package com.bea.security.providers.xacml.entitlement;

import com.bea.common.logger.spi.LoggerSpi;
import com.bea.common.security.xacml.DocumentParseException;
import com.bea.common.security.xacml.URI;
import com.bea.common.security.xacml.URISyntaxException;
import com.bea.common.security.xacml.attr.AnyURIAttribute;
import com.bea.common.security.xacml.attr.BooleanAttribute;
import com.bea.common.security.xacml.attr.DateTimeAttribute;
import com.bea.common.security.xacml.attr.DayTimeDurationAttribute;
import com.bea.common.security.xacml.attr.DoubleAttribute;
import com.bea.common.security.xacml.attr.IntegerAttribute;
import com.bea.common.security.xacml.attr.StringAttribute;
import com.bea.common.security.xacml.builder.DataTypes;
import com.bea.common.security.xacml.policy.Action;
import com.bea.common.security.xacml.policy.ActionMatch;
import com.bea.common.security.xacml.policy.Actions;
import com.bea.common.security.xacml.policy.Apply;
import com.bea.common.security.xacml.policy.AttributeValue;
import com.bea.common.security.xacml.policy.Condition;
import com.bea.common.security.xacml.policy.EnvironmentAttributeDesignator;
import com.bea.common.security.xacml.policy.Expression;
import com.bea.common.security.xacml.policy.Policy;
import com.bea.common.security.xacml.policy.PolicySchemaObject;
import com.bea.common.security.xacml.policy.PolicySet;
import com.bea.common.security.xacml.policy.ResourceMatch;
import com.bea.common.security.xacml.policy.Resources;
import com.bea.common.security.xacml.policy.Rule;
import com.bea.common.security.xacml.policy.SubjectAttributeDesignator;
import com.bea.common.security.xacml.policy.Target;
import com.bea.common.security.xacml.policy.VariableDefinition;
import com.bea.common.security.xacml.policy.VariableReference;
import com.bea.security.providers.xacml.EnvironmentAttributeDesignatorFactory;
import com.bea.security.providers.xacml.SubjectAttributeDesignatorFactory;
import com.bea.security.providers.xacml.entitlement.p13n.P13NExpressionConverter;
import com.bea.security.providers.xacml.entitlement.parser.BinaryOp;
import com.bea.security.providers.xacml.entitlement.parser.Complement;
import com.bea.security.providers.xacml.entitlement.parser.Difference;
import com.bea.security.providers.xacml.entitlement.parser.Groups;
import com.bea.security.providers.xacml.entitlement.parser.Intersect;
import com.bea.security.providers.xacml.entitlement.parser.Parser;
import com.bea.security.providers.xacml.entitlement.parser.Predicate;
import com.bea.security.providers.xacml.entitlement.parser.Roles;
import com.bea.security.providers.xacml.entitlement.parser.UnaryOp;
import com.bea.security.providers.xacml.entitlement.parser.Union;
import com.bea.security.providers.xacml.entitlement.parser.Users;
import com.bea.security.xacml.Logger;
import com.bea.security.xacml.cache.resource.ResourceMatchUtil;
import com.bea.security.xacml.cache.resource.ResourcePolicyIdUtil;
import com.bea.security.xacml.cache.role.RoleMatchUtil;
import com.bea.security.xacml.entitlement.SimplificationException;
import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import java.text.ParseException;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Calendar;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.StringTokenizer;
import java.util.TimeZone;
import weblogic.security.spi.Resource;
import weblogic.xml.process.FunctionRef;

/* loaded from: input_file:com/bea/security/providers/xacml/entitlement/EntitlementConverter.class */
public class EntitlementConverter {
    private static final String ENTITLEMENT_COMBINER = "urn:bea:xacml:2.0:entitlement:policy-combining-algorithm:most-specific";
    private static final String RULES_PACKAGE = "weblogic.entitlement.rules";
    private static final String AFTER = "weblogic.entitlement.rules.After";
    private static final String AFTER_DAY_OF_MONTH = "weblogic.entitlement.rules.AfterDayOfMonth";
    private static final String BEFORE = "weblogic.entitlement.rules.Before";
    private static final String BEFORE_DAY_OF_MONTH = "weblogic.entitlement.rules.BeforeDayOfMonth";
    private static final String CONTEXT_ELEMENT_IS_SET = "weblogic.entitlement.rules.ContextElementIsSet";
    private static final String CONTEXT_ELEMENT_NUMBER_EQUALS = "weblogic.entitlement.rules.ContextElementNumberEquals";
    private static final String CONTEXT_ELEMENT_NUMBER_GREATER = "weblogic.entitlement.rules.ContextElementNumberGreater";
    private static final String CONTEXT_ELEMENT_NUMBER_LESS = "weblogic.entitlement.rules.ContextElementNumberLess";
    private static final String CONTEXT_ELEMENT_STRING_EQUALS = "weblogic.entitlement.rules.ContextElementStringEquals";
    private static final String EXCLUDED_POLICY = "weblogic.entitlement.rules.ExcludedPolicy";
    private static final String HTTP_REQUEST_ATTR_IS_SET = "weblogic.entitlement.rules.HttpRequestAttrIsSet";
    private static final String HTTP_REQUEST_ATTR_NUMBER_EQUALS = "weblogic.entitlement.rules.HttpRequestAttrNumberEquals";
    private static final String HTTP_REQUEST_ATTR_NUMBER_GREATER = "weblogic.entitlement.rules.HttpRequestAttrNumberGreater";
    private static final String HTTP_REQUEST_ATTR_NUMBER_LESS = "weblogic.entitlement.rules.HttpRequestAttrNumberLess";
    private static final String HTTP_REQUEST_ATTR_STRING_EQUALS = "weblogic.entitlement.rules.HttpRequestAttrStringEquals";
    private static final String IN_DEVELOPMENT_MODE = "weblogic.entitlement.rules.InDevelopmentMode";
    private static final String IN_SECURE_MODE = "weblogic.entitlement.rules.InSecureMode";
    private static final String IS_DAY_OF_MONTH = "weblogic.entitlement.rules.IsDayOfMonth";
    private static final String IS_DAY_OF_WEEK = "weblogic.entitlement.rules.IsDayOfWeek";
    private static final String IDD_USER = "weblogic.entitlement.rules.IDDUser";
    private static final String IDD_GROUP = "weblogic.entitlement.rules.IDDGroup";
    private static final String OWNER_IDD_USER = "weblogic.entitlement.rules.OwnerIDDUser";
    private static final String OWNER_IDD_GROUP = "weblogic.entitlement.rules.OwnerIDDGroup";
    private static final String ADMIN_IDD_USER = "weblogic.entitlement.rules.AdminIDDUser";
    private static final String ADMIN_IDD_GROUP = "weblogic.entitlement.rules.AdminIDDGroup";
    private static final String IDCS_APPROLE = "weblogic.entitlement.rules.IDCSAppRoleName";
    private static final String ADMINISTRATIVE_GROUP = "weblogic.entitlement.rules.AdministrativeGroup";
    private static final String SCOPE = "weblogic.entitlement.rules.Scope";
    private static final String SIGNATURE = "weblogic.entitlement.rules.SignaturePredicate";
    private static final String TIME = "weblogic.entitlement.rules.TimePredicate";
    private static final String UNCHECKED_POLICY = "weblogic.entitlement.rules.UncheckedPolicy";
    private static final String WLP_EXPRESSION = "com.bea.p13n.entitlements.rules.internal.ExpressionPredicate";
    private static final long NANOS_PER_MILLI = 1000000;
    private static final int SECONDS_PER_MINUTE = 60;
    private static final int MINUTES_PER_HOUR = 60;
    private static final String SUNDAY = "Sunday";
    private static final String MONDAY = "Monday";
    private static final String TUESDAY = "Tuesday";
    private static final String WEDNESDAY = "Wednesday";
    private static final String THURSDAY = "Thursday";
    private static final String FRIDAY = "Friday";
    private static final String SATURDAY = "Saturday";
    private static final String IDDNAME_PREFIX;
    private static final String IDDUSER_SCOPE = "/user/";
    private static final String IDDGROUP_SCOPE = "/group/";
    private static final String SCOPE_SCOPE = "/scope/";
    private static final String IDCS_APPROLE_PREFIX = "idcsrole://";
    private static final String IDCS_APP_SCOPE = "/app/";
    private P13NExpressionConverter p13nConverter;
    private LoggerSpi log;
    private Collection<String> predicates = new HashSet();
    private final Map<String, Integer> days = new HashMap();
    private RoleMatchUtil rmu = new RoleMatchUtil();

    /* loaded from: input_file:com/bea/security/providers/xacml/entitlement/EntitlementConverter$XACMLLoggerWrapper.class */
    private static class XACMLLoggerWrapper implements LoggerSpi {
        Logger debugLogger;

        public XACMLLoggerWrapper(Logger logger) {
            this.debugLogger = null;
            this.debugLogger = logger;
        }

        @Override // com.bea.common.logger.spi.LoggerSpi
        public boolean isDebugEnabled() {
            if (this.debugLogger != null) {
                return this.debugLogger.isDebugEnabled();
            }
            return false;
        }

