package org.fcrepo.server.security.xacml.pdp;

import ch.qos.logback.classic.net.SyslogAppender;
import com.sun.xacml.AbstractPolicy;
import com.sun.xacml.EvaluationCtx;
import com.sun.xacml.Indenter;
import com.sun.xacml.MatchResult;
import com.sun.xacml.TargetMatchGroup;
import com.sun.xacml.combine.PolicyCombinerElement;
import com.sun.xacml.combine.PolicyCombiningAlgorithm;
import com.sun.xacml.ctx.Result;
import com.sun.xacml.ctx.Status;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;

/* loaded from: input_file:WEB-INF/lib/fcrepo-security-pdp-3.6.1.jar:org/fcrepo/server/security/xacml/pdp/HierarchicalLowestChildDenyOverridesPolicyAlg.class */
public class HierarchicalLowestChildDenyOverridesPolicyAlg extends PolicyCombiningAlgorithm {
    private static final Logger logger = LoggerFactory.getLogger(HierarchicalLowestChildDenyOverridesPolicyAlg.class);
    DocumentBuilderFactory factory;
    public static final String XACML_RESOURCE_ID = "urn:oasis:names:tc:xacml:1.0:resource:resource-id";
    public static final String algId = "urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:hierarchical-lowest-child-deny-overrides";
    private static URI identifierURI;
    private static RuntimeException earlyException;

    public HierarchicalLowestChildDenyOverridesPolicyAlg() {
        super(identifierURI);
        this.factory = DocumentBuilderFactory.newInstance();
        if (earlyException != null) {
            throw earlyException;
        }
        this.factory = DocumentBuilderFactory.newInstance();
    }

    protected HierarchicalLowestChildDenyOverridesPolicyAlg(URI uri) {
        super(uri);
        this.factory = DocumentBuilderFactory.newInstance();
    }

    @Override // com.sun.xacml.combine.PolicyCombiningAlgorithm, com.sun.xacml.combine.CombiningAlgorithm
    public Result combine(EvaluationCtx evaluationCtx, List list, List list2) {
        logger.info("Combining using: " + getIdentifier());
        boolean z = false;
        boolean z2 = false;
        HashSet hashSet = new HashSet();
        Status status = null;
        HashSet hashSet2 = new HashSet();
        Iterator it = list2.iterator();
        while (it.hasNext()) {
            AbstractPolicy policy = ((PolicyCombinerElement) it.next()).getPolicy();
            MatchResult match = policy.match(evaluationCtx);
            if (match.getResult() == 2) {
                z = true;
                if (status == null) {
                    status = match.getStatus();
                }
            } else if (match.getResult() == 0) {
                hashSet2.add(policy);
            }
        }
        Iterator<AbstractPolicy> it2 = getApplicablePolicies(evaluationCtx, hashSet2).iterator();
        while (it2.hasNext()) {
            Result evaluate = it2.next().evaluate(evaluationCtx);
            int decision = evaluate.getDecision();
            if (decision == 1) {
                hashSet.addAll(evaluate.getObligations());
                return new Result(1, evaluationCtx.getResourceId().encode(), hashSet);
            }
            if (decision == 0) {
                z2 = true;
            } else if (decision == 2) {
                z = true;
                if (status == null) {
                    status = evaluate.getStatus();
                }
            }
        }
        return z2 ? new Result(0, evaluationCtx.getResourceId().encode()) : z ? new Result(2, status, evaluationCtx.getResourceId().encode()) : new Result(3, evaluationCtx.getResourceId().encode());
    }

    private Set<AbstractPolicy> getApplicablePolicies(EvaluationCtx evaluationCtx, Set<AbstractPolicy> set) {
        int i = 0;
        HashSet hashSet = new HashSet();
        for (AbstractPolicy abstractPolicy : set) {
            String str = null;
            for (TargetMatchGroup targetMatchGroup : abstractPolicy.getTarget().getResourcesSection().getMatchGroups()) {
                if (targetMatchGroup.match(evaluationCtx).getResult() <= 0) {
                    str = extractResourceId(targetMatchGroup);
                    if (str == null) {
                        logger.warn("Policy did not contain resourceId: " + abstractPolicy.getId());
                    } else if (logger.isDebugEnabled()) {
                        logger.debug("ResourceID: " + str);
                    }
                }
            }
            int length = "".equals(str) ? 0 : getLength(str);
            if (length > i) {
                i = length;
                hashSet = new HashSet();
            }
            if (length >= i) {
                hashSet.add(abstractPolicy);
            }
        }
        if (logger.isDebugEnabled()) {
            logger.debug("Applicable policies:");
            Iterator it = hashSet.iterator();
            while (it.hasNext()) {
                logger.debug(SyslogAppender.DEFAULT_STACKTRACE_PATTERN + ((AbstractPolicy) it.next()).getId());
            }
        }
        return hashSet;
    }

    private String extractResourceId(TargetMatchGroup targetMatchGroup) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        targetMatchGroup.encode(byteArrayOutputStream, new Indenter(4));
        try {
            try {
                String str = null;
                String str2 = null;
                String str3 = null;
                NodeList childNodes = this.factory.newDocumentBuilder().parse(new ByteArrayInputStream(byteArrayOutputStream.toByteArray())).getElementsByTagName("ResourceMatch").item(0).getChildNodes();
                for (int i = 0; i < childNodes.getLength() && str == null; i++) {
                    Node item = childNodes.item(i);
                    if (item.getNodeType() == 1) {
                        if ("AttributeValue".equals(item.getNodeName())) {
                            str3 = item.getFirstChild().getNodeValue();
                        } else if ("ResourceAttributeDesignator".equals(item.getNodeName())) {
                            str2 = item.getAttributes().getNamedItem("AttributeId").getNodeValue();
                        }
                        if ("urn:oasis:names:tc:xacml:1.0:resource:resource-id".equals(str2)) {
                            str = str3;
                        }
                    }
                }
                if (str == null) {
                    str = "";
                }
                return str;
            } catch (Exception e) {
                logger.error("Problem parsing TargetMatchGroup to obtain id");
                return null;
            }
        } catch (ParserConfigurationException e2) {
            logger.error("Error obtaining an XML parser: " + e2.getMessage(), (Throwable) e2);
            return null;
        }
    }

    private int getLength(String str) {
        if (str == null || "".equals(str)) {
            if (!logger.isDebugEnabled()) {
                return 0;
            }
            logger.debug("Length: " + str + " 0");
            return 0;
        }
        String[] split = str.split("\\/");
        for (int i = 0; i < split.length; i++) {
            if (split[i].matches(".*[^\\w\\-\\&\\:\\+\\~\\$]+.*")) {
                if (logger.isDebugEnabled()) {
                    logger.debug("Length: " + str + " " + (i - 1) + "\tComponent: " + split[i]);
                }
                return i - 1;
            }
        }
        if (logger.isDebugEnabled()) {
            logger.debug("Length [return]: " + str + " " + (split.length - 1));
        }
        return split.length - 1;
    }

    static {
        try {
            identifierURI = new URI(algId);
        } catch (URISyntaxException e) {
            earlyException = new IllegalArgumentException(e);
        }
    }
}
