package com.mobi.security.policy.impl.xacml;

import aQute.bnd.annotation.component.Activate;
import aQute.bnd.annotation.component.Component;
import aQute.bnd.annotation.component.Reference;
import com.mobi.rdf.api.IRI;
import com.mobi.rdf.api.Literal;
import com.mobi.rdf.api.ValueFactory;
import com.mobi.security.policy.api.PDP;
import com.mobi.security.policy.api.PIP;
import com.mobi.security.policy.api.Request;
import com.mobi.security.policy.api.Response;
import com.mobi.security.policy.api.xacml.XACMLResponse;
import com.mobi.security.policy.api.xacml.jaxb.ObjectFactory;
import com.mobi.security.policy.impl.xacml.BalanaRequest;
import java.time.OffsetDateTime;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.xml.bind.JAXBContext;
import org.wso2.balana.Balana;
import org.wso2.balana.PDPConfig;
import org.wso2.balana.combine.PolicyCombiningAlgorithm;
import org.wso2.balana.combine.xacml2.FirstApplicablePolicyAlg;
import org.wso2.balana.combine.xacml2.OnlyOneApplicablePolicyAlg;
import org.wso2.balana.combine.xacml3.DenyOverridesPolicyAlg;
import org.wso2.balana.combine.xacml3.DenyUnlessPermitPolicyAlg;
import org.wso2.balana.combine.xacml3.OrderedDenyOverridesPolicyAlg;
import org.wso2.balana.combine.xacml3.OrderedPermitOverridesPolicyAlg;
import org.wso2.balana.combine.xacml3.PermitOverridesPolicyAlg;
import org.wso2.balana.combine.xacml3.PermitUnlessDenyPolicyAlg;
import org.wso2.balana.ctx.Attribute;
import org.wso2.balana.ctx.ResponseCtx;
import org.wso2.balana.ctx.xacml3.Result;
import org.wso2.balana.finder.AttributeFinder;
import org.wso2.balana.finder.PolicyFinder;
import org.wso2.balana.finder.ResourceFinder;
import org.wso2.balana.xacml3.Attributes;

@Component(immediate = true, provide = {PDP.class, BalanaPDP.class})
/* loaded from: input_file:com/mobi/security/policy/impl/xacml/BalanaPDP.class */
public class BalanaPDP implements PDP {
    private Set<PIP> pips = new HashSet();
    private BalanaPRP balanaPRP;
    private ValueFactory vf;
    private Balana balana;
    protected JAXBContext jaxbContext;

    @Activate
    public void setUp() throws Exception {
        this.balana = Balana.getInstance();
        this.jaxbContext = JAXBContext.newInstance("com.mobi.security.policy.api.xacml.jaxb", ObjectFactory.class.getClassLoader());
    }

    @Reference(type = '*', dynamic = true)
    void addPIP(PIP pip) {
        this.pips.add(pip);
    }

    void removePIP(PIP pip) {
        this.pips.remove(pip);
    }

    @Reference
    void setBalanaPRP(BalanaPRP balanaPRP) {
        this.balanaPRP = balanaPRP;
    }

    @Reference
    void setVf(ValueFactory valueFactory) {
        this.vf = valueFactory;
    }

    @Override // com.mobi.security.policy.api.PDP
    public Request createRequest(List<IRI> list, Map<String, Literal> map, List<IRI> list2, Map<String, Literal> map2, List<IRI> list3, Map<String, Literal> map3) {
        BalanaRequest.Builder builder = new BalanaRequest.Builder(list, list2, list3, OffsetDateTime.now(), this.vf, this.jaxbContext);
        if (map != null) {
            map.forEach((str, literal) -> {
                if (literal != null) {
                    builder.addSubjectAttr(str, literal);
                }
            });
        }
        if (map2 != null) {
            map2.forEach((str2, literal2) -> {
                if (literal2 != null) {
                    builder.addResourceAttr(str2, literal2);
                }
            });
        }
        if (map3 != null) {
            map3.forEach((str3, literal3) -> {
                if (literal3 != null) {
                    builder.addActionAttr(str3, literal3);
                }
            });
        }
        return builder.m4build();
    }

    @Override // com.mobi.security.policy.api.PDP
    public Response evaluate(Request request) {
        return evaluate(request, this.vf.createIRI("urn:oasis:names:tc:xacml:3.0:policy-combining-algorithm:deny-overrides"));
    }

    @Override // com.mobi.security.policy.api.PDP
    public Set<String> filter(Request request, IRI iri) {
        ResponseCtx evaluateReturnResponseCtx = getPDP(iri, true).evaluateReturnResponseCtx(getRequest(request).toString());
        HashSet hashSet = new HashSet();
        for (Result result : evaluateReturnResponseCtx.getResults()) {
            if (0 == result.getDecision() || 3 == result.getDecision()) {
                for (Attributes attributes : result.getAttributes()) {
                    if (attributes.getCategory().toString().equals("urn:oasis:names:tc:xacml:3.0:attribute-category:resource")) {
                        Iterator it = attributes.getAttributes().iterator();
                        while (it.hasNext()) {
                            hashSet.add(((Attribute) it.next()).getValue().encode());
                        }
                    }
                }
            }
        }
        return hashSet;
    }

