package org.wso2.carbon.identity.entitlement.pdp;

import java.io.File;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Properties;
import java.util.concurrent.ConcurrentHashMap;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.balana.Balana;
import org.wso2.balana.PDP;
import org.wso2.balana.PDPConfig;
import org.wso2.balana.ParsingException;
import org.wso2.balana.ctx.AbstractRequestCtx;
import org.wso2.balana.ctx.RequestCtxFactory;
import org.wso2.balana.ctx.ResponseCtx;
import org.wso2.balana.finder.PolicyFinder;
import org.wso2.balana.finder.impl.CurrentEnvModule;
import org.wso2.balana.finder.impl.SelectorModule;
import org.wso2.carbon.context.CarbonContext;
import org.wso2.carbon.identity.base.IdentityException;
import org.wso2.carbon.identity.entitlement.EntitlementConstants;
import org.wso2.carbon.identity.entitlement.EntitlementUtil;
import org.wso2.carbon.identity.entitlement.cache.DecisionCache;
import org.wso2.carbon.identity.entitlement.internal.EntitlementServiceComponent;
import org.wso2.carbon.identity.entitlement.pap.PolicyEditorDataFinder;
import org.wso2.carbon.identity.entitlement.pap.store.PAPPolicyFinder;
import org.wso2.carbon.identity.entitlement.pap.store.PAPPolicyStore;
import org.wso2.carbon.identity.entitlement.pap.store.PAPPolicyStoreReader;
import org.wso2.carbon.identity.entitlement.pip.CarbonAttributeFinder;
import org.wso2.carbon.identity.entitlement.pip.CarbonResourceFinder;
import org.wso2.carbon.identity.entitlement.pip.PIPExtension;
import org.wso2.carbon.identity.entitlement.policy.PolicyRequestBuilder;
import org.wso2.carbon.identity.entitlement.policy.PolicyResponseBuilder;
import org.wso2.carbon.identity.entitlement.policy.PolicyStoreManager;
import org.wso2.carbon.identity.entitlement.policy.finder.CarbonPolicyFinder;
import org.wso2.carbon.identity.entitlement.policy.publisher.PolicyPublisher;
import org.wso2.carbon.utils.CarbonUtils;

/* loaded from: input_file:org/wso2/carbon/identity/entitlement/pdp/EntitlementEngine.class */
public class EntitlementEngine {
    private PolicyFinder papPolicyFinder;
    private CarbonAttributeFinder carbonAttributeFinder;
    private CarbonResourceFinder carbonResourceFinder;
    private PolicyEditorDataFinder metaDataFinder;
    private PolicyPublisher policyPublisher;
    private PolicyFinder carbonPolicyFinder;
    private PolicyStoreManager policyStoreManager;
    private PDP pdp;
    private PDP pdpTest;
    private Balana balana;
    private int tenantId;
    private static volatile EntitlementEngine engine;
    private int pdpDecisionCachingInterval;
    private Map<String, PolicyDecision> decisionCache = new ConcurrentHashMap();
    private Map<String, PolicyDecision> simpleDecisionCache = new ConcurrentHashMap();
    private DecisionCache decisionClearingCache = DecisionCache.getInstance();
    private static final Object lock = new Object();
    private static ConcurrentHashMap<String, EntitlementEngine> entitlementEngines = new ConcurrentHashMap<>();
    private static Log log = LogFactory.getLog(EntitlementEngine.class);

    public static EntitlementEngine getInstance() {
        int tenantId = CarbonContext.getCurrentContext().getTenantId();
        if (!entitlementEngines.containsKey(Integer.toString(tenantId))) {
            entitlementEngines.put(Integer.toString(tenantId), new EntitlementEngine(tenantId));
        }
        return entitlementEngines.get(Integer.toString(tenantId));
    }

