package org.wso2.carbon.identity.provisioning.rules;

import java.io.IOException;
import java.io.StringReader;
import java.util.ArrayList;
import java.util.Map;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.xpath.XPathConstants;
import javax.xml.xpath.XPathExpressionException;
import javax.xml.xpath.XPathFactory;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.balana.utils.exception.PolicyBuilderException;
import org.wso2.balana.utils.policy.PolicyBuilder;
import org.wso2.carbon.identity.core.util.IdentityUtil;
import org.wso2.carbon.identity.entitlement.EntitlementException;
import org.wso2.carbon.identity.entitlement.EntitlementService;
import org.wso2.carbon.identity.entitlement.ui.dto.RequestDTO;
import org.wso2.carbon.identity.entitlement.ui.dto.RowDTO;
import org.wso2.carbon.identity.entitlement.ui.util.PolicyCreatorUtil;
import org.wso2.carbon.identity.provisioning.IdentityProvisioningException;
import org.wso2.carbon.identity.provisioning.ProvisioningEntity;
import org.wso2.carbon.identity.provisioning.internal.ProvisioningServiceDataHolder;
import org.xml.sax.InputSource;
import org.xml.sax.SAXException;

/* loaded from: input_file:org/wso2/carbon/identity/provisioning/rules/XACMLBasedRuleHandler.class */
public class XACMLBasedRuleHandler {
    private static final Log log = LogFactory.getLog(XACMLBasedRuleHandler.class);
    private static volatile XACMLBasedRuleHandler instance;

    public static XACMLBasedRuleHandler getInstance() {
        if (instance == null) {
            synchronized (XACMLBasedRuleHandler.class) {
                if (instance == null) {
                    instance = new XACMLBasedRuleHandler();
                }
            }
        }
        return instance;
    }

    public boolean isAuthorized(String str, ProvisioningEntity provisioningEntity, String str2, String str3) {
        if (log.isDebugEnabled()) {
            log.debug("In policy provisioning flow...");
        }
        try {
            String buildRequest = PolicyBuilder.getInstance().buildRequest(PolicyCreatorUtil.createRequestElementDTO(createRequestDTO(str, provisioningEntity, str2, str3)));
            if (log.isDebugEnabled()) {
                log.debug("XACML request :\n" + buildRequest);
            }
            try {
                new EntitlementService().getDecisionByAttributes("support", "federal", "support", new String[]{"test"});
            } catch (EntitlementException e) {
                e.printStackTrace();
            }
            String decision = ProvisioningServiceDataHolder.getInstance().getEntitlementService().getDecision(buildRequest);
            if (log.isDebugEnabled()) {
                log.debug("XACML response :\n" + decision);
            }
            return Boolean.valueOf(evaluateXACMLResponse(decision)).booleanValue();
        } catch (IdentityProvisioningException e2) {
            log.error("Error when evaluating the XACML response", e2);
            return false;
        } catch (PolicyBuilderException e3) {
            log.error("Policy Builder Exception occurred", e3);
            return false;
        } catch (EntitlementException e4) {
            log.error("Entitlement Exception occurred", e4);
            return false;
        }
    }

    private RequestDTO createRequestDTO(String str, ProvisioningEntity provisioningEntity, String str2, String str3) {
        ArrayList arrayList = new ArrayList();
        RowDTO createRowDTO = createRowDTO(str, "urn:oasis:names:tc:xacml:1.0:resource:tenantDomain", "userInfo");
        RowDTO createRowDTO2 = createRowDTO(provisioningEntity.getEntityName(), "urn:oasis:names:tc:xacml:1.0:resource:user", "userInfo");
        RowDTO createRowDTO3 = createRowDTO(str2, "urn:oasis:names:tc:xacml:1.0:resource:idpName", "idp");
        RowDTO createRowDTO4 = createRowDTO(str3, "urn:oasis:names:tc:xacml:1.0:resource:connectorType", "idp");
        for (Map.Entry<String, String> entry : provisioningEntity.getInboundAttributes().entrySet()) {
            arrayList.add(createRowDTO(entry.getValue(), "urn:oasis:names:tc:xacml:1.0:resource:" + entry.getKey(), "claims"));
        }
        arrayList.add(createRowDTO);
        arrayList.add(createRowDTO2);
        arrayList.add(createRowDTO3);
        arrayList.add(createRowDTO4);
        RequestDTO requestDTO = new RequestDTO();
        requestDTO.setRowDTOs(arrayList);
        return requestDTO;
    }

    private RowDTO createRowDTO(String str, String str2, String str3) {
        RowDTO rowDTO = new RowDTO();
        rowDTO.setAttributeValue(str);
        rowDTO.setAttributeDataType("http://www.w3.org/2001/XMLSchema#string");
        rowDTO.setAttributeId(str2);
        rowDTO.setCategory("urn:oasis:names:tc:xacml:3.0:attribute-category:".concat(str3));
        return rowDTO;
    }

    private boolean evaluateXACMLResponse(String str) throws IdentityProvisioningException {
        try {
            DocumentBuilder newDocumentBuilder = IdentityUtil.getSecuredDocumentBuilderFactory().newDocumentBuilder();
            InputSource inputSource = new InputSource();
            inputSource.setCharacterStream(new StringReader(str));
            String str2 = (String) XPathFactory.newInstance().newXPath().compile("/Response/Result/Decision/text()").evaluate(newDocumentBuilder.parse(inputSource), XPathConstants.STRING);
            if (str2.equalsIgnoreCase("Permit")) {
                return true;
            }
            return str2.equalsIgnoreCase("Not Applicable");
        } catch (IOException | ParserConfigurationException | XPathExpressionException | SAXException e) {
            throw new IdentityProvisioningException("Exception occurred while xacmlResponse processing", e);
        }
    }
}
