package org.wso2.carbon.identity.entitlement;

import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.net.URI;
import java.net.URISyntaxException;
import java.text.DateFormat;
import java.text.ParseException;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.transform.dom.DOMResult;
import javax.xml.transform.dom.DOMSource;
import javax.xml.validation.Schema;
import org.apache.commons.io.FileUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.xerces.util.SecurityManager;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.wso2.balana.AbstractPolicy;
import org.wso2.balana.Balana;
import org.wso2.balana.ParsingException;
import org.wso2.balana.Policy;
import org.wso2.balana.PolicySet;
import org.wso2.balana.attr.AttributeValue;
import org.wso2.balana.attr.BooleanAttribute;
import org.wso2.balana.attr.DateAttribute;
import org.wso2.balana.attr.DateTimeAttribute;
import org.wso2.balana.attr.DoubleAttribute;
import org.wso2.balana.attr.HexBinaryAttribute;
import org.wso2.balana.attr.IntegerAttribute;
import org.wso2.balana.attr.StringAttribute;
import org.wso2.balana.attr.TimeAttribute;
import org.wso2.balana.combine.PolicyCombiningAlgorithm;
import org.wso2.balana.combine.xacml2.FirstApplicablePolicyAlg;
import org.wso2.balana.combine.xacml2.OnlyOneApplicablePolicyAlg;
import org.wso2.balana.combine.xacml3.DenyOverridesPolicyAlg;
import org.wso2.balana.combine.xacml3.DenyUnlessPermitPolicyAlg;
import org.wso2.balana.combine.xacml3.OrderedDenyOverridesPolicyAlg;
import org.wso2.balana.combine.xacml3.OrderedPermitOverridesPolicyAlg;
import org.wso2.balana.combine.xacml3.PermitOverridesPolicyAlg;
import org.wso2.balana.combine.xacml3.PermitUnlessDenyPolicyAlg;
import org.wso2.balana.ctx.AbstractRequestCtx;
import org.wso2.balana.ctx.Attribute;
import org.wso2.balana.ctx.xacml3.RequestCtx;
import org.wso2.balana.finder.PolicyFinder;
import org.wso2.balana.xacml3.Attributes;
import org.wso2.carbon.identity.entitlement.cache.EntitlementBaseCache;
import org.wso2.carbon.identity.entitlement.cache.IdentityCacheEntry;
import org.wso2.carbon.identity.entitlement.cache.IdentityCacheKey;
import org.wso2.carbon.identity.entitlement.dto.AttributeDTO;
import org.wso2.carbon.identity.entitlement.dto.PolicyDTO;
import org.wso2.carbon.identity.entitlement.dto.PolicyStoreDTO;
import org.wso2.carbon.identity.entitlement.internal.EntitlementExtensionBuilder;
import org.wso2.carbon.identity.entitlement.internal.EntitlementServiceComponent;
import org.wso2.carbon.identity.entitlement.pap.EntitlementAdminEngine;
import org.wso2.carbon.identity.entitlement.pap.store.PAPPolicyStore;
import org.wso2.carbon.identity.entitlement.pap.store.PAPPolicyStoreManager;
import org.wso2.carbon.identity.entitlement.pap.store.PAPPolicyStoreReader;
import org.wso2.carbon.identity.entitlement.policy.publisher.PolicyPublisher;
import org.wso2.carbon.identity.entitlement.util.CarbonEntityResolver;
import org.wso2.carbon.registry.core.Registry;
import org.wso2.carbon.registry.core.Resource;
import org.wso2.carbon.registry.core.exceptions.RegistryException;
import org.wso2.carbon.registry.core.session.UserRegistry;
import org.wso2.carbon.utils.CarbonUtils;
import org.xml.sax.SAXException;