    private EntitlementEngine(int i) {
        this.pdpDecisionCachingInterval = 60000;
        boolean parseBoolean = Boolean.parseBoolean((String) EntitlementServiceComponent.getEntitlementConfig().getEngineProperties().get(EntitlementConstants.PDP_ENABLE));
        boolean parseBoolean2 = Boolean.parseBoolean((String) EntitlementServiceComponent.getEntitlementConfig().getEngineProperties().get(EntitlementConstants.PAP_ENABLE));
        if (!parseBoolean2 && !parseBoolean) {
            parseBoolean2 = true;
        }
        if (Boolean.parseBoolean((String) EntitlementServiceComponent.getEntitlementConfig().getEngineProperties().get(EntitlementConstants.BALANA_CONFIG_ENABLE))) {
            System.setProperty("org.wso2.balana.PDPConfigFile", CarbonUtils.getCarbonConfigDirPath() + File.separator + "security" + File.separator + "balana-config.xml");
        }
        this.balana = Balana.getInstance();
        setUpAttributeFinders();
        setUpResourceFinders();
        this.tenantId = i;
        this.metaDataFinder = new PolicyEditorDataFinder(i);
        this.metaDataFinder.init();
        this.policyPublisher = new PolicyPublisher(EntitlementServiceComponent.getGovernanceRegistry(i));
        this.policyPublisher.init();
        this.policyStoreManager = new PolicyStoreManager();
        Properties engineProperties = EntitlementServiceComponent.getEntitlementConfig().getEngineProperties();
        String property = engineProperties.getProperty(EntitlementConstants.DECISION_CACHING);
        if (property == null || !"true".equals(property.trim())) {
            this.pdpDecisionCachingInterval = -1;
        } else {
            String property2 = engineProperties.getProperty(EntitlementConstants.DECISION_CACHING_INTERVAL);
            if (property2 != null) {
                this.pdpDecisionCachingInterval = Integer.parseInt(property2.trim());
            }
        }
        this.decisionClearingCache.addToCache(1);
        if (parseBoolean2) {
            PolicyFinder policyFinder = new PolicyFinder();
            HashSet hashSet = new HashSet();
            hashSet.add(new PAPPolicyFinder(new PAPPolicyStoreReader(new PAPPolicyStore())));
            policyFinder.setModules(hashSet);
            this.papPolicyFinder = policyFinder;
            this.pdpTest = new PDP(new PDPConfig(this.balana.getPdpConfig().getAttributeFinder(), policyFinder, this.balana.getPdpConfig().getResourceFinder(), true));
        }
        if (parseBoolean) {
            HashSet hashSet2 = new HashSet();
            hashSet2.add(new CarbonPolicyFinder());
            this.balana.getPdpConfig().getPolicyFinder().setModules(hashSet2);
            this.carbonPolicyFinder = this.balana.getPdpConfig().getPolicyFinder();
            this.pdp = new PDP(this.balana.getPdpConfig());
        }
    }

    public String test(String str) {
        if (log.isDebugEnabled()) {
            log.debug("XACML Request : " + str);
        }
        String evaluate = this.pdpTest.evaluate(str);
        if (log.isDebugEnabled()) {
            log.debug("XACML Response : " + evaluate);
        }
        return evaluate;
    }

    public String evaluate(String str) throws IdentityException, ParsingException {
        String evaluate;
        if (log.isDebugEnabled()) {
            log.debug("XACML Request : " + str);
        }
        String fromCache = getFromCache(str, false);
        if (fromCache != null) {
            return fromCache;
        }
        Map<PIPExtension, Properties> extensions = EntitlementServiceComponent.getEntitlementConfig().getExtensions();
        if (extensions == null || extensions.isEmpty()) {
            evaluate = this.pdp.evaluate(str);
        } else {
            PolicyRequestBuilder policyRequestBuilder = new PolicyRequestBuilder();
            PolicyResponseBuilder policyResponseBuilder = new PolicyResponseBuilder();
            AbstractRequestCtx requestCtx = RequestCtxFactory.getFactory().getRequestCtx(policyRequestBuilder.getXacmlRequest(str));
            Iterator<PIPExtension> it = extensions.keySet().iterator();
            while (it.hasNext()) {
                it.next().update(requestCtx);
            }
            evaluate = policyResponseBuilder.getXacmlResponse(this.pdp.evaluate(requestCtx));
        }
        addToCache(str, evaluate, false);
        if (log.isDebugEnabled()) {
            log.debug("XACML Response : " + evaluate);
        }
        return evaluate;
    }

    public ResponseCtx evaluateByContext(AbstractRequestCtx abstractRequestCtx) {
        return this.pdp.evaluate(abstractRequestCtx);
    }

    public String evaluate(String str, String str2, String str3, String str4) throws Exception {
        String str5 = (str != null ? str : "") + (str2 != null ? str2 : "") + (str3 != null ? str3 : "") + (str4 != null ? str4 : "");
        String fromCache = getFromCache(str5, true);
        if (fromCache != null) {
            return fromCache;
        }
        String createSimpleXACMLRequest = EntitlementUtil.createSimpleXACMLRequest(str, str2, str3);
        if (log.isDebugEnabled()) {
            log.debug("XACML Request : " + createSimpleXACMLRequest);
        }
        String evaluate = this.pdp.evaluate(createSimpleXACMLRequest);
        addToCache(str5, evaluate, true);
        if (log.isDebugEnabled()) {
            log.debug("XACML Response : " + evaluate);
        }
        return evaluate;
    }

