package org.wso2.carbon.identity.entitlement.pdp;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import javax.xml.parsers.ParserConfigurationException;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.balana.Balana;
import org.wso2.balana.PDP;
import org.wso2.balana.PDPConfig;
import org.wso2.balana.ParsingException;
import org.wso2.balana.ctx.AbstractRequestCtx;
import org.wso2.balana.ctx.RequestCtxFactory;
import org.wso2.balana.ctx.ResponseCtx;
import org.wso2.balana.finder.AttributeFinder;
import org.wso2.balana.finder.AttributeFinderModule;
import org.wso2.balana.finder.PolicyFinder;
import org.wso2.balana.finder.ResourceFinder;
import org.wso2.balana.finder.ResourceFinderModule;
import org.wso2.balana.finder.impl.CurrentEnvModule;
import org.wso2.balana.finder.impl.SelectorModule;
import org.wso2.carbon.context.CarbonContext;
import org.wso2.carbon.identity.core.util.IdentityUtil;
import org.wso2.carbon.identity.entitlement.EntitlementException;
import org.wso2.carbon.identity.entitlement.EntitlementUtil;
import org.wso2.carbon.identity.entitlement.PDPConstants;
import org.wso2.carbon.identity.entitlement.cache.DecisionCache;
import org.wso2.carbon.identity.entitlement.cache.EntitlementEngineCache;
import org.wso2.carbon.identity.entitlement.cache.PolicyCache;
import org.wso2.carbon.identity.entitlement.cache.SimpleDecisionCache;
import org.wso2.carbon.identity.entitlement.internal.EntitlementServiceComponent;
import org.wso2.carbon.identity.entitlement.pap.store.PAPPolicyFinder;
import org.wso2.carbon.identity.entitlement.pap.store.PAPPolicyStore;
import org.wso2.carbon.identity.entitlement.pap.store.PAPPolicyStoreReader;
import org.wso2.carbon.identity.entitlement.pip.CarbonAttributeFinder;
import org.wso2.carbon.identity.entitlement.pip.CarbonResourceFinder;
import org.wso2.carbon.identity.entitlement.pip.PIPExtension;
import org.wso2.carbon.identity.entitlement.policy.PolicyRequestBuilder;
import org.wso2.carbon.identity.entitlement.policy.finder.CarbonPolicyFinder;
import org.wso2.carbon.identity.entitlement.policy.search.PolicySearch;
import org.xml.sax.SAXException;

/* loaded from: input_file:org/wso2/carbon/identity/entitlement/pdp/EntitlementEngine.class */
public class EntitlementEngine {
    private PolicyFinder papPolicyFinder;
    private CarbonAttributeFinder carbonAttributeFinder;
    private CarbonResourceFinder carbonResourceFinder;
    private PolicyFinder carbonPolicyFinder;
    private PolicySearch policySearch;
    private PDP pdp;
    private PDP pdpTest;
    private Balana balana;
    private int tenantId;
    private boolean pdpDecisionCacheEnable;
    private List<AttributeFinderModule> attributeModules = new ArrayList();
    private List<ResourceFinderModule> resourceModules = new ArrayList();
    private static EntitlementEngine entitlementEngine;
    private DecisionCache decisionCache;
    private PolicyCache policyCache;
    private SimpleDecisionCache simpleDecisionCache;
    private static final Object lock = new Object();
    private static EntitlementEngineCache entitlementEngines = EntitlementEngineCache.getInstance();
    private static Log log = LogFactory.getLog(EntitlementEngine.class);

    public PolicyCache getPolicyCache() {
        return this.policyCache;
    }

    public void clearDecisionCache() {
        this.decisionCache.clear();
        this.simpleDecisionCache.clear();
    }

    public static EntitlementEngine getInstance() {
        int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId();
        if (tenantId == -1234) {
            if (entitlementEngine == null) {
                synchronized (lock) {
                    if (entitlementEngine == null) {
                        entitlementEngine = new EntitlementEngine(tenantId);
                    }
                }
            }
            return entitlementEngine;
        }
        if (!entitlementEngines.contains(tenantId)) {
            synchronized (lock) {
                if (!entitlementEngines.contains(tenantId)) {
                    entitlementEngines.put(tenantId, new EntitlementEngine(tenantId));
                }
            }
        }
        return entitlementEngines.get(tenantId);
    }