/* loaded from: input_file:org/wso2/carbon/identity/entitlement/EntitlementUtil.class */
public class EntitlementUtil {
    private static Log log = LogFactory.getLog(EntitlementUtil.class);
    private static final String SECURITY_MANAGER_PROPERTY = "http://apache.org/xml/properties/security-manager";
    private static final int ENTITY_EXPANSION_LIMIT = 0;

    public static EntitlementBaseCache<IdentityCacheKey, IdentityCacheEntry> getCommonCache(String str) {
        return new EntitlementBaseCache<>(str);
    }

    public static AttributeValue getAttributeValue(final String str, String str2) throws EntitlementException {
        try {
            return PDPConstants.STRING_DATA_TYPE.equals(str2) ? new StringAttribute(str) : "http://www.w3.org/2001/XMLSchema#integer".equals(str2) ? new IntegerAttribute(Long.parseLong(str)) : "http://www.w3.org/2001/XMLSchema#boolean".equals(str2) ? BooleanAttribute.getInstance(str) : "http://www.w3.org/2001/XMLSchema#double".equals(str2) ? new DoubleAttribute(Double.parseDouble(str)) : "http://www.w3.org/2001/XMLSchema#date".equals(str2) ? new DateAttribute(DateFormat.getDateInstance().parse(str)) : "http://www.w3.org/2001/XMLSchema#dateTime".equals(str2) ? new DateTimeAttribute(DateFormat.getDateInstance().parse(str)) : "http://www.w3.org/2001/XMLSchema#time".equals(str2) ? TimeAttribute.getInstance(str) : "http://www.w3.org/2001/XMLSchema#hexBinary".equals(str2) ? new HexBinaryAttribute(str.getBytes()) : new AttributeValue(new URI(str2)) { // from class: org.wso2.carbon.identity.entitlement.EntitlementUtil.1
                public String encode() {
                    return str;
                }
            };
        } catch (URISyntaxException e) {
            throw new EntitlementException("Error while creating AttributeValue object for given string value and data type");
        } catch (ParsingException e2) {
            throw new EntitlementException("Error while creating AttributeValue object for given string value and data type");
        } catch (ParseException e3) {
            throw new EntitlementException("Error while creating AttributeValue object for given string value and data type");
        }
    }

    public static AbstractRequestCtx createRequestContext(List<AttributeDTO> list) {
        HashSet hashSet = new HashSet();
        Iterator<AttributeDTO> it = list.iterator();
        while (it.hasNext()) {
            Attributes attributes = getAttributes(it.next());
            if (attributes != null) {
                hashSet.add(attributes);
            }
        }
        return new RequestCtx(hashSet, (Node) null);
    }

    public static boolean validatePolicy(PolicyDTO policyDTO) {
        try {
            if (!"true".equalsIgnoreCase((String) EntitlementServiceComponent.getEntitlementConfig().getEngineProperties().get(EntitlementExtensionBuilder.PDP_SCHEMA_VALIDATION)) || policyDTO.getPolicy() == null || policyDTO.getPolicy().trim().length() < 1) {
                return true;
            }
            Schema schema = EntitlementServiceComponent.getEntitlementConfig().getPolicySchemaMap().get(getPolicyVersion(policyDTO.getPolicy()));
            if (schema == null) {
                log.error("Invalid Namespace in policy");
                return false;
            }
            schema.newValidator().validate(new DOMSource(getSecuredDocumentBuilder(false).parse(new ByteArrayInputStream(policyDTO.getPolicy().getBytes()))), new DOMResult());
            if (!log.isDebugEnabled()) {
                return true;
            }
            log.debug("XACML Policy validation succeeded with the Schema");
            return true;
        } catch (IOException e) {
            return false;
        } catch (ParserConfigurationException e2) {
            return false;
        } catch (SAXException e3) {
            log.error("XACML policy is not valid according to the schema :" + e3.getMessage());
            return false;
        }
    }

    public static String getPolicyVersion(String str) {
        try {
            return getSecuredDocumentBuilder(false).parse(new ByteArrayInputStream(str.getBytes())).getDocumentElement().getNamespaceURI();
        } catch (Exception e) {
            log.debug(e);
            log.warn("Policy version can not be identified. Default XACML 3.0 version is used");
            return PDPConstants.XACML_3_POLICY_XMLNS;
        }
    }

    public static Attributes getAttributes(AttributeDTO attributeDTO) {
        try {
            Attribute attribute = new Attribute(new URI(attributeDTO.getAttributeId()), (String) null, (DateTimeAttribute) null, Balana.getInstance().getAttributeFactory().createValue(new URI(attributeDTO.getAttributeDataType()), attributeDTO.getAttributeValue()), 3);
            HashSet hashSet = new HashSet();
            hashSet.add(attribute);
            String category = attributeDTO.getCategory();
            if ("Subject".equals(category)) {
                category = "urn:oasis:names:tc:xacml:1.0:subject-category:access-subject";
            } else if ("Resource".equals(category)) {
                category = PDPConstants.RESOURCE_CATEGORY_URI;
            } else if ("Action".equals(category)) {
                category = PDPConstants.ACTION_CATEGORY_URI;
            } else if ("Environment".equals(category)) {
                category = PDPConstants.ENVIRONMENT_CATEGORY_URI;
            }
            return new Attributes(new URI(category), hashSet);
        } catch (Exception e) {
            log.debug(e);
            return null;
        }
    }

