package org.wso2.carbon.identity.entitlement.pdp;

import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Properties;
import java.util.concurrent.ConcurrentHashMap;
import net.sf.jsr107cache.Cache;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.w3c.dom.Element;
import org.wso2.balana.PDP;
import org.wso2.balana.PDPConfig;
import org.wso2.balana.ParsingException;
import org.wso2.balana.ctx.AbstractRequestCtx;
import org.wso2.balana.ctx.RequestCtxFactory;
import org.wso2.balana.ctx.xacml2.RequestCtx;
import org.wso2.balana.finder.AttributeFinder;
import org.wso2.balana.finder.PolicyFinder;
import org.wso2.balana.finder.ResourceFinder;
import org.wso2.balana.finder.impl.CurrentEnvModule;
import org.wso2.balana.finder.impl.SelectorModule;
import org.wso2.carbon.caching.core.identity.IdentityCacheEntry;
import org.wso2.carbon.caching.core.identity.IdentityCacheKey;
import org.wso2.carbon.identity.base.IdentityException;
import org.wso2.carbon.identity.entitlement.EntitlementConstants;
import org.wso2.carbon.identity.entitlement.EntitlementUtil;
import org.wso2.carbon.identity.entitlement.internal.EntitlementServiceComponent;
import org.wso2.carbon.identity.entitlement.pip.CarbonAttributeFinder;
import org.wso2.carbon.identity.entitlement.pip.CarbonResourceFinder;
import org.wso2.carbon.identity.entitlement.pip.PIPExtension;
import org.wso2.carbon.identity.entitlement.policy.PolicyMetaDataFinder;
import org.wso2.carbon.identity.entitlement.policy.PolicyReader;
import org.wso2.carbon.identity.entitlement.policy.PolicyRequestBuilder;
import org.wso2.carbon.identity.entitlement.policy.PolicyResponseBuilder;
import org.wso2.carbon.identity.entitlement.policy.PolicyStore;
import org.wso2.carbon.identity.entitlement.policy.PolicyStoreReader;
import org.wso2.carbon.identity.entitlement.policy.finder.RegistryBasedPolicyFinder;
import org.wso2.carbon.identity.entitlement.policy.publisher.PolicyPublisher;
import org.wso2.carbon.registry.core.Registry;

/* loaded from: input_file:org/wso2/carbon/identity/entitlement/pdp/EntitlementEngine.class */
public class EntitlementEngine {
    private RegistryBasedPolicyFinder registryModule;
    private CarbonAttributeFinder carbonAttributeFinder;
    private CarbonResourceFinder carbonResourceFinder;
    private PolicyMetaDataFinder metaDataFinder;
    private PolicyPublisher policyPublisher;
    private PDP pdp;
    private PDPConfig pdpConfig;
    private int tenantId;
    private static volatile EntitlementEngine engine;
    private int pdpDecisionCachingInterval;
    private static final Object lock = new Object();
    private static ConcurrentHashMap<String, EntitlementEngine> entitlementEngines = new ConcurrentHashMap<>();
    private static Log log = LogFactory.getLog(EntitlementEngine.class);
    private int cacheClearingNode = 0;
    private Map<String, PolicyDecision> decisionCache = new ConcurrentHashMap();
    private Map<String, PolicyDecision> simpleDecisionCache = new ConcurrentHashMap();
    private Cache decisionClearingCache = EntitlementUtil.getCommonCache(EntitlementConstants.XACML_DECISION_CACHE);

    public static EntitlementEngine getInstance(Registry registry, int i) throws IdentityException {
        if (!entitlementEngines.containsKey(Integer.toString(i))) {
            entitlementEngines.put(Integer.toString(i), new EntitlementEngine(registry, i));
        }
        return entitlementEngines.get(Integer.toString(i));
    }

