package org.wso2.carbon.identity.entitlement.pip;

import java.net.URI;
import java.net.URISyntaxException;
import java.util.Objects;
import java.util.Properties;
import java.util.Set;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.balana.attr.AttributeValue;
import org.wso2.balana.attr.BagAttribute;
import org.wso2.balana.cond.EvaluationResult;
import org.wso2.balana.ctx.EvaluationCtx;
import org.wso2.carbon.CarbonConstants;
import org.wso2.carbon.context.CarbonContext;
import org.wso2.carbon.identity.entitlement.PDPConstants;
import org.wso2.carbon.identity.entitlement.cache.PIPAbstractAttributeCache;
import org.wso2.carbon.identity.entitlement.internal.EntitlementConfigHolder;
import org.wso2.carbon.identity.entitlement.internal.EntitlementServiceComponent;
import org.wso2.carbon.user.core.UserCoreConstants;

/* loaded from: input_file:org/wso2/carbon/identity/entitlement/pip/AbstractPIPAttributeFinder.class */
public abstract class AbstractPIPAttributeFinder implements PIPAttributeFinder {
    private static final Log log = LogFactory.getLog(AbstractPIPAttributeFinder.class);
    protected int tenantId;
    private PIPAbstractAttributeCache abstractAttributeFinderCache = null;
    private boolean isAbstractAttributeCachingEnabled = false;

    public abstract Set<String> getAttributeValues(String str, String str2, String str3, String str4, String str5, String str6) throws Exception;

    @Override // org.wso2.carbon.identity.entitlement.pip.PIPAttributeFinder
    public Set<String> getAttributeValues(URI uri, URI uri2, URI uri3, String str, EvaluationCtx evaluationCtx) throws Exception {
        Set<String> associatedRolesOfApplication;
        String str2 = null;
        String str3 = null;
        String str4 = null;
        String str5 = null;
        Set<String> set = null;
        this.tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId();
        EvaluationResult attribute = evaluationCtx.getAttribute(new URI(PDPConstants.STRING_DATA_TYPE), new URI(PDPConstants.SUBJECT_ID_DEFAULT), str, new URI("urn:oasis:names:tc:xacml:1.0:subject-category:access-subject"));
        if (attribute != null && attribute.getAttributeValue() != null && attribute.getAttributeValue().isBag()) {
            BagAttribute attributeValue = attribute.getAttributeValue();
            if (attributeValue.size() > 0) {
                str2 = ((AttributeValue) attributeValue.iterator().next()).encode();
                if (log.isDebugEnabled()) {
                    log.debug(String.format("Finding attributes for the subject %1$s", str2));
                }
            }
        }
        EvaluationResult attribute2 = evaluationCtx.getAttribute(new URI(PDPConstants.STRING_DATA_TYPE), new URI(PDPConstants.RESOURCE_ID_DEFAULT), str, new URI(PDPConstants.RESOURCE_CATEGORY_URI));
        if (attribute2 != null && attribute2.getAttributeValue() != null && attribute2.getAttributeValue().isBag()) {
            BagAttribute attributeValue2 = attribute2.getAttributeValue();
            if (attributeValue2.size() > 0) {
                str3 = ((AttributeValue) attributeValue2.iterator().next()).encode();
                if (log.isDebugEnabled()) {
                    log.debug(String.format("Finding attributes for the resource %1$s", str3));
                }
            }
        }
        EvaluationResult attribute3 = evaluationCtx.getAttribute(new URI(PDPConstants.STRING_DATA_TYPE), new URI(PDPConstants.ACTION_ID_DEFAULT), str, new URI(PDPConstants.ACTION_CATEGORY_URI));
        if (attribute3 != null && attribute3.getAttributeValue() != null && attribute3.getAttributeValue().isBag()) {
            BagAttribute attributeValue3 = attribute3.getAttributeValue();
            if (attributeValue3.size() > 0) {
                str4 = ((AttributeValue) attributeValue3.iterator().next()).encode();
                if (log.isDebugEnabled()) {
                    log.debug(String.format("Finding attributes for the action %1$s", str4));
                }
            }
        }
        EvaluationResult attribute4 = evaluationCtx.getAttribute(new URI(PDPConstants.STRING_DATA_TYPE), new URI(PDPConstants.ENVIRONMENT_ID_DEFAULT), str, new URI(PDPConstants.ENVIRONMENT_CATEGORY_URI));
        if (attribute4 != null && attribute4.getAttributeValue() != null && attribute4.getAttributeValue().isBag()) {
            BagAttribute attributeValue4 = attribute4.getAttributeValue();
            if (attributeValue4.size() > 0) {
                str5 = ((AttributeValue) attributeValue4.iterator().next()).encode();
                if (log.isDebugEnabled()) {
                    log.debug(String.format("Finding attributes for the environment %1$s", str5));
                }
            }
        }
        String str6 = null;
        if (this.isAbstractAttributeCachingEnabled) {
            str6 = (str2 != null ? str2 : "") + (str3 != null ? str3 : "") + (str5 != null ? str5 : "") + (uri2 != null ? uri2 : "") + (str != null ? str : "") + (str4 != null ? str4 : "");
            set = this.abstractAttributeFinderCache.getFromCache(this.tenantId, str6);
            if (log.isDebugEnabled()) {
                log.debug("Retrieving attributes from cache, tenantId: " + this.tenantId + ", key: " + str6);
            }
        }
        if (set == null) {
            if (log.isDebugEnabled()) {
                log.debug("Carbon Attribute Cache Miss");
            }
            set = getAttributeValues(str2, str3, str4, str5, uri2.toString(), str);
            if (PDPConstants.SUBJECT_ID_ROLE.equals(uri2.toString()) && !CarbonConstants.ENABLE_LEGACY_AUTHZ_RUNTIME.booleanValue()) {
                String serviceProviderName = getServiceProviderName(str, evaluationCtx);
                String serviceProviderTenantDomain = getServiceProviderTenantDomain(str, evaluationCtx);
                if (StringUtils.isNotBlank(serviceProviderName) && StringUtils.isNotBlank(serviceProviderTenantDomain) && (associatedRolesOfApplication = getAssociatedRolesOfApplication(serviceProviderName, serviceProviderTenantDomain)) != null && !associatedRolesOfApplication.isEmpty()) {
                    Stream<String> stream = set.stream();
                    Objects.requireNonNull(associatedRolesOfApplication);
                    set = (Set) stream.filter((v1) -> {
                        return r1.contains(v1);
                    }).collect(Collectors.toSet());
                }
            }
            if (this.isAbstractAttributeCachingEnabled && str6 != null && set != null && !set.isEmpty()) {
                this.abstractAttributeFinderCache.addToCache(this.tenantId, str6, set);
            }
        } else if (log.isDebugEnabled()) {
            log.debug("Carbon Attribute Cache Hit");
        }
        return set;
    }

