception {
                    return RequestSignatureRuleImpl.this.validateCallback(authorizationContext, buildFromRequest, (XMLSignatureCallback) callbackArr[0]);
                }
            };
        } catch (Exception e) {
            return new InstantErrorFuture(e);
        }
    }

    protected AuthorizationResult validateCallback(AuthorizationContext authorizationContext, Document document, XMLSignatureCallback xMLSignatureCallback) {
        if (xMLSignatureCallback.isCanceled() || xMLSignatureCallback.getSignedDocument() == null) {
            return AuthorizationResult.createReject(StatusCodes.VERIFY_NO_SIGNATURE, "No signature data found");
        }
        try {
            Document fromString = this.builder.fromString(xMLSignatureCallback.getSignedDocument());
            RequestValidator.Result validate = this.validator.validate(fromString);
            String signatureRequestBuilder = this.builder.toString(fromString, true);
            if (!validate.isValid()) {
                authorizationContext.getContext().put("failedSignature", signatureRequestBuilder);
                this.auditLogService.info("Validation failed:\n{}", new Object[]{signatureRequestBuilder});
                return AuthorizationResult.createReject(StatusCodes.VERIFY_SIGNATURE_INVALID, "Signature is not valid");
            }
            try {
                this.builder.compare(document, fromString);
                authorizationContext.getContext().put("xmlsig.signatureString", signatureRequestBuilder);
                authorizationContext.getContext().put("xmlsig.signature", validate.getSignature());
                authorizationContext.getContext().put("xmlsig.keySelectorResult", validate.getKeySelectorResult());
                if (validate.getKeySelectorResult() instanceof X509KeySelectorResult) {
                    authorizationContext.getContext().put("xmlsig.x509Certificate", ((X509KeySelectorResult) validate.getKeySelectorResult()).getCertificate());
                }
                postProcess(authorizationContext, validate);
                return null;
            } catch (Exception e) {
                authorizationContext.getContext().put("failedSignature", signatureRequestBuilder);
                this.auditLogService.info("Requests don't match\n\tOriginal: {}\n\tSigned: {}", new Object[]{this.builder.toString(document, true), this.builder.toString(fromString, true)});
                return AuthorizationResult.createReject(e);
            }
        } catch (Exception e2) {
            this.auditLogService.info("Failed to validate", e2, new Object[0]);
            return AuthorizationResult.createReject(e2);
        }
    }

    private void postProcess(AuthorizationContext authorizationContext, RequestValidator.Result result) throws Exception {
        if (this.postProcessor == null) {
            return;
        }
        logger.debug("Running post processor");
        SimpleScriptContext simpleScriptContext = new SimpleScriptContext();
        HashMap hashMap = new HashMap();
        hashMap.put("authorizationContext", authorizationContext);
        hashMap.put("authenticator", this.authenticator);
        this.postProcessor.execute(simpleScriptContext, hashMap);
    }
}