        @Override // com.bea.common.logger.spi.LoggerSpi
        public void debug(Object obj) {
            if (this.debugLogger != null) {
                this.debugLogger.debug(obj.toString());
            }
        }

        @Override // com.bea.common.logger.spi.LoggerSpi
        public void debug(Object obj, Throwable th) {
            if (this.debugLogger != null) {
                this.debugLogger.debug(obj.toString(), th);
            }
        }

        @Override // com.bea.common.logger.spi.LoggerSpi
        public void info(Object obj) {
            if (this.debugLogger != null) {
                this.debugLogger.info(obj.toString());
            }
        }

        @Override // com.bea.common.logger.spi.LoggerSpi
        public void info(Object obj, Throwable th) {
            if (this.debugLogger != null) {
                this.debugLogger.info(obj.toString(), th);
            }
        }

        @Override // com.bea.common.logger.spi.LoggerSpi
        public void warn(Object obj) {
            if (this.debugLogger != null) {
                this.debugLogger.warn(obj.toString());
            }
        }

        @Override // com.bea.common.logger.spi.LoggerSpi
        public void warn(Object obj, Throwable th) {
            if (this.debugLogger != null) {
                this.debugLogger.warn(obj.toString(), th);
            }
        }

        @Override // com.bea.common.logger.spi.LoggerSpi
        public void error(Object obj) {
            if (this.debugLogger != null) {
                this.debugLogger.error(obj.toString());
            }
        }

        @Override // com.bea.common.logger.spi.LoggerSpi
        public void error(Object obj, Throwable th) {
            if (this.debugLogger != null) {
                this.debugLogger.error(obj.toString(), th);
            }
        }

        @Override // com.bea.common.logger.spi.LoggerSpi
        public void severe(Object obj) {
            if (this.debugLogger != null) {
                this.debugLogger.severe(obj.toString());
            }
        }

        @Override // com.bea.common.logger.spi.LoggerSpi
        public void severe(Object obj, Throwable th) {
            if (this.debugLogger != null) {
                this.debugLogger.severe(obj.toString(), th);
            }
        }
    }

    public EntitlementConverter(Logger logger) throws URISyntaxException {
        this.log = new XACMLLoggerWrapper(logger);
        this.predicates.add(AFTER);
        this.predicates.add(AFTER_DAY_OF_MONTH);
        this.predicates.add(BEFORE);
        this.predicates.add(BEFORE_DAY_OF_MONTH);
        this.predicates.add(CONTEXT_ELEMENT_IS_SET);
        this.predicates.add(CONTEXT_ELEMENT_NUMBER_EQUALS);
        this.predicates.add(CONTEXT_ELEMENT_NUMBER_GREATER);
        this.predicates.add(CONTEXT_ELEMENT_NUMBER_LESS);
        this.predicates.add(CONTEXT_ELEMENT_STRING_EQUALS);
        this.predicates.add(EXCLUDED_POLICY);
        this.predicates.add(HTTP_REQUEST_ATTR_IS_SET);
        this.predicates.add(HTTP_REQUEST_ATTR_NUMBER_EQUALS);
        this.predicates.add(HTTP_REQUEST_ATTR_NUMBER_GREATER);
        this.predicates.add(HTTP_REQUEST_ATTR_NUMBER_LESS);
        this.predicates.add(HTTP_REQUEST_ATTR_STRING_EQUALS);
        this.predicates.add(IN_DEVELOPMENT_MODE);
        this.predicates.add(IN_SECURE_MODE);
        this.predicates.add(IS_DAY_OF_MONTH);
        this.predicates.add(IS_DAY_OF_WEEK);
        this.predicates.add(IDD_USER);
        this.predicates.add(IDD_GROUP);
        this.predicates.add(OWNER_IDD_USER);
        this.predicates.add(OWNER_IDD_GROUP);
        this.predicates.add(ADMIN_IDD_USER);
        this.predicates.add(ADMIN_IDD_GROUP);
        this.predicates.add(ADMINISTRATIVE_GROUP);
        this.predicates.add(IDCS_APPROLE);
        this.predicates.add(SCOPE);
        this.predicates.add(SIGNATURE);
        this.predicates.add(TIME);
        this.predicates.add(UNCHECKED_POLICY);
        if (isPortal()) {
            this.predicates.add(WLP_EXPRESSION);
        }
        this.days.put(SUNDAY, new Integer(1));
        this.days.put(MONDAY, new Integer(2));
        this.days.put(TUESDAY, new Integer(3));
        this.days.put(WEDNESDAY, new Integer(4));
        this.days.put(THURSDAY, new Integer(5));
        this.days.put(FRIDAY, new Integer(6));
        this.days.put(SATURDAY, new Integer(7));
    }

    public EntitlementConverter(LoggerSpi loggerSpi) throws URISyntaxException {
        this.log = loggerSpi;
        this.predicates.add(AFTER);
        this.predicates.add(AFTER_DAY_OF_MONTH);
        this.predicates.add(BEFORE);
        this.predicates.add(BEFORE_DAY_OF_MONTH);
        this.predicates.add(CONTEXT_ELEMENT_IS_SET);
        this.predicates.add(CONTEXT_ELEMENT_NUMBER_EQUALS);
        this.predicates.add(CONTEXT_ELEMENT_NUMBER_GREATER);
        this.predicates.add(CONTEXT_ELEMENT_NUMBER_LESS);
        this.predicates.add(CONTEXT_ELEMENT_STRING_EQUALS);
        this.predicates.add(EXCLUDED_POLICY);
        this.predicates.add(HTTP_REQUEST_ATTR_IS_SET);
        this.predicates.add(HTTP_REQUEST_ATTR_NUMBER_EQUALS);
        this.predicates.add(HTTP_REQUEST_ATTR_NUMBER_GREATER);
        this.predicates.add(HTTP_REQUEST_ATTR_NUMBER_LESS);
        this.predicates.add(HTTP_REQUEST_ATTR_STRING_EQUALS);
        this.predicates.add(IN_DEVELOPMENT_MODE);
        this.predicates.add(IN_SECURE_MODE);
        this.predicates.add(IS_DAY_OF_MONTH);
        this.predicates.add(IS_DAY_OF_WEEK);
        this.predicates.add(IDD_USER);
        this.predicates.add(IDD_GROUP);
        this.predicates.add(OWNER_IDD_USER);
        this.predicates.add(OWNER_IDD_GROUP);
        this.predicates.add(ADMIN_IDD_USER);
        this.predicates.add(ADMIN_IDD_GROUP);
        this.predicates.add(ADMINISTRATIVE_GROUP);
        this.predicates.add(IDCS_APPROLE);
        this.predicates.add(SCOPE);
        this.predicates.add(SIGNATURE);
        this.predicates.add(TIME);
        this.predicates.add(UNCHECKED_POLICY);
        if (isPortal()) {
            this.predicates.add(WLP_EXPRESSION);
        }
        this.days.put(SUNDAY, new Integer(1));
        this.days.put(MONDAY, new Integer(2));
        this.days.put(TUESDAY, new Integer(3));
        this.days.put(WEDNESDAY, new Integer(4));
        this.days.put(THURSDAY, new Integer(5));
        this.days.put(FRIDAY, new Integer(6));
        this.days.put(SATURDAY, new Integer(7));
    }

    public Collection<String> getPredicates() {
        return this.predicates;
    }

    public Policy convertResourceExpression(Resource resource, String str) throws DocumentParseException, URISyntaxException {
        return convertExpression(resource, (String) null, str);
    }

    public Policy convertResourceExpression(String str, String str2) throws DocumentParseException, URISyntaxException {
        return convertExpression(str, (String) null, str2);
    }

    public Policy convertRoleExpression(Resource resource, String str, String str2, String str3) throws DocumentParseException, URISyntaxException {
        return convertExpression(resource, str, str2, str3);
    }

    public Policy convertRoleExpression(String str, String str2, String str3, String str4) throws DocumentParseException, URISyntaxException {
        return convertExpression(str, str2, str3, str4);
    }

    public Target generateTarget(Resource resource, String str) throws DocumentParseException, URISyntaxException {
        List<ResourceMatch> generateResourceMatches = ResourceMatchUtil.generateResourceMatches(resource);
        List<ActionMatch> list = null;
        if (str != null) {
            if (generateResourceMatches == null) {
                generateResourceMatches = new ArrayList();
            }
            generateResourceMatches.add(this.rmu.generateResourceMatch(str));
            list = Collections.singletonList(this.rmu.generateActionMatch());
        }
        return generateTarget(generateResourceMatches, list);
    }

    public Target generateTarget(String str, String str2) throws DocumentParseException, URISyntaxException {
        List<ResourceMatch> generateResourceMatches = ResourceMatchUtil.generateResourceMatches(str);
        List<ActionMatch> list = null;
        if (str2 != null) {
            if (generateResourceMatches == null) {
                generateResourceMatches = new ArrayList();
            }
            generateResourceMatches.add(this.rmu.generateResourceMatch(str2));
            list = Collections.singletonList(this.rmu.generateActionMatch());
        }
        return generateTarget(generateResourceMatches, list);
    }

    private Target generateRoleTarget(String str) throws DocumentParseException, URISyntaxException {
        return this.rmu.generateTarget(str);
    }

