package com.bea.security.providers.xacml;

import com.bea.common.security.xacml.DocumentParseException;
import com.bea.common.security.xacml.Type;
import com.bea.common.security.xacml.URI;
import com.bea.common.security.xacml.URISyntaxException;
import com.bea.common.security.xacml.attr.AnyURIAttribute;
import com.bea.common.security.xacml.attr.Bag;
import com.bea.common.security.xacml.attr.StringAttribute;
import com.bea.security.providers.xacml.store.RoleAssignmentPolicyRegistry;
import com.bea.security.xacml.AttributeEvaluator;
import com.bea.security.xacml.Configuration;
import com.bea.security.xacml.EvaluationCtx;
import com.bea.security.xacml.IndeterminateEvaluationException;
import com.bea.security.xacml.PolicyDecision;
import com.bea.security.xacml.PolicyDecisionPoint;
import com.bea.security.xacml.PolicyEvaluatorItem;
import com.bea.security.xacml.PolicyStoreException;
import com.bea.security.xacml.store.Record;
import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;

/* loaded from: input_file:com/bea/security/providers/xacml/RoleAssignmentPolicyDecisionPoint.class */
public class RoleAssignmentPolicyDecisionPoint extends PolicyDecisionPoint {
    private static final String ACTIONID_ATTR = "urn:oasis:names:tc:xacml:1.0:action:action-id";
    private static final String ROLE_ATTR = "urn:oasis:names:tc:xacml:2.0:subject:role";
    private static final String HAS_PRIVILEDGES_OF_ROLE = "urn:oasis:names:tc:xacml:2.0:actions:hasPrivilegesOfRole";
    private Configuration<RoleAssignmentPolicyRegistry> config;
    private final URI ACTIONID_ATTR_URI;
    private final URI ROLE_ATTR_URI;
    private final AnyURIAttribute HAS_PRIVILEDGES_OF_ROLE_URI_VALUE;
    private final URI ANYURI_TYPE;
    private final URI STRING_TYPE;

    public RoleAssignmentPolicyDecisionPoint(Configuration<RoleAssignmentPolicyRegistry> configuration) throws URISyntaxException {
        super(configuration);
        this.config = configuration;
        try {
            this.ACTIONID_ATTR_URI = new URI("urn:oasis:names:tc:xacml:1.0:action:action-id");
            this.ROLE_ATTR_URI = new URI("urn:oasis:names:tc:xacml:2.0:subject:role");
            this.HAS_PRIVILEDGES_OF_ROLE_URI_VALUE = new AnyURIAttribute(new URI(HAS_PRIVILEDGES_OF_ROLE));
            this.ANYURI_TYPE = Type.ANY_URI.getDataType();
            this.STRING_TYPE = Type.STRING.getDataType();
        } catch (java.net.URISyntaxException e) {
            throw new URISyntaxException(e);
        }
    }

    public RoleAssignmentPolicyDecisionPoint(Configuration<RoleAssignmentPolicyRegistry> configuration, URI uri) throws URISyntaxException {
        super(configuration, uri);
        this.config = configuration;
        try {
            this.ACTIONID_ATTR_URI = new URI("urn:oasis:names:tc:xacml:1.0:action:action-id");
            this.ROLE_ATTR_URI = new URI("urn:oasis:names:tc:xacml:2.0:subject:role");
            this.HAS_PRIVILEDGES_OF_ROLE_URI_VALUE = new AnyURIAttribute(new URI(HAS_PRIVILEDGES_OF_ROLE));
            this.ANYURI_TYPE = Type.ANY_URI.getDataType();
            this.STRING_TYPE = Type.STRING.getDataType();
        } catch (java.net.URISyntaxException e) {
            throw new URISyntaxException(e);
        }
    }

    public Map<String, PolicyEvaluatorItem> getRoles(EvaluationCtx evaluationCtx) throws IndeterminateEvaluationException {
        try {
            final Map<String, Set<Record>> findRoleAssignmentPolicy = this.config.getPolicyRegistry().findRoleAssignmentPolicy(evaluationCtx);
            if (findRoleAssignmentPolicy == null) {
                return null;
            }
            final PolicyDecisionPoint.PolicyEvaluatorSet policyEvaluatorSet = new PolicyDecisionPoint.PolicyEvaluatorSet(evaluationCtx);
            if (!findRoleAssignmentPolicy.containsKey(null)) {
                return new Map<String, PolicyEvaluatorItem>() { // from class: com.bea.security.providers.xacml.RoleAssignmentPolicyDecisionPoint.2
                    private Map<String, PolicyEvaluatorItem> inner = new HashMap();
                    private boolean keysLoaded = false;

