package org.fcrepo.server.security;

import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.net.URI;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.xml.transform.Transformer;
import javax.xml.transform.stream.StreamResult;
import javax.xml.transform.stream.StreamSource;
import org.fcrepo.common.Constants;
import org.fcrepo.server.Server;
import org.fcrepo.server.config.ModuleConfiguration;
import org.fcrepo.server.errors.GeneralException;
import org.fcrepo.server.validation.ValidationUtility;
import org.fcrepo.utilities.FileUtils;
import org.fcrepo.utilities.XmlTransformUtility;
import org.jboss.security.xacml.sunxacml.AbstractPolicy;
import org.jboss.security.xacml.sunxacml.EvaluationCtx;
import org.jboss.security.xacml.sunxacml.PolicySet;
import org.jboss.security.xacml.sunxacml.Target;
import org.jboss.security.xacml.sunxacml.attr.BagAttribute;
import org.jboss.security.xacml.sunxacml.combine.OrderedDenyOverridesPolicyAlg;
import org.jboss.security.xacml.sunxacml.combine.PolicyCombiningAlgorithm;
import org.jboss.security.xacml.sunxacml.cond.EvaluationResult;
import org.jboss.security.xacml.sunxacml.ctx.Status;
import org.jboss.security.xacml.sunxacml.finder.PolicyFinder;
import org.jboss.security.xacml.sunxacml.finder.PolicyFinderResult;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/fcrepo/server/security/PolicyFinderModule.class */
public class PolicyFinderModule extends org.jboss.security.xacml.sunxacml.finder.PolicyFinderModule {
    private static final Logger logger = LoggerFactory.getLogger(PolicyFinderModule.class);
    private static final List<String> ERROR_CODE_LIST = new ArrayList(1);
    private static final String DEFAULT = "default";
    private static final String DEFAULT_XACML_COMBINING_ALGORITHM = "org.jboss.security.xacml.sunxacml.combine.OrderedDenyOverridesPolicyAlg";
    private static final String XACML_DIST_BASE = "fedora-internal-use";
    private static final String DEFAULT_REPOSITORY_POLICIES_DIRECTORY = "fedora-internal-use/fedora-internal-use-repository-policies-approximating-2.0";
    private static final String BACKEND_POLICIES_ACTIVE_DIRECTORY = "fedora-internal-use/fedora-internal-use-backend-service-policies";
    private static final String BE_SECURITY_XML_LOCATION = "config/beSecurity.xml";
    private static final String BACKEND_POLICIES_XSL_LOCATION = "fedora-internal-use/build-backend-policy.xsl";
    private static final String COMBINING_ALGORITHM_KEY = "XACML-COMBINING-ALGORITHM";
    private static final String REPOSITORY_POLICIES_DIRECTORY_KEY = "REPOSITORY-POLICIES-DIRECTORY";
    private static final String POLICY_SCHEMA_PATH_KEY = "POLICY-SCHEMA-PATH";
    private static final String VALIDATE_REPOSITORY_POLICIES_KEY = "VALIDATE-REPOSITORY-POLICIES";
    private static final String VALIDATE_OBJECT_POLICIES_FROM_DATASTREAM_KEY = "VALIDATE-OBJECT-POLICIES-FROM-DATASTREAM";
    private static final URI STRING_ATTRIBUTE;
    private static final URI EMPTY_URI;
    private static final PolicySet EMPTY_SET;
    private final PolicyCombiningAlgorithm m_combiningAlgorithm;
    private final String m_serverHome;
    private final String m_repositoryPolicyDirectoryPath;
    private final String m_repositoryBackendPolicyDirectoryPath;
    private final boolean m_validateRepositoryPolicies;
    private final boolean m_validateObjectPoliciesFromDatastream;
    private final PolicyParser m_policyParser;
    private final PolicyLoader m_policyLoader;
    private final List<AbstractPolicy> m_repositoryPolicies;
    private PolicySet m_repositoryPolicySet = EMPTY_SET;