    private Target generateTarget(List<ResourceMatch> list, List<ActionMatch> list2) {
        if (list == null && list2 == null) {
            return null;
        }
        return list == null ? new Target(new Actions(Collections.singletonList(new Action(list2)))) : list2 == null ? new Target(new Resources(Collections.singletonList(new com.bea.common.security.xacml.policy.Resource(list)))) : new Target(new Resources(Collections.singletonList(new com.bea.common.security.xacml.policy.Resource(list))), new Actions(Collections.singletonList(new Action(list2))));
    }

    private Policy convertExpression(Resource resource, String str, String str2) throws DocumentParseException, URISyntaxException {
        return convertExpression(resource, str, str2, (String) null);
    }

    private Policy convertExpression(Resource resource, String str, String str2, String str3) throws DocumentParseException, URISyntaxException {
        return convertExpression(resource != null ? resource.toString() : null, str, str2, str3);
    }

    public String getPolicyId(Resource resource) {
        return ResourcePolicyIdUtil.getPolicyId(resource);
    }

    public String getPolicyId(Resource resource, String str) {
        return ResourcePolicyIdUtil.getPolicyId(resource, str);
    }

    public String getPolicyId(String str) {
        return ResourcePolicyIdUtil.getPolicyId(str);
    }

    public String getSearchPolicyId(String str) {
        return ResourcePolicyIdUtil.getSearchPolicyId(str);
    }

    public String getPolicyId(String str, String str2) {
        return ResourcePolicyIdUtil.getPolicyId(str, str2);
    }

    public String getResourceId(String str) {
        return ResourcePolicyIdUtil.getResourceId(str);
    }

    public ResourcePolicyIdUtil.RoleResource getRoleResourceId(String str) {
        return ResourcePolicyIdUtil.getRoleResourceId(str);
    }

    private Policy convertExpression(String str, String str2, String str3) throws DocumentParseException, URISyntaxException {
        return convertExpression(str, str2, str3, (String) null);
    }

    /* JADX WARN: Multi-variable type inference failed */
    private Policy convertExpression(String str, String str2, String str3, String str4) throws DocumentParseException, URISyntaxException {
        try {
            List arrayList = new ArrayList();
            HashSet hashSet = new HashSet();
            if (str3 != null) {
                try {
                    if (str3.length() > 0) {
                        try {
                            arrayList.add(new Rule("primary-rule", true, generateCondition(str3, str2 != null, str4, hashSet)));
                        } catch (DocumentParseException e) {
                            StringBuffer stringBuffer = new StringBuffer();
                            stringBuffer.append("Parsing failure for expression: ");
                            stringBuffer.append(str3);
                            if (str4 != null) {
                                stringBuffer.append(" with auxiliary document: \n");
                                stringBuffer.append(str4);
                            }
                            throw new DocumentParseException(stringBuffer.toString(), e);
                        }
                    }
                } catch (SimplificationException e2) {
                    arrayList = e2.getRules();
                }
            }
            arrayList.add(new Rule("deny-rule", false));
            return new Policy(new URI(getPolicyId(str, str2)), generateTarget(str, str2), new URI("urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:first-applicable"), generateDescription(str3, str4), "1.0", null, null, null, arrayList, null, hashSet);
        } catch (java.net.URISyntaxException e3) {
            throw new URISyntaxException(e3);
        }
    }

    private String generateDescription(String str, String str2) {
        StringBuffer stringBuffer = new StringBuffer();
        if (str2 != null) {
            stringBuffer.append("<![CDATA[<aux:desc><aux:ent>");
        }
        stringBuffer.append(str != null ? str : "");
        if (str2 != null) {
            stringBuffer.append("</aux:ent><aux:data>");
            stringBuffer.append(str2);
            stringBuffer.append("</aux:data></aux:desc>]]>");
        }
        return stringBuffer.toString();
    }

    private Condition generateCondition(String str, boolean z, String str2, Set<VariableDefinition> set) throws DocumentParseException, SimplificationException, URISyntaxException {
        return new Condition(convert(Parser.generateExpression(str, z), str2, set));
    }

    public PolicySet createTopPolicySet() throws DocumentParseException, URISyntaxException {
        try {
            return new PolicySet(new URI(getTopPolicyId()), null, new URI(ENTITLEMENT_COMBINER), null);
        } catch (java.net.URISyntaxException e) {
            throw new URISyntaxException(e);
        }
    }

    public PolicySet createTopPolicySet(String str) throws DocumentParseException, URISyntaxException {
        try {
            return new PolicySet(new URI(getTopPolicyId(str)), generateRoleTarget(str), new URI(ENTITLEMENT_COMBINER), null);
        } catch (java.net.URISyntaxException e) {
            throw new URISyntaxException(e);
        }
    }

    public String getTopPolicyId() {
        return getTopPolicyId(null);
    }

    public String getTopPolicyId(String str) {
        return ResourcePolicyIdUtil.getPolicyId((String) null, str);
    }

