package org.wso2.carbon.identity.provisioning.rules;

import java.io.IOException;
import java.io.StringReader;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.Map;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.ParserConfigurationException;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.w3c.dom.NodeList;
import org.wso2.balana.utils.exception.PolicyBuilderException;
import org.wso2.balana.utils.policy.PolicyBuilder;
import org.wso2.carbon.identity.application.common.model.ClaimMapping;
import org.wso2.carbon.identity.application.common.model.ServiceProvider;
import org.wso2.carbon.identity.core.util.IdentityUtil;
import org.wso2.carbon.identity.entitlement.EntitlementException;
import org.wso2.carbon.identity.entitlement.common.dto.RequestDTO;
import org.wso2.carbon.identity.entitlement.common.dto.RowDTO;
import org.wso2.carbon.identity.entitlement.common.util.PolicyCreatorUtil;
import org.wso2.carbon.identity.provisioning.IdentityProvisioningConstants;
import org.wso2.carbon.identity.provisioning.IdentityProvisioningException;
import org.wso2.carbon.identity.provisioning.ProvisioningEntity;
import org.wso2.carbon.identity.provisioning.ProvisioningOperation;
import org.wso2.carbon.identity.provisioning.internal.ProvisioningServiceDataHolder;
import org.xml.sax.InputSource;
import org.xml.sax.SAXException;

/* loaded from: input_file:org/wso2/carbon/identity/provisioning/rules/XACMLBasedRuleHandler.class */
public class XACMLBasedRuleHandler {
    private static final Log log = LogFactory.getLog(XACMLBasedRuleHandler.class);
    private static volatile XACMLBasedRuleHandler instance;

    public static XACMLBasedRuleHandler getInstance() {
        if (instance == null) {
            synchronized (XACMLBasedRuleHandler.class) {
                if (instance == null) {
                    instance = new XACMLBasedRuleHandler();
                }
            }
        }
        return instance;
    }

    public boolean isAllowedToProvision(String str, ProvisioningEntity provisioningEntity, ServiceProvider serviceProvider, String str2, String str3) {
        if (log.isDebugEnabled()) {
            log.debug("In policy provisioning flow...");
        }
        try {
            String buildRequest = PolicyBuilder.getInstance().buildRequest(PolicyCreatorUtil.createRequestElementDTO(createRequestDTO(str, provisioningEntity, serviceProvider, str2, str3)));
            if (log.isDebugEnabled()) {
                log.debug("XACML request :\n" + buildRequest);
            }
            String decision = ProvisioningServiceDataHolder.getInstance().getEntitlementService().getDecision(buildRequest);
            if (log.isDebugEnabled()) {
                log.debug("XACML response :\n" + decision);
            }
            return Boolean.valueOf(evaluateXACMLResponse(decision)).booleanValue();
        } catch (PolicyBuilderException e) {
            log.error("Policy Builder Exception occurred", e);
            return false;
        } catch (EntitlementException e2) {
            log.error("Entitlement Exception occurred", e2);
            return false;
        } catch (IdentityProvisioningException e3) {
            log.error("Error when evaluating the XACML response", e3);
            return false;
        }
    }

