package org.n52.security.service.pdp.xacml.policyfinder;

import com.sun.xacml.EvaluationCtx;
import com.sun.xacml.MatchResult;
import com.sun.xacml.ParsingException;
import com.sun.xacml.Policy;
import com.sun.xacml.PolicySet;
import com.sun.xacml.Rule;
import com.sun.xacml.Target;
import com.sun.xacml.TargetMatch;
import com.sun.xacml.UnknownIdentifierException;
import com.sun.xacml.attr.AttributeDesignator;
import com.sun.xacml.attr.AttributeFactory;
import com.sun.xacml.attr.AttributeValue;
import com.sun.xacml.attr.DateTimeAttribute;
import com.sun.xacml.attr.StringAttribute;
import com.sun.xacml.combine.FirstApplicablePolicyAlg;
import com.sun.xacml.combine.FirstApplicableRuleAlg;
import com.sun.xacml.cond.Apply;
import com.sun.xacml.ctx.Status;
import com.sun.xacml.finder.PolicyFinder;
import com.sun.xacml.finder.PolicyFinderModule;
import com.sun.xacml.finder.PolicyFinderResult;
import java.io.UnsupportedEncodingException;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URLEncoder;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.n52.security.service.pdp.simplepermission.Attribute;
import org.n52.security.service.pdp.simplepermission.Obligation;
import org.n52.security.service.pdp.simplepermission.Permission;
import org.n52.security.service.pdp.simplepermission.PermissionSet;
import org.n52.security.service.pdp.simplepermission.SimplePermissionProvider;
import org.n52.security.service.pdp.simplepermission.TargetValue;
import org.n52.security.service.pdp.xacml.attributes.AnyXMLAttributeProxy;
import org.n52.security.service.pdp.xacml.functions.URLEqualsWildcardFunction;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/n52/security/service/pdp/xacml/policyfinder/SimplePermissionsPolicyFinderModule.class */
public class SimplePermissionsPolicyFinderModule extends PolicyFinderModule {
    private static final Logger LOG = LoggerFactory.getLogger(URLEqualsWildcardFunction.class);
    private static final boolean LOG_IS_DEBUG = LOG.isDebugEnabled();
    private static final URI m_ruleId = URI.create("urn:52n:security:simplepermissions:rule:permit");
    private static final URI m_stringType = URI.create("http://www.w3.org/2001/XMLSchema#string");
    private static final URI m_resourceAttributeId = URI.create("urn:oasis:names:tc:xacml:1.0:resource:resource-id");
    private static final URI m_actionAttributeId = URI.create("urn:oasis:names:tc:xacml:1.0:action:action-id");
    private static final URI DATATYPE_URI_ANY = URI.create(AnyXMLAttributeProxy.TYPEURI_ANY);
    private final AttributeDesignator m_resourceDesignator = new AttributeDesignator(1, m_stringType, m_resourceAttributeId, true);
    private final AttributeDesignator m_actionDesignator = new AttributeDesignator(2, m_stringType, m_actionAttributeId, true);
    private SimplePermissionProvider m_provider;
    private PolicyFinder m_policyFinder;
    private List m_policySets;

    public void init(PolicyFinder policyFinder) {
        this.m_policyFinder = policyFinder;
        this.m_policySets = new ArrayList();
        Iterator it = this.m_provider.getPermissionSets().iterator();
        while (it.hasNext()) {
            this.m_policySets.add(buildXACMLPolicySet((PermissionSet) it.next()));
        }
    }

    public String getIdentifier() {
        return getClass().getName();
    }

    public PolicyFinderResult findPolicy(EvaluationCtx evaluationCtx) {
        PolicyFinderResult policyFinderResult = null;
        if (LOG_IS_DEBUG) {
            LOG.debug("Looking for matching policy set");
        }
        for (PolicySet policySet : this.m_policySets) {
            if (LOG_IS_DEBUG) {
                LOG.debug("Trying to match policy set '" + policySet.getId() + "'");
            }
            MatchResult match = policySet.match(evaluationCtx);
            switch (match.getResult()) {
                case 0:
                    if (policyFinderResult != null) {
                        return new PolicyFinderResult(new Status(Collections.singletonList("urn:oasis:names:tc:xacml:1.0:status:processing-error"), "too many applicable top-level policies"));
                    }
                    policyFinderResult = new PolicyFinderResult(policySet);
                    break;
                case 2:
                    return new PolicyFinderResult(match.getStatus());
            }
        }
        if (policyFinderResult == null) {
            return new PolicyFinderResult(new Status(Collections.singletonList("urn:oasis:names:tc:xacml:1.0:status:processing-error"), "no matching policy found"));
        }
        if (LOG.isInfoEnabled()) {
            LOG.info("Found matching policy set '" + policyFinderResult.getPolicy().getId() + "'");
        }
        return policyFinderResult;
    }

    public boolean isRequestSupported() {
        return true;
    }

    public SimplePermissionProvider getProvider() {
        return this.m_provider;
    }

    public void setProvider(SimplePermissionProvider simplePermissionProvider) {
        this.m_provider = simplePermissionProvider;
    }

    private PolicySet buildXACMLPolicySet(PermissionSet permissionSet) {
        URI makeUri = makeUri("urn:52n:security:simplepermissions:permissionset:name:", permissionSet.getName());
        ArrayList arrayList = new ArrayList();
        Iterator it = permissionSet.getSubPermissions().iterator();
        while (it.hasNext()) {
            arrayList.add(buildXACMLPolicy((Permission) it.next()));
        }
        return new PolicySet(makeUri, new FirstApplicablePolicyAlg(), getTarget(permissionSet), arrayList);
    }

