package org.wso2.carbon.identity.entitlement.policy.finder;

import com.sun.xacml.AbstractPolicy;
import com.sun.xacml.EvaluationCtx;
import com.sun.xacml.MatchResult;
import com.sun.xacml.PolicyMetaData;
import com.sun.xacml.VersionConstraints;
import com.sun.xacml.combine.DenyOverridesPolicyAlg;
import com.sun.xacml.combine.FirstApplicablePolicyAlg;
import com.sun.xacml.combine.OnlyOneApplicablePolicyAlg;
import com.sun.xacml.combine.OrderedDenyOverridesPolicyAlg;
import com.sun.xacml.combine.OrderedPermitOverridesPolicyAlg;
import com.sun.xacml.combine.PermitOverridesPolicyAlg;
import com.sun.xacml.combine.PolicyCombiningAlgorithm;
import com.sun.xacml.finder.PolicyFinder;
import com.sun.xacml.finder.PolicyFinderModule;
import com.sun.xacml.finder.PolicyFinderResult;
import java.io.File;
import java.net.URI;
import java.util.ArrayList;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.caching.core.BaseCache;
import org.wso2.carbon.caching.core.entitlementpolicy.EntitlementPolicyCache;
import org.wso2.carbon.caching.core.entitlementpolicy.EntitlementPolicyCacheEntry;
import org.wso2.carbon.caching.core.entitlementpolicy.EntitlementPolicyCacheKey;
import org.wso2.carbon.identity.base.IdentityException;
import org.wso2.carbon.identity.core.util.IdentityUtil;
import org.wso2.carbon.identity.entitlement.EntitlementConstants;
import org.wso2.carbon.identity.entitlement.EntitlementException;
import org.wso2.carbon.identity.entitlement.policy.PolicyCollection;
import org.wso2.carbon.identity.entitlement.policy.PolicyStoreReader;
import org.wso2.carbon.identity.entitlement.policy.PolicyTarget;

/* loaded from: input_file:org/wso2/carbon/identity/entitlement/policy/finder/RegistryBasedPolicyFinder.class */
public class RegistryBasedPolicyFinder extends PolicyFinderModule {
    private static final String DENY_OVERRIDE = "urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:deny-overrides";
    private static final String PERMIT_OVERRIDE = "urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:permit-overrides";
    private static final String FIRST_APPLICABLE = "urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:first-applicable";
    private static final String ONLY_ONE_APPLICABLE = "urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:only-one-applicable";
    private static final String ORDERED_DENY_OVERRIDE = "urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:ordered-deny-overrides";
    private static final String ORDERED_PERMIT_OVERRIDE = "urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:ordered-permit-overrides";
    private static final String DEFAULT_POLICY_COMBINING_ALGO = "deny-overrides";
    private static final String POLICY_COMBINING_ALGO = "urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:";
    private PolicyStoreReader policyReader;
    private PolicyCollection policies;
    private File schemaFile;
    private EntitlementPolicyCacheKey cacheKey;
    private PolicyTarget[] policyTargets;
    private int hashOfPolicyCollection;
    private String globalPolicyCombiningAlgorithm;
    private static BaseCache entitlementPolicyCache = EntitlementPolicyCache.getInstance();
    private static Log log = LogFactory.getLog(RegistryBasedPolicyFinder.class);

    public RegistryBasedPolicyFinder(PolicyStoreReader policyStoreReader, int i) {
        this.schemaFile = null;
        this.policyReader = policyStoreReader;
        this.cacheKey = new EntitlementPolicyCacheKey(i);
        String property = System.getProperty(PolicyStoreReader.POLICY_SCHEMA_PROPERTY);
        if (property != null) {
            this.schemaFile = new File(property);
        }
    }

    public RegistryBasedPolicyFinder(PolicyStoreReader policyStoreReader, int i, String str) {
        this.schemaFile = null;
        this.policyReader = policyStoreReader;
        this.cacheKey = new EntitlementPolicyCacheKey(i);
        if (str != null) {
            this.schemaFile = new File(str);
        }
    }

    public boolean isIdReferenceSupported() {
        return true;
    }

    public boolean isRequestSupported() {
        return true;
    }

    public void init(PolicyFinder policyFinder) {
        AbstractPolicy[] abstractPolicyArr = null;
        try {
            this.globalPolicyCombiningAlgorithm = findPolicyCombiningAlgorithm();
            if (this.globalPolicyCombiningAlgorithm == null) {
                this.globalPolicyCombiningAlgorithm = DEFAULT_POLICY_COMBINING_ALGO;
            }
            PolicyCombiningAlgorithm policyCombiningAlgorithm = getPolicyCombiningAlgorithm(this.globalPolicyCombiningAlgorithm);
            if ("true".equals(IdentityUtil.getProperty(EntitlementConstants.ON_DEMAND_POLICY_LOADING))) {
                this.policyTargets = this.policyReader.readTargets();
                int i = 100;
                String property = IdentityUtil.getProperty(EntitlementConstants.MAX_POLICY_ENTRIES);
                if (property != null && !"".equals(property)) {
                    i = Integer.parseInt(property);
                }
                this.policies = new PolicyCollection(policyCombiningAlgorithm, i);
            } else {
                abstractPolicyArr = this.policyReader.readPolicies();
                this.policies = new PolicyCollection(policyCombiningAlgorithm);
            }
            if (log.isDebugEnabled()) {
                log.debug("Global XACML policy combining algorithm used " + this.globalPolicyCombiningAlgorithm);
            }
            if (abstractPolicyArr != null) {
                for (AbstractPolicy abstractPolicy : abstractPolicyArr) {
                    if (!this.policies.addPolicy(abstractPolicy) && log.isWarnEnabled()) {
                        log.warn(" Trying to load the same policy multiple times: " + abstractPolicy.getId());
                    }
                }
            }
        } catch (Exception e) {
            log.error("Error while initializing RegistryBasedPolicyFinder", e);
        }
        this.hashOfPolicyCollection = this.policies.hashCode();
        entitlementPolicyCache.addToCache(this.cacheKey, new EntitlementPolicyCacheEntry(this.policies.hashCode()));
    }