    public PolicyFinder getPapPolicyFinder() {
        return this.papPolicyFinder;
    }

    public CarbonAttributeFinder getCarbonAttributeFinder() {
        return this.carbonAttributeFinder;
    }

    public PolicyEditorDataFinder getMetaDataFinder() {
        return this.metaDataFinder;
    }

    public CarbonResourceFinder getCarbonResourceFinder() {
        return this.carbonResourceFinder;
    }

    public PolicyFinder getCarbonPolicyFinder() {
        return this.carbonPolicyFinder;
    }

    public PolicyPublisher getPolicyPublisher() {
        return this.policyPublisher;
    }

    public PolicyStoreManager getPolicyStoreManager() {
        return this.policyStoreManager;
    }

    private String getFromCache(String str, boolean z) {
        if (this.pdpDecisionCachingInterval <= 0) {
            if (!log.isDebugEnabled()) {
                return null;
            }
            log.debug("PDP Decision Caching Disabled");
            return null;
        }
        if (this.decisionClearingCache.getFromCache() == 0) {
            clearDecisionCache(false);
            if (!log.isDebugEnabled()) {
                return null;
            }
            log.debug("Invalidation cache message is received. Decision Cache is cleared for tenant " + this.tenantId);
            return null;
        }
        PolicyDecision policyDecision = z ? this.simpleDecisionCache.get(str) : this.decisionCache.get(str);
        if (policyDecision != null && policyDecision.getCachedTime() + this.pdpDecisionCachingInterval > Calendar.getInstance().getTimeInMillis()) {
            if (log.isDebugEnabled()) {
                log.debug("PDP Decision Cache Hit for tenant " + this.tenantId);
            }
            return policyDecision.getResponse();
        }
        if (log.isDebugEnabled()) {
            log.debug("PDP Decision Cache Miss for tenant " + this.tenantId);
        }
        if (z) {
            this.simpleDecisionCache.remove(str);
            return null;
        }
        this.decisionCache.remove(str);
        return null;
    }

    private void addToCache(String str, String str2, boolean z) {
        if (this.pdpDecisionCachingInterval <= 0) {
            if (log.isDebugEnabled()) {
                log.debug("PDP Decision Caching Disabled");
                return;
            }
            return;
        }
        PolicyDecision policyDecision = new PolicyDecision();
        policyDecision.setCachedTime(Calendar.getInstance().getTimeInMillis());
        policyDecision.setResponse(str2);
        if (z) {
            this.simpleDecisionCache.put(str, policyDecision);
        } else {
            this.decisionCache.put(str, policyDecision);
        }
        if (log.isDebugEnabled()) {
            log.debug("PDP Decision Cache Updated for tenantId " + this.tenantId);
        }
    }

    public void clearDecisionCache(boolean z) {
        this.decisionCache.clear();
        this.simpleDecisionCache.clear();
        this.decisionClearingCache.addToCache(1);
        if (z) {
            this.decisionClearingCache.invalidateCache();
            if (log.isDebugEnabled()) {
                log.debug("Invalidation decision cache of is called for tenant " + this.tenantId);
            }
        }
    }

    private void setUpAttributeFinders() {
        ArrayList arrayList = new ArrayList();
        this.carbonAttributeFinder = new CarbonAttributeFinder(this.tenantId);
        this.carbonAttributeFinder.init();
        CurrentEnvModule currentEnvModule = new CurrentEnvModule();
        SelectorModule selectorModule = new SelectorModule();
        arrayList.add(this.carbonAttributeFinder);
        arrayList.add(currentEnvModule);
        arrayList.add(selectorModule);
        this.balana.getPdpConfig().getAttributeFinder().setModules(arrayList);
    }

    private void setUpResourceFinders() {
        ArrayList arrayList = new ArrayList();
        this.carbonResourceFinder = new CarbonResourceFinder(this.tenantId);
        this.carbonResourceFinder.init();
        arrayList.add(this.carbonResourceFinder);
        this.balana.getPdpConfig().getResourceFinder().setModules(arrayList);
    }

    public int getPdpDecisionCachingInterval() {
        return this.pdpDecisionCachingInterval;
    }
}
