package edu.internet2.middleware.shibboleth.aa.arp;

import edu.internet2.middleware.shibboleth.aa.arp.ArpAttributeSet;
import edu.internet2.middleware.shibboleth.aa.arp.Rule;
import edu.internet2.middleware.shibboleth.idp.IdPConfig;
import edu.internet2.middleware.shibboleth.xml.Parser;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URL;
import java.security.Principal;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import org.apache.log4j.Logger;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.NodeList;

/* loaded from: input_file:edu/internet2/middleware/shibboleth/aa/arp/ArpEngine.class */
public class ArpEngine {
    private static Logger log;
    private ArpRepository repository;
    private static Map matchFunctions;
    static Class class$0;

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r1v2, types: [java.lang.Throwable] */
    static {
        Class<?> cls = class$0;
        if (cls == null) {
            try {
                cls = Class.forName("edu.internet2.middleware.shibboleth.aa.arp.ArpEngine");
                class$0 = cls;
            } catch (ClassNotFoundException unused) {
                throw new NoClassDefFoundError(cls.getMessage());
            }
        }
        log = Logger.getLogger(cls.getName());
        matchFunctions = Collections.synchronizedMap(new HashMap());
        try {
            matchFunctions.put(new URI("urn:mace:shibboleth:arp:matchFunction:regexMatch"), "edu.internet2.middleware.shibboleth.aa.arp.provider.RegexMatchFunction");
            matchFunctions.put(new URI("urn:mace:shibboleth:arp:matchFunction:regexNotMatch"), "edu.internet2.middleware.shibboleth.aa.arp.provider.RegexNotMatchFunction");
            matchFunctions.put(new URI("urn:mace:shibboleth:arp:matchFunction:stringMatch"), "edu.internet2.middleware.shibboleth.aa.arp.provider.StringValueMatchFunction");
            matchFunctions.put(new URI("urn:mace:shibboleth:arp:matchFunction:stringNotMatch"), "edu.internet2.middleware.shibboleth.aa.arp.provider.StringValueNotMatchFunction");
            matchFunctions.put(new URI("urn:mace:shibboleth:arp:matchFunction:exactShar"), "edu.internet2.middleware.shibboleth.aa.arp.provider.StringValueMatchFunction");
            matchFunctions.put(new URI("urn:mace:shibboleth:arp:matchFunction:resourceTree"), "edu.internet2.middleware.shibboleth.aa.arp.provider.ResourceTreeMatchFunction");
            matchFunctions.put(new URI("urn:mace:shibboleth:arp:matchFunction:stringValue"), "edu.internet2.middleware.shibboleth.aa.arp.provider.StringValueMatchFunction");
        } catch (URISyntaxException e) {
            log.error(new StringBuffer("Error mapping standard match functions: ").append(e).toString());
        }
    }

    public ArpEngine(Element element) throws ArpException {
        if (!element.getLocalName().equals("ReleasePolicyEngine")) {
            throw new IllegalArgumentException();
        }
        NodeList elementsByTagNameNS = element.getElementsByTagNameNS(IdPConfig.configNameSpace, "ArpRepository");
        if (elementsByTagNameNS.getLength() > 1) {
            log.warn("Encountered multiple <ArpRepository> configuration elements.  Arp Engine currently only supports one.  Using first...");
        }
        if (elementsByTagNameNS.getLength() == 0) {
            log.error("No <ArpRepsitory/> specified for this Arp Endine.");
            throw new ArpException("Could not start Arp Engine.");
        }
        try {
            this.repository = ArpRepositoryFactory.getInstance((Element) elementsByTagNameNS.item(0));
        } catch (ArpRepositoryException e) {
            log.error(new StringBuffer("Could not start Arp Engine: ").append(e).toString());
            throw new ArpException("Could not start Arp Engine.");
        }
    }

    public ArpEngine(ArpRepository arpRepository) throws ArpException {
        this.repository = arpRepository;
    }

