package org.wso2.carbon.identity.entitlement.policy.finder;

import java.io.File;
import java.net.URI;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.TreeSet;
import net.sf.jsr107cache.Cache;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.balana.AbstractPolicy;
import org.wso2.balana.MatchResult;
import org.wso2.balana.PolicyMetaData;
import org.wso2.balana.VersionConstraints;
import org.wso2.balana.combine.DenyOverridesPolicyAlg;
import org.wso2.balana.combine.FirstApplicablePolicyAlg;
import org.wso2.balana.combine.OnlyOneApplicablePolicyAlg;
import org.wso2.balana.combine.OrderedDenyOverridesPolicyAlg;
import org.wso2.balana.combine.OrderedPermitOverridesPolicyAlg;
import org.wso2.balana.combine.PermitOverridesPolicyAlg;
import org.wso2.balana.combine.PolicyCombiningAlgorithm;
import org.wso2.balana.ctx.EvaluationCtx;
import org.wso2.balana.finder.PolicyFinder;
import org.wso2.balana.finder.PolicyFinderModule;
import org.wso2.balana.finder.PolicyFinderResult;
import org.wso2.carbon.caching.core.identity.IdentityCacheEntry;
import org.wso2.carbon.caching.core.identity.IdentityCacheKey;
import org.wso2.carbon.identity.base.IdentityException;
import org.wso2.carbon.identity.entitlement.EntitlementConstants;
import org.wso2.carbon.identity.entitlement.EntitlementException;
import org.wso2.carbon.identity.entitlement.EntitlementUtil;
import org.wso2.carbon.identity.entitlement.internal.EntitlementServiceComponent;
import org.wso2.carbon.identity.entitlement.pdp.EntitlementEngine;
import org.wso2.carbon.identity.entitlement.policy.PolicyCollection;
import org.wso2.carbon.identity.entitlement.policy.PolicyStoreReader;
import org.wso2.carbon.identity.entitlement.policy.PolicyTarget;

/* loaded from: input_file:org/wso2/carbon/identity/entitlement/policy/finder/RegistryBasedPolicyFinder.class */
public class RegistryBasedPolicyFinder extends PolicyFinderModule {
    private static final String DENY_OVERRIDE = "urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:deny-overrides";
    private static final String PERMIT_OVERRIDE = "urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:permit-overrides";
    private static final String FIRST_APPLICABLE = "urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:first-applicable";
    private static final String ONLY_ONE_APPLICABLE = "urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:only-one-applicable";
    private static final String ORDERED_DENY_OVERRIDE = "urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:ordered-deny-overrides";
    private static final String ORDERED_PERMIT_OVERRIDE = "urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:ordered-permit-overrides";
    private static final String DEFAULT_POLICY_COMBINING_ALGO = "deny-overrides";
    private static final String POLICY_COMBINING_ALGO = "urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:";
    private PolicyStoreReader policyReader;
    private PolicyCollection policies;
    private File schemaFile;
    private IdentityCacheKey cacheKey;
    private int tenantId;
    private PolicyTarget[] policyTargets;
    private int cacheValue;
    private int maxInMemoryPolicies;
    private Properties cachingProperties;
    private String globalPolicyCombiningAlgorithm;
    private static Cache entitlementPolicyCache = EntitlementUtil.getCommonCache(EntitlementConstants.ENTITLEMENT_POLICY_CACHE);
    private static Log log = LogFactory.getLog(RegistryBasedPolicyFinder.class);

    public RegistryBasedPolicyFinder(PolicyStoreReader policyStoreReader, int i) {
        this.schemaFile = null;
        this.policyReader = policyStoreReader;
        this.cacheKey = new IdentityCacheKey(i, "");
        this.tenantId = i;
        String property = System.getProperty(PolicyStoreReader.POLICY_SCHEMA_PROPERTY);
        if (property != null) {
            this.schemaFile = new File(property);
        }
    }

    public RegistryBasedPolicyFinder(PolicyStoreReader policyStoreReader, int i, String str) {
        this.schemaFile = null;
        this.policyReader = policyStoreReader;
        this.cacheKey = new IdentityCacheKey(i, "");
        this.tenantId = i;
        if (str != null) {
            this.schemaFile = new File(str);
        }
    }

