package org.ow2.authzforce.core.pdp.impl.rule;

import com.google.common.collect.ImmutableList;
import java.util.List;
import net.sf.saxon.s9api.XPathCompiler;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.Advice;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.AdviceExpression;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.AdviceExpressions;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.Condition;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.DecisionType;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.EffectType;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.Obligation;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.ObligationExpression;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.ObligationExpressions;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.Rule;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.Status;
import org.ow2.authzforce.core.pdp.api.Decidable;
import org.ow2.authzforce.core.pdp.api.DecisionResult;
import org.ow2.authzforce.core.pdp.api.DecisionResults;
import org.ow2.authzforce.core.pdp.api.EvaluationContext;
import org.ow2.authzforce.core.pdp.api.ImmutablePepActions;
import org.ow2.authzforce.core.pdp.api.IndeterminateEvaluationException;
import org.ow2.authzforce.core.pdp.api.expression.ExpressionFactory;
import org.ow2.authzforce.core.pdp.impl.BooleanEvaluator;
import org.ow2.authzforce.core.pdp.impl.PepActionExpression;
import org.ow2.authzforce.core.pdp.impl.PepActionExpressions;
import org.ow2.authzforce.core.pdp.impl.PepActionFactories;
import org.ow2.authzforce.core.pdp.impl.TargetEvaluators;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/ow2/authzforce/core/pdp/impl/rule/RuleEvaluator.class */
public final class RuleEvaluator implements Decidable {
    private static final IllegalArgumentException NULL_XACML_RULE_ARGUMENT_EXCEPTION = new IllegalArgumentException("Cannot create Rule evaluator: undefined input XACML/JAXB Rule element");
    private static final Logger LOGGER = LoggerFactory.getLogger(RuleEvaluator.class);
    private static final DecisionResultFactory PERMIT_DECISION_WITHOUT_PEP_ACTION_RESULT_FACTORY = new DecisionResultFactory() { // from class: org.ow2.authzforce.core.pdp.impl.rule.RuleEvaluator.1
        static final /* synthetic */ boolean $assertionsDisabled;

        @Override // org.ow2.authzforce.core.pdp.impl.rule.RuleEvaluator.DecisionResultFactory
        public DecisionResult getInstance(EvaluationContext evaluationContext) {
            return DecisionResults.SIMPLE_PERMIT;
        }

        @Override // org.ow2.authzforce.core.pdp.impl.rule.RuleEvaluator.DecisionResultFactory
        public DecisionResult newIndeterminate(IndeterminateEvaluationException indeterminateEvaluationException) {
            if ($assertionsDisabled || indeterminateEvaluationException != null) {
                return DecisionResults.newIndeterminate(DecisionType.PERMIT, indeterminateEvaluationException, (ImmutableList) null);
            }
            throw new AssertionError();
        }

        @Override // org.ow2.authzforce.core.pdp.impl.rule.RuleEvaluator.DecisionResultFactory
        public EffectType getDecisionType() {
            return EffectType.PERMIT;
        }

        static {
            $assertionsDisabled = !RuleEvaluator.class.desiredAssertionStatus();
        }
    };
    private static final DecisionResultFactory DENY_DECISION_WITHOUT_PEP_ACTION_RESULT_FACTORY = new DecisionResultFactory() { // from class: org.ow2.authzforce.core.pdp.impl.rule.RuleEvaluator.2
        static final /* synthetic */ boolean $assertionsDisabled;

        @Override // org.ow2.authzforce.core.pdp.impl.rule.RuleEvaluator.DecisionResultFactory
        public DecisionResult getInstance(EvaluationContext evaluationContext) {
            return DecisionResults.SIMPLE_DENY;
        }

        @Override // org.ow2.authzforce.core.pdp.impl.rule.RuleEvaluator.DecisionResultFactory
        public DecisionResult newIndeterminate(IndeterminateEvaluationException indeterminateEvaluationException) {
            if ($assertionsDisabled || indeterminateEvaluationException != null) {
                return DecisionResults.newIndeterminate(DecisionType.DENY, indeterminateEvaluationException, (ImmutableList) null);
            }
            throw new AssertionError();
        }