    private Expression convert(com.bea.security.providers.xacml.entitlement.parser.Expression expression, String str, Set<VariableDefinition> set) throws DocumentParseException, SimplificationException, URISyntaxException {
        Apply apply;
        Apply apply2;
        TimeZone timeZone;
        TimeZone timeZone2;
        TimeZone timeZone3;
        TimeZone timeZone4;
        TimeZone timeZone5;
        TimeZone timeZone6;
        TimeZone timeZone7;
        if (expression == null) {
            return new AttributeValue(new BooleanAttribute(false));
        }
        try {
            apply = new Apply(new URI("urn:oasis:names:tc:xacml:1.0:function:string-one-and-only"), (List<Expression>) Arrays.asList(new EnvironmentAttributeDesignator(new URI("urn:bea:xacml:2.0:environment:context:com.oracle.contextelement.security.ResourceIdentityDomain"), new URI("http://www.w3.org/2001/XMLSchema#string"), false)));
            apply2 = new Apply(new URI("urn:oasis:names:tc:xacml:1.0:function:string-one-and-only"), (List<Expression>) Arrays.asList(new EnvironmentAttributeDesignator(new URI("urn:bea:xacml:2.0:environment:context:com.oracle.contextelement.security.AdminIdentityDomain"), new URI("http://www.w3.org/2001/XMLSchema#string"), false)));
        } catch (java.net.URISyntaxException e) {
            throw new URISyntaxException(e);
        }
        if (expression instanceof Union) {
            BinaryOp binaryOp = (BinaryOp) expression;
            return new Apply(new URI("urn:oasis:names:tc:xacml:1.0:function:or"), (List<Expression>) Arrays.asList(convert(binaryOp.getLeft(), str, set), convert(binaryOp.getRight(), str, set)));
        }
        if (expression instanceof Intersect) {
            BinaryOp binaryOp2 = (BinaryOp) expression;
            return new Apply(new URI("urn:oasis:names:tc:xacml:1.0:function:and"), (List<Expression>) Arrays.asList(convert(binaryOp2.getLeft(), str, set), convert(binaryOp2.getRight(), str, set)));
        }
        if (expression instanceof Difference) {
            BinaryOp binaryOp3 = (BinaryOp) expression;
            return new Apply(new URI("urn:oasis:names:tc:xacml:1.0:function:and"), (List<Expression>) Arrays.asList(convert(binaryOp3.getLeft(), str, set), new Apply(new URI("urn:oasis:names:tc:xacml:1.0:function:not"), (List<Expression>) Arrays.asList(convert(binaryOp3.getRight(), str, set)))));
        }
        if (expression instanceof Complement) {
            return new Apply(new URI("urn:oasis:names:tc:xacml:1.0:function:not"), (List<Expression>) Arrays.asList(convert(((UnaryOp) expression).getOp(), str, set)));
        }
        if (expression instanceof Users) {
            List<String> data = ((Users) expression).getData().getData();
            if (data.isEmpty()) {
                throw new DocumentParseException("Cannot generate test for empty list");
            }
            if (data.size() == 1) {
                return new Apply(new URI("urn:oasis:names:tc:xacml:1.0:function:string-is-in"), (List<Expression>) Arrays.asList(new AttributeValue(new StringAttribute(data.get(0))), new SubjectAttributeDesignator(new URI("urn:oasis:names:tc:xacml:1.0:subject:subject-id"), new URI("http://www.w3.org/2001/XMLSchema#string"), false)));
            }
            ArrayList arrayList = new ArrayList();
            Iterator<String> it = data.iterator();
            while (it.hasNext()) {
                arrayList.add(new AttributeValue(new StringAttribute(it.next())));
            }
            return new Apply(new URI("urn:oasis:names:tc:xacml:1.0:function:string-at-least-one-member-of"), (List<Expression>) Arrays.asList(new Apply(new URI("urn:oasis:names:tc:xacml:1.0:function:string-bag"), arrayList), new SubjectAttributeDesignator(new URI("urn:oasis:names:tc:xacml:1.0:subject:subject-id"), new URI("http://www.w3.org/2001/XMLSchema#string"), false)));
        }
        if (expression instanceof Groups) {
            List<String> data2 = ((Groups) expression).getData().getData();
            if (data2.isEmpty()) {
                throw new DocumentParseException("Cannot generate test for empty list");
            }
            if (data2.size() == 1) {
                return new Apply(new URI("urn:oasis:names:tc:xacml:1.0:function:string-is-in"), (List<Expression>) Arrays.asList(new AttributeValue(new StringAttribute(data2.get(0))), new SubjectAttributeDesignator(new URI("urn:oasis:names:tc:xacml:2.0:subject:group"), new URI("http://www.w3.org/2001/XMLSchema#string"), false)));
            }
            ArrayList arrayList2 = new ArrayList();
            Iterator<String> it2 = data2.iterator();
            while (it2.hasNext()) {
                arrayList2.add(new AttributeValue(new StringAttribute(it2.next())));
            }
            return new Apply(new URI("urn:oasis:names:tc:xacml:1.0:function:string-at-least-one-member-of"), (List<Expression>) Arrays.asList(new Apply(new URI("urn:oasis:names:tc:xacml:1.0:function:string-bag"), arrayList2), new SubjectAttributeDesignator(new URI("urn:oasis:names:tc:xacml:2.0:subject:group"), new URI("http://www.w3.org/2001/XMLSchema#string"), false)));
        }
        if (expression instanceof Roles) {
            List<String> data3 = ((Roles) expression).getData().getData();
            if (data3.isEmpty()) {
                throw new DocumentParseException("Cannot generate test for empty list");
            }
            if (data3.size() == 1) {
                return new Apply(new URI("urn:oasis:names:tc:xacml:1.0:function:string-is-in"), (List<Expression>) Arrays.asList(new AttributeValue(new StringAttribute(data3.get(0))), new SubjectAttributeDesignator(new URI("urn:oasis:names:tc:xacml:2.0:subject:role"), new URI("http://www.w3.org/2001/XMLSchema#string"), false)));
            }
            ArrayList arrayList3 = new ArrayList();
            Iterator<String> it3 = data3.iterator();
            while (it3.hasNext()) {
                arrayList3.add(new AttributeValue(new StringAttribute(it3.next())));
            }
            return new Apply(new URI("urn:oasis:names:tc:xacml:1.0:function:string-at-least-one-member-of"), (List<Expression>) Arrays.asList(new Apply(new URI("urn:oasis:names:tc:xacml:1.0:function:string-bag"), arrayList3), new SubjectAttributeDesignator(new URI("urn:oasis:names:tc:xacml:2.0:subject:role"), new URI("http://www.w3.org/2001/XMLSchema#string"), false)));
        }
        Predicate predicate = (Predicate) expression;
        if (AFTER.equals(predicate.getClassname())) {
            List<String> data4 = predicate.getParameters().getData();
            if (data4.size() < 1) {
                throw new DocumentParseException("After predicate missing parameters");
            }
            SimpleDateFormat simpleDateFormat = new SimpleDateFormat("MM/dd/yy HH:mm:ss");
            if (data4.size() >= 2 && (timeZone7 = TimeZone.getTimeZone(data4.get(1))) != null) {
                simpleDateFormat.setTimeZone(timeZone7);
            }
            try {
                Calendar calendar = Calendar.getInstance();
                calendar.setTime(simpleDateFormat.parse(data4.get(0)));
                return new Apply(new URI("urn:oasis:names:tc:xacml:1.0:function:dateTime-less-than"), (List<Expression>) Arrays.asList(new AttributeValue(new DateTimeAttribute(calendar)), new Apply(new URI("urn:oasis:names:tc:xacml:1.0:function:dateTime-one-and-only"), (List<Expression>) Arrays.asList(new EnvironmentAttributeDesignator(new URI("urn:oasis:names:tc:xacml:1.0:environment:current-dateTime"), new URI(DataTypes.DATE_TIME), true)))));
            } catch (ParseException e2) {
                throw new DocumentParseException(e2);
            }
        }
        if (AFTER_DAY_OF_MONTH.equals(predicate.getClassname())) {
            List<String> data5 = predicate.getParameters().getData();
            if (data5.size() < 1) {
                throw new DocumentParseException("After day of month predicate missing parameters");
            }
            set.add(new VariableDefinition("current-dateTime", new Apply(new URI("urn:oasis:names:tc:xacml:1.0:function:dateTime-one-and-only"), (List<Expression>) Arrays.asList(new EnvironmentAttributeDesignator(new URI("urn:oasis:names:tc:xacml:1.0:environment:current-dateTime"), new URI(DataTypes.DATE_TIME), true)))));
            PolicySchemaObject variableReference = new VariableReference("current-dateTime");
            if (data5.size() >= 2 && (timeZone6 = TimeZone.getTimeZone(data5.get(1))) != null) {
                variableReference = new Apply(new URI("urn:oasis:names:tc:xacml:1.0:function:dateTime-subtract-dayTimeDuration"), (List<Expression>) Arrays.asList(new Apply(new URI("urn:oasis:names:tc:xacml:1.0:function:dateTime-add-dayTimeDuration"), (List<Expression>) Arrays.asList(variableReference, new AttributeValue(new DayTimeDurationAttribute(0, 0, 0, 0, timeZone6.getRawOffset() * 1000000)))), new Apply(new URI("urn:bea:xacml:2.0:function:dayTimeDuration-timeZoneOffset"), (List<Expression>) null)));
            }
            Apply apply3 = new Apply(new URI("urn:bea:xacml:2.0:function:dateTime-dayOfMonth"), (List<Expression>) Arrays.asList(variableReference));
            try {
                int parseInt = Integer.parseInt(data5.get(0));
                return new Apply(new URI("urn:oasis:names:tc:xacml:1.0:function:integer-greater-than"), (List<Expression>) Arrays.asList(apply3, parseInt >= 0 ? new AttributeValue(new IntegerAttribute(parseInt)) : new Apply(new URI("urn:oasis:names:tc:xacml:1.0:function:integer-add"), (List<Expression>) Arrays.asList(new AttributeValue(new IntegerAttribute(parseInt)), new AttributeValue(new IntegerAttribute(1)), new Apply(new URI("urn:bea:xacml:2.0:function:dateTime-dayOfMonthMaximum"), (List<Expression>) Arrays.asList(variableReference))))));
            } catch (NumberFormatException e3) {
                throw new DocumentParseException(e3);
            }
        }
        if (BEFORE.equals(predicate.getClassname())) {
            List<String> data6 = predicate.getParameters().getData();
            if (data6.size() < 1) {
                throw new DocumentParseException("Before predicate missing parameters");
            }
