package org.ow2.authzforce.core.pdp.impl;

import com.google.common.collect.ImmutableList;
import java.io.IOException;
import java.io.Serializable;
import java.util.AbstractMap;
import java.util.ArrayDeque;
import java.util.Collection;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import net.sf.saxon.s9api.XdmNode;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.DecisionType;
import org.ow2.authzforce.core.pdp.api.AttributeFqn;
import org.ow2.authzforce.core.pdp.api.AttributeFqns;
import org.ow2.authzforce.core.pdp.api.CloseablePdpEngine;
import org.ow2.authzforce.core.pdp.api.DecisionCache;
import org.ow2.authzforce.core.pdp.api.DecisionRequest;
import org.ow2.authzforce.core.pdp.api.DecisionRequestBuilder;
import org.ow2.authzforce.core.pdp.api.DecisionResult;
import org.ow2.authzforce.core.pdp.api.DecisionResults;
import org.ow2.authzforce.core.pdp.api.EvaluationContext;
import org.ow2.authzforce.core.pdp.api.HashCollections;
import org.ow2.authzforce.core.pdp.api.ImmutableDecisionRequest;
import org.ow2.authzforce.core.pdp.api.IndeterminateEvaluationException;
import org.ow2.authzforce.core.pdp.api.policy.CloseablePolicyProvider;
import org.ow2.authzforce.core.pdp.api.policy.PolicyVersionPatterns;
import org.ow2.authzforce.core.pdp.api.policy.PrimaryPolicyMetadata;
import org.ow2.authzforce.core.pdp.api.policy.TopLevelPolicyElementType;
import org.ow2.authzforce.core.pdp.api.value.AttributeBag;
import org.ow2.authzforce.core.pdp.api.value.Bag;
import org.ow2.authzforce.core.pdp.impl.policy.RootPolicyEvaluator;
import org.ow2.authzforce.core.pdp.impl.policy.RootPolicyEvaluators;
import org.ow2.authzforce.xacml.identifiers.XacmlStatusCode;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/ow2/authzforce/core/pdp/impl/BasePdpEngine.class */
public final class BasePdpEngine implements CloseablePdpEngine {
    private static final IllegalArgumentException NULL_REQUEST_ARGUMENT_EXCEPTION = new IllegalArgumentException("No input Decision Request");
    private static final IllegalArgumentException NULL_MDP_CTX_ARGUMENT_EXCEPTION = new IllegalArgumentException("No input Multiple Decision Request context");
    private static final Logger LOGGER = LoggerFactory.getLogger(BasePdpEngine.class);
    private final boolean strictAttributeIssuerMatch;
    private final IndividualDecisionRequestEvaluator individualReqEvaluator;
    private final RootPolicyEvaluator rootPolicyEvaluator;
    private final Optional<CloseableNamedAttributeProviderRegistry> attProviders;
    private final Optional<DecisionCache> decisionCache;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/ow2/authzforce/core/pdp/impl/BasePdpEngine$IndividualDecisionRequestEvaluator.class */
    public static abstract class IndividualDecisionRequestEvaluator {
        private final RootPolicyEvaluator rootPolicyEvaluator;
        private final Optional<CloseableNamedAttributeProviderRegistry> attProviders;
        static final /* synthetic */ boolean $assertionsDisabled;

        protected IndividualDecisionRequestEvaluator(RootPolicyEvaluator rootPolicyEvaluator, Optional<CloseableNamedAttributeProviderRegistry> optional) throws IllegalArgumentException {
            if (!$assertionsDisabled && rootPolicyEvaluator == null) {
                throw new AssertionError();
            }
            this.rootPolicyEvaluator = rootPolicyEvaluator;
            this.attProviders = optional;
        }

        protected static final EvaluationContext newEvaluationContext(DecisionRequest decisionRequest) {
            if ($assertionsDisabled || decisionRequest != null) {
                return new IndividualDecisionRequestContext(decisionRequest.getNamedAttributes(), decisionRequest.getExtraContentsByCategory(), decisionRequest.isApplicablePolicyIdListReturned(), Optional.of(decisionRequest.getCreationTimestamp()));
            }
            throw new AssertionError();
        }