    @Override // org.wso2.carbon.identity.entitlement.pip.PIPAttributeFinder
    public boolean overrideDefaultCache() {
        if (this.abstractAttributeFinderCache != null) {
            return true;
        }
        Properties engineProperties = EntitlementServiceComponent.getEntitlementConfig().getEngineProperties();
        if ("true".equals(engineProperties.getProperty(PDPConstants.ATTRIBUTE_CACHING))) {
            int i = -1;
            String property = engineProperties.getProperty(PDPConstants.ATTRIBUTE_CACHING_INTERVAL);
            if (property != null) {
                try {
                    i = Integer.parseInt(property.trim());
                } catch (Exception e) {
                }
            }
            this.abstractAttributeFinderCache = new PIPAbstractAttributeCache(i);
            this.isAbstractAttributeCachingEnabled = true;
        }
        return this.isAbstractAttributeCachingEnabled;
    }

    private Set<String> getAssociatedRolesOfApplication(String str, String str2) throws Exception {
        return (Set) EntitlementConfigHolder.getInstance().getApplicationManagementService().getAssociatedRolesOfApplication(EntitlementConfigHolder.getInstance().getApplicationManagementService().getApplicationBasicInfoByName(str, str2).getApplicationResourceId(), str2).stream().map((v0) -> {
            return v0.getName();
        }).map(this::appendInternalDomain).collect(Collectors.toSet());
    }

    private String getServiceProviderName(String str, EvaluationCtx evaluationCtx) throws URISyntaxException {
        String str2 = null;
        EvaluationResult attribute = evaluationCtx.getAttribute(new URI(PDPConstants.STRING_DATA_TYPE), new URI(PDPConstants.SERVICE_PROVIDER_NAME), str, new URI(PDPConstants.SERVICE_PROVIDER));
        if (attribute != null && attribute.getAttributeValue() != null && attribute.getAttributeValue().isBag()) {
            BagAttribute attributeValue = attribute.getAttributeValue();
            if (attributeValue.size() > 0) {
                str2 = ((AttributeValue) attributeValue.iterator().next()).encode();
            }
        }
        return str2;
    }

    private String getServiceProviderTenantDomain(String str, EvaluationCtx evaluationCtx) throws URISyntaxException {
        String str2 = null;
        EvaluationResult attribute = evaluationCtx.getAttribute(new URI(PDPConstants.STRING_DATA_TYPE), new URI(PDPConstants.SERVICE_PROVIDER_TENANT_DOMAIN), str, new URI(PDPConstants.SERVICE_PROVIDER));
        if (attribute != null && attribute.getAttributeValue() != null && attribute.getAttributeValue().isBag()) {
            BagAttribute attributeValue = attribute.getAttributeValue();
            if (attributeValue.size() > 0) {
                str2 = ((AttributeValue) attributeValue.iterator().next()).encode();
            }
        }
        return str2;
    }

    private String appendInternalDomain(String str) {
        return !str.contains(UserCoreConstants.DOMAIN_SEPARATOR) ? "Internal" + UserCoreConstants.DOMAIN_SEPARATOR + str : str;
    }

    @Override // org.wso2.carbon.identity.entitlement.pip.PIPAttributeFinder
    public void clearCache() {
        if (this.abstractAttributeFinderCache != null) {
            this.abstractAttributeFinderCache.clearCache();
        }
    }

    @Override // org.wso2.carbon.identity.entitlement.pip.PIPAttributeFinder
    public void clearCache(String[] strArr) {
    }
}