    public PolicyFinderModule(Server server, PolicyLoader policyLoader, ModuleConfiguration moduleConfiguration) throws GeneralException {
        boolean parseBoolean;
        boolean parseBoolean2;
        this.m_serverHome = server.getHomeDir().getAbsolutePath();
        this.m_policyLoader = policyLoader;
        this.m_repositoryBackendPolicyDirectoryPath = this.m_serverHome + File.separator + BACKEND_POLICIES_ACTIVE_DIRECTORY;
        String parameter = moduleConfiguration.getParameter(REPOSITORY_POLICIES_DIRECTORY_KEY, true);
        this.m_repositoryPolicyDirectoryPath = parameter == null ? "" : parameter;
        String parameter2 = moduleConfiguration.getParameter(COMBINING_ALGORITHM_KEY);
        try {
            this.m_combiningAlgorithm = (PolicyCombiningAlgorithm) Class.forName(parameter2 == null ? DEFAULT_XACML_COMBINING_ALGORITHM : parameter2).newInstance();
            String parameter3 = moduleConfiguration.getParameter(VALIDATE_REPOSITORY_POLICIES_KEY);
            if (parameter3 != null) {
                try {
                    parseBoolean = Boolean.parseBoolean(parameter3);
                } catch (Exception e) {
                    throw new GeneralException("bad init parm boolean value for VALIDATE-REPOSITORY-POLICIES", e);
                }
            } else {
                parseBoolean = false;
            }
            this.m_validateRepositoryPolicies = parseBoolean;
            String parameter4 = moduleConfiguration.getParameter(VALIDATE_OBJECT_POLICIES_FROM_DATASTREAM_KEY);
            if (parameter4 != null) {
                try {
                    parseBoolean2 = Boolean.parseBoolean(parameter4);
                } catch (Exception e2) {
                    throw new GeneralException("bad init parm boolean value for VALIDATE-OBJECT-POLICIES-FROM-DATASTREAM", e2);
                }
            } else {
                parseBoolean2 = false;
            }
            this.m_validateObjectPoliciesFromDatastream = parseBoolean2;
            String parameter5 = moduleConfiguration.getParameter(POLICY_SCHEMA_PATH_KEY);
            if (parameter5 == null) {
                throw new GeneralException("Policy schema path not specified.  Must be given as POLICY-SCHEMA-PATH");
            }
            File file = parameter5.startsWith(File.separator) ? new File(parameter5) : new File(new File(this.m_serverHome), parameter5);
            try {
                this.m_policyParser = new PolicyParser(new FileInputStream(file));
                ValidationUtility.setPolicyParser(this.m_policyParser);
                this.m_repositoryPolicies = new ArrayList();
            } catch (Exception e3) {
                throw new GeneralException("Error loading policy schema: " + file.getAbsolutePath(), e3);
            }
        } catch (Exception e4) {
            throw new GeneralException(e4.getMessage(), e4);
        }
    }

    public void init(PolicyFinder policyFinder) {
        try {
            logger.info("Loading repository policies...");
            setupActivePolicyDirectories();
            this.m_repositoryPolicies.clear();
            Map<String, AbstractPolicy> loadPolicies = this.m_policyLoader.loadPolicies(this.m_policyParser, this.m_validateRepositoryPolicies, new File(this.m_repositoryBackendPolicyDirectoryPath));
            loadPolicies.putAll(this.m_policyLoader.loadPolicies(this.m_policyParser, this.m_validateRepositoryPolicies, new File(this.m_repositoryPolicyDirectoryPath)));
            this.m_repositoryPolicies.addAll(loadPolicies.values());
            this.m_repositoryPolicySet = toPolicySet(this.m_repositoryPolicies, this.m_combiningAlgorithm);
        } catch (Throwable th) {
            logger.error("Error loading repository policies: " + th.toString(), th);
        }
    }