        protected final DecisionResult evaluateInNewContext(DecisionRequest decisionRequest, Optional<EvaluationContext> optional) {
            if (!$assertionsDisabled && decisionRequest == null) {
                throw new AssertionError();
            }
            EvaluationContext newEvaluationContext = newEvaluationContext(decisionRequest);
            if (this.attProviders.isPresent()) {
                try {
                    this.attProviders.get().beginIndividualDecisionRequest(newEvaluationContext, optional);
                } catch (IndeterminateEvaluationException e) {
                    BasePdpEngine.LOGGER.error("Error calling one of the AttributeProvider's beginIndividualDecisionRequest(...)", e);
                    return DecisionResults.newIndeterminate(DecisionType.NOT_APPLICABLE, e, (ImmutableList) null);
                }
            }
            return this.rootPolicyEvaluator.findAndEvaluate(newEvaluationContext, optional);
        }

        protected final DecisionResult evaluateReusingContext(EvaluationContext evaluationContext, Optional<EvaluationContext> optional) {
            if (this.attProviders.isPresent()) {
                try {
                    this.attProviders.get().beginIndividualDecisionRequest(evaluationContext, optional);
                } catch (IndeterminateEvaluationException e) {
                    BasePdpEngine.LOGGER.error("Error calling one of the AttributeProvider's beginIndividualDecisionRequest(...)", e);
                    return DecisionResults.newIndeterminate(DecisionType.NOT_APPLICABLE, e, (ImmutableList) null);
                }
            }
            return this.rootPolicyEvaluator.findAndEvaluate(evaluationContext, optional);
        }

        protected abstract DecisionResult evaluate(DecisionRequest decisionRequest);

        protected abstract <INDIVIDUAL_DECISION_REQ_T extends DecisionRequest> Collection<Map.Entry<INDIVIDUAL_DECISION_REQ_T, ? extends DecisionResult>> evaluate(List<INDIVIDUAL_DECISION_REQ_T> list, EvaluationContext evaluationContext) throws IndeterminateEvaluationException;

        static {
            $assertionsDisabled = !BasePdpEngine.class.desiredAssertionStatus();
        }
    }

    /* loaded from: input_file:org/ow2/authzforce/core/pdp/impl/BasePdpEngine$IndividualRequestEvaluatorWithCacheIgnoringEvaluationContext.class */
    private static final class IndividualRequestEvaluatorWithCacheIgnoringEvaluationContext extends IndividualDecisionRequestEvaluator {
        private static final Logger LOGGER;
        private static final IndeterminateEvaluationException INDETERMINATE_EVALUATION_EXCEPTION;
        private final DecisionCache decisionCache;
        static final /* synthetic */ boolean $assertionsDisabled;

        private IndividualRequestEvaluatorWithCacheIgnoringEvaluationContext(RootPolicyEvaluator rootPolicyEvaluator, DecisionCache decisionCache, Optional<CloseableNamedAttributeProviderRegistry> optional) {
            super(rootPolicyEvaluator, optional);
            if (!$assertionsDisabled && decisionCache == null) {
                throw new AssertionError();
            }
            this.decisionCache = decisionCache;
        }

        @Override // org.ow2.authzforce.core.pdp.impl.BasePdpEngine.IndividualDecisionRequestEvaluator
        protected DecisionResult evaluate(DecisionRequest decisionRequest) {
            if (!$assertionsDisabled && decisionRequest == null) {
                throw new AssertionError();
            }
            LOGGER.debug("Evaluating Individual Decision Request: {}", decisionRequest);
            DecisionResult decisionResult = this.decisionCache.get(decisionRequest, (EvaluationContext) null);
            if (decisionResult != null) {
                LOGGER.debug("Result found in cache for Individual Decision Request: {} -> {}", decisionRequest, decisionResult);
                return decisionResult;
            }
            LOGGER.debug("No result found in cache for Individual Decision Request: {}. Computing new result from policy evaluation...", decisionRequest);
            DecisionResult evaluateInNewContext = evaluateInNewContext(decisionRequest, Optional.empty());
            LOGGER.debug("Caching new Result for Individual Decision Request: {} -> {}", decisionRequest, evaluateInNewContext);
            this.decisionCache.put(decisionRequest, evaluateInNewContext, (EvaluationContext) null);
            return evaluateInNewContext;
        }