        @Override // org.ow2.authzforce.core.pdp.impl.rule.RuleEvaluator.DecisionResultFactory
        public EffectType getDecisionType() {
            return EffectType.DENY;
        }

        static {
            $assertionsDisabled = !RuleEvaluator.class.desiredAssertionStatus();
        }
    };
    private static final BooleanEvaluator TRUE_CONDITION = new BooleanEvaluator() { // from class: org.ow2.authzforce.core.pdp.impl.rule.RuleEvaluator.3
        @Override // org.ow2.authzforce.core.pdp.impl.BooleanEvaluator
        public boolean evaluate(EvaluationContext evaluationContext) throws IndeterminateEvaluationException {
            RuleEvaluator.LOGGER.debug("Condition null -> True");
            return true;
        }
    };
    private final BooleanEvaluator targetEvaluator;
    private final BooleanEvaluator conditionEvaluator;
    private final String ruleId;
    private final DecisionResultFactory decisionResultFactory;
    private final transient boolean isAlwaysApplicable;
    private final transient boolean hasNoPepAction;
    private final transient String toString;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/ow2/authzforce/core/pdp/impl/rule/RuleEvaluator$DecisionResultFactory.class */
    public interface DecisionResultFactory {
        EffectType getDecisionType();

        DecisionResult getInstance(EvaluationContext evaluationContext);

        DecisionResult newIndeterminate(IndeterminateEvaluationException indeterminateEvaluationException);
    }

    /* loaded from: input_file:org/ow2/authzforce/core/pdp/impl/rule/RuleEvaluator$DecisionWithPepActionResultFactory.class */
    private static abstract class DecisionWithPepActionResultFactory implements DecisionResultFactory {
        private final String ruleId;
        private final PepActionExpressions.EffectSpecific rulePepActionExpressions;
        private final DecisionType ruleEffectAsDecision;
        static final /* synthetic */ boolean $assertionsDisabled;

        private DecisionWithPepActionResultFactory(String str, PepActionExpressions.EffectSpecific effectSpecific) {
            if (!$assertionsDisabled && (str == null || effectSpecific == null)) {
                throw new AssertionError();
            }
            this.ruleId = str;
            this.rulePepActionExpressions = effectSpecific;
            this.ruleEffectAsDecision = effectSpecific.getEffect() == EffectType.DENY ? DecisionType.DENY : DecisionType.PERMIT;
        }

        protected abstract DecisionResult getInstance(ImmutablePepActions immutablePepActions);

        @Override // org.ow2.authzforce.core.pdp.impl.rule.RuleEvaluator.DecisionResultFactory
        public DecisionResult getInstance(EvaluationContext evaluationContext) {
            try {
                return getInstance(PepActionExpressions.Helper.evaluate(this.rulePepActionExpressions, evaluationContext));
            } catch (IndeterminateEvaluationException e) {
                RuleEvaluator.LOGGER.info("Rule['{}']/{Obligation|Advice}Expressions -> Indeterminate", this.ruleId, e);
                return newIndeterminate(e);
            }
        }

        @Override // org.ow2.authzforce.core.pdp.impl.rule.RuleEvaluator.DecisionResultFactory
        public DecisionResult newIndeterminate(IndeterminateEvaluationException indeterminateEvaluationException) {
            return DecisionResults.newIndeterminate(this.ruleEffectAsDecision, indeterminateEvaluationException, (ImmutableList) null);
        }

        static {
            $assertionsDisabled = !RuleEvaluator.class.desiredAssertionStatus();
        }
    }