    @Override // com.mobi.security.policy.api.PDP
    public Response evaluate(Request request, IRI iri) {
        return new XACMLResponse(getPDP(iri, false).evaluate(getRequest(request).toString()), this.vf, this.jaxbContext);
    }

    private org.wso2.balana.PDP getPDP(IRI iri, boolean z) {
        PDPConfig pdpConfig = this.balana.getPdpConfig();
        PolicyFinder policyFinder = new PolicyFinder();
        HashSet hashSet = new HashSet();
        hashSet.add(this.balanaPRP);
        policyFinder.setModules(hashSet);
        AttributeFinder attributeFinder = new AttributeFinder();
        ArrayList arrayList = new ArrayList(pdpConfig.getAttributeFinder().getModules());
        this.pips.forEach(pip -> {
            arrayList.add(new MobiAttributeFinder(this.vf, pip, this.jaxbContext));
        });
        attributeFinder.setModules(arrayList);
        PDPConfig pDPConfig = new PDPConfig(attributeFinder, policyFinder, (ResourceFinder) null, z);
        this.balanaPRP.setPDPConfig(pDPConfig);
        this.balanaPRP.setCombiningAlg(getAlgorithm(iri));
        return new org.wso2.balana.PDP(pDPConfig);
    }

    /* JADX WARN: Multi-variable type inference failed */
    private BalanaRequest getRequest(Request request) {
        if (request instanceof BalanaRequest) {
            return (BalanaRequest) request;
        }
        BalanaRequest.Builder builder = new BalanaRequest.Builder(request.getSubjectIds(), request.getResourceIds(), request.getActionIds(), request.getRequestTime(), this.vf, this.jaxbContext);
        Map<String, Literal> subjectAttrs = request.getSubjectAttrs();
        builder.getClass();
        subjectAttrs.forEach(builder::addSubjectAttr);
        Map<String, Literal> resourceAttrs = request.getResourceAttrs();
        builder.getClass();
        resourceAttrs.forEach(builder::addResourceAttr);
        Map<String, Literal> actionAttrs = request.getActionAttrs();
        builder.getClass();
        actionAttrs.forEach(builder::addActionAttr);
        return builder.m4build();
    }

    private PolicyCombiningAlgorithm getAlgorithm(IRI iri) {
        String stringValue = iri.stringValue();
        boolean z = -1;
        switch (stringValue.hashCode()) {
            case -1578071414:
                if (stringValue.equals("urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:first-applicable")) {
                    z = 6;
                    break;
                }
                break;
            case -1080107835:
                if (stringValue.equals("urn:oasis:names:tc:xacml:3.0:policy-combining-algorithm:deny-unless-permit")) {
                    z = true;
                    break;
                }
                break;
            case -771316778:
                if (stringValue.equals("urn:oasis:names:tc:xacml:3.0:policy-combining-algorithm:deny-overrides")) {
                    z = false;
                    break;
                }
                break;
            case -733183175:
                if (stringValue.equals("urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:only-one-applicable")) {
                    z = 7;
                    break;
                }
                break;
            case -482863931:
                if (stringValue.equals("urn:oasis:names:tc:xacml:3.0:policy-combining-algorithm:permit-unless-deny")) {
                    z = 5;
                    break;
                }
                break;
            case 786552613:
                if (stringValue.equals("urn:oasis:names:tc:xacml:3.0:policy-combining-algorithm:permit-overrides")) {
                    z = 4;
                    break;
                }
                break;
            case 1026072886:
                if (stringValue.equals("urn:oasis:names:tc:xacml:3.0:policy-combining-algorithm:ordered-deny-overrides")) {
                    z = 2;
                    break;
                }
                break;
            case 1501166725:
                if (stringValue.equals("urn:oasis:names:tc:xacml:3.0:policy-combining-algorithm:ordered-permit-overrides")) {
                    z = 3;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                return new DenyOverridesPolicyAlg();
            case true:
                return new DenyUnlessPermitPolicyAlg();
            case true:
                return new OrderedDenyOverridesPolicyAlg();
            case true:
                return new OrderedPermitOverridesPolicyAlg();
            case true:
                return new PermitOverridesPolicyAlg();
            case true:
                return new PermitUnlessDenyPolicyAlg();
            case true:
                return new FirstApplicablePolicyAlg();
            case true:
                return new OnlyOneApplicablePolicyAlg();
            default:
                throw new IllegalArgumentException("Policy algorithm " + iri + " not supported");
        }
    }
}