            SimpleDateFormat simpleDateFormat2 = new SimpleDateFormat("MM/dd/yy HH:mm:ss");
            if (data6.size() >= 2 && (timeZone5 = TimeZone.getTimeZone(data6.get(1))) != null) {
                simpleDateFormat2.setTimeZone(timeZone5);
            }
            try {
                Calendar calendar2 = Calendar.getInstance();
                calendar2.setTime(simpleDateFormat2.parse(data6.get(0)));
                return new Apply(new URI("urn:oasis:names:tc:xacml:1.0:function:dateTime-greater-than"), (List<Expression>) Arrays.asList(new AttributeValue(new DateTimeAttribute(calendar2)), new Apply(new URI("urn:oasis:names:tc:xacml:1.0:function:dateTime-one-and-only"), (List<Expression>) Arrays.asList(new EnvironmentAttributeDesignator(new URI("urn:oasis:names:tc:xacml:1.0:environment:current-dateTime"), new URI(DataTypes.DATE_TIME), true)))));
            } catch (ParseException e4) {
                throw new DocumentParseException(e4);
            }
        }
        if (BEFORE_DAY_OF_MONTH.equals(predicate.getClassname())) {
            List<String> data7 = predicate.getParameters().getData();
            if (data7.size() < 1) {
                throw new DocumentParseException("Before day of month predicate missing parameters");
            }
            set.add(new VariableDefinition("current-dateTime", new Apply(new URI("urn:oasis:names:tc:xacml:1.0:function:dateTime-one-and-only"), (List<Expression>) Arrays.asList(new EnvironmentAttributeDesignator(new URI("urn:oasis:names:tc:xacml:1.0:environment:current-dateTime"), new URI(DataTypes.DATE_TIME), true)))));
            PolicySchemaObject variableReference2 = new VariableReference("current-dateTime");
            if (data7.size() >= 2 && (timeZone4 = TimeZone.getTimeZone(data7.get(1))) != null) {
                variableReference2 = new Apply(new URI("urn:oasis:names:tc:xacml:1.0:function:dateTime-subtract-dayTimeDuration"), (List<Expression>) Arrays.asList(new Apply(new URI("urn:oasis:names:tc:xacml:1.0:function:dateTime-add-dayTimeDuration"), (List<Expression>) Arrays.asList(variableReference2, new AttributeValue(new DayTimeDurationAttribute(0, 0, 0, 0, timeZone4.getRawOffset() * 1000000)))), new Apply(new URI("urn:bea:xacml:2.0:function:dayTimeDuration-timeZoneOffset"), (List<Expression>) null)));
            }
            Apply apply4 = new Apply(new URI("urn:bea:xacml:2.0:function:dateTime-dayOfMonth"), (List<Expression>) Arrays.asList(variableReference2));
            try {
                int parseInt2 = Integer.parseInt(data7.get(0));
                return new Apply(new URI("urn:oasis:names:tc:xacml:1.0:function:integer-less-than"), (List<Expression>) Arrays.asList(apply4, parseInt2 >= 0 ? new AttributeValue(new IntegerAttribute(parseInt2)) : new Apply(new URI("urn:oasis:names:tc:xacml:1.0:function:integer-add"), (List<Expression>) Arrays.asList(new AttributeValue(new IntegerAttribute(parseInt2)), new AttributeValue(new IntegerAttribute(1)), new Apply(new URI("urn:bea:xacml:2.0:function:dateTime-dayOfMonthMaximum"), (List<Expression>) Arrays.asList(variableReference2))))));
            } catch (NumberFormatException e5) {
                throw new DocumentParseException(e5);
            }
        }
        if (CONTEXT_ELEMENT_IS_SET.equals(predicate.getClassname())) {
            List<String> data8 = predicate.getParameters().getData();
            if (data8.size() < 1) {
                throw new DocumentParseException("Context element is set missing parameters");
            }
            return new Apply(new URI("urn:oasis:names:tc:xacml:1.0:function:not"), (List<Expression>) Arrays.asList(new Apply(new URI("urn:bea:xacml:2.0:function:object-is-null"), (List<Expression>) Arrays.asList(new Apply(new URI("urn:bea:xacml:2.0:function:object-one-and-only"), (List<Expression>) Arrays.asList(new EnvironmentAttributeDesignator(new URI(EnvironmentAttributeDesignatorFactory.CONTEXT_ATTR + urlEncode(data8.get(0))), new URI(DataTypes.OBJECT), true)))))));
        }
        if (CONTEXT_ELEMENT_NUMBER_EQUALS.equals(predicate.getClassname())) {
            List<String> data9 = predicate.getParameters().getData();
            if (data9.size() < 2) {
                throw new DocumentParseException("Context element number equals missing parameters");
            }
            return new Apply(new URI("urn:oasis:names:tc:xacml:1.0:function:double-equal"), (List<Expression>) Arrays.asList(new Apply(new URI("urn:oasis:names:tc:xacml:1.0:function:double-one-and-only"), (List<Expression>) Arrays.asList(new EnvironmentAttributeDesignator(new URI(EnvironmentAttributeDesignatorFactory.CONTEXT_ATTR + urlEncode(data9.get(0))), new URI(DataTypes.DOUBLE), true))), new AttributeValue(new DoubleAttribute(data9.get(1)))));
        }
        if (CONTEXT_ELEMENT_NUMBER_GREATER.equals(predicate.getClassname())) {
            List<String> data10 = predicate.getParameters().getData();
            if (data10.size() < 2) {
                throw new DocumentParseException("Context element number greater missing parameters");
            }
            return new Apply(new URI("urn:oasis:names:tc:xacml:1.0:function:double-greater-than"), (List<Expression>) Arrays.asList(new Apply(new URI("urn:oasis:names:tc:xacml:1.0:function:double-one-and-only"), (List<Expression>) Arrays.asList(new EnvironmentAttributeDesignator(new URI(EnvironmentAttributeDesignatorFactory.CONTEXT_ATTR + urlEncode(data10.get(0))), new URI(DataTypes.DOUBLE), true))), new AttributeValue(new DoubleAttribute(data10.get(1)))));
        }
        if (CONTEXT_ELEMENT_NUMBER_LESS.equals(predicate.getClassname())) {
            List<String> data11 = predicate.getParameters().getData();
            if (data11.size() < 2) {
                throw new DocumentParseException("Context element number less missing parameters");
            }
            return new Apply(new URI("urn:oasis:names:tc:xacml:1.0:function:double-less-than"), (List<Expression>) Arrays.asList(new Apply(new URI("urn:oasis:names:tc:xacml:1.0:function:double-one-and-only"), (List<Expression>) Arrays.asList(new EnvironmentAttributeDesignator(new URI(EnvironmentAttributeDesignatorFactory.CONTEXT_ATTR + urlEncode(data11.get(0))), new URI(DataTypes.DOUBLE), true))), new AttributeValue(new DoubleAttribute(data11.get(1)))));
        }
        if (CONTEXT_ELEMENT_STRING_EQUALS.equals(predicate.getClassname())) {
            List<String> data12 = predicate.getParameters().getData();
            if (data12.size() < 2) {
                throw new DocumentParseException("Context element string equals missing parameters");
            }
            return new Apply(new URI("urn:oasis:names:tc:xacml:1.0:function:string-equal"), (List<Expression>) Arrays.asList(new Apply(new URI("urn:oasis:names:tc:xacml:1.0:function:string-one-and-only"), (List<Expression>) Arrays.asList(new EnvironmentAttributeDesignator(new URI(EnvironmentAttributeDesignatorFactory.CONTEXT_ATTR + urlEncode(data12.get(0))), new URI("http://www.w3.org/2001/XMLSchema#string"), true))), new AttributeValue(new StringAttribute(data12.get(1)))));
        }
        if (EXCLUDED_POLICY.equals(predicate.getClassname())) {
            throw new SimplificationException(Collections.singletonList(new Rule("excluded-policy", false)));
        }
        if (HTTP_REQUEST_ATTR_IS_SET.equals(predicate.getClassname())) {
            List<String> data13 = predicate.getParameters().getData();
            if (data13.size() < 1) {
                throw new DocumentParseException("HTTP request attr is set missing parameters");
            }
            return new Apply(new URI("urn:oasis:names:tc:xacml:1.0:function:not"), (List<Expression>) Arrays.asList(new Apply(new URI("urn:bea:xacml:2.0:function:object-is-null"), (List<Expression>) Arrays.asList(getHttpRequestAttrApply(data13.get(0))))));
        }
        if (HTTP_REQUEST_ATTR_NUMBER_EQUALS.equals(predicate.getClassname())) {
            List<String> data14 = predicate.getParameters().getData();
            if (data14.size() < 2) {
                throw new DocumentParseException("HTTP request attr number equals missing parameters");
            }
            return new Apply(new URI("urn:oasis:names:tc:xacml:1.0:function:double-equal"), (List<Expression>) Arrays.asList(new Apply(new URI("urn:bea:xacml:2.0:function:object-to-double"), (List<Expression>) Arrays.asList(getHttpRequestAttrApply(data14.get(0)))), new AttributeValue(new DoubleAttribute(data14.get(1)))));
        }
        if (HTTP_REQUEST_ATTR_NUMBER_GREATER.equals(predicate.getClassname())) {
            List<String> data15 = predicate.getParameters().getData();
            if (data15.size() < 2) {
                throw new DocumentParseException("HTTP request attr number greater missing parameters");
            }
            return new Apply(new URI("urn:oasis:names:tc:xacml:1.0:function:double-greater-than"), (List<Expression>) Arrays.asList(new Apply(new URI("urn:bea:xacml:2.0:function:object-to-double"), (List<Expression>) Arrays.asList(getHttpRequestAttrApply(data15.get(0)))), new AttributeValue(new DoubleAttribute(data15.get(1)))));
        }
        if (HTTP_REQUEST_ATTR_NUMBER_LESS.equals(predicate.getClassname())) {
            List<String> data16 = predicate.getParameters().getData();
            if (data16.size() < 2) {
                throw new DocumentParseException("HTTP request attr number less missing parameters");
            }
            return new Apply(new URI("urn:oasis:names:tc:xacml:1.0:function:double-less-than"), (List<Expression>) Arrays.asList(new Apply(new URI("urn:bea:xacml:2.0:function:object-to-double"), (List<Expression>) Arrays.asList(getHttpRequestAttrApply(data16.get(0)))), new AttributeValue(new DoubleAttribute(data16.get(1)))));
        }
        if (HTTP_REQUEST_ATTR_STRING_EQUALS.equals(predicate.getClassname())) {
            List<String> data17 = predicate.getParameters().getData();
            if (data17.size() < 2) {
                throw new DocumentParseException("HTTP request attr string equals missing parameters");
            }