        @Override // org.ow2.authzforce.core.pdp.impl.BasePdpEngine.IndividualDecisionRequestEvaluator
        protected <INDIVIDUAL_DECISION_REQ_T extends DecisionRequest> Collection<Map.Entry<INDIVIDUAL_DECISION_REQ_T, ? extends DecisionResult>> evaluate(List<INDIVIDUAL_DECISION_REQ_T> list, EvaluationContext evaluationContext) throws IndeterminateEvaluationException {
            DecisionResult decisionResult;
            if (!$assertionsDisabled && (list == null || evaluationContext == null)) {
                throw new AssertionError();
            }
            Map all = this.decisionCache.getAll(list);
            if (all == null) {
                LOGGER.error("Invalid decision cache result: null");
                throw INDETERMINATE_EVALUATION_EXCEPTION;
            }
            Optional<EvaluationContext> of = Optional.of(evaluationContext);
            ArrayDeque arrayDeque = new ArrayDeque(list.size());
            Map newUpdatableMap = HashCollections.newUpdatableMap(list.size());
            for (INDIVIDUAL_DECISION_REQ_T individual_decision_req_t : list) {
                LOGGER.debug("Evaluating Individual Decision Request: {}", individual_decision_req_t);
                DecisionResult decisionResult2 = (DecisionResult) all.get(individual_decision_req_t);
                if (decisionResult2 == null) {
                    LOGGER.debug("No result found in cache for Individual Decision Request: {}. Computing new result from policy evaluation...", individual_decision_req_t);
                    decisionResult = evaluateInNewContext(individual_decision_req_t, of);
                    LOGGER.debug("Caching new Result for Individual Decision Request: {} -> {}", individual_decision_req_t, decisionResult);
                    newUpdatableMap.put(individual_decision_req_t, decisionResult);
                } else {
                    LOGGER.debug("Result found in cache for Individual Decision Request: {} -> {}", individual_decision_req_t, decisionResult2);
                    decisionResult = decisionResult2;
                }
                arrayDeque.add(new AbstractMap.SimpleImmutableEntry(individual_decision_req_t, decisionResult));
            }
            if (!newUpdatableMap.isEmpty()) {
                this.decisionCache.putAll(newUpdatableMap);
            }
            return arrayDeque;
        }

        static {
            $assertionsDisabled = !BasePdpEngine.class.desiredAssertionStatus();
            LOGGER = LoggerFactory.getLogger(IndividualRequestEvaluatorWithCacheIgnoringEvaluationContext.class);
            INDETERMINATE_EVALUATION_EXCEPTION = new IndeterminateEvaluationException("Internal error in decision cache: null result", XacmlStatusCode.PROCESSING_ERROR.value());
        }
    }

    /* loaded from: input_file:org/ow2/authzforce/core/pdp/impl/BasePdpEngine$IndividualRequestEvaluatorWithCacheUsingEvaluationContext.class */
    private static final class IndividualRequestEvaluatorWithCacheUsingEvaluationContext extends IndividualDecisionRequestEvaluator {
        private static final Logger LOGGER;
        private final DecisionCache decisionCache;
        static final /* synthetic */ boolean $assertionsDisabled;

        private IndividualRequestEvaluatorWithCacheUsingEvaluationContext(RootPolicyEvaluator rootPolicyEvaluator, DecisionCache decisionCache, Optional<CloseableNamedAttributeProviderRegistry> optional) {
            super(rootPolicyEvaluator, optional);
            if (!$assertionsDisabled && decisionCache == null) {
                throw new AssertionError();
            }
            this.decisionCache = decisionCache;
        }

