package com.dtolabs.rundeck.core.authorization.providers;

import com.dtolabs.rundeck.core.authentication.Group;
import com.dtolabs.rundeck.core.authentication.LdapGroup;
import com.dtolabs.rundeck.core.authentication.Username;
import com.dtolabs.rundeck.core.authorization.Attribute;
import java.io.File;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import javax.naming.InvalidNameException;
import javax.naming.ldap.LdapName;
import javax.security.auth.Subject;
import javax.xml.namespace.NamespaceContext;
import javax.xml.xpath.XPath;
import javax.xml.xpath.XPathConstants;
import javax.xml.xpath.XPathExpression;
import javax.xml.xpath.XPathExpressionException;
import javax.xml.xpath.XPathFactory;
import org.w3c.dom.Document;
import org.w3c.dom.NamedNodeMap;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;

/* loaded from: input_file:com/dtolabs/rundeck/core/authorization/providers/PoliciesDocument.class */
public class PoliciesDocument implements PolicyCollection {
    static final String NS_AD = "http://dtolabs.com/rundeck/activedirectory";
    static final String NS_LDAP = "http://dtolabs.com/rundeck/ldap";
    private Document document;
    private File file;
    private ArrayList<String> groupNames;
    private ArrayList<Policy> policies;
    private long count = Long.MIN_VALUE;
    private static final XPath xpath = XPathFactory.newInstance().newXPath();
    public static final XPathExpression countXpath;
    public static final XPathExpression allPolicies;
    public static final XPathExpression policyByUserName;
    public static final XPathExpression policyByGroup;
    public static final XPathExpression allGroups;
    private static final Map<String, XPathExpression> commandFilterCache;

    /* loaded from: input_file:com/dtolabs/rundeck/core/authorization/providers/PoliciesDocument$Context.class */
    public static class Context implements AclContext {
        private final Node policy;

        public Context(Node node) {
            this.policy = node;
        }

        /* JADX WARN: Code restructure failed: missing block: B:79:0x0250, code lost:
        
            r0.add(new com.dtolabs.rundeck.core.authorization.providers.ContextEvaluation(com.dtolabs.rundeck.core.authorization.Explanation.Code.REJECTED_NO_RESOURCE_PROPERTY_PROVIDED, generateJobName(r8.policy, r0)));
            r20 = false;
         */
        @Override // com.dtolabs.rundeck.core.authorization.providers.AclContext
        /*
            Code decompiled incorrectly, please refer to instructions dump.
            To view partially-correct add '--show-bad-code' argument
        */
        public com.dtolabs.rundeck.core.authorization.providers.ContextDecision includes(java.util.Map<java.lang.String, java.lang.String> r9, java.lang.String r10) {
            /*
                Method dump skipped, instructions count: 782
                To view this dump add '--comments-level debug' option
            */
            throw new UnsupportedOperationException("Method not decompiled: com.dtolabs.rundeck.core.authorization.providers.PoliciesDocument.Context.includes(java.util.Map, java.lang.String):com.dtolabs.rundeck.core.authorization.providers.ContextDecision");
        }

        private String generatePolicyName(Node node) {
            StringBuilder sb = new StringBuilder();
            buildNodeString(node, sb);
            return sb.toString();
        }

        private String generateJobName(Node node, Node node2) {
            StringBuilder sb = new StringBuilder();
            ArrayList arrayList = new ArrayList();
            for (Node parentNode = node2.getParentNode(); !"policies".equals(parentNode.getNodeName()); parentNode = parentNode.getParentNode()) {
                arrayList.add(parentNode);
            }
            Collections.reverse(arrayList);
            Iterator it = arrayList.iterator();
            while (it.hasNext()) {
                buildNodeString((Node) it.next(), sb);
                sb.append(" / ");
            }
            buildNodeString(node2, sb);
            return sb.toString();
        }

        private void buildNodeString(Node node, StringBuilder sb) {
            sb.append(node.getNodeName());
            sb.append('[');
            NamedNodeMap attributes = node.getAttributes();
            for (int i = 0; i < attributes.getLength(); i++) {
                Node item = attributes.item(i);
                sb.append(item.getNodeName());
                sb.append(':');
                sb.append(item.getNodeValue());
                if (i + 1 < attributes.getLength()) {
                    sb.append(' ');
                }
            }
            sb.append("] ");
        }

        public String toString() {
            return "Context: " + generatePolicyName(this.policy);
        }
    }

    public PoliciesDocument(Document document, File file) {
        this.document = document;
        this.file = file;
    }