            return new Apply(new URI("urn:oasis:names:tc:xacml:1.0:function:string-equal"), (List<Expression>) Arrays.asList(new Apply(new URI("urn:bea:xacml:2.0:function:object-to-string"), (List<Expression>) Arrays.asList(getHttpRequestAttrApply(data17.get(0)))), new AttributeValue(new StringAttribute(data17.get(1)))));
        }
        if (IN_DEVELOPMENT_MODE.equals(predicate.getClassname())) {
            return new Apply(new URI("urn:bea:xacml:2.0:function:in-development-mode"), (List<Expression>) null);
        }
        if (IN_SECURE_MODE.equals(predicate.getClassname())) {
            return new Apply(new URI("urn:bea:xacml:2.0:function:in-secure-mode"), (List<Expression>) null);
        }
        if (IS_DAY_OF_MONTH.equals(predicate.getClassname())) {
            List<String> data18 = predicate.getParameters().getData();
            if (data18.size() < 1) {
                throw new DocumentParseException("Is day of month predicate missing parameters");
            }
            set.add(new VariableDefinition("current-dateTime", new Apply(new URI("urn:oasis:names:tc:xacml:1.0:function:dateTime-one-and-only"), (List<Expression>) Arrays.asList(new EnvironmentAttributeDesignator(new URI("urn:oasis:names:tc:xacml:1.0:environment:current-dateTime"), new URI(DataTypes.DATE_TIME), true)))));
            PolicySchemaObject variableReference3 = new VariableReference("current-dateTime");
            if (data18.size() >= 2 && (timeZone3 = TimeZone.getTimeZone(data18.get(1))) != null) {
                variableReference3 = new Apply(new URI("urn:oasis:names:tc:xacml:1.0:function:dateTime-subtract-dayTimeDuration"), (List<Expression>) Arrays.asList(new Apply(new URI("urn:oasis:names:tc:xacml:1.0:function:dateTime-add-dayTimeDuration"), (List<Expression>) Arrays.asList(variableReference3, new AttributeValue(new DayTimeDurationAttribute(0, 0, 0, 0, timeZone3.getRawOffset() * 1000000)))), new Apply(new URI("urn:bea:xacml:2.0:function:dayTimeDuration-timeZoneOffset"), (List<Expression>) null)));
            }
            Apply apply5 = new Apply(new URI("urn:bea:xacml:2.0:function:dateTime-dayOfMonth"), (List<Expression>) Arrays.asList(variableReference3));
            try {
                int parseInt3 = Integer.parseInt(data18.get(0));
                return new Apply(new URI("urn:oasis:names:tc:xacml:1.0:function:integer-equal"), (List<Expression>) Arrays.asList(apply5, parseInt3 >= 0 ? new AttributeValue(new IntegerAttribute(parseInt3)) : new Apply(new URI("urn:oasis:names:tc:xacml:1.0:function:integer-add"), (List<Expression>) Arrays.asList(new AttributeValue(new IntegerAttribute(parseInt3)), new AttributeValue(new IntegerAttribute(1)), new Apply(new URI("urn:bea:xacml:2.0:function:dateTime-dayOfMonthMaximum"), (List<Expression>) Arrays.asList(variableReference3))))));
            } catch (NumberFormatException e6) {
                throw new DocumentParseException(e6);
            }
        }
        if (IS_DAY_OF_WEEK.equals(predicate.getClassname())) {
            List<String> data19 = predicate.getParameters().getData();
            if (data19.size() < 1) {
                throw new DocumentParseException("Is day of week predicate missing parameters");
            }
            Apply apply6 = new Apply(new URI("urn:oasis:names:tc:xacml:1.0:function:dateTime-one-and-only"), (List<Expression>) Arrays.asList(new EnvironmentAttributeDesignator(new URI("urn:oasis:names:tc:xacml:1.0:environment:current-dateTime"), new URI(DataTypes.DATE_TIME), true)));
            if (data19.size() >= 2 && (timeZone2 = TimeZone.getTimeZone(data19.get(1))) != null) {
                apply6 = new Apply(new URI("urn:oasis:names:tc:xacml:1.0:function:dateTime-subtract-dayTimeDuration"), (List<Expression>) Arrays.asList(new Apply(new URI("urn:oasis:names:tc:xacml:1.0:function:dateTime-add-dayTimeDuration"), (List<Expression>) Arrays.asList(apply6, new AttributeValue(new DayTimeDurationAttribute(0, 0, 0, 0, timeZone2.getRawOffset() * 1000000)))), new Apply(new URI("urn:bea:xacml:2.0:function:dayTimeDuration-timeZoneOffset"), (List<Expression>) null)));
            }
            Apply apply7 = new Apply(new URI("urn:bea:xacml:2.0:function:dateTime-dayOfWeek"), (List<Expression>) Arrays.asList(apply6));
            Integer num = this.days.get(data19.get(0));
            if (num != null) {
                return new Apply(new URI("urn:oasis:names:tc:xacml:1.0:function:integer-equal"), (List<Expression>) Arrays.asList(apply7, new AttributeValue(new IntegerAttribute(num))));
            }
            throw new DocumentParseException("Unknown day of week constant: " + data19.get(0));
        }
        if (IDD_USER.equals(predicate.getClassname())) {
            List<String> data20 = predicate.getParameters().getData();
            if (data20.size() != 2) {
                throw new DocumentParseException("IDDUser predicate must have 2 parameters");
            }
            return new Apply(new URI("urn:oasis:names:tc:xacml:1.0:function:anyURI-is-in"), (List<Expression>) Arrays.asList(new AttributeValue(new AnyURIAttribute(new URI(IDDNAME_PREFIX + urlEncode(data20.get(1)) + IDDUSER_SCOPE + urlEncode(data20.get(0))))), new SubjectAttributeDesignator(new URI("urn:oasis:names:tc:xacml:1.0:subject:iddname"), new URI("http://www.w3.org/2001/XMLSchema#anyURI"), false)));
        }
        if (IDD_GROUP.equals(predicate.getClassname())) {
            List<String> data21 = predicate.getParameters().getData();
            if (data21.size() != 2) {
                throw new DocumentParseException("IDDGroup predicate must have 2 parameters");
            }
            return new Apply(new URI("urn:oasis:names:tc:xacml:1.0:function:anyURI-is-in"), (List<Expression>) Arrays.asList(new AttributeValue(new AnyURIAttribute(new URI(IDDNAME_PREFIX + urlEncode(data21.get(1)) + IDDGROUP_SCOPE + urlEncode(data21.get(0))))), new SubjectAttributeDesignator(new URI("urn:oasis:names:tc:xacml:1.0:subject:iddname"), new URI("http://www.w3.org/2001/XMLSchema#anyURI"), false)));
        }
        if (OWNER_IDD_USER.equals(predicate.getClassname())) {
            List<String> data22 = predicate.getParameters().getData();
            if (data22.size() < 1) {
                throw new DocumentParseException("OwnerIDDUser predicate must have 1 or more parameters");
            }
            if (data22.size() == 1) {
                return new Apply(new URI("urn:oasis:names:tc:xacml:1.0:function:anyURI-is-in"), (List<Expression>) Arrays.asList(new Apply(new URI("urn:bea:xacml:2.0:function:uri-string-concat"), (List<Expression>) Arrays.asList(new AttributeValue(new StringAttribute(IDDNAME_PREFIX)), apply, new AttributeValue(new StringAttribute(IDDUSER_SCOPE + urlEncode(data22.get(0)))))), new SubjectAttributeDesignator(new URI("urn:oasis:names:tc:xacml:1.0:subject:iddname"), new URI("http://www.w3.org/2001/XMLSchema#anyURI"), false)));
            }
            ArrayList arrayList4 = new ArrayList();
            Iterator<String> it4 = data22.iterator();
            while (it4.hasNext()) {
                arrayList4.add(new Apply(new URI("urn:bea:xacml:2.0:function:uri-string-concat"), (List<Expression>) Arrays.asList(new AttributeValue(new StringAttribute(IDDNAME_PREFIX)), apply, new AttributeValue(new StringAttribute(IDDUSER_SCOPE + urlEncode(it4.next()))))));
            }
            return new Apply(new URI("urn:oasis:names:tc:xacml:1.0:function:anyURI-at-least-one-member-of"), (List<Expression>) Arrays.asList(new Apply(new URI("urn:oasis:names:tc:xacml:1.0:function:anyURI-bag"), arrayList4), new SubjectAttributeDesignator(new URI("urn:oasis:names:tc:xacml:1.0:subject:iddname"), new URI("http://www.w3.org/2001/XMLSchema#anyURI"), false)));
        }
        if (OWNER_IDD_GROUP.equals(predicate.getClassname())) {
            List<String> data23 = predicate.getParameters().getData();
            if (data23.size() < 1) {
                throw new DocumentParseException("OwnerIDDGroup predicate must have 1 or more parameters");
            }
            if (data23.size() == 1) {
                return new Apply(new URI("urn:oasis:names:tc:xacml:1.0:function:anyURI-is-in"), (List<Expression>) Arrays.asList(new Apply(new URI("urn:bea:xacml:2.0:function:uri-string-concat"), (List<Expression>) Arrays.asList(new AttributeValue(new StringAttribute(IDDNAME_PREFIX)), apply, new AttributeValue(new StringAttribute(IDDGROUP_SCOPE + urlEncode(data23.get(0)))))), new SubjectAttributeDesignator(new URI("urn:oasis:names:tc:xacml:1.0:subject:iddname"), new URI("http://www.w3.org/2001/XMLSchema#anyURI"), false)));
            }
            ArrayList arrayList5 = new ArrayList();
            Iterator<String> it5 = data23.iterator();
            while (it5.hasNext()) {
                arrayList5.add(new Apply(new URI("urn:bea:xacml:2.0:function:uri-string-concat"), (List<Expression>) Arrays.asList(new AttributeValue(new StringAttribute(IDDNAME_PREFIX)), apply, new AttributeValue(new StringAttribute(IDDGROUP_SCOPE + urlEncode(it5.next()))))));
            }
            return new Apply(new URI("urn:oasis:names:tc:xacml:1.0:function:anyURI-at-least-one-member-of"), (List<Expression>) Arrays.asList(new Apply(new URI("urn:oasis:names:tc:xacml:1.0:function:anyURI-bag"), arrayList5), new SubjectAttributeDesignator(new URI("urn:oasis:names:tc:xacml:1.0:subject:iddname"), new URI("http://www.w3.org/2001/XMLSchema#anyURI"), false)));
        }
        if (ADMIN_IDD_USER.equals(predicate.getClassname())) {
            List<String> data24 = predicate.getParameters().getData();
            if (data24.size() < 1) {
                throw new DocumentParseException("AdminIDDUser predicate must have 1 or more parameters");
            }
            if (data24.size() == 1) {
                return new Apply(new URI("urn:oasis:names:tc:xacml:1.0:function:anyURI-is-in"), (List<Expression>) Arrays.asList(new Apply(new URI("urn:bea:xacml:2.0:function:uri-string-concat"), (List<Expression>) Arrays.asList(new AttributeValue(new StringAttribute(IDDNAME_PREFIX)), apply2, new AttributeValue(new StringAttribute(IDDUSER_SCOPE + urlEncode(data24.get(0)))))), new SubjectAttributeDesignator(new URI("urn:oasis:names:tc:xacml:1.0:subject:iddname"), new URI("http://www.w3.org/2001/XMLSchema#anyURI"), false)));
            }
            ArrayList arrayList6 = new ArrayList();