    private RequestDTO createRequestDTO(String str, ProvisioningEntity provisioningEntity, ServiceProvider serviceProvider, String str2, String str3) {
        ArrayList arrayList = new ArrayList();
        RowDTO createRowDTO = createRowDTO(str, "http://www.w3.org/2001/XMLSchema#string", ProvisioningRuleConstanats.XACML_ATTRIBUTE_TENAT_DOMAIN, ProvisioningRuleConstanats.XACML_CATAGORY_USER);
        RowDTO createRowDTO2 = createRowDTO(provisioningEntity.getEntityName(), "http://www.w3.org/2001/XMLSchema#string", ProvisioningRuleConstanats.XACML_ATTRIBUTE_USER, ProvisioningRuleConstanats.XACML_CATAGORY_USER);
        RowDTO createRowDTO3 = createRowDTO(serviceProvider.getApplicationName(), "http://www.w3.org/2001/XMLSchema#string", ProvisioningRuleConstanats.XACML_ATTRIBUTE_SP_NAME, ProvisioningRuleConstanats.XACML_CATAGORY_SERVICE_PROVIDER);
        RowDTO createRowDTO4 = createRowDTO(serviceProvider.getOwner().getTenantDomain(), "http://www.w3.org/2001/XMLSchema#string", ProvisioningRuleConstanats.XACML_ATTRIBUTE_SP_TENANT_DOMAIN, ProvisioningRuleConstanats.XACML_CATAGORY_SERVICE_PROVIDER);
        RowDTO createRowDTO5 = createRowDTO(str2, "http://www.w3.org/2001/XMLSchema#string", ProvisioningRuleConstanats.XACML_ATTRIBUTE_IDP_NAME, ProvisioningRuleConstanats.XACML_CATAGORY_IDENTITY_PROVIDER);
        RowDTO createRowDTO6 = createRowDTO(str3, "http://www.w3.org/2001/XMLSchema#string", ProvisioningRuleConstanats.XACML_ATTRIBUTE_CONNECTOR_TYPE, ProvisioningRuleConstanats.XACML_CATAGORY_IDENTITY_PROVIDER);
        RowDTO createRowDTO7 = createRowDTO(ProvisioningRuleConstanats.IDENTITY_ACTION_PROVISIONING, "http://www.w3.org/2001/XMLSchema#string", ProvisioningRuleConstanats.XACML_ATTRIBUTE_IDENTITY_ACTION, ProvisioningRuleConstanats.XACML_CATAGORY_IDENTITY_ACTION);
        if (provisioningEntity.getOperation().equals(ProvisioningOperation.POST)) {
            arrayList.add(createRowDTO(StringUtils.substringBetween(provisioningEntity.getAttributes().get(ClaimMapping.build(IdentityProvisioningConstants.GROUP_CLAIM_URI, (String) null, (String) null, false)).toString(), "[", "]"), "http://www.w3.org/2001/XMLSchema#string", ProvisioningRuleConstanats.XACML_ATTRIBUTE_CLAIM_GROUPS, ProvisioningRuleConstanats.XACML_CATAGORY_PROVISIONING));
        }
        RowDTO createRowDTO8 = createRowDTO(provisioningEntity.getOperation().toString(), "http://www.w3.org/2001/XMLSchema#string", ProvisioningRuleConstanats.XACML_ATTRIBUTE_OPERATION, ProvisioningRuleConstanats.XACML_CATAGORY_PROVISIONING);
        if (provisioningEntity.getInboundAttributes() != null) {
            for (Map.Entry<String, String> entry : provisioningEntity.getInboundAttributes().entrySet()) {
                arrayList.add(createRowDTO(entry.getValue(), "http://www.w3.org/2001/XMLSchema#string", entry.getKey(), ProvisioningRuleConstanats.XACML_CATAGORY_USER));
            }
        }
        RowDTO createRowDTO9 = createRowDTO(str, "http://www.w3.org/2001/XMLSchema#string", ProvisioningRuleConstanats.XACML_ATTRIBUTE_ENVIRONMENT, ProvisioningRuleConstanats.XACML_CATAGORY_ENVIRONMENT);
        RowDTO createRowDTO10 = createRowDTO(getCurrentDateTime(ProvisioningRuleConstanats.DATE_FORMAT), "http://www.w3.org/2001/XMLSchema#string", ProvisioningRuleConstanats.XACML_ATTRIBUTE_DATE, ProvisioningRuleConstanats.XACML_CATAGORY_ENVIRONMENT);
        RowDTO createRowDTO11 = createRowDTO(getCurrentDateTime(ProvisioningRuleConstanats.TIME_FORMAT), "http://www.w3.org/2001/XMLSchema#string", ProvisioningRuleConstanats.XACML_ATTRIBUTE_TIME, ProvisioningRuleConstanats.XACML_CATAGORY_ENVIRONMENT);
        RowDTO createRowDTO12 = createRowDTO(getCurrentDateTime(ProvisioningRuleConstanats.DATE_TIME_FORMAT), "http://www.w3.org/2001/XMLSchema#string", ProvisioningRuleConstanats.XACML_ATTRIBUTE_DATE_TIME, ProvisioningRuleConstanats.XACML_CATAGORY_ENVIRONMENT);
        arrayList.add(createRowDTO);
        arrayList.add(createRowDTO2);
        arrayList.add(createRowDTO3);
        arrayList.add(createRowDTO4);
        arrayList.add(createRowDTO5);
        arrayList.add(createRowDTO7);
        arrayList.add(createRowDTO6);
        arrayList.add(createRowDTO9);
        arrayList.add(createRowDTO10);
        arrayList.add(createRowDTO11);
        arrayList.add(createRowDTO12);
        arrayList.add(createRowDTO8);
        RequestDTO requestDTO = new RequestDTO();
        requestDTO.setRowDTOs(arrayList);
        return requestDTO;
    }

    private RowDTO createRowDTO(String str, String str2, String str3, String str4) {
        RowDTO rowDTO = new RowDTO();
        rowDTO.setAttributeValue(str);
        rowDTO.setAttributeDataType(str2);
        rowDTO.setAttributeId(str3);
        rowDTO.setCategory(str4);
        return rowDTO;
    }

    private boolean evaluateXACMLResponse(String str) throws IdentityProvisioningException {
        try {
            DocumentBuilder newDocumentBuilder = IdentityUtil.getSecuredDocumentBuilderFactory().newDocumentBuilder();
            InputSource inputSource = new InputSource();
            inputSource.setCharacterStream(new StringReader(str));
            String str2 = "";
            NodeList elementsByTagName = newDocumentBuilder.parse(inputSource).getDocumentElement().getElementsByTagName(ProvisioningRuleConstanats.XACML_RESPONSE_DECISION_NODE);
            if (elementsByTagName != null && elementsByTagName.item(0) != null) {
                str2 = elementsByTagName.item(0).getTextContent();
            }
            if (str2.equalsIgnoreCase("Permit")) {
                return true;
            }
            return str2.equalsIgnoreCase("Not Applicable");
        } catch (IOException | ParserConfigurationException | SAXException e) {
            throw new IdentityProvisioningException("Exception occurred while xacmlResponse processing", e);
        }
    }

    private String getCurrentDateTime(String str) {
        return new SimpleDateFormat(str).format(Calendar.getInstance().getTime()).toString();
    }
}