                    private PolicyEvaluatorItem processKey(String str) {
                        if (this.inner.containsKey(str)) {
                            return null;
                        }
                        PolicyEvaluatorItem createItem = policyEvaluatorSet.createItem((Set) findRoleAssignmentPolicy.get(str));
                        this.inner.put(str, createItem);
                        return createItem;
                    }

                    private void init() {
                        if (this.keysLoaded) {
                            return;
                        }
                        Iterator it = findRoleAssignmentPolicy.keySet().iterator();
                        while (it.hasNext()) {
                            processKey((String) it.next());
                        }
                        this.keysLoaded = true;
                    }

                    @Override // java.util.Map
                    public int size() {
                        return findRoleAssignmentPolicy.size();
                    }

                    @Override // java.util.Map
                    public boolean isEmpty() {
                        return findRoleAssignmentPolicy.isEmpty();
                    }

                    @Override // java.util.Map
                    public boolean containsKey(Object obj) {
                        return findRoleAssignmentPolicy.containsKey(obj);
                    }

                    @Override // java.util.Map
                    public boolean containsValue(Object obj) {
                        init();
                        return this.inner.containsValue(obj);
                    }

                    /* JADX WARN: Can't rename method to resolve collision */
                    @Override // java.util.Map
                    public PolicyEvaluatorItem get(Object obj) {
                        PolicyEvaluatorItem policyEvaluatorItem = this.inner.get(obj);
                        if (policyEvaluatorItem == null && findRoleAssignmentPolicy.containsKey(obj)) {
                            policyEvaluatorItem = processKey((String) obj);
                        }
                        return policyEvaluatorItem;
                    }

                    @Override // java.util.Map
                    public PolicyEvaluatorItem put(String str, PolicyEvaluatorItem policyEvaluatorItem) {
                        throw new UnsupportedOperationException();
                    }

                    /* JADX WARN: Can't rename method to resolve collision */
                    @Override // java.util.Map
                    public PolicyEvaluatorItem remove(Object obj) {
                        throw new UnsupportedOperationException();
                    }

                    @Override // java.util.Map
                    public void putAll(Map<? extends String, ? extends PolicyEvaluatorItem> map) {
                        throw new UnsupportedOperationException();
                    }

                    @Override // java.util.Map
                    public void clear() {
                        throw new UnsupportedOperationException();
                    }

                    @Override // java.util.Map
                    public Set<String> keySet() {
                        return findRoleAssignmentPolicy.keySet();
                    }

                    @Override // java.util.Map
                    public Collection<PolicyEvaluatorItem> values() {
                        init();
                        return this.inner.values();
                    }

                    @Override // java.util.Map
                    public Set<Map.Entry<String, PolicyEvaluatorItem>> entrySet() {
                        init();
                        return this.inner.entrySet();
                    }
                };
            }
            final Set<Record> set = findRoleAssignmentPolicy.get(null);
            return new Map<String, PolicyEvaluatorItem>() { // from class: com.bea.security.providers.xacml.RoleAssignmentPolicyDecisionPoint.1
                private Map<String, PolicyEvaluatorItem> inner = new HashMap();
                private boolean keysLoaded = false;
                private int extraItems = 0;

                private PolicyEvaluatorItem processKey(String str) {
                    Set<Record> set2;
                    if (this.inner.containsKey(str)) {
                        return null;
                    }
                    if (findRoleAssignmentPolicy.containsKey(str)) {
                        set2 = new HashSet();
                        set2.addAll(set);
                        set2.addAll((Collection) findRoleAssignmentPolicy.get(str));
                    } else {
                        set2 = set;
                        this.extraItems++;
                    }
                    PolicyEvaluatorItem createItem = policyEvaluatorSet.createItem(set2);
                    this.inner.put(str, createItem);
                    return createItem;
                }

                private void init() {
                    if (this.keysLoaded) {
                        return;
                    }
                    Iterator it = findRoleAssignmentPolicy.keySet().iterator();
                    while (it.hasNext()) {
                        processKey((String) it.next());
                    }
                    this.keysLoaded = true;
                }