    private EntitlementEngine(Registry registry, int i) throws IdentityException {
        this.pdpDecisionCachingInterval = 60000;
        this.tenantId = i;
        PolicyFinder policyFinder = new PolicyFinder();
        this.registryModule = new RegistryBasedPolicyFinder(new PolicyStoreReader(new PolicyStore(registry)), i);
        HashSet hashSet = new HashSet();
        hashSet.add(this.registryModule);
        policyFinder.setModules(hashSet);
        ResourceFinder resourceFinder = new ResourceFinder();
        PolicyReader.getInstance(null, policyFinder);
        CurrentEnvModule currentEnvModule = new CurrentEnvModule();
        SelectorModule selectorModule = new SelectorModule();
        AttributeFinder attributeFinder = new AttributeFinder();
        ArrayList arrayList = new ArrayList();
        arrayList.add(currentEnvModule);
        arrayList.add(selectorModule);
        this.carbonAttributeFinder = new CarbonAttributeFinder(i);
        this.carbonAttributeFinder.init();
        arrayList.add(this.carbonAttributeFinder);
        attributeFinder.setModules(arrayList);
        this.carbonResourceFinder = new CarbonResourceFinder(i);
        this.carbonResourceFinder.init();
        this.metaDataFinder = new PolicyMetaDataFinder(i);
        this.metaDataFinder.init();
        this.policyPublisher = new PolicyPublisher(registry);
        this.policyPublisher.init();
        ArrayList arrayList2 = new ArrayList();
        arrayList2.add(this.carbonResourceFinder);
        resourceFinder.setModules(arrayList2);
        Properties cachingProperties = EntitlementServiceComponent.getEntitlementConfig().getCachingProperties();
        if ("true".equals(cachingProperties.getProperty(EntitlementConstants.DECISION_CACHING))) {
            String property = cachingProperties.getProperty(EntitlementConstants.DECISION_CACHING_INTERVAL);
            if (property != null) {
                this.pdpDecisionCachingInterval = Integer.parseInt(property);
            }
        } else {
            this.pdpDecisionCachingInterval = -1;
        }
        this.pdpConfig = new PDPConfig(attributeFinder, policyFinder, resourceFinder, true);
        this.pdp = new PDP(this.pdpConfig);
    }

    public String evaluate(Element element) throws ParsingException {
        RequestCtx requestCtx = RequestCtx.getInstance(element);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        ByteArrayOutputStream byteArrayOutputStream2 = new ByteArrayOutputStream();
        requestCtx.encode(byteArrayOutputStream2);
        String obj = byteArrayOutputStream2.toString();
        try {
            byteArrayOutputStream2.close();
        } catch (IOException e) {
            log.error("Error while closing out put stream of XACML request");
        }
        String fromCache = getFromCache(obj, false);
        if (fromCache != null) {
            return fromCache;
        }
        this.pdp.evaluate(requestCtx).encode(byteArrayOutputStream);
        String obj2 = byteArrayOutputStream.toString();
        try {
            byteArrayOutputStream.close();
        } catch (IOException e2) {
            log.error("Error while closing out put stream of XACML response");
        }
        addToCache(obj, obj2, false);
        return obj2;
    }

    public String evaluate(String str) throws IdentityException, ParsingException {
        String evaluate;
        String fromCache = getFromCache(str, false);
        if (fromCache != null) {
            return fromCache;
        }
        Map<PIPExtension, Properties> extensions = EntitlementServiceComponent.getEntitlementConfig().getExtensions();
        if (extensions == null || extensions.isEmpty()) {
            evaluate = this.pdp.evaluate(str);
        } else {
            PolicyRequestBuilder policyRequestBuilder = new PolicyRequestBuilder();
            PolicyResponseBuilder policyResponseBuilder = new PolicyResponseBuilder();
            AbstractRequestCtx requestCtx = RequestCtxFactory.getFactory().getRequestCtx(policyRequestBuilder.getXacmlRequest(str));
            Iterator<PIPExtension> it = extensions.keySet().iterator();
            while (it.hasNext()) {
                it.next().update(requestCtx);
            }
            evaluate = policyResponseBuilder.getXacmlResponse(this.pdp.evaluate(requestCtx));
        }
        addToCache(str, evaluate, false);
        return evaluate;
    }