        private <INDIVIDUAL_DECISION_REQ_T extends DecisionRequest> DecisionResult evaluateWithDecisionCache(INDIVIDUAL_DECISION_REQ_T individual_decision_req_t, Optional<EvaluationContext> optional) {
            if (!$assertionsDisabled && individual_decision_req_t == null) {
                throw new AssertionError();
            }
            LOGGER.debug("Evaluating Individual Decision Request: {}", individual_decision_req_t);
            EvaluationContext newEvaluationContext = newEvaluationContext(individual_decision_req_t);
            DecisionResult decisionResult = this.decisionCache.get(individual_decision_req_t, newEvaluationContext);
            if (decisionResult != null) {
                LOGGER.debug("Result found in cache for Individual Decision Request: {} -> {}", individual_decision_req_t, decisionResult);
                return decisionResult;
            }
            LOGGER.debug("No result found in cache for Individual Decision Request: {}. Computing new result from policy evaluation...", individual_decision_req_t);
            DecisionResult evaluateReusingContext = evaluateReusingContext(newEvaluationContext, optional);
            LOGGER.debug("Caching new Result for Individual Decision Request: {} -> {}", individual_decision_req_t, evaluateReusingContext);
            this.decisionCache.put(individual_decision_req_t, evaluateReusingContext, newEvaluationContext);
            return evaluateReusingContext;
        }

        @Override // org.ow2.authzforce.core.pdp.impl.BasePdpEngine.IndividualDecisionRequestEvaluator
        protected DecisionResult evaluate(DecisionRequest decisionRequest) {
            if ($assertionsDisabled || decisionRequest != null) {
                return evaluateWithDecisionCache(decisionRequest, Optional.empty());
            }
            throw new AssertionError();
        }

        @Override // org.ow2.authzforce.core.pdp.impl.BasePdpEngine.IndividualDecisionRequestEvaluator
        protected <INDIVIDUAL_DECISION_REQ_T extends DecisionRequest> Collection<Map.Entry<INDIVIDUAL_DECISION_REQ_T, ? extends DecisionResult>> evaluate(List<INDIVIDUAL_DECISION_REQ_T> list, EvaluationContext evaluationContext) {
            if (!$assertionsDisabled && (list == null || evaluationContext == null)) {
                throw new AssertionError();
            }
            Optional<EvaluationContext> of = Optional.of(evaluationContext);
            ArrayDeque arrayDeque = new ArrayDeque(list.size());
            for (INDIVIDUAL_DECISION_REQ_T individual_decision_req_t : list) {
                arrayDeque.add(new AbstractMap.SimpleImmutableEntry(individual_decision_req_t, evaluateWithDecisionCache(individual_decision_req_t, of)));
            }
            return arrayDeque;
        }

        static {
            $assertionsDisabled = !BasePdpEngine.class.desiredAssertionStatus();
            LOGGER = LoggerFactory.getLogger(IndividualRequestEvaluatorWithCacheUsingEvaluationContext.class);
        }
    }

    /* loaded from: input_file:org/ow2/authzforce/core/pdp/impl/BasePdpEngine$IssuedToNonIssuedAttributeCopyingRequestBuilder.class */
    private static final class IssuedToNonIssuedAttributeCopyingRequestBuilder extends NonIssuedLikeIssuedAttributeHandlingRequestBuilder {
        static final /* synthetic */ boolean $assertionsDisabled;

        private IssuedToNonIssuedAttributeCopyingRequestBuilder(int i, int i2) {
            super(i, 2 * i2);
        }

        @Override // org.ow2.authzforce.core.pdp.impl.BasePdpEngine.NonIssuedLikeIssuedAttributeHandlingRequestBuilder
        public Bag<?> putNamedAttributeIfAbsent(AttributeFqn attributeFqn, AttributeBag<?> attributeBag) {
            if (!$assertionsDisabled && attributeFqn == null) {
                throw new AssertionError();
            }
            super.putNamedAttributeIfAbsent(AttributeFqns.newInstance(attributeFqn.getCategory(), Optional.empty(), attributeFqn.getId()), attributeBag);
            return super.putNamedAttributeIfAbsent(attributeFqn, attributeBag);
        }

        static {
            $assertionsDisabled = !BasePdpEngine.class.desiredAssertionStatus();
        }
    }