    /* loaded from: input_file:org/ow2/authzforce/core/pdp/impl/rule/RuleEvaluator$DenyDecisionWithPepActionResutFactory.class */
    private static final class DenyDecisionWithPepActionResutFactory extends DecisionWithPepActionResultFactory {
        static final /* synthetic */ boolean $assertionsDisabled;

        private DenyDecisionWithPepActionResutFactory(String str, PepActionExpressions.EffectSpecific effectSpecific) {
            super(str, effectSpecific);
            if (!$assertionsDisabled && effectSpecific.getEffect() != EffectType.DENY) {
                throw new AssertionError();
            }
        }

        @Override // org.ow2.authzforce.core.pdp.impl.rule.RuleEvaluator.DecisionWithPepActionResultFactory
        protected DecisionResult getInstance(ImmutablePepActions immutablePepActions) {
            return DecisionResults.getDeny((Status) null, immutablePepActions, (ImmutableList) null);
        }

        @Override // org.ow2.authzforce.core.pdp.impl.rule.RuleEvaluator.DecisionResultFactory
        public EffectType getDecisionType() {
            return EffectType.DENY;
        }

        static {
            $assertionsDisabled = !RuleEvaluator.class.desiredAssertionStatus();
        }
    }

    /* loaded from: input_file:org/ow2/authzforce/core/pdp/impl/rule/RuleEvaluator$PermitDecisionWithPepActionResutFactory.class */
    private static final class PermitDecisionWithPepActionResutFactory extends DecisionWithPepActionResultFactory {
        static final /* synthetic */ boolean $assertionsDisabled;

        private PermitDecisionWithPepActionResutFactory(String str, PepActionExpressions.EffectSpecific effectSpecific) {
            super(str, effectSpecific);
            if (!$assertionsDisabled && effectSpecific.getEffect() != EffectType.PERMIT) {
                throw new AssertionError();
            }
        }

        @Override // org.ow2.authzforce.core.pdp.impl.rule.RuleEvaluator.DecisionWithPepActionResultFactory
        protected DecisionResult getInstance(ImmutablePepActions immutablePepActions) {
            return DecisionResults.getPermit((Status) null, immutablePepActions, (ImmutableList) null);
        }

        @Override // org.ow2.authzforce.core.pdp.impl.rule.RuleEvaluator.DecisionResultFactory
        public EffectType getDecisionType() {
            return EffectType.PERMIT;
        }

        static {
            $assertionsDisabled = !RuleEvaluator.class.desiredAssertionStatus();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/ow2/authzforce/core/pdp/impl/rule/RuleEvaluator$RulePepActionExpressions.class */
    public static final class RulePepActionExpressions implements PepActionExpressions {
        private final XPathCompiler xPathCompiler;
        private final ExpressionFactory expFactory;
        private final PepActionExpressions.EffectSpecific ruleEffectMatchingActionExpressions;
        static final /* synthetic */ boolean $assertionsDisabled;

        private RulePepActionExpressions(XPathCompiler xPathCompiler, ExpressionFactory expressionFactory, EffectType effectType) {
            if (!$assertionsDisabled && effectType == null) {
                throw new AssertionError();
            }
            this.ruleEffectMatchingActionExpressions = new PepActionExpressions.EffectSpecific(effectType);
            this.xPathCompiler = xPathCompiler;
            this.expFactory = expressionFactory;
        }

        @Override // org.ow2.authzforce.core.pdp.impl.PepActionExpressions
        public void add(ObligationExpression obligationExpression) throws IllegalArgumentException {
            if (!$assertionsDisabled && obligationExpression == null) {
                throw new AssertionError();
            }
            boolean addObligationExpression = this.ruleEffectMatchingActionExpressions.addObligationExpression(new PepActionExpression<>(PepActionFactories.OBLIGATION_FACTORY, obligationExpression.getObligationId(), obligationExpression.getFulfillOn(), obligationExpression.getAttributeAssignmentExpressions(), this.xPathCompiler, this.expFactory));
            if (!RuleEvaluator.LOGGER.isWarnEnabled() || addObligationExpression) {
                return;
            }
            RuleEvaluator.LOGGER.warn("Ignored ObligationExpression[@ObligationId='{}'] because @FulfillOn = {} does not match the rule's Effect = {}", new Object[]{obligationExpression.getObligationId(), obligationExpression.getFulfillOn(), this.ruleEffectMatchingActionExpressions.getEffect()});
        }