    public String evaluate(String str, String str2, String str3, String str4) throws Exception {
        String str5 = (str != null ? str : "") + (str2 != null ? str2 : "") + (str3 != null ? str3 : "") + (str4 != null ? str4 : "");
        String fromCache = getFromCache(str5, true);
        if (fromCache != null) {
            return fromCache;
        }
        String evaluate = this.pdp.evaluate(EntitlementUtil.createSimpleXACMLRequest(str, str2, str3));
        addToCache(str5, evaluate, true);
        return evaluate;
    }

    public RegistryBasedPolicyFinder getRegistryModule() {
        return this.registryModule;
    }

    public CarbonAttributeFinder getCarbonAttributeFinder() {
        return this.carbonAttributeFinder;
    }

    public PolicyMetaDataFinder getMetaDataFinder() {
        return this.metaDataFinder;
    }

    public CarbonResourceFinder getCarbonResourceFinder() {
        return this.carbonResourceFinder;
    }

    public PDPConfig getPdpConfig() {
        return this.pdpConfig;
    }

    public PolicyPublisher getPolicyPublisher() {
        return this.policyPublisher;
    }

    private String getFromCache(String str, boolean z) {
        if (this.pdpDecisionCachingInterval <= 0) {
            if (!log.isDebugEnabled()) {
                return null;
            }
            log.debug("PDP Decision Caching Disabled");
            return null;
        }
        IdentityCacheEntry identityCacheEntry = (IdentityCacheEntry) this.decisionClearingCache.get(new IdentityCacheKey(this.tenantId, ""));
        if (identityCacheEntry != null && identityCacheEntry.getHashEntry() != this.cacheClearingNode) {
            this.decisionCache.clear();
            this.simpleDecisionCache.clear();
            if (log.isDebugEnabled()) {
                log.debug("Decision Cache is cleared for tenant " + this.tenantId);
            }
            this.cacheClearingNode = identityCacheEntry.getHashEntry();
            return null;
        }
        PolicyDecision policyDecision = z ? this.simpleDecisionCache.get(str) : this.decisionCache.get(str);
        if (policyDecision != null && policyDecision.getCachedTime() + this.pdpDecisionCachingInterval > Calendar.getInstance().getTimeInMillis()) {
            if (log.isDebugEnabled()) {
                log.debug("PDP Decision Cache Hit");
            }
            return policyDecision.getResponse();
        }
        if (log.isDebugEnabled()) {
            log.debug("PDP Decision Cache Miss");
        }
        if (z) {
            this.simpleDecisionCache.remove(str);
            return null;
        }
        this.decisionCache.remove(str);
        return null;
    }

    private void addToCache(String str, String str2, boolean z) {
        if (this.pdpDecisionCachingInterval <= 0) {
            if (log.isDebugEnabled()) {
                log.debug("PDP Decision Caching Disabled");
                return;
            }
            return;
        }
        PolicyDecision policyDecision = new PolicyDecision();
        policyDecision.setCachedTime(Calendar.getInstance().getTimeInMillis());
        policyDecision.setResponse(str2);
        if (z) {
            this.simpleDecisionCache.put(str, policyDecision);
        } else {
            this.decisionCache.put(str, policyDecision);
        }
        if (log.isDebugEnabled()) {
            log.debug("PDP Decision Cache Updated");
        }
    }

    public void clearDecisionCache(boolean z) {
        this.decisionCache.clear();
        this.simpleDecisionCache.clear();
        if (log.isDebugEnabled()) {
            log.debug("Decision Cache is cleared for tenant " + this.tenantId);
        }
        if (z) {
            IdentityCacheKey identityCacheKey = new IdentityCacheKey(this.tenantId, "");
            IdentityCacheEntry identityCacheEntry = (IdentityCacheEntry) this.decisionClearingCache.get(identityCacheKey);
            if (identityCacheEntry != null) {
                this.cacheClearingNode = identityCacheEntry.getHashEntry();
            }
            this.cacheClearingNode++;
            if (this.cacheClearingNode == Integer.MAX_VALUE) {
                this.cacheClearingNode = 0;
            }
            this.decisionClearingCache.put(identityCacheKey, new IdentityCacheEntry(this.cacheClearingNode));
        }
    }
}