    public ArpEngine() throws ArpException {
        DocumentBuilderFactory newInstance = DocumentBuilderFactory.newInstance();
        newInstance.setNamespaceAware(true);
        try {
            Document newDocument = newInstance.newDocumentBuilder().newDocument();
            Element createElementNS = newDocument.createElementNS(IdPConfig.configNameSpace, "ArpRepository");
            createElementNS.setAttributeNS(IdPConfig.configNameSpace, "implementation", "edu.internet2.middleware.shibboleth.aa.arp.provider.FileSystemArpRepository");
            Element createElementNS2 = newDocument.createElementNS(IdPConfig.configNameSpace, "Path");
            createElementNS2.appendChild(newDocument.createTextNode("/conf/arps/"));
            createElementNS.appendChild(createElementNS2);
            this.repository = ArpRepositoryFactory.getInstance(createElementNS);
        } catch (ArpRepositoryException e) {
            log.error(new StringBuffer("Could not start Arp Engine: ").append(e).toString());
            throw new ArpException("Could not start Arp Engine.");
        } catch (ParserConfigurationException e2) {
            log.error(new StringBuffer("Problem loading parser to create default Arp Engine configuration: ").append(e2).toString());
            throw new ArpException("Could not start Arp Engine.");
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v1, types: [java.util.Map] */
    /* JADX WARN: Type inference failed for: r0v2, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r0v6 */
    public static MatchFunction lookupMatchFunction(URI uri) throws ArpException {
        ?? r0 = matchFunctions;
        synchronized (r0) {
            String str = (String) matchFunctions.get(uri);
            r0 = r0;
            if (str == null) {
                return null;
            }
            try {
                Object newInstance = Class.forName(str).newInstance();
                if (newInstance instanceof MatchFunction) {
                    return (MatchFunction) newInstance;
                }
                log.error(new StringBuffer("Improperly specified match function, (").append(str).append(") is not a match function.").toString());
                throw new ArpException(new StringBuffer("Improperly specified match function, (").append(str).append(") is not a match function.").toString());
            } catch (Exception e) {
                log.error(new StringBuffer("Could not load Match Function: (").append(str).append("): ").append(e).toString());
                throw new ArpException("Could not load Match Function.");
            }
        }
    }

    private Arp createEffectiveArp(Principal principal, String str, URL url) throws ArpProcessingException {
        try {
            Arp arp = new Arp(principal);
            arp.setDescription("Effective ARP.");
            Arp[] allPolicies = this.repository.getAllPolicies(principal);
            if (log.isDebugEnabled()) {
                log.debug(new StringBuffer("Creating effective ARP from (").append(allPolicies.length).append(") polic(y|ies).").toString());
                for (int i = 0; allPolicies.length > i; i++) {
                    try {
                        log.debug(new StringBuffer("Dumping ARP:").append(System.getProperty("line.separator")).append(Parser.serialize(allPolicies[i].unmarshall())).toString());
                    } catch (Exception e) {
                        log.error("Encountered a strange error while writing ARP debug messages.  This should never happen.");
                    }
                }
            }
            for (int i2 = 0; allPolicies.length > i2; i2++) {
                Rule[] matchingRules = allPolicies[i2].getMatchingRules(str, url);
                for (int i3 = 0; matchingRules.length > i3; i3++) {
                    arp.addRule(matchingRules[i3]);
                }
            }
            return arp;
        } catch (ArpRepositoryException e2) {
            log.error(new StringBuffer("Error creating effective policy: ").append(e2).toString());
            throw new ArpProcessingException("Error creating effective policy.");
        }
    }

    public URI[] listPossibleReleaseAttributes(Principal principal, String str, URL url) throws ArpProcessingException {
        HashSet hashSet = new HashSet();
        HashSet hashSet2 = new HashSet();
        Rule[] allRules = createEffectiveArp(principal, str, url).getAllRules();
        for (int i = 0; allRules.length > i; i++) {
            Rule.Attribute[] attributes = allRules[i].getAttributes();
            for (int i2 = 0; attributes.length > i2; i2++) {
                if (attributes[i2].releaseAnyValue()) {
                    hashSet.add(attributes[i2].getName());
                } else if (attributes[i2].denyAnyValue()) {
                    hashSet2.add(attributes[i2].getName());
                } else {
                    Rule.AttributeValue[] values = attributes[i2].getValues();
                    int i3 = 0;
                    while (true) {
                        if (values.length > i3) {
                            if (values[i3].getRelease().equals("permit")) {
                                hashSet.add(attributes[i2].getName());
                                break;
                            }
                            i3++;
                        }
                    }
                }
            }
        }
        hashSet.removeAll(hashSet2);
        if (log.isDebugEnabled()) {
            log.debug("Computed possible attribute release set.");
            Iterator it = hashSet.iterator();
            while (it.hasNext()) {
                log.debug(new StringBuffer("Possible attribute: ").append(it.next().toString()).toString());
            }
        }
        return (URI[]) hashSet.toArray(new URI[0]);
    }