        @Override // org.ow2.authzforce.core.pdp.impl.PepActionExpressions
        public void add(AdviceExpression adviceExpression) throws IllegalArgumentException {
            if (!$assertionsDisabled && adviceExpression == null) {
                throw new AssertionError();
            }
            boolean addAdviceExpression = this.ruleEffectMatchingActionExpressions.addAdviceExpression(new PepActionExpression<>(PepActionFactories.ADVICE_FACTORY, adviceExpression.getAdviceId(), adviceExpression.getAppliesTo(), adviceExpression.getAttributeAssignmentExpressions(), this.xPathCompiler, this.expFactory));
            if (!RuleEvaluator.LOGGER.isWarnEnabled() || addAdviceExpression) {
                return;
            }
            RuleEvaluator.LOGGER.warn("Ignored AdviceExpression[@AdviceId='{}'] because @AppliesTo = {} does not match the rule's Effect = {}", new Object[]{adviceExpression.getAdviceId(), adviceExpression.getAppliesTo(), this.ruleEffectMatchingActionExpressions.getEffect()});
        }

        @Override // org.ow2.authzforce.core.pdp.impl.PepActionExpressions
        public List<PepActionExpression<Obligation>> getObligationExpressionList() {
            return this.ruleEffectMatchingActionExpressions.getObligationExpressions();
        }

        @Override // org.ow2.authzforce.core.pdp.impl.PepActionExpressions
        public List<PepActionExpression<Advice>> getAdviceExpressionList() {
            return this.ruleEffectMatchingActionExpressions.getAdviceExpressions();
        }

        static {
            $assertionsDisabled = !RuleEvaluator.class.desiredAssertionStatus();
        }
    }

    /* loaded from: input_file:org/ow2/authzforce/core/pdp/impl/rule/RuleEvaluator$RulePepActionExpressionsFactory.class */
    private static final class RulePepActionExpressionsFactory implements PepActionExpressions.Factory<RulePepActionExpressions> {
        private final EffectType ruleEffect;
        static final /* synthetic */ boolean $assertionsDisabled;

        private RulePepActionExpressionsFactory(EffectType effectType) {
            if (!$assertionsDisabled && effectType == null) {
                throw new AssertionError();
            }
            this.ruleEffect = effectType;
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // org.ow2.authzforce.core.pdp.impl.PepActionExpressions.Factory
        public RulePepActionExpressions getInstance(XPathCompiler xPathCompiler, ExpressionFactory expressionFactory) {
            return new RulePepActionExpressions(xPathCompiler, expressionFactory, this.ruleEffect);
        }

        static {
            $assertionsDisabled = !RuleEvaluator.class.desiredAssertionStatus();
        }
    }