    public static PolicyCombiningAlgorithm getPolicyCombiningAlgorithm(String str) throws EntitlementException {
        if ("urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:first-applicable".equals(str)) {
            return new FirstApplicablePolicyAlg();
        }
        if ("urn:oasis:names:tc:xacml:3.0:policy-combining-algorithm:deny-overrides".equals(str)) {
            return new DenyOverridesPolicyAlg();
        }
        if ("urn:oasis:names:tc:xacml:3.0:policy-combining-algorithm:permit-overrides".equals(str)) {
            return new PermitOverridesPolicyAlg();
        }
        if ("urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:only-one-applicable".equals(str)) {
            return new OnlyOneApplicablePolicyAlg();
        }
        if ("urn:oasis:names:tc:xacml:3.0:policy-combining-algorithm:ordered-deny-overrides".equals(str)) {
            return new OrderedDenyOverridesPolicyAlg();
        }
        if ("urn:oasis:names:tc:xacml:3.0:policy-combining-algorithm:ordered-permit-overrides".equals(str)) {
            return new OrderedPermitOverridesPolicyAlg();
        }
        if ("urn:oasis:names:tc:xacml:3.0:policy-combining-algorithm:deny-unless-permit".equals(str)) {
            return new DenyUnlessPermitPolicyAlg();
        }
        if ("urn:oasis:names:tc:xacml:3.0:policy-combining-algorithm:permit-unless-deny".equals(str)) {
            return new PermitUnlessDenyPolicyAlg();
        }
        throw new EntitlementException("Unsupported policy algorithm " + str);
    }

    public static String createSimpleXACMLRequest(String str, String str2, String str3, String str4) {
        return "<Request xmlns=\"urn:oasis:names:tc:xacml:3.0:core:schema:wd-17\" CombinedDecision=\"false\" ReturnPolicyIdList=\"false\">\n<Attributes Category=\"urn:oasis:names:tc:xacml:3.0:attribute-category:action\">\n<Attribute AttributeId=\"urn:oasis:names:tc:xacml:1.0:action:action-id\" IncludeInResult=\"false\">\n<AttributeValue DataType=\"http://www.w3.org/2001/XMLSchema#string\">" + str3 + "</AttributeValue>\n</Attribute>\n</Attributes>\n<Attributes Category=\"urn:oasis:names:tc:xacml:1.0:subject-category:access-subject\">\n<Attribute AttributeId=\"urn:oasis:names:tc:xacml:1.0:subject:subject-id\" IncludeInResult=\"false\">\n<AttributeValue DataType=\"http://www.w3.org/2001/XMLSchema#string\">" + str + "</AttributeValue>\n</Attribute>\n</Attributes>\n<Attributes Category=\"urn:oasis:names:tc:xacml:3.0:attribute-category:environment\">\n<Attribute AttributeId=\"urn:oasis:names:tc:xacml:1.0:environment:environment-id\" IncludeInResult=\"false\">\n<AttributeValue DataType=\"http://www.w3.org/2001/XMLSchema#string\">" + str4 + "</AttributeValue>\n</Attribute>\n</Attributes>\n<Attributes Category=\"urn:oasis:names:tc:xacml:3.0:attribute-category:resource\">\n<Attribute AttributeId=\"urn:oasis:names:tc:xacml:1.0:resource:resource-id\" IncludeInResult=\"false\">\n<AttributeValue DataType=\"http://www.w3.org/2001/XMLSchema#string\">" + str2 + "</AttributeValue>\n</Attribute>\n</Attributes>\n</Request> ";
    }