                @Override // java.util.Map
                public int size() {
                    return findRoleAssignmentPolicy.size() + this.extraItems;
                }

                @Override // java.util.Map
                public boolean isEmpty() {
                    return findRoleAssignmentPolicy.isEmpty() && this.extraItems == 0;
                }

                @Override // java.util.Map
                public boolean containsKey(Object obj) {
                    return obj instanceof String;
                }

                @Override // java.util.Map
                public boolean containsValue(Object obj) {
                    init();
                    return this.inner.containsValue(obj);
                }

                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.util.Map
                public PolicyEvaluatorItem get(Object obj) {
                    PolicyEvaluatorItem policyEvaluatorItem = this.inner.get(obj);
                    if (policyEvaluatorItem == null) {
                        policyEvaluatorItem = processKey((String) obj);
                    }
                    return policyEvaluatorItem;
                }

                @Override // java.util.Map
                public PolicyEvaluatorItem put(String str, PolicyEvaluatorItem policyEvaluatorItem) {
                    throw new UnsupportedOperationException();
                }

                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.util.Map
                public PolicyEvaluatorItem remove(Object obj) {
                    throw new UnsupportedOperationException();
                }

                @Override // java.util.Map
                public void putAll(Map<? extends String, ? extends PolicyEvaluatorItem> map) {
                    throw new UnsupportedOperationException();
                }

                @Override // java.util.Map
                public void clear() {
                    throw new UnsupportedOperationException();
                }

                @Override // java.util.Map
                public Set<String> keySet() {
                    init();
                    return this.inner.keySet();
                }

                @Override // java.util.Map
                public Collection<PolicyEvaluatorItem> values() {
                    init();
                    return this.inner.values();
                }

                @Override // java.util.Map
                public Set<Map.Entry<String, PolicyEvaluatorItem>> entrySet() {
                    init();
                    return this.inner.entrySet();
                }
            };
        } catch (DocumentParseException e) {
            throw new IndeterminateEvaluationException(e);
        } catch (URISyntaxException e2) {
            throw new IndeterminateEvaluationException(e2);
        } catch (PolicyStoreException e3) {
            throw new IndeterminateEvaluationException(e3);
        }
    }

    public PolicyDecision evaluate(EvaluationCtx evaluationCtx) throws IndeterminateEvaluationException {
        Map<String, PolicyEvaluatorItem> roles = getRoles(evaluationCtx);
        AttributeEvaluator evaluatable = evaluationCtx.getActionAttributes().getEvaluatable(this.ACTIONID_ATTR_URI, this.ANYURI_TYPE);
        if (evaluatable == null) {
            throw new IndeterminateEvaluationException("Missing hasPriviledgesOfRole action-id value");
        }
        if (!evaluatable.evaluateToBag(evaluationCtx).contains(this.HAS_PRIVILEDGES_OF_ROLE_URI_VALUE)) {
            throw new IndeterminateEvaluationException("Missing hasPriviledgesOfRole action-id value");
        }
        AttributeEvaluator evaluatable2 = evaluationCtx.getResourceAttributes().getEvaluatable(this.ROLE_ATTR_URI, this.STRING_TYPE);
        if (evaluatable2 == null) {
            throw new IndeterminateEvaluationException("Missing requested role values");
        }
        Bag evaluateToBag = evaluatable2.evaluateToBag(evaluationCtx);
        if (evaluateToBag == null || evaluateToBag.isEmpty()) {
            throw new IndeterminateEvaluationException("No requested roles");
        }
        Iterator<E> it = evaluateToBag.iterator();
        while (it.hasNext()) {
            PolicyEvaluatorItem policyEvaluatorItem = roles.get(((StringAttribute) it.next()).getValue());
            if (policyEvaluatorItem != null) {
                PolicyDecision evaluate = policyEvaluatorItem.evaluate();
                if (evaluate.getDecisionValue() == 0) {
                    return evaluate;
                }
            }
        }
        return PolicyDecision.getDenyDecision();
    }
}
