package org.owasp.appsensor.rpc.thrift;

import com.google.common.base.Strings;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import javax.inject.Inject;
import javax.inject.Named;
import org.apache.thrift.TException;
import org.dozer.DozerBeanMapperSingletonWrapper;
import org.dozer.Mapper;
import org.owasp.appsensor.core.AppSensorServer;
import org.owasp.appsensor.core.ClientApplication;
import org.owasp.appsensor.core.accesscontrol.Action;
import org.owasp.appsensor.core.accesscontrol.Context;
import org.owasp.appsensor.core.criteria.SearchCriteria;
import org.owasp.appsensor.core.logging.Loggable;
import org.owasp.appsensor.core.util.StringUtils;
import org.owasp.appsensor.rpc.thrift.generated.AppSensorApi;
import org.owasp.appsensor.rpc.thrift.generated.Attack;
import org.owasp.appsensor.rpc.thrift.generated.Event;
import org.owasp.appsensor.rpc.thrift.generated.NotAuthenticatedException;
import org.owasp.appsensor.rpc.thrift.generated.NotAuthorizedException;
import org.owasp.appsensor.rpc.thrift.generated.Response;
import org.slf4j.Logger;

@Loggable
@Named
/* loaded from: input_file:org/owasp/appsensor/rpc/thrift/AppSensorApiHandler.class */
public class AppSensorApiHandler implements AppSensorApi.Iface {
    private Logger logger;

    @Inject
    private AppSensorServer appSensorServer;
    private Mapper mapper = DozerBeanMapperSingletonWrapper.getInstance();

    public void addEvent(Event event, String str) throws NotAuthenticatedException, NotAuthorizedException, TException {
        authenticateAndAuthorize(str, Action.ADD_EVENT);
        try {
            org.owasp.appsensor.core.Event event2 = (org.owasp.appsensor.core.Event) this.mapper.map(event, org.owasp.appsensor.core.Event.class);
            event2.setDetectionSystemId(str);
            this.appSensorServer.getEventStore().addEvent(event2);
        } catch (Exception e) {
            this.logger.error("Could not complete event add.", e);
        }
    }

    public void addAttack(Attack attack, String str) throws NotAuthenticatedException, NotAuthorizedException, TException {
        authenticateAndAuthorize(str, Action.ADD_ATTACK);
        try {
            org.owasp.appsensor.core.Attack attack2 = (org.owasp.appsensor.core.Attack) this.mapper.map(attack, org.owasp.appsensor.core.Attack.class);
            attack2.setDetectionSystemId(str);
            this.appSensorServer.getAttackStore().addAttack(attack2);
        } catch (Exception e) {
            this.logger.error("Could not complete attack add.", e);
        }
    }

    public List<Response> getResponses(String str, String str2) throws NotAuthenticatedException, NotAuthorizedException, TException {
        authenticateAndAuthorize(str2, Action.GET_RESPONSES);
        Collection findResponses = this.appSensorServer.getResponseStore().findResponses(new SearchCriteria().setDetectionSystemIds(StringUtils.toCollection(str2)).setEarliest(str));
        ArrayList arrayList = new ArrayList();
        Iterator it = findResponses.iterator();
        while (it.hasNext()) {
            try {
                arrayList.add((Response) this.mapper.map((org.owasp.appsensor.core.Response) it.next(), Response.class));
            } catch (Exception e) {
                this.logger.error("Could not complete response get.", e);
            }
        }
        return arrayList;
    }

    protected void authenticateAndAuthorize(String str, Action action) throws NotAuthenticatedException, NotAuthorizedException {
        if (Strings.isNullOrEmpty(str)) {
            this.logger.warn("Authentication for client application failed with message: You must submit a client application name with the request.");
            throw new NotAuthenticatedException("You must submit a client application name with the request.");
        }
        ClientApplication findClientApplication = this.appSensorServer.getConfiguration().findClientApplication(str);
        if (findClientApplication == null) {
            this.logger.warn("Authentication for client application failed with message: Submitted client application name is not valid for this server.");
            throw new NotAuthenticatedException("Submitted client application name is not valid for this server.");
        }
        try {
            this.appSensorServer.getAccessController().assertAuthorized(findClientApplication, action, new Context());
        } catch (Exception e) {
        }
    }
}