    public boolean isIdReferenceSupported() {
        return true;
    }

    public boolean isRequestSupported() {
        return true;
    }

    public void init(PolicyFinder policyFinder) {
        this.cachingProperties = EntitlementServiceComponent.getEntitlementConfig().getCachingProperties();
        try {
            this.globalPolicyCombiningAlgorithm = findPolicyCombiningAlgorithm();
            if (this.globalPolicyCombiningAlgorithm == null) {
                this.globalPolicyCombiningAlgorithm = DEFAULT_POLICY_COMBINING_ALGO;
            }
            PolicyCombiningAlgorithm policyCombiningAlgorithm = getPolicyCombiningAlgorithm(this.globalPolicyCombiningAlgorithm);
            if ("true".equals(this.cachingProperties.getProperty(EntitlementConstants.ON_DEMAND_POLICY_LOADING))) {
                this.policyTargets = this.policyReader.readTargets();
                this.maxInMemoryPolicies = 100;
                String property = this.cachingProperties.getProperty(EntitlementConstants.MAX_POLICY_ENTRIES);
                if (property != null && !"".equals(property)) {
                    this.maxInMemoryPolicies = Integer.parseInt(property);
                }
                this.policies = new PolicyCollection(policyCombiningAlgorithm, this.maxInMemoryPolicies);
            } else {
                AbstractPolicy[] readPolicies = this.policyReader.readPolicies();
                this.policies = new PolicyCollection(policyCombiningAlgorithm);
                for (AbstractPolicy abstractPolicy : readPolicies) {
                    if (abstractPolicy != null && !this.policies.addPolicy(abstractPolicy) && log.isWarnEnabled()) {
                        log.warn(" Trying to load the same policy multiple times: " + abstractPolicy.getId());
                    }
                }
            }
            IdentityCacheEntry identityCacheEntry = (IdentityCacheEntry) entitlementPolicyCache.get(this.cacheKey);
            if (identityCacheEntry != null) {
                this.cacheValue = identityCacheEntry.getHashEntry();
            }
            this.cacheValue++;
            if (this.cacheValue == Integer.MAX_VALUE) {
                this.cacheValue = 0;
            }
            entitlementPolicyCache.put(this.cacheKey, new IdentityCacheEntry(this.cacheValue));
            if (log.isDebugEnabled()) {
                log.debug("Global XACML policy combining algorithm used " + this.globalPolicyCombiningAlgorithm);
            }
        } catch (IdentityException e) {
            log.error("Error while initializing RegistryBasedPolicyFinder", e);
        }
    }

    public PolicyFinderResult findPolicy(URI uri, int i, VersionConstraints versionConstraints, PolicyMetaData policyMetaData) {
        IdentityCacheEntry identityCacheEntry = (IdentityCacheEntry) entitlementPolicyCache.get(this.cacheKey);
        if (identityCacheEntry != null && identityCacheEntry.getHashEntry() != this.cacheValue) {
            init(new PolicyFinder());
            if (log.isDebugEnabled()) {
                log.debug("Entitlement Policy cache is updated for tenant " + this.tenantId);
            }
            try {
                EntitlementEngine.getInstance(null, this.tenantId).clearDecisionCache(false);
            } catch (IdentityException e) {
                log.error("Decision Cache can not be cleared when Entitlement Policy cache is updated");
            }
            this.cacheValue = identityCacheEntry.getHashEntry();
        }
        AbstractPolicy policy = this.policies.getPolicy(uri.toString(), i, versionConstraints);
        return policy == null ? new PolicyFinderResult() : new PolicyFinderResult(policy);
    }

    public PolicyFinderResult findPolicy(EvaluationCtx evaluationCtx) {
        try {
            IdentityCacheEntry identityCacheEntry = (IdentityCacheEntry) entitlementPolicyCache.get(this.cacheKey);
            if (identityCacheEntry != null && identityCacheEntry.getHashEntry() != this.cacheValue) {
                init(new PolicyFinder());
                if (log.isDebugEnabled()) {
                    log.debug("Entitlement Policy cache is updated for tenant " + this.tenantId);
                }
                try {
                    EntitlementEngine.getInstance(null, this.tenantId).clearDecisionCache(false);
                } catch (IdentityException e) {
                    log.error("Decision Cache can not be cleared when Entitlement Policy cache is updated");
                }
                this.cacheValue = identityCacheEntry.getHashEntry();
            }
            AbstractPolicy findPolicyUsingTarget = "true".equals(this.cachingProperties.getProperty(EntitlementConstants.ON_DEMAND_POLICY_LOADING)) ? findPolicyUsingTarget(evaluationCtx) : this.policies.getPolicy(evaluationCtx);
            return findPolicyUsingTarget == null ? new PolicyFinderResult() : new PolicyFinderResult(findPolicyUsingTarget);
        } catch (EntitlementException e2) {
            return new PolicyFinderResult(e2.getStatus());
        }
    }