    /* loaded from: input_file:org/ow2/authzforce/core/pdp/impl/BasePdpEngine$NonCachingIndividualDecisionRequestEvaluator.class */
    private static final class NonCachingIndividualDecisionRequestEvaluator extends IndividualDecisionRequestEvaluator {
        private static final Logger LOGGER;
        private static final RuntimeException NULL_INDIVIDUAL_DECISION_REQUEST_EXCEPTION;
        static final /* synthetic */ boolean $assertionsDisabled;

        private NonCachingIndividualDecisionRequestEvaluator(RootPolicyEvaluator rootPolicyEvaluator, Optional<CloseableNamedAttributeProviderRegistry> optional) {
            super(rootPolicyEvaluator, optional);
        }

        @Override // org.ow2.authzforce.core.pdp.impl.BasePdpEngine.IndividualDecisionRequestEvaluator
        protected DecisionResult evaluate(DecisionRequest decisionRequest) {
            if (!$assertionsDisabled && decisionRequest == null) {
                throw new AssertionError();
            }
            LOGGER.debug("Evaluating Individual Decision Request: {}", decisionRequest);
            return evaluateInNewContext(decisionRequest, Optional.empty());
        }

        @Override // org.ow2.authzforce.core.pdp.impl.BasePdpEngine.IndividualDecisionRequestEvaluator
        protected <INDIVIDUAL_DECISION_REQ_T extends DecisionRequest> Collection<Map.Entry<INDIVIDUAL_DECISION_REQ_T, ? extends DecisionResult>> evaluate(List<INDIVIDUAL_DECISION_REQ_T> list, EvaluationContext evaluationContext) {
            if (!$assertionsDisabled && (list == null || evaluationContext == null)) {
                throw new AssertionError();
            }
            Optional<EvaluationContext> of = Optional.of(evaluationContext);
            ArrayDeque arrayDeque = new ArrayDeque(list.size());
            for (INDIVIDUAL_DECISION_REQ_T individual_decision_req_t : list) {
                if (individual_decision_req_t == null) {
                    throw NULL_INDIVIDUAL_DECISION_REQUEST_EXCEPTION;
                }
                arrayDeque.add(new AbstractMap.SimpleImmutableEntry(individual_decision_req_t, evaluateInNewContext(individual_decision_req_t, of)));
            }
            return arrayDeque;
        }

        static {
            $assertionsDisabled = !BasePdpEngine.class.desiredAssertionStatus();
            LOGGER = LoggerFactory.getLogger(NonCachingIndividualDecisionRequestEvaluator.class);
            NULL_INDIVIDUAL_DECISION_REQUEST_EXCEPTION = new RuntimeException("One of the individual decision requests returned by the request filter is invalid (null).");
        }
    }

    /* loaded from: input_file:org/ow2/authzforce/core/pdp/impl/BasePdpEngine$NonIssuedLikeIssuedAttributeHandlingRequestBuilder.class */
    private static class NonIssuedLikeIssuedAttributeHandlingRequestBuilder implements DecisionRequestBuilder<ImmutableDecisionRequest> {
        private final Map<AttributeFqn, AttributeBag<?>> namedAttributes;
        private final Map<String, XdmNode> extraContentsByCategory;

        private NonIssuedLikeIssuedAttributeHandlingRequestBuilder(int i, int i2) {
            this.namedAttributes = i2 < 0 ? HashCollections.newUpdatableMap() : HashCollections.newUpdatableMap(i2);
            this.extraContentsByCategory = i < 0 ? HashCollections.newUpdatableMap() : HashCollections.newUpdatableMap(i);
        }

        public Bag<?> putNamedAttributeIfAbsent(AttributeFqn attributeFqn, AttributeBag<?> attributeBag) {
            return this.namedAttributes.putIfAbsent(attributeFqn, attributeBag);
        }

        public final XdmNode putContentIfAbsent(String str, XdmNode xdmNode) {
            return this.extraContentsByCategory.putIfAbsent(str, xdmNode);
        }