    public PolicyFinderResult findPolicy(URI uri, int i, VersionConstraints versionConstraints, PolicyMetaData policyMetaData) {
        EntitlementPolicyCacheEntry valueFromCache = entitlementPolicyCache.getValueFromCache(this.cacheKey);
        if (valueFromCache == null) {
            entitlementPolicyCache.addToCache(this.cacheKey, new EntitlementPolicyCacheEntry(this.hashOfPolicyCollection));
        } else if (valueFromCache.getEntitlementPolicyCacheEntry() != this.hashOfPolicyCollection) {
            init(new PolicyFinder());
        }
        AbstractPolicy policy = this.policies.getPolicy(uri.toString(), i, versionConstraints);
        return policy == null ? new PolicyFinderResult() : new PolicyFinderResult(policy);
    }

    public PolicyFinderResult findPolicy(EvaluationCtx evaluationCtx) {
        try {
            EntitlementPolicyCacheEntry valueFromCache = entitlementPolicyCache.getValueFromCache(this.cacheKey);
            if (valueFromCache == null) {
                entitlementPolicyCache.addToCache(this.cacheKey, new EntitlementPolicyCacheEntry(this.hashOfPolicyCollection));
            } else if (valueFromCache.getEntitlementPolicyCacheEntry() != this.hashOfPolicyCollection) {
                init(new PolicyFinder());
            }
            AbstractPolicy findPolicyUsingTarget = "true".equals(IdentityUtil.getProperty(EntitlementConstants.ON_DEMAND_POLICY_LOADING)) ? findPolicyUsingTarget(evaluationCtx) : this.policies.getPolicy(evaluationCtx);
            return findPolicyUsingTarget == null ? new PolicyFinderResult() : new PolicyFinderResult(findPolicyUsingTarget);
        } catch (EntitlementException e) {
            return new PolicyFinderResult(e.getStatus());
        }
    }

    private AbstractPolicy findPolicyUsingTarget(EvaluationCtx evaluationCtx) throws EntitlementException {
        ArrayList<AbstractPolicy> arrayList = new ArrayList<>();
        for (PolicyTarget policyTarget : this.policyTargets) {
            MatchResult match = policyTarget.getTarget().match(evaluationCtx);
            int result = match.getResult();
            if (result == 2) {
                log.error("Error occurred while processing the XACML policy " + policyTarget.getPolicyId());
                throw new EntitlementException(match.getStatus());
            }
            if (result == 0) {
                AbstractPolicy policy = this.policies.getPolicy(policyTarget.getPolicyId());
                if (policy != null) {
                    arrayList.add(policy);
                } else {
                    try {
                        policy = this.policyReader.readPolicy(policyTarget.getPolicyId());
                    } catch (IdentityException e) {
                        log.error("Error occurred while reading XACML Policy " + policyTarget.getPolicyId());
                    }
                    this.policies.addPolicy(policy);
                    arrayList.add(policy);
                }
                if (log.isDebugEnabled()) {
                    log.debug("Matching XACML policy found " + policyTarget.getPolicyId());
                }
            }
        }
        return this.policies.getPolicy(arrayList);
    }

    private PolicyCombiningAlgorithm getPolicyCombiningAlgorithm(String str) throws IdentityException {
        if (FIRST_APPLICABLE.equals(POLICY_COMBINING_ALGO + str)) {
            return new FirstApplicablePolicyAlg();
        }
        if (DENY_OVERRIDE.equals(POLICY_COMBINING_ALGO + str)) {
            return new DenyOverridesPolicyAlg();
        }
        if (PERMIT_OVERRIDE.equals(POLICY_COMBINING_ALGO + str)) {
            return new PermitOverridesPolicyAlg();
        }
        if (ONLY_ONE_APPLICABLE.equals(POLICY_COMBINING_ALGO + str)) {
            return new OnlyOneApplicablePolicyAlg();
        }
        if (ORDERED_DENY_OVERRIDE.equals(POLICY_COMBINING_ALGO + str)) {
            return new OrderedDenyOverridesPolicyAlg();
        }
        if (ORDERED_PERMIT_OVERRIDE.equals(POLICY_COMBINING_ALGO + str)) {
            return new OrderedPermitOverridesPolicyAlg();
        }
        throw new IdentityException("Unsupported policy algorithm " + str);
    }

    public String findPolicyCombiningAlgorithm() {
        try {
            return this.policyReader.readPolicyCombiningAlgorithm();
        } catch (IdentityException e) {
            log.warn("Error occurs while finding policy combining algorithm");
            return null;
        }
    }

    public String getGlobalPolicyCombiningAlgorithm() {
        return this.globalPolicyCombiningAlgorithm;
    }
}