            Iterator<String> it6 = data24.iterator();
            while (it6.hasNext()) {
                arrayList6.add(new Apply(new URI("urn:bea:xacml:2.0:function:uri-string-concat"), (List<Expression>) Arrays.asList(new AttributeValue(new StringAttribute(IDDNAME_PREFIX)), apply2, new AttributeValue(new StringAttribute(IDDUSER_SCOPE + urlEncode(it6.next()))))));
            }
            return new Apply(new URI("urn:oasis:names:tc:xacml:1.0:function:anyURI-at-least-one-member-of"), (List<Expression>) Arrays.asList(new Apply(new URI("urn:oasis:names:tc:xacml:1.0:function:anyURI-bag"), arrayList6), new SubjectAttributeDesignator(new URI("urn:oasis:names:tc:xacml:1.0:subject:iddname"), new URI("http://www.w3.org/2001/XMLSchema#anyURI"), false)));
        }
        if (ADMIN_IDD_GROUP.equals(predicate.getClassname())) {
            List<String> data25 = predicate.getParameters().getData();
            if (data25.size() < 1) {
                throw new DocumentParseException("AdminIDDGroup predicate must have 1 or more parameters");
            }
            if (data25.size() == 1) {
                return new Apply(new URI("urn:oasis:names:tc:xacml:1.0:function:anyURI-is-in"), (List<Expression>) Arrays.asList(new Apply(new URI("urn:bea:xacml:2.0:function:uri-string-concat"), (List<Expression>) Arrays.asList(new AttributeValue(new StringAttribute(IDDNAME_PREFIX)), apply2, new AttributeValue(new StringAttribute(IDDGROUP_SCOPE + urlEncode(data25.get(0)))))), new SubjectAttributeDesignator(new URI("urn:oasis:names:tc:xacml:1.0:subject:iddname"), new URI("http://www.w3.org/2001/XMLSchema#anyURI"), false)));
            }
            ArrayList arrayList7 = new ArrayList();
            Iterator<String> it7 = data25.iterator();
            while (it7.hasNext()) {
                arrayList7.add(new Apply(new URI("urn:bea:xacml:2.0:function:uri-string-concat"), (List<Expression>) Arrays.asList(new AttributeValue(new StringAttribute(IDDNAME_PREFIX)), apply2, new AttributeValue(new StringAttribute(IDDGROUP_SCOPE + urlEncode(it7.next()))))));
            }
            return new Apply(new URI("urn:oasis:names:tc:xacml:1.0:function:anyURI-at-least-one-member-of"), (List<Expression>) Arrays.asList(new Apply(new URI("urn:oasis:names:tc:xacml:1.0:function:anyURI-bag"), arrayList7), new SubjectAttributeDesignator(new URI("urn:oasis:names:tc:xacml:1.0:subject:iddname"), new URI("http://www.w3.org/2001/XMLSchema#anyURI"), false)));
        }
        if (ADMINISTRATIVE_GROUP.equals(predicate.getClassname())) {
            List<String> data26 = predicate.getParameters().getData();
            if (data26.size() != 1) {
                throw new DocumentParseException("AdministrativeGroup predicate must have 1 parameter");
            }
            return new Apply(new URI("urn:oasis:names:tc:xacml:1.0:function:or"), (List<Expression>) Arrays.asList(new Apply(new URI("urn:oasis:names:tc:xacml:1.0:function:anyURI-is-in"), (List<Expression>) Arrays.asList(new Apply(new URI("urn:bea:xacml:2.0:function:uri-string-concat"), (List<Expression>) Arrays.asList(new AttributeValue(new StringAttribute(IDDNAME_PREFIX)), apply, new AttributeValue(new StringAttribute(IDDGROUP_SCOPE + urlEncode(data26.get(0)))))), new SubjectAttributeDesignator(new URI("urn:oasis:names:tc:xacml:1.0:subject:iddname"), new URI("http://www.w3.org/2001/XMLSchema#anyURI"), false))), new Apply(new URI("urn:oasis:names:tc:xacml:1.0:function:anyURI-is-in"), (List<Expression>) Arrays.asList(new Apply(new URI("urn:bea:xacml:2.0:function:uri-string-concat"), (List<Expression>) Arrays.asList(new AttributeValue(new StringAttribute(IDDNAME_PREFIX)), apply2, new AttributeValue(new StringAttribute(IDDGROUP_SCOPE + urlEncode(data26.get(0)))))), new SubjectAttributeDesignator(new URI("urn:oasis:names:tc:xacml:1.0:subject:iddname"), new URI("http://www.w3.org/2001/XMLSchema#anyURI"), false)))));
        }
        if (IDCS_APPROLE.equals(predicate.getClassname())) {
            List<String> data27 = predicate.getParameters().getData();
            if (data27.size() != 2) {
                throw new DocumentParseException("weblogic.entitlement.rules.IDCSAppRoleName predicate must have 2 parameters!");
            }
            return new Apply(new URI("urn:oasis:names:tc:xacml:1.0:function:anyURI-is-in"), (List<Expression>) Arrays.asList(new AttributeValue(new AnyURIAttribute(new URI(IDCS_APPROLE_PREFIX + urlEncode(data27.get(0)) + IDCS_APP_SCOPE + urlEncode(data27.get(1))))), new SubjectAttributeDesignator(new URI("urn:oasis:names:tc:xacml:1.0:subject:application-roles"), new URI("http://www.w3.org/2001/XMLSchema#anyURI"), true)));
        }
        if (SCOPE.equals(predicate.getClassname())) {
            List<String> data28 = predicate.getParameters().getData();
            if (data28.size() < 1) {
                throw new DocumentParseException("Scope predicate must have 1 or more parameters");
            }
            if (data28.size() == 1) {
                return new Apply(new URI("urn:oasis:names:tc:xacml:1.0:function:anyURI-is-in"), (List<Expression>) Arrays.asList(new Apply(new URI("urn:bea:xacml:2.0:function:uri-string-concat"), (List<Expression>) Arrays.asList(new AttributeValue(new StringAttribute(IDDNAME_PREFIX)), apply, new AttributeValue(new StringAttribute(SCOPE_SCOPE + urlEncode(data28.get(0)))))), new SubjectAttributeDesignator(new URI("urn:oasis:names:tc:xacml:1.0:subject:iddname"), new URI("http://www.w3.org/2001/XMLSchema#anyURI"), false)));
            }
            if (data28.size() > 2) {
                throw new DocumentParseException("Scope predicate must have 1 or 2 parameters");
            }
            return new Apply(new URI("urn:oasis:names:tc:xacml:1.0:function:anyURI-is-in"), (List<Expression>) Arrays.asList(new AttributeValue(new AnyURIAttribute(new URI(IDDNAME_PREFIX + urlEncode(data28.get(1)) + SCOPE_SCOPE + urlEncode(data28.get(0))))), new SubjectAttributeDesignator(new URI("urn:oasis:names:tc:xacml:1.0:subject:iddname"), new URI("http://www.w3.org/2001/XMLSchema#anyURI"), false)));
        }
        if (SIGNATURE.equals(predicate.getClassname())) {
            List<String> data29 = predicate.getParameters().getData();
            if (data29.size() != 3) {
                throw new DocumentParseException("Signature predicate must have 3 parameters");
            }
            URI uri = new URI("urn:oasis:names:tc:xacml:1.0:function:string-is-in");
            Expression[] expressionArr = new Expression[2];
            expressionArr[0] = new AttributeValue(new StringAttribute(data29.get(2)));
            expressionArr[1] = new SubjectAttributeDesignator(new URI("user".equalsIgnoreCase(data29.get(0)) ? "urn:oasis:names:tc:xacml:1.0:subject:subject-id" : "urn:oasis:names:tc:xacml:2.0:subject:group"), new URI("http://www.w3.org/2001/XMLSchema#string"), true, new URI(SubjectAttributeDesignatorFactory.CONTEXT_ATTR + urlEncode("Integrity{" + data29.get(1) + FunctionRef.FUNCTION_CLOSE_BRACE)));
            return new Apply(uri, (List<Expression>) Arrays.asList(expressionArr));
        }
        if (!TIME.equals(predicate.getClassname())) {
            if (UNCHECKED_POLICY.equals(predicate.getClassname())) {
                throw new SimplificationException(Collections.singletonList(new Rule("unchecked-policy", true)));
            }
            if (!WLP_EXPRESSION.equals(predicate.getClassname())) {
                throw new DocumentParseException("Unrecognized predicate class: " + predicate.getClassname());
            }
            if (str == null) {
                throw new SimplificationException(Collections.singletonList(new Rule("missing-p13n-auxiliary-expression-hence-deny", false)));
            }
            P13NExpressionConverter p13NConverter = getP13NConverter();
            if (p13NConverter != null) {
                return p13NConverter.convert(str, set);
            }
            throw new DocumentParseException("P13N expression converter improperly installed or registered");
        }
        List<String> data30 = predicate.getParameters().getData();
        if (data30.size() < 1) {
            throw new DocumentParseException("Time predicate missing parameters");
        }
        Apply apply8 = new Apply(new URI("urn:oasis:names:tc:xacml:1.0:function:dateTime-one-and-only"), (List<Expression>) Arrays.asList(new EnvironmentAttributeDesignator(new URI("urn:oasis:names:tc:xacml:1.0:environment:current-dateTime"), new URI(DataTypes.DATE_TIME), true)));
        if (data30.size() > 2 && (timeZone = TimeZone.getTimeZone(data30.get(2))) != null) {
            apply8 = new Apply(new URI("urn:oasis:names:tc:xacml:1.0:function:dateTime-subtract-dayTimeDuration"), (List<Expression>) Arrays.asList(new Apply(new URI("urn:oasis:names:tc:xacml:1.0:function:dateTime-add-dayTimeDuration"), (List<Expression>) Arrays.asList(apply8, new AttributeValue(new DayTimeDurationAttribute(0, 0, 0, 0, timeZone.getRawOffset() * 1000000)))), new Apply(new URI("urn:bea:xacml:2.0:function:dayTimeDuration-timeZoneOffset"), (List<Expression>) null)));
        }
        Apply apply9 = new Apply(new URI("urn:bea:xacml:2.0:function:dateTime-secondsOfDay"), (List<Expression>) Arrays.asList(apply8));
        int parseTimeOfDay = parseTimeOfDay(data30.get(0));
        int parseTimeOfDay2 = data30.size() > 1 ? parseTimeOfDay(data30.get(1)) : -1;
        Apply apply10 = new Apply(new URI("urn:oasis:names:tc:xacml:1.0:function:integer-greater-than-or-equal"), (List<Expression>) Arrays.asList(apply9, new AttributeValue(new IntegerAttribute(parseTimeOfDay))));
        if (parseTimeOfDay2 == -1) {
            return apply10;
        }
        Apply apply11 = new Apply(new URI("urn:oasis:names:tc:xacml:1.0:function:integer-less-than"), (List<Expression>) Arrays.asList(apply9, new AttributeValue(new IntegerAttribute(parseTimeOfDay2))));
        return parseTimeOfDay <= parseTimeOfDay2 ? new Apply(new URI("urn:oasis:names:tc:xacml:1.0:function:and"), (List<Expression>) Arrays.asList(apply10, apply11)) : new Apply(new URI("urn:oasis:names:tc:xacml:1.0:function:or"), (List<Expression>) Arrays.asList(apply10, apply11));
        throw new URISyntaxException(e);
    }