    private EntitlementEngine(int i) {
        String property;
        this.decisionCache = null;
        this.policyCache = null;
        this.simpleDecisionCache = null;
        boolean parseBoolean = Boolean.parseBoolean((String) EntitlementServiceComponent.getEntitlementConfig().getEngineProperties().get(PDPConstants.PDP_ENABLE));
        boolean parseBoolean2 = Boolean.parseBoolean((String) EntitlementServiceComponent.getEntitlementConfig().getEngineProperties().get(PDPConstants.PAP_ENABLE));
        boolean parseBoolean3 = Boolean.parseBoolean((String) EntitlementServiceComponent.getEntitlementConfig().getEngineProperties().get(PDPConstants.MULTIPLE_DECISION_PROFILE_ENABLE));
        if (!parseBoolean2 && !parseBoolean) {
            parseBoolean2 = true;
        }
        this.balana = Balana.getInstance();
        setUpAttributeFinders();
        setUpResourceFinders();
        setUPPolicyFinder();
        this.tenantId = i;
        Properties engineProperties = EntitlementServiceComponent.getEntitlementConfig().getEngineProperties();
        this.pdpDecisionCacheEnable = Boolean.parseBoolean(engineProperties.getProperty(PDPConstants.DECISION_CACHING));
        int i2 = -1;
        if (this.pdpDecisionCacheEnable && (property = engineProperties.getProperty("PDP.DecisionCaching.CachingInterval")) != null) {
            try {
                i2 = Integer.parseInt(property.trim());
            } catch (Exception e) {
            }
        }
        int i3 = -1;
        String property2 = engineProperties.getProperty(PDPConstants.POLICY_CACHING_INTERVAL);
        if (property2 != null) {
            try {
                i3 = Integer.parseInt(property2.trim());
            } catch (Exception e2) {
            }
        }
        this.decisionCache = new DecisionCache(i2);
        this.simpleDecisionCache = new SimpleDecisionCache(i2);
        this.policyCache = new PolicyCache(i3);
        this.policySearch = new PolicySearch(this.pdpDecisionCacheEnable, i2);
        if (parseBoolean2) {
            PolicyFinder policyFinder = new PolicyFinder();
            HashSet hashSet = new HashSet();
            hashSet.add(new PAPPolicyFinder(new PAPPolicyStoreReader(new PAPPolicyStore())));
            policyFinder.setModules(hashSet);
            this.papPolicyFinder = policyFinder;
            AttributeFinder attributeFinder = new AttributeFinder();
            attributeFinder.setModules(this.attributeModules);
            ResourceFinder resourceFinder = new ResourceFinder();
            resourceFinder.setModules(this.resourceModules);
            this.pdpTest = new PDP(new PDPConfig(attributeFinder, policyFinder, resourceFinder, true));
        }
        if (parseBoolean) {
            AttributeFinder attributeFinder2 = new AttributeFinder();
            attributeFinder2.setModules(this.attributeModules);
            ResourceFinder resourceFinder2 = new ResourceFinder();
            resourceFinder2.setModules(this.resourceModules);
            this.pdp = new PDP(new PDPConfig(attributeFinder2, this.carbonPolicyFinder, resourceFinder2, parseBoolean3));
        }
    }

    public String test(String str) {
        if (log.isDebugEnabled() && IdentityUtil.isTokenLoggable("XACML_Request")) {
            log.debug("XACML Request : " + str);
        }
        String evaluate = this.pdpTest.evaluate(str);
        if (log.isDebugEnabled() && IdentityUtil.isTokenLoggable("XACML_Response")) {
            log.debug("XACML Response : " + evaluate);
        }
        return evaluate;
    }