    public static void addSamplePolicies(Registry registry) {
        File file = new File(CarbonUtils.getCarbonHome() + File.separator + "repository" + File.separator + "resources" + File.separator + "identity" + File.separator + "policies" + File.separator + "xacml" + File.separator + "default");
        if (file.exists()) {
            for (File file2 : file.listFiles()) {
                if (file2.isFile()) {
                    PolicyDTO policyDTO = new PolicyDTO();
                    try {
                        policyDTO.setPolicy(FileUtils.readFileToString(file2));
                        addFilesystemPolicy(policyDTO, registry, false);
                    } catch (Exception e) {
                        log.error("Error while adding sample XACML policies", e);
                    }
                }
            }
        }
    }

    public static boolean isPolicyExists(String str, Registry registry) throws EntitlementException {
        return new PAPPolicyStoreReader(new PAPPolicyStore(registry)).isExistPolicy(str);
    }

    public static boolean addFilesystemPolicy(PolicyDTO policyDTO, Registry registry, boolean z) throws EntitlementException {
        if (policyDTO.getPolicy() != null) {
            policyDTO.setPolicy(policyDTO.getPolicy().replaceAll(">\\s+<", "><"));
        }
        AbstractPolicy policy = getPolicy(policyDTO.getPolicy());
        if (policy == null) {
            throw new EntitlementException("Invalid Entitlement Policy");
        }
        PAPPolicyStore pAPPolicyStore = new PAPPolicyStore(registry);
        PAPPolicyStoreManager pAPPolicyStoreManager = new PAPPolicyStoreManager();
        policyDTO.setPolicyId(policy.getId().toASCIIString());
        policyDTO.setActive(true);
        if (isPolicyExists(policyDTO.getPolicyId(), registry)) {
            throw new EntitlementException("An Entitlement Policy with the given ID already exists");
        }
        policyDTO.setPromote(z);
        try {
            policyDTO.setVersion(EntitlementAdminEngine.getInstance().getVersionManager().createVersion(policyDTO));
        } catch (EntitlementException e) {
            log.error("Policy versioning is not supported", e);
        }
        pAPPolicyStoreManager.addOrUpdatePolicy(policyDTO);
        PolicyDTO readPolicyDTO = new PAPPolicyStoreReader(pAPPolicyStore).readPolicyDTO(policyDTO.getPolicyId());
        PolicyStoreDTO policyStoreDTO = new PolicyStoreDTO();
        policyStoreDTO.setPolicyId(readPolicyDTO.getPolicyId());
        policyStoreDTO.setPolicy(readPolicyDTO.getPolicy());
        policyStoreDTO.setPolicyOrder(readPolicyDTO.getPolicyOrder());
        policyStoreDTO.setAttributeDTOs(readPolicyDTO.getAttributeDTOs());
        policyStoreDTO.setActive(readPolicyDTO.isActive());
        policyStoreDTO.setSetActive(readPolicyDTO.isActive());
        if (z) {
            addPolicyToPDP(policyStoreDTO);
        }
        pAPPolicyStoreManager.addOrUpdatePolicy(readPolicyDTO);
        return true;
    }

    public static AbstractPolicy getPolicy(String str) {
        InputStream inputStream = null;
        try {
            try {
                DocumentBuilder securedDocumentBuilder = getSecuredDocumentBuilder(true);
                ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(str.getBytes("UTF-8"));
                Element documentElement = securedDocumentBuilder.parse(byteArrayInputStream).getDocumentElement();
                String tagName = documentElement.getTagName();
                if (tagName.equals(PDPConstants.POLICY_ELEMENT)) {
                    Policy policy = Policy.getInstance(documentElement);
                    if (byteArrayInputStream != null) {
                        try {
                            byteArrayInputStream.close();
                        } catch (IOException e) {
                            log.error("Error while closing input stream");
                        }
                    }
                    return policy;
                }
                if (!tagName.equals("PolicySet")) {
                    throw new ParsingException("Unknown root document type: " + tagName);
                }
                PolicySet policySet = PolicySet.getInstance(documentElement, (PolicyFinder) null);
                if (byteArrayInputStream != null) {
                    try {
                        byteArrayInputStream.close();
                    } catch (IOException e2) {
                        log.error("Error while closing input stream");
                    }
                }
                return policySet;
            } catch (Exception e3) {
                throw new IllegalArgumentException("Error while parsing start up policy", e3);
            }
        } catch (Throwable th) {
            if (0 != 0) {
                try {
                    inputStream.close();
                } catch (IOException e4) {
                    log.error("Error while closing input stream");
                }
            }
            throw th;
        }
    }