    private AbstractPolicy findPolicyUsingTarget(EvaluationCtx evaluationCtx) throws EntitlementException {
        ArrayList<AbstractPolicy> arrayList = new ArrayList<>(this.maxInMemoryPolicies);
        for (PolicyTarget policyTarget : this.policyTargets) {
            if (policyTarget != null) {
                if (arrayList.size() >= this.maxInMemoryPolicies) {
                    break;
                }
                MatchResult match = policyTarget.getTarget().match(evaluationCtx);
                int result = match.getResult();
                if (result == 2) {
                    log.error("Error occurred while processing the XACML policy " + policyTarget.getPolicyId());
                    throw new EntitlementException(match.getStatus());
                }
                if (result == 0) {
                    AbstractPolicy policy = this.policies.getPolicy(policyTarget.getPolicyId());
                    if (policy != null) {
                        arrayList.add(policy);
                    } else {
                        try {
                            policy = this.policyReader.readPolicy(policyTarget.getPolicyId());
                        } catch (IdentityException e) {
                            log.error("Error occurred while reading XACML Policy " + policyTarget.getPolicyId());
                        }
                        if (policy != null) {
                            this.policies.addPolicy(policy);
                            arrayList.add(policy);
                        }
                    }
                    if (log.isDebugEnabled()) {
                        log.debug("Matching XACML policy found " + policyTarget.getPolicyId());
                    }
                }
            }
        }
        return this.policies.getPolicy(arrayList);
    }

    public List<String> getMatchingPolicies(EvaluationCtx evaluationCtx) {
        ArrayList arrayList = new ArrayList();
        ArrayList<PolicyTarget> arrayList2 = new ArrayList();
        if (this.policyTargets == null || this.policyTargets.length <= 0) {
            LinkedHashMap<String, TreeSet<AbstractPolicy>> policies = this.policies.getPolicies();
            if (policies != null && policies.size() > 0) {
                Iterator<Map.Entry<String, TreeSet<AbstractPolicy>>> it = policies.entrySet().iterator();
                while (it.hasNext()) {
                    AbstractPolicy first = it.next().getValue().first();
                    PolicyTarget policyTarget = new PolicyTarget();
                    policyTarget.setPolicyId(first.getId().toString());
                    policyTarget.setTarget(first.getTarget());
                    arrayList2.add(policyTarget);
                }
            }
        } else {
            arrayList2.addAll(Arrays.asList(this.policyTargets));
        }
        for (PolicyTarget policyTarget2 : arrayList2) {
            if (policyTarget2.getTarget().match(evaluationCtx).getResult() == 0) {
                arrayList.add(policyTarget2.getPolicyId());
            }
        }
        return arrayList;
    }

    private PolicyCombiningAlgorithm getPolicyCombiningAlgorithm(String str) throws IdentityException {
        if (FIRST_APPLICABLE.equals(POLICY_COMBINING_ALGO + str)) {
            return new FirstApplicablePolicyAlg();
        }
        if (DENY_OVERRIDE.equals(POLICY_COMBINING_ALGO + str)) {
            return new DenyOverridesPolicyAlg();
        }
        if (PERMIT_OVERRIDE.equals(POLICY_COMBINING_ALGO + str)) {
            return new PermitOverridesPolicyAlg();
        }
        if (ONLY_ONE_APPLICABLE.equals(POLICY_COMBINING_ALGO + str)) {
            return new OnlyOneApplicablePolicyAlg();
        }
        if (ORDERED_DENY_OVERRIDE.equals(POLICY_COMBINING_ALGO + str)) {
            return new OrderedDenyOverridesPolicyAlg();
        }
        if (ORDERED_PERMIT_OVERRIDE.equals(POLICY_COMBINING_ALGO + str)) {
            return new OrderedPermitOverridesPolicyAlg();
        }
        throw new IdentityException("Unsupported policy algorithm " + str);
    }

    public String findPolicyCombiningAlgorithm() {
        try {
            return this.policyReader.readPolicyCombiningAlgorithm();
        } catch (IdentityException e) {
            log.warn("Error occurs while finding policy combining algorithm");
            return null;
        }
    }

    public String getGlobalPolicyCombiningAlgorithm() {
        return this.globalPolicyCombiningAlgorithm;
    }
}