        /* renamed from: build, reason: merged with bridge method [inline-methods] */
        public final ImmutableDecisionRequest m9build(boolean z) {
            return ImmutableDecisionRequest.getInstance(this.namedAttributes, this.extraContentsByCategory, z);
        }

        public final void reset() {
            this.namedAttributes.clear();
            this.extraContentsByCategory.clear();
        }
    }

    public BasePdpEngine(CloseablePolicyProvider<?> closeablePolicyProvider, Optional<TopLevelPolicyElementType> optional, String str, Optional<PolicyVersionPatterns> optional2, boolean z, Optional<CloseableNamedAttributeProviderRegistry> optional3, Optional<DecisionCache> optional4) throws IllegalArgumentException, IOException {
        RootPolicyEvaluators.Base base = new RootPolicyEvaluators.Base(closeablePolicyProvider, optional, str, optional2);
        try {
            this.rootPolicyEvaluator = (RootPolicyEvaluator) Objects.requireNonNullElse(base.toStatic(), base);
            this.strictAttributeIssuerMatch = z;
            this.attProviders = optional3;
            this.decisionCache = optional4;
            this.individualReqEvaluator = (IndividualDecisionRequestEvaluator) this.decisionCache.map(decisionCache -> {
                return decisionCache.isEvaluationContextRequired() ? new IndividualRequestEvaluatorWithCacheUsingEvaluationContext(this.rootPolicyEvaluator, decisionCache, this.attProviders) : new IndividualRequestEvaluatorWithCacheIgnoringEvaluationContext(this.rootPolicyEvaluator, decisionCache, this.attProviders);
            }).orElse(new NonCachingIndividualDecisionRequestEvaluator(this.rootPolicyEvaluator, this.attProviders));
        } catch (IndeterminateEvaluationException e) {
            throw new IllegalArgumentException("No valid " + (optional.isPresent() ? (Serializable) optional.get() : "Policy(Set)") + " '" + str + "' matching version (pattern): " + (optional2.isPresent() ? optional2.get() : "latest"), e);
        }
    }

    public BasePdpEngine(PdpEngineConfiguration pdpEngineConfiguration) throws IllegalArgumentException, IOException {
        this(pdpEngineConfiguration.getPolicyProvider(), pdpEngineConfiguration.getRootPolicyElementType(), pdpEngineConfiguration.getRootPolicyId(), pdpEngineConfiguration.getRootPolicyVersionPatterns(), pdpEngineConfiguration.isStrictAttributeIssuerMatchEnabled(), pdpEngineConfiguration.getAttributeProviders(), pdpEngineConfiguration.getDecisionCache());
    }

    public Iterable<PrimaryPolicyMetadata> getApplicablePolicies() {
        return this.rootPolicyEvaluator.getStaticApplicablePolicies();
    }

    public DecisionRequestBuilder<?> newRequestBuilder(int i, int i2) {
        return this.strictAttributeIssuerMatch ? new NonIssuedLikeIssuedAttributeHandlingRequestBuilder(i, i2) : new IssuedToNonIssuedAttributeCopyingRequestBuilder(i, i2);
    }

    public DecisionResult evaluate(DecisionRequest decisionRequest) {
        if (decisionRequest == null) {
            throw NULL_REQUEST_ARGUMENT_EXCEPTION;
        }
        return this.individualReqEvaluator.evaluate(decisionRequest);
    }

    public <INDIVIDUAL_DECISION_REQ_T extends DecisionRequest> Collection<Map.Entry<INDIVIDUAL_DECISION_REQ_T, ? extends DecisionResult>> evaluate(List<INDIVIDUAL_DECISION_REQ_T> list, EvaluationContext evaluationContext) throws IndeterminateEvaluationException {
        if (list == null) {
            throw NULL_REQUEST_ARGUMENT_EXCEPTION;
        }
        if (evaluationContext == null) {
            throw NULL_MDP_CTX_ARGUMENT_EXCEPTION;
        }
        this.attProviders.ifPresent(closeableNamedAttributeProviderRegistry -> {
            closeableNamedAttributeProviderRegistry.beginMultipleDecisionRequest(evaluationContext);
        });
        return this.individualReqEvaluator.evaluate(list, evaluationContext);
    }

    public void close() throws IOException {
        this.rootPolicyEvaluator.close();
        if (this.attProviders.isPresent()) {
            this.attProviders.get().close();
        }
        if (this.decisionCache.isPresent()) {
            this.decisionCache.get().close();
        }
    }
}