    private int parseTimeOfDay(String str) throws DocumentParseException {
        int i = 0;
        int i2 = 0;
        int i3 = 0;
        StringTokenizer stringTokenizer = new StringTokenizer(str, ":", false);
        if (stringTokenizer.hasMoreTokens()) {
            i = Integer.parseInt(stringTokenizer.nextToken().trim());
            if (stringTokenizer.hasMoreTokens()) {
                i2 = Integer.parseInt(stringTokenizer.nextToken().trim());
                if (stringTokenizer.hasMoreTokens()) {
                    i3 = Integer.parseInt(stringTokenizer.nextToken().trim());
                    if (stringTokenizer.hasMoreTokens()) {
                        throw new DocumentParseException("Illegal format for time of day.  Must be HH:MM:SS");
                    }
                }
            }
        }
        if (i < 0 || i > 23) {
            throw new DocumentParseException("Illegal hour value: " + i);
        }
        if (i2 < 0 || i2 > 59) {
            throw new DocumentParseException("Illegal minute value: " + i2);
        }
        if (i3 < 0 || i3 > 59) {
            throw new DocumentParseException("Illegal second value: " + i3);
        }
        return (((i * 60) + i2) * 60) + i3;
    }

    private Apply getHttpRequestAttrApply(String str) throws URISyntaxException, DocumentParseException {
        try {
            Apply apply = new Apply(new URI("urn:bea:xacml:2.0:function:object-one-and-only"), (List<Expression>) Arrays.asList(new EnvironmentAttributeDesignator(new URI("urn:bea:xacml:2.0:environment:context:com.bea.contextelement.servlet.HttpServletRequest"), new URI(DataTypes.OBJECT), true)));
            if (str.startsWith("Attribute.")) {
                return new Apply(new URI("urn:bea:xacml:2.0:function:instance-method-match"), (List<Expression>) Arrays.asList(apply, new AttributeValue(new StringAttribute("getAttribute")), new AttributeValue(new StringAttribute(str.substring("Attribute.".length())))));
            }
            if (str.startsWith("Header.")) {
                return new Apply(new URI("urn:bea:xacml:2.0:function:instance-method-match"), (List<Expression>) Arrays.asList(apply, new AttributeValue(new StringAttribute("getHeader")), new AttributeValue(new StringAttribute(str.substring("Header.".length())))));
            }
            if (str.startsWith("Parameter.")) {
                return new Apply(new URI("urn:bea:xacml:2.0:function:instance-method-match"), (List<Expression>) Arrays.asList(apply, new AttributeValue(new StringAttribute("getParameter")), new AttributeValue(new StringAttribute(str.substring("Parameter.".length())))));
            }
            if (str.equals("Method")) {
                return new Apply(new URI("urn:bea:xacml:2.0:function:instance-method-match"), (List<Expression>) Arrays.asList(apply, new AttributeValue(new StringAttribute("getMethod"))));
            }
            if (str.equals("RequestURI")) {
                return new Apply(new URI("urn:bea:xacml:2.0:function:instance-method-match"), (List<Expression>) Arrays.asList(apply, new AttributeValue(new StringAttribute("getRequestURI"))));
            }
            if (str.equals("QueryString")) {
                return new Apply(new URI("urn:bea:xacml:2.0:function:instance-method-match"), (List<Expression>) Arrays.asList(apply, new AttributeValue(new StringAttribute("getQueryString"))));
            }
            if (str.equals("Protocol")) {
                return new Apply(new URI("urn:bea:xacml:2.0:function:instance-method-match"), (List<Expression>) Arrays.asList(apply, new AttributeValue(new StringAttribute("getProtocol"))));
            }
            if (str.equals("LocalPort")) {
                return new Apply(new URI("urn:bea:xacml:2.0:function:instance-method-match"), (List<Expression>) Arrays.asList(apply, new AttributeValue(new StringAttribute("getLocalPort"))));
            }
            if (str.equals("RemotePort")) {
                return new Apply(new URI("urn:bea:xacml:2.0:function:instance-method-match"), (List<Expression>) Arrays.asList(apply, new AttributeValue(new StringAttribute("getRemotePort"))));
            }
            if (str.equals("RemoteHost")) {
                return new Apply(new URI("urn:bea:xacml:2.0:function:instance-method-match"), (List<Expression>) Arrays.asList(apply, new AttributeValue(new StringAttribute("getRemoteHost"))));
            }
            if (str.startsWith("Session.Attribute.")) {
                return new Apply(new URI("urn:bea:xacml:2.0:function:instance-method-match"), (List<Expression>) Arrays.asList(new Apply(new URI("urn:bea:xacml:2.0:function:instance-method-match"), (List<Expression>) Arrays.asList(apply, new AttributeValue(new StringAttribute("getSession")))), new AttributeValue(new StringAttribute("getAttribute")), new AttributeValue(new StringAttribute(str.substring("Session.Attribute.".length())))));
            }
            throw new DocumentParseException("Not a supported attribute: " + str);
        } catch (java.net.URISyntaxException e) {
            throw new URISyntaxException(e);
        }
    }

    private P13NExpressionConverter getP13NConverter() {
        if (this.p13nConverter == null) {
            this.p13nConverter = new P13NExpressionConverter();
        }
        return this.p13nConverter;
    }

    private boolean isPortal() {
        P13NExpressionConverter p13NConverter = getP13NConverter();
        return p13NConverter != null && p13NConverter.isPortal();
    }

    private String urlEncode(String str) throws DocumentParseException {
        try {
            return URLEncoder.encode(str, "UTF-8");
        } catch (UnsupportedEncodingException e) {
            throw new DocumentParseException(e);
        }
    }

    static {
        IDDNAME_PREFIX = Boolean.getBoolean("weblogic.security.xacml.PrevIDDNamePrefix") ? "iddname://idd_" : "iddname://idd.";
    }
}