    private Policy buildXACMLPolicy(Permission permission) {
        URI makeUri = makeUri("urn:52n:security:simplepermissions:permission:name:", permission.getName());
        Target target = getTarget(permission);
        Rule rule = new Rule(m_ruleId, 0, (String) null, (Target) null, (Apply) null);
        ArrayList arrayList = new ArrayList(1);
        arrayList.add(rule);
        HashSet hashSet = new HashSet();
        hashSet.addAll(getObligations(permission));
        return new Policy(makeUri, new FirstApplicableRuleAlg(), "", target, "http://www.w3.org/TR/1999/Rec-xpath-19991116", arrayList, hashSet);
    }

    private List makeSeparateTargetElements(List list) {
        ArrayList arrayList = new ArrayList(list.size());
        Iterator it = list.iterator();
        while (it.hasNext()) {
            arrayList.add(Collections.singletonList(it.next()));
        }
        return arrayList;
    }

    private URI makeUri(String str) {
        try {
            return new URI(str);
        } catch (URISyntaxException e) {
            throw new RuntimeException("Could not create policy id uri from " + str);
        }
    }

    private URI makeUri(String str, String str2) {
        try {
            return makeUri(str + URLEncoder.encode(str2, "UTF-8"));
        } catch (UnsupportedEncodingException e) {
            throw new RuntimeException(e);
        }
    }

    private List getObligations(Permission permission) {
        ArrayList arrayList = new ArrayList();
        for (Obligation obligation : permission.getObligations()) {
            URI makeUri = makeUri(obligation.getName());
            List<Attribute> attributes = obligation.getAttributes();
            ArrayList arrayList2 = new ArrayList();
            for (Attribute attribute : attributes) {
                try {
                    arrayList2.add(new com.sun.xacml.ctx.Attribute(makeUri(attribute.getName()), (String) null, (DateTimeAttribute) null, AttributeFactory.getInstance().createValue(attribute.getTypeURI(), attribute.getValue().toString())));
                } catch (ParsingException e) {
                    throw new RuntimeException("");
                } catch (UnknownIdentifierException e2) {
                    throw new RuntimeException("");
                }
            }
            arrayList.add(new com.sun.xacml.Obligation(makeUri, 0, arrayList2));
        }
        return arrayList;
    }

    private Target getTarget(Permission permission) {
        return new Target(makeSeparateTargetElements(new ArrayList(getTargetMatches(permission.getSubjects(), 0, 0).values())), makeSeparateTargetElements(new ArrayList(getTargetMatches(permission.getResources(), 1, this.m_resourceDesignator).values())), makeSeparateTargetElements(new ArrayList(getTargetMatches(permission.getActions(), 2, this.m_actionDesignator).values())));
    }

    private Target getTarget(PermissionSet permissionSet) {
        List<Permission> subPermissions = permissionSet.getSubPermissions();
        HashMap hashMap = new HashMap();
        HashMap hashMap2 = new HashMap();
        for (Permission permission : subPermissions) {
            hashMap.putAll(getTargetMatches(permission.getResources(), 1, this.m_resourceDesignator));
            hashMap2.putAll(getTargetMatches(permission.getActions(), 2, this.m_actionDesignator));
        }
        return new Target((List) null, makeSeparateTargetElements(new ArrayList(hashMap.values())), makeSeparateTargetElements(new ArrayList(hashMap2.values())));
    }

    private Map getTargetMatches(List list, int i, AttributeDesignator attributeDesignator) {
        HashMap hashMap = new HashMap();
        Iterator it = list.iterator();
        while (it.hasNext()) {
            TargetValue targetValue = (TargetValue) it.next();
            Iterator it2 = targetValue.getDomains().iterator();
            while (it2.hasNext()) {
                String str = ((String) it2.next()) + targetValue.getValue();
                hashMap.put(str, getTargetMatch(attributeDesignator, new StringAttribute(str), i));
            }
        }
        return hashMap;
    }

    private Map getTargetMatches(List list, int i, int i2) {
        HashMap hashMap = new HashMap();
        Iterator it = list.iterator();
        while (it.hasNext()) {
            TargetValue targetValue = (TargetValue) it.next();
            for (String str : targetValue.getDomains()) {
                try {
                    AttributeDesignator attributeDesignator = new AttributeDesignator(i2, m_stringType, new URI(str), true);
                    if (i2 == 0) {
                        attributeDesignator.setSubjectCategory(URI.create("urn:oasis:names:tc:xacml:1.0:subject-category:access-subject"));
                    }
                    hashMap.put(str + targetValue.getValue(), getTargetMatch(attributeDesignator, new StringAttribute(targetValue.getValue()), i));
                } catch (URISyntaxException e) {
                    throw new RuntimeException("Could not create AttributeDesignator for domain " + str, e);
                }
            }
        }
        return hashMap;
    }

    private TargetMatch getTargetMatch(AttributeDesignator attributeDesignator, AttributeValue attributeValue, int i) {
        return new TargetMatch(i, new URLEqualsWildcardFunction(null), attributeDesignator, attributeValue);
    }

    public List getPolicySets() {
        return this.m_policySets;
    }
}
