package org.owasp.appsensor.handler;

import java.util.Collection;
import java.util.List;
import java.util.Map;
import javax.annotation.PostConstruct;
import javax.annotation.Resource;
import javax.inject.Inject;
import javax.inject.Named;
import javax.jws.HandlerChain;
import javax.jws.WebMethod;
import javax.jws.WebService;
import javax.xml.ws.WebServiceContext;
import org.owasp.appsensor.core.AppSensorServer;
import org.owasp.appsensor.core.Attack;
import org.owasp.appsensor.core.Event;
import org.owasp.appsensor.core.Response;
import org.owasp.appsensor.core.accesscontrol.Action;
import org.owasp.appsensor.core.accesscontrol.Context;
import org.owasp.appsensor.core.criteria.SearchCriteria;
import org.owasp.appsensor.core.exceptions.NotAuthorizedException;
import org.owasp.appsensor.core.util.StringUtils;

@HandlerChain(file = "handler-chain.xml")
@WebService(portName = "SoapRequestHandlerPort", serviceName = "SoapRequestHandlerService", targetNamespace = "https://www.owasp.org/index.php/OWASP_AppSensor_Project/wsdl", endpointInterface = "org.owasp.appsensor.handler.SoapRequestHandler")
@Named
/* loaded from: input_file:org/owasp/appsensor/handler/ReferenceSoapRequestHandler.class */
public class ReferenceSoapRequestHandler implements SoapRequestHandler {

    @Resource
    private WebServiceContext wsContext;

    @Inject
    private AppSensorServer appSensorServer;

    @WebMethod
    public void addEvent(Event event) throws NotAuthorizedException {
        checkAuthorization(Action.ADD_EVENT);
        event.setDetectionSystemId(getClientApplicationName());
        this.appSensorServer.getEventStore().addEvent(event);
    }

    @WebMethod
    public void addAttack(Attack attack) throws NotAuthorizedException {
        checkAuthorization(Action.ADD_ATTACK);
        attack.setDetectionSystemId(getClientApplicationName());
        this.appSensorServer.getAttackStore().addAttack(attack);
    }

    @WebMethod
    public Collection<Response> getResponses(String str) throws NotAuthorizedException {
        checkAuthorization(Action.GET_RESPONSES);
        return this.appSensorServer.getResponseStore().findResponses(new SearchCriteria().setDetectionSystemIds(StringUtils.toCollection(getClientApplicationName())).setEarliest(str));
    }

    private void checkAuthorization(Action action) throws NotAuthorizedException {
        this.appSensorServer.getAccessController().assertAuthorized(this.appSensorServer.getConfiguration().findClientApplication((String) ((List) ((Map) this.wsContext.getMessageContext().get("javax.xml.ws.http.request.headers")).get("APPSENSOR_CLIENT_APPLICATION_IDENTIFIER_ATTR")).get(0)), action, new Context());
    }

    private String getClientApplicationName() {
        return (String) ((List) ((Map) this.wsContext.getMessageContext().get("javax.xml.ws.http.request.headers")).get("APPSENSOR_CLIENT_APPLICATION_IDENTIFIER_ATTR")).get(0);
    }

    @PostConstruct
    public void init() {
        ClientApplicationIdentificationHandler.setAppSensorServer(this.appSensorServer);
    }
}