    public static PolicyDTO getPolicy(String str, Registry registry) throws EntitlementException {
        return new PAPPolicyStoreReader(new PAPPolicyStore(registry)).readPolicyDTO(str);
    }

    public static void addPolicyToPDP(PolicyStoreDTO policyStoreDTO) throws EntitlementException {
        String property = EntitlementServiceComponent.getEntitlementConfig().getPolicyStore().entrySet().iterator().next().getValue().getProperty("policyStorePath");
        if (property == null) {
            property = "/repository/identity/entitlement/policy/pdp/";
        }
        if (policyStoreDTO == null || policyStoreDTO.getPolicy() == null || policyStoreDTO.getPolicy().trim().length() == 0 || policyStoreDTO.getPolicyId() == null || policyStoreDTO.getPolicyId().trim().length() == 0) {
            return;
        }
        try {
            UserRegistry governanceSystemRegistry = EntitlementServiceComponent.getRegistryService().getGovernanceSystemRegistry();
            governanceSystemRegistry.put(property, governanceSystemRegistry.resourceExists(property) ? governanceSystemRegistry.get(property) : governanceSystemRegistry.newCollection());
            String str = property + policyStoreDTO.getPolicyId();
            Resource newResource = governanceSystemRegistry.resourceExists(str) ? governanceSystemRegistry.get(str) : governanceSystemRegistry.newResource();
            newResource.setProperty(PDPConstants.POLICY_ORDER, Integer.toString(policyStoreDTO.getPolicyOrder()));
            newResource.setContent(policyStoreDTO.getPolicy());
            newResource.setMediaType(PDPConstants.REGISTRY_MEDIA_TYPE);
            newResource.setProperty("active", String.valueOf(policyStoreDTO.isActive()));
            AttributeDTO[] attributeDTOs = policyStoreDTO.getAttributeDTOs();
            if (attributeDTOs != null) {
                setAttributesAsProperties(attributeDTOs, newResource);
            }
            governanceSystemRegistry.put(str, newResource);
            if (EntitlementAdminEngine.getInstance().getPapPolicyStoreManager().isExistPolicy(policyStoreDTO.getPolicyId())) {
                PolicyPublisher policyPublisher = EntitlementAdminEngine.getInstance().getPolicyPublisher();
                String[] strArr = {"PDP Subscriber"};
                if (policyStoreDTO.isActive()) {
                    policyPublisher.publishPolicy(new String[]{policyStoreDTO.getPolicyId()}, null, "ENABLE", false, 0, strArr, null);
                } else {
                    policyPublisher.publishPolicy(new String[]{policyStoreDTO.getPolicyId()}, null, "DISABLE", false, 0, strArr, null);
                }
            }
        } catch (RegistryException e) {
            log.error(e);
            throw new EntitlementException("Error while adding policy to PDP", e);
        }
    }

    public static void setAttributesAsProperties(AttributeDTO[] attributeDTOArr, Resource resource) {
        int i = 0;
        if (attributeDTOArr != null) {
            for (AttributeDTO attributeDTO : attributeDTOArr) {
                resource.setProperty(PDPConstants.POLICY_META_DATA + i, attributeDTO.getCategory() + PDPConstants.ATTRIBUTE_SEPARATOR + attributeDTO.getAttributeValue() + PDPConstants.ATTRIBUTE_SEPARATOR + attributeDTO.getAttributeId() + PDPConstants.ATTRIBUTE_SEPARATOR + attributeDTO.getAttributeDataType());
                i++;
            }
        }
    }

    private static DocumentBuilder getSecuredDocumentBuilder(boolean z) throws ParserConfigurationException {
        DocumentBuilderFactory newInstance = DocumentBuilderFactory.newInstance();
        newInstance.setIgnoringComments(z);
        newInstance.setNamespaceAware(true);
        newInstance.setExpandEntityReferences(false);
        newInstance.setFeature("http://javax.xml.XMLConstants/feature/secure-processing", true);
        SecurityManager securityManager = new SecurityManager();
        securityManager.setEntityExpansionLimit(0);
        newInstance.setAttribute(SECURITY_MANAGER_PROPERTY, securityManager);
        DocumentBuilder newDocumentBuilder = newInstance.newDocumentBuilder();
        newDocumentBuilder.setEntityResolver(new CarbonEntityResolver());
        return newDocumentBuilder;
    }
}