    public String evaluate(String str) throws EntitlementException, ParsingException {
        String evaluate;
        if (log.isDebugEnabled() && IdentityUtil.isTokenLoggable("XACML_Request")) {
            log.debug("XACML Request : " + str);
        }
        String str2 = (String) getFromCache(str, false);
        if (str2 != null) {
            if (log.isDebugEnabled() && IdentityUtil.isTokenLoggable("XACML_Response")) {
                log.debug("XACML Response : " + str2);
            }
            return str2;
        }
        Map<PIPExtension, Properties> extensions = EntitlementServiceComponent.getEntitlementConfig().getExtensions();
        if (extensions == null || extensions.isEmpty()) {
            evaluate = this.pdp.evaluate(str);
        } else {
            AbstractRequestCtx requestCtx = RequestCtxFactory.getFactory().getRequestCtx(new PolicyRequestBuilder().getXacmlRequest(str));
            Iterator<PIPExtension> it = extensions.keySet().iterator();
            while (it.hasNext()) {
                it.next().update(requestCtx);
            }
            evaluate = this.pdp.evaluate(requestCtx).encode();
        }
        addToCache(str, evaluate, false);
        if (log.isDebugEnabled() && IdentityUtil.isTokenLoggable("XACML_Response")) {
            log.debug("XACML Response : " + evaluate);
        }
        return evaluate;
    }

    public ResponseCtx evaluateReturnResponseCtx(String str) throws EntitlementException, ParsingException, ParserConfigurationException, SAXException, IOException {
        ResponseCtx evaluateReturnResponseCtx;
        if (log.isDebugEnabled() && IdentityUtil.isTokenLoggable("XACML_Request")) {
            log.debug("XACML Request : " + str);
        }
        String str2 = (String) getFromCache(str, false);
        if (str2 != null) {
            if (log.isDebugEnabled() && IdentityUtil.isTokenLoggable("XACML_Response")) {
                log.debug("XACML Response : " + str2);
            }
            return ResponseCtx.getInstance(IdentityUtil.getSecuredDocumentBuilderFactory().newDocumentBuilder().parse(new ByteArrayInputStream(str2.getBytes())).getDocumentElement());
        }
        Map<PIPExtension, Properties> extensions = EntitlementServiceComponent.getEntitlementConfig().getExtensions();
        if (extensions == null || extensions.isEmpty()) {
            evaluateReturnResponseCtx = this.pdp.evaluateReturnResponseCtx(str);
        } else {
            AbstractRequestCtx requestCtx = RequestCtxFactory.getFactory().getRequestCtx(new PolicyRequestBuilder().getXacmlRequest(str));
            Iterator<PIPExtension> it = extensions.keySet().iterator();
            while (it.hasNext()) {
                it.next().update(requestCtx);
            }
            evaluateReturnResponseCtx = this.pdp.evaluate(requestCtx);
        }
        String encode = evaluateReturnResponseCtx.encode();
        addToCache(str, encode, false);
        if (log.isDebugEnabled() && IdentityUtil.isTokenLoggable("XACML_Response")) {
            log.debug("XACML Response : " + encode);
        }
        return evaluateReturnResponseCtx;
    }

    public ResponseCtx evaluateByContext(AbstractRequestCtx abstractRequestCtx) {
        return this.pdp.evaluate(abstractRequestCtx);
    }

    public ResponseCtx evaluate(AbstractRequestCtx abstractRequestCtx, String str) {
        if (log.isDebugEnabled() && IdentityUtil.isTokenLoggable("XACML_Request")) {
            log.debug("XACML Request : " + str);
        }
        ResponseCtx responseCtx = (ResponseCtx) getFromCache(str, false);
        if (responseCtx != null) {
            if (log.isDebugEnabled() && IdentityUtil.isTokenLoggable("XACML_Response")) {
                log.debug("XACML Response : " + responseCtx);
            }
            return responseCtx;
        }
        ResponseCtx evaluate = this.pdp.evaluate(abstractRequestCtx);
        addToCache(str, evaluate, false);
        if (log.isDebugEnabled() && IdentityUtil.isTokenLoggable("XACML_Response")) {
            log.debug("XACML Response : " + evaluate);
        }
        return evaluate;
    }

    public String evaluate(String str, String str2, String str3, String[] strArr) throws Exception {
        String str4 = null;
        if (strArr != null && strArr.length > 0) {
            str4 = strArr[0];
        }
        String str5 = (str != null ? str : "") + (str2 != null ? str2 : "") + (str3 != null ? str3 : "") + (str4 != null ? str4 : "");
        String str6 = (String) getFromCache(str5, true);
        if (str6 != null) {
            if (log.isDebugEnabled() && IdentityUtil.isTokenLoggable("XACML_Request")) {
                log.debug("XACML Request : " + EntitlementUtil.createSimpleXACMLRequest(str, str2, str3, str4));
            }
            if (log.isDebugEnabled() && IdentityUtil.isTokenLoggable("XACML_Response")) {
                log.debug("XACML Response : " + str6);
            }
            return str6;
        }
        String createSimpleXACMLRequest = EntitlementUtil.createSimpleXACMLRequest(str, str2, str3, str4);
        if (log.isDebugEnabled() && IdentityUtil.isTokenLoggable("XACML_Request")) {
            log.debug("XACML Request : " + createSimpleXACMLRequest);
        }
        String evaluate = this.pdp.evaluate(createSimpleXACMLRequest);
        addToCache(str5, evaluate, true);
        if (log.isDebugEnabled() && IdentityUtil.isTokenLoggable("XACML_Response")) {
            log.debug("XACML Response : " + evaluate);
        }
        return evaluate;
    }