    @Override // com.dtolabs.rundeck.core.authorization.providers.PolicyCollection
    public Collection<String> groupNames() throws InvalidCollection {
        if (null != this.groupNames) {
            return this.groupNames;
        }
        this.groupNames = new ArrayList<>();
        try {
            NodeList nodeList = (NodeList) allGroups.evaluate(this.document, XPathConstants.NODESET);
            for (int i = 0; i < nodeList.getLength(); i++) {
                String nodeValue = nodeList.item(i).getNodeValue();
                if (nodeValue != null && nodeValue.length() > 0) {
                    this.groupNames.add(nodeValue);
                }
            }
            return this.groupNames;
        } catch (XPathExpressionException e) {
            throw new InvalidCollection(e);
        }
    }

    @Override // com.dtolabs.rundeck.core.authorization.providers.PolicyCollection
    public long countPolicies() throws InvalidCollection {
        if (this.count != Long.MIN_VALUE) {
            return this.count;
        }
        try {
            this.count = ((Double) countXpath.evaluate(this.document, XPathConstants.NUMBER)).longValue();
            return this.count;
        } catch (XPathExpressionException e) {
            throw new InvalidCollection(e);
        }
    }

    private Collection<Policy> listPolicies() throws XPathExpressionException {
        if (null != this.policies) {
            return this.policies;
        }
        this.policies = new ArrayList<>();
        NodeList nodeList = (NodeList) allPolicies.evaluate(this.document, XPathConstants.NODESET);
        for (int i = 0; i < nodeList.getLength(); i++) {
            this.policies.add(new PolicyNode(nodeList.item(i)));
        }
        return this.policies;
    }

    @Override // com.dtolabs.rundeck.core.authorization.providers.PolicyCollection
    public Collection<AclContext> matchedContexts(Subject subject, Set<Attribute> set) throws InvalidCollection {
        try {
            return policyMatcher(subject, listPolicies());
        } catch (Exception e) {
            throw new InvalidCollection(e);
        }
    }

    static Collection<AclContext> policyMatcher(Subject subject, Collection<? extends Policy> collection) throws InvalidCollection {
        ArrayList arrayList = new ArrayList();
        int i = 0;
        for (Policy policy : collection) {
            System.currentTimeMillis();
            Set principals = subject.getPrincipals(Username.class);
            if (principals.size() > 0) {
                Set<String> usernames = policy.getUsernames();
                HashSet hashSet = new HashSet();
                Iterator it = principals.iterator();
                while (it.hasNext()) {
                    hashSet.add(((Username) it.next()).getName());
                }
                if (!Collections.disjoint(usernames, hashSet)) {
                    arrayList.add(policy.getContext());
                }
            }
            Set<Group> principals2 = subject.getPrincipals(Group.class);
            if (principals2.size() > 0) {
                long currentTimeMillis = System.currentTimeMillis();
                Set<Object> groups = policy.getGroups();
                HashSet hashSet2 = new HashSet();
                for (Group group : principals2) {
                    if (group instanceof LdapGroup) {
                        try {
                            hashSet2.add(new LdapName(group.getName()));
                        } catch (InvalidNameException e) {
                            e.printStackTrace();
                        }
                    } else {
                        hashSet2.add(group.getName());
                    }
                }
                long currentTimeMillis2 = System.currentTimeMillis() - currentTimeMillis;
                if (!Collections.disjoint(groups, hashSet2)) {
                    arrayList.add(policy.getContext());
                }
            }
            i++;
        }
        return arrayList;
    }

    public String toString() {
        return "PoliciesDocument{file=" + this.file + '}';
    }

    static {
        xpath.setNamespaceContext(new NamespaceContext() { // from class: com.dtolabs.rundeck.core.authorization.providers.PoliciesDocument.1
            @Override // javax.xml.namespace.NamespaceContext
            public Iterator getPrefixes(String str) {
                return null;
            }

            @Override // javax.xml.namespace.NamespaceContext
            public String getPrefix(String str) {
                return null;
            }

            @Override // javax.xml.namespace.NamespaceContext
            public String getNamespaceURI(String str) {
                return str.equals("ldap") ? PoliciesDocument.NS_LDAP : str.equals("ActiveDirectory") ? PoliciesDocument.NS_AD : "";
            }
        });
        try {
            countXpath = xpath.compile("count(//policy)");
            allPolicies = xpath.compile("//policy");
            policyByUserName = xpath.compile("by/user/@username");
            policyByGroup = xpath.compile("by/group/@name | by/group/@ldap:name");
            allGroups = xpath.compile("//by/group/@name | //by/group/@ldap:name");
            commandFilterCache = new HashMap();
        } catch (XPathExpressionException e) {
            throw new IllegalArgumentException(e);
        }
    }
}
