package org.opensciencegrid.authz.xacml.client;

import java.rmi.RemoteException;
import java.util.Iterator;
import java.util.TreeSet;
import java.util.Vector;
import org.opensaml.xacml.ctx.ActionType;
import org.opensaml.xacml.ctx.DecisionType;
import org.opensaml.xacml.ctx.ResourceType;
import org.opensaml.xacml.ctx.ResultType;
import org.opensaml.xacml.ctx.StatusType;
import org.opensaml.xacml.ctx.SubjectType;
import org.opensaml.xacml.ctx.provider.BaseObligationHandler;
import org.opensaml.xacml.ctx.provider.ObligationProcessingContext;
import org.opensaml.xacml.ctx.provider.ObligationProcessingException;
import org.opensaml.xacml.ctx.provider.ObligationService;
import org.opensaml.xacml.policy.ObligationType;
import org.opensciencegrid.authz.xacml.common.LocalId;
import org.opensciencegrid.authz.xacml.common.XACMLConstants;
import org.opensciencegrid.authz.xacml.stubs.Response;

/* loaded from: input_file:org/opensciencegrid/authz/xacml/client/MapCredentialsClient.class */
public class MapCredentialsClient extends XACMLClient {
    public LocalId mapCredentials(String str) throws Exception {
        StatusType status;
        Response response = null;
        try {
            response = authorize(str);
        } catch (RemoteException e) {
        }
        ResultType result = convertToXACML(response).getResponse().getResult();
        if (result.getDecision().getDecision() == DecisionType.DECISION.Indeterminate && (status = result.getStatus()) != null && status.getStatusCode().getValue().equals("urn:oasis:names:tc:xacml:1.0:status:processing-error")) {
            throw new Exception("XACML server error: " + status.getStatusMessage().getValue());
        }
        ObligationProcessingContext obligationProcessingContext = new ObligationProcessingContext(result);
        ObligationService obligationService = new ObligationService();
        LocalIDObligationHandler localIDObligationHandler = new LocalIDObligationHandler();
        obligationService.addObligationhandler(localIDObligationHandler.getSubjectHandler());
        obligationService.addObligationhandler(localIDObligationHandler.getUIDGIDHandler());
        obligationService.addObligationhandler(localIDObligationHandler.getSecondaryGIDSHandler());
        TreeSet treeSet = new TreeSet();
        Iterator it = obligationService.getObligationHandlers().iterator();
        while (it.hasNext()) {
            treeSet.add(((BaseObligationHandler) it.next()).getObligationId());
        }
        for (ObligationType obligationType : obligationProcessingContext.getAuthorizationDecisionResult().getObligations().getObligations()) {
            if (!treeSet.contains(obligationType.getObligationId())) {
                throw new ObligationProcessingException("Unknown obligation in response: " + obligationType.getObligationId());
            }
        }
        try {
            obligationService.processObligations(obligationProcessingContext);
            return localIDObligationHandler.getLocalID();
        } catch (ObligationProcessingException e2) {
            logger.error("Exception in obligation handling " + e2.getMessage());
            throw e2;
        }
    }

    @Override // org.opensciencegrid.authz.xacml.client.XACMLClient
    Response authorize(String str) throws RemoteException {
        SubjectType subjectType = getSubjectType(null);
        ResourceType resourceType = getResourceType(null);
        ActionType actionType = getActionType(null);
        Vector vector = new Vector();
        vector.add(XACMLConstants.OBLIGATION_USERNAME);
        vector.add(XACMLConstants.OBLIGATION_UIDGID);
        vector.add(XACMLConstants.OBLIGATION_SECONDARY_GIDS);
        return authorize(subjectType, resourceType, actionType, getEnvironmentType((Vector<String>) vector, (String) null), str);
    }
}