    public PolicyFinder getPapPolicyFinder() {
        return this.papPolicyFinder;
    }

    public CarbonAttributeFinder getCarbonAttributeFinder() {
        return this.carbonAttributeFinder;
    }

    public CarbonResourceFinder getCarbonResourceFinder() {
        return this.carbonResourceFinder;
    }

    public PolicyFinder getCarbonPolicyFinder() {
        return this.carbonPolicyFinder;
    }

    private Object getFromCache(String str, boolean z) {
        if (!this.pdpDecisionCacheEnable) {
            if (!log.isDebugEnabled()) {
                return null;
            }
            log.debug("PDP Decision Caching is disabled");
            return null;
        }
        String str2 = this.tenantId + "+" + str;
        if (!getInstance().getPolicyCache().isInvalidate()) {
            return z ? this.simpleDecisionCache.getFromCache(str2) : this.decisionCache.getFromCache(str2);
        }
        if (log.isDebugEnabled()) {
            log.debug("Policy Cache is invalidated. Clearing the decision cache.");
        }
        this.decisionCache.clear();
        this.simpleDecisionCache.clear();
        return null;
    }

    private void addToCache(String str, Object obj, boolean z) {
        if (!this.pdpDecisionCacheEnable) {
            if (log.isDebugEnabled()) {
                log.debug("PDP Decision Caching is disabled");
            }
        } else {
            String str2 = this.tenantId + "+" + str;
            if (z) {
                this.simpleDecisionCache.addToCache(str2, obj);
            } else {
                this.decisionCache.addToCache(str2, obj);
            }
        }
    }

    private void setUpAttributeFinders() {
        this.carbonAttributeFinder = new CarbonAttributeFinder(this.tenantId);
        this.carbonAttributeFinder.init();
        AttributeFinderModule currentEnvModule = new CurrentEnvModule();
        AttributeFinderModule selectorModule = new SelectorModule();
        this.attributeModules.add(this.carbonAttributeFinder);
        this.attributeModules.add(currentEnvModule);
        this.attributeModules.add(selectorModule);
        for (AttributeFinderModule attributeFinderModule : this.balana.getPdpConfig().getAttributeFinder().getModules()) {
            if (!(attributeFinderModule instanceof CurrentEnvModule) && !(attributeFinderModule instanceof SelectorModule)) {
                this.attributeModules.add(attributeFinderModule);
            }
        }
    }

    private void setUpResourceFinders() {
        this.carbonResourceFinder = new CarbonResourceFinder(this.tenantId);
        this.carbonResourceFinder.init();
        this.resourceModules.add(this.carbonResourceFinder);
        Iterator it = this.balana.getPdpConfig().getResourceFinder().getModules().iterator();
        while (it.hasNext()) {
            this.resourceModules.add((ResourceFinderModule) it.next());
        }
    }

    public PolicySearch getPolicySearch() {
        return this.policySearch;
    }

    private void setUPPolicyFinder() {
        this.carbonPolicyFinder = new PolicyFinder();
        HashSet hashSet = new HashSet();
        hashSet.add(new CarbonPolicyFinder());
        this.carbonPolicyFinder.setModules(hashSet);
        this.carbonPolicyFinder.init();
    }

    public void resetCacheInvalidateState() {
        if (this.policyCache != null) {
            this.policyCache.resetCacheInvalidateState();
        } else {
            log.error("Policy cache is null - Unable to reset cache invalidate state.");
        }
    }

    public void invalidatePolicyCache() {
        if (this.policyCache != null) {
            this.policyCache.invalidateCache();
        } else {
            log.error("Policy cache is null - Unable to invalidate cache.");
        }
    }
}