    public void filterAttributes(ArpAttributeSet arpAttributeSet, Principal principal, String str, URL url) throws ArpProcessingException {
        if (!arpAttributeSet.arpAttributeIterator().hasNext()) {
            log.debug("ARP Engine was asked to apply filter to empty attribute set.");
            return;
        }
        log.info("Applying Attribute Release Policies.");
        if (log.isDebugEnabled()) {
            log.debug("Processing the following attributes:");
            ArpAttributeSet.ArpAttributeIterator arpAttributeIterator = arpAttributeSet.arpAttributeIterator();
            while (arpAttributeIterator.hasNext()) {
                log.debug(new StringBuffer("Attribute: (").append(arpAttributeIterator.nextArpAttribute().getName()).append(")").toString());
            }
        }
        HashSet hashSet = new HashSet();
        ArpAttributeSet.ArpAttributeIterator arpAttributeIterator2 = arpAttributeSet.arpAttributeIterator();
        while (arpAttributeIterator2.hasNext()) {
            hashSet.add(arpAttributeIterator2.nextArpAttribute().getName());
        }
        Rule[] allRules = createEffectiveArp(principal, str, url).getAllRules();
        HashSet hashSet2 = new HashSet();
        for (int i = 0; allRules.length > i; i++) {
            Rule.Attribute[] attributes = allRules[i].getAttributes();
            for (int i2 = 0; attributes.length > i2; i2++) {
                if (hashSet.contains(attributes[i2].getName().toString())) {
                    hashSet2.add(attributes[i2]);
                }
            }
        }
        Map createCanonicalAttributeSpec = createCanonicalAttributeSpec((Rule.Attribute[]) hashSet2.toArray(new Rule.Attribute[0]));
        ArpAttributeSet.ArpAttributeIterator arpAttributeIterator3 = arpAttributeSet.arpAttributeIterator();
        while (arpAttributeIterator3.hasNext()) {
            ArpAttribute nextArpAttribute = arpAttributeIterator3.nextArpAttribute();
            Rule.Attribute attribute = (Rule.Attribute) createCanonicalAttributeSpec.get(nextArpAttribute.getName());
            if (attribute == null) {
                arpAttributeIterator3.remove();
            } else if (attribute.denyAnyValue()) {
                arpAttributeIterator3.remove();
            } else if (!attribute.releaseAnyValue() || attribute.getValues().length != 0) {
                ArrayList arrayList = new ArrayList();
                Iterator values = nextArpAttribute.getValues();
                while (values.hasNext()) {
                    Object next = values.next();
                    if (attribute.isValuePermitted(next)) {
                        arrayList.add(next);
                    }
                }
                if (arrayList.isEmpty()) {
                    arpAttributeIterator3.remove();
                } else {
                    nextArpAttribute.setValues(arrayList.toArray(new Object[0]));
                }
            }
        }
    }

    private Map createCanonicalAttributeSpec(Rule.Attribute[] attributeArr) {
        HashMap hashMap = new HashMap();
        for (int i = 0; attributeArr.length > i; i++) {
            if (!hashMap.containsKey(attributeArr[i].getName().toString())) {
                hashMap.put(attributeArr[i].getName().toString(), attributeArr[i]);
            } else if (!((Rule.Attribute) hashMap.get(attributeArr[i].getName().toString())).denyAnyValue()) {
                if (attributeArr[i].denyAnyValue()) {
                    ((Rule.Attribute) hashMap.get(attributeArr[i].getName().toString())).setAnyValueDeny(true);
                } else {
                    if (attributeArr[i].releaseAnyValue()) {
                        ((Rule.Attribute) hashMap.get(attributeArr[i].getName().toString())).setAnyValuePermit(true);
                    }
                    Rule.AttributeValue[] values = attributeArr[i].getValues();
                    for (int i2 = 0; values.length > i2; i2++) {
                        ((Rule.Attribute) hashMap.get(attributeArr[i].getName().toString())).addValue(values[i2]);
                    }
                }
            }
        }
        return hashMap;
    }

    public void destroy() {
        this.repository.destroy();
    }
}