    public RuleEvaluator(Rule rule, XPathCompiler xPathCompiler, ExpressionFactory expressionFactory) throws IllegalArgumentException {
        if (rule == null) {
            throw NULL_XACML_RULE_ARGUMENT_EXCEPTION;
        }
        this.ruleId = rule.getRuleId();
        this.toString = "Rule['" + this.ruleId + "']";
        this.targetEvaluator = TargetEvaluators.getInstance(rule.getTarget(), xPathCompiler, expressionFactory);
        Condition condition = rule.getCondition();
        if (condition == null) {
            this.conditionEvaluator = TRUE_CONDITION;
        } else {
            try {
                this.conditionEvaluator = ConditionEvaluators.getInstance(condition, xPathCompiler, expressionFactory);
            } catch (IllegalArgumentException e) {
                throw new IllegalArgumentException(this + ": invalid Condition", e);
            }
        }
        this.isAlwaysApplicable = this.targetEvaluator == TargetEvaluators.MATCH_ALL_TARGET_EVALUATOR && this.conditionEvaluator == ConditionEvaluators.TRUE_CONDITION;
        EffectType effect = rule.getEffect();
        ObligationExpressions obligationExpressions = rule.getObligationExpressions();
        AdviceExpressions adviceExpressions = rule.getAdviceExpressions();
        if ((obligationExpressions == null || obligationExpressions.getObligationExpressions().isEmpty()) && (adviceExpressions == null || adviceExpressions.getAdviceExpressions().isEmpty())) {
            this.hasNoPepAction = true;
            this.decisionResultFactory = effect == EffectType.DENY ? DENY_DECISION_WITHOUT_PEP_ACTION_RESULT_FACTORY : PERMIT_DECISION_WITHOUT_PEP_ACTION_RESULT_FACTORY;
            return;
        }
        this.hasNoPepAction = false;
        try {
            RulePepActionExpressions rulePepActionExpressions = (RulePepActionExpressions) PepActionExpressions.Helper.parseActionExpressions(obligationExpressions == null ? null : obligationExpressions.getObligationExpressions(), adviceExpressions == null ? null : adviceExpressions.getAdviceExpressions(), xPathCompiler, expressionFactory, new RulePepActionExpressionsFactory(effect));
            this.decisionResultFactory = effect == EffectType.DENY ? new DenyDecisionWithPepActionResutFactory(this.ruleId, rulePepActionExpressions.ruleEffectMatchingActionExpressions) : new PermitDecisionWithPepActionResutFactory(this.ruleId, rulePepActionExpressions.ruleEffectMatchingActionExpressions);
        } catch (IllegalArgumentException e2) {
            throw new IllegalArgumentException(this + ": Invalid AttributeAssignmentExpression(s)", e2);
        }
    }

    public String getRuleId() {
        return this.ruleId;
    }

    public EffectType getEffect() {
        return this.decisionResultFactory.getDecisionType();
    }

    public boolean isAlwaysApplicable() {
        return this.isAlwaysApplicable;
    }

    public boolean hasNoPepAction() {
        return this.hasNoPepAction;
    }

    public boolean isEmptyEquivalent() {
        return this.isAlwaysApplicable && this.hasNoPepAction;
    }

    public DecisionResult evaluate(EvaluationContext evaluationContext) {
        try {
            if (!this.targetEvaluator.evaluate(evaluationContext)) {
                LOGGER.debug("{}/Target -> No-match", this);
                DecisionResult decisionResult = DecisionResults.SIMPLE_NOT_APPLICABLE;
                LOGGER.debug("{} -> {}", this, decisionResult);
                return decisionResult;
            }
            LOGGER.debug("{}/Target -> Match", this);
            try {
                if (this.conditionEvaluator.evaluate(evaluationContext)) {
                    LOGGER.debug("{}/Condition -> True", this);
                    DecisionResult decisionResultFactory = this.decisionResultFactory.getInstance(evaluationContext);
                    LOGGER.debug("{} -> {}", this, decisionResultFactory);
                    return decisionResultFactory;
                }
                LOGGER.debug("{}/Condition -> False", this);
                DecisionResult decisionResult2 = DecisionResults.SIMPLE_NOT_APPLICABLE;
                LOGGER.debug("{} -> {}", this, decisionResult2);
                return decisionResult2;
            } catch (IndeterminateEvaluationException e) {
                LOGGER.info("{}/Condition -> Indeterminate", this, e);
                DecisionResult newIndeterminate = this.decisionResultFactory.newIndeterminate(e);
                LOGGER.debug("{} -> {}", this, newIndeterminate);
                return newIndeterminate;
            }
        } catch (IndeterminateEvaluationException e2) {
            LOGGER.info("{}/Target -> Indeterminate", this, e2);
            DecisionResult newIndeterminate2 = this.decisionResultFactory.newIndeterminate(e2);
            LOGGER.debug("{} -> {}", this, newIndeterminate2);
            return newIndeterminate2;
        }
    }

    public String toString() {
        return this.toString;
    }
}