    private final void generateBackendPolicies() throws Exception {
        logger.info("Generating backend policies...");
        FileUtils.deleteContents(new File(this.m_repositoryBackendPolicyDirectoryPath));
        Hashtable<String, String> generateBackendPolicies = new BackendPolicies(this.m_serverHome + File.separator + BE_SECURITY_XML_LOCATION).generateBackendPolicies();
        try {
            Transformer transformer = null;
            for (String str : generateBackendPolicies.keySet()) {
                if (transformer == null) {
                    transformer = XmlTransformUtility.getTransformer(new StreamSource(new File(this.m_serverHome + File.separator + BACKEND_POLICIES_XSL_LOCATION)));
                } else {
                    transformer.reset();
                }
                transformer.transform(new StreamSource(new FileInputStream(new File(generateBackendPolicies.get(str)))), new StreamResult(new FileOutputStream(this.m_repositoryBackendPolicyDirectoryPath + File.separator + str)));
            }
        } finally {
            Iterator<String> it = generateBackendPolicies.keySet().iterator();
            while (it.hasNext()) {
                new File(generateBackendPolicies.get(it.next())).delete();
            }
        }
    }

    private void setupActivePolicyDirectories() throws Exception {
        File file = new File(this.m_repositoryPolicyDirectoryPath + File.separator + "default");
        if (!file.exists()) {
            file.mkdirs();
            FileUtils.copy(new File(this.m_serverHome + File.separator + DEFAULT_REPOSITORY_POLICIES_DIRECTORY), file);
        }
        generateBackendPolicies();
    }

    public boolean isRequestSupported() {
        return true;
    }

    public PolicyFinderResult findPolicy(EvaluationCtx evaluationCtx) {
        PolicyFinderResult policyFinderResult;
        AbstractPolicy loadObjectPolicy;
        PolicySet policySet = this.m_repositoryPolicySet;
        try {
            String pid = getPid(evaluationCtx);
            if (pid != null && !pid.isEmpty() && (loadObjectPolicy = this.m_policyLoader.loadObjectPolicy(this.m_policyParser.copy(), pid, this.m_validateObjectPoliciesFromDatastream)) != null) {
                ArrayList arrayList = new ArrayList(this.m_repositoryPolicies);
                arrayList.add(loadObjectPolicy);
                policySet = toPolicySet(arrayList, this.m_combiningAlgorithm);
            }
            policyFinderResult = new PolicyFinderResult(policySet);
        } catch (Exception e) {
            logger.warn("PolicyFinderModule seriously failed to evaluate a policy ", e);
            policyFinderResult = new PolicyFinderResult(new Status(ERROR_CODE_LIST, e.getMessage()));
        }
        return policyFinderResult;
    }

    public static String getPid(EvaluationCtx evaluationCtx) {
        BagAttribute attributeFromEvaluationResult = getAttributeFromEvaluationResult(evaluationCtx.getResourceAttribute(STRING_ATTRIBUTE, Constants.OBJECT.PID.attributeId, (URI) null));
        if (attributeFromEvaluationResult == null) {
            logger.debug("PolicyFinderModule:getPid exit on can't get pid on request callback");
            return null;
        }
        if (!attributeFromEvaluationResult.getType().equals(STRING_ATTRIBUTE)) {
            logger.debug("PolicyFinderModule:getPid exit on couldn't get pid from xacml request non-string returned");
            return null;
        }
        if (attributeFromEvaluationResult.size() == 1) {
            return (String) attributeFromEvaluationResult.getValue();
        }
        return null;
    }

    private static final BagAttribute getAttributeFromEvaluationResult(EvaluationResult evaluationResult) {
        if (evaluationResult.indeterminate()) {
            return null;
        }
        if (evaluationResult.getStatus() != null && !"urn:oasis:names:tc:xacml:1.0:status:ok".equals(evaluationResult.getStatus())) {
            return null;
        }
        BagAttribute attributeValue = evaluationResult.getAttributeValue();
        if (attributeValue instanceof BagAttribute) {
            return attributeValue;
        }
        return null;
    }

    private static PolicySet toPolicySet(List<AbstractPolicy> list, PolicyCombiningAlgorithm policyCombiningAlgorithm) {
        return new PolicySet(EMPTY_URI, policyCombiningAlgorithm, (Target) null, list);
    }

    static {
        ERROR_CODE_LIST.add("urn:oasis:names:tc:xacml:1.0:status:processing-error");
        STRING_ATTRIBUTE = URI.create("http://www.w3.org/2001/XMLSchema#string");
        EMPTY_URI = URI.create("");
        EMPTY_SET = toPolicySet(Collections.EMPTY_LIST, new OrderedDenyOverridesPolicyAlg());
    }
}
