package org.fcrepo.auth.xacml;

import java.net.URI;
import javax.jcr.Node;
import javax.jcr.RepositoryException;
import javax.xml.parsers.DocumentBuilderFactory;
import org.fcrepo.http.commons.session.SessionFactory;
import org.fcrepo.kernel.Datastream;
import org.fcrepo.kernel.services.DatastreamService;
import org.fcrepo.kernel.services.NodeService;
import org.jboss.security.xacml.sunxacml.AbstractPolicy;
import org.jboss.security.xacml.sunxacml.EvaluationCtx;
import org.jboss.security.xacml.sunxacml.MatchResult;
import org.jboss.security.xacml.sunxacml.Policy;
import org.jboss.security.xacml.sunxacml.PolicyMetaData;
import org.jboss.security.xacml.sunxacml.PolicySet;
import org.jboss.security.xacml.sunxacml.VersionConstraints;
import org.jboss.security.xacml.sunxacml.finder.PolicyFinder;
import org.jboss.security.xacml.sunxacml.finder.PolicyFinderModule;
import org.jboss.security.xacml.sunxacml.finder.PolicyFinderResult;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import org.w3c.dom.Document;
import org.w3c.dom.Element;

@Component("fedoraPolicyFinderModule")
/* loaded from: input_file:org/fcrepo/auth/xacml/FedoraPolicyFinderModule.class */
public class FedoraPolicyFinderModule extends PolicyFinderModule {
    private static final Logger LOGGER = LoggerFactory.getLogger(FedoraPolicyFinderModule.class);

    @Autowired
    private SessionFactory sessionFactory;

    @Autowired
    private DatastreamService datastreamService;

    @Autowired
    private NodeService nodeService;
    private PolicyFinder finder;

    public final boolean isRequestSupported() {
        return true;
    }

    public final boolean isIdReferenceSupported() {
        return true;
    }

    private AbstractPolicy getPolicy(Datastream datastream) {
        return loadPolicy(datastream);
    }

    private AbstractPolicy loadPolicy(Datastream datastream) {
        try {
            DocumentBuilderFactory newInstance = DocumentBuilderFactory.newInstance();
            newInstance.setIgnoringComments(true);
            newInstance.setNamespaceAware(true);
            newInstance.setValidating(false);
            Document parse = newInstance.newDocumentBuilder().parse(datastream.getContent());
            Element documentElement = parse.getDocumentElement();
            String tagName = documentElement.getTagName();
            PolicyUtil.getID(parse);
            if (tagName.equals("Policy")) {
                return Policy.getInstance(documentElement);
            }
            if (tagName.equals("PolicySet")) {
                return PolicySet.getInstance(documentElement, this.finder);
            }
            throw new Exception("Unknown root document type: " + tagName);
        } catch (Exception e) {
            LOGGER.error("Unable to parse policy from {}", "unparsed", e);
            return null;
        }
    }

    public final PolicyFinderResult findPolicy(EvaluationCtx evaluationCtx) {
        String obj = evaluationCtx.getResourceAttribute(URI.create("http://www.w3.org/2001/XMLSchema#string"), URIConstants.ATTRIBUTEID_RESOURCE_ID, (URI) null).getAttributeValue().getValue().toString();
        if ("".equals(obj.trim())) {
            obj = "/";
        }
        try {
            Node firstRealNode = PolicyUtil.getFirstRealNode(obj, this.sessionFactory.getInternalSession());
            while (firstRealNode != null && !firstRealNode.hasProperty(URIConstants.XACML_POLICY_PROPERTY)) {
                firstRealNode = firstRealNode.getParent();
            }
            if (null == firstRealNode) {
                return new PolicyFinderResult();
            }
            Datastream asDatastream = this.datastreamService.asDatastream(firstRealNode.getProperty(URIConstants.XACML_POLICY_PROPERTY).getNode());
            if (asDatastream == null) {
                return new PolicyFinderResult();
            }
            AbstractPolicy policy = getPolicy(asDatastream);
            MatchResult match = policy.match(evaluationCtx);
            int result = match.getResult();
            return result == 2 ? new PolicyFinderResult(match.getStatus()) : result == 0 ? new PolicyFinderResult(policy) : new PolicyFinderResult();
        } catch (RepositoryException e) {
            LOGGER.warn("Failed to retrieve a policy for {}", e, obj);
            return new PolicyFinderResult();
        }
    }

    public final PolicyFinderResult findPolicy(URI uri, int i, VersionConstraints versionConstraints, PolicyMetaData policyMetaData) {
        try {
            String uri2 = uri.toString();
            if (!uri2.startsWith(URIConstants.POLICY_URI_PREFIX)) {
                LOGGER.warn("Policy reference must begin with {}, but was {}", URIConstants.POLICY_URI_PREFIX, uri2);
                return new PolicyFinderResult();
            }
            return new PolicyFinderResult(getPolicy(this.datastreamService.getDatastream(this.sessionFactory.getInternalSession(), PolicyUtil.getPathForId(uri2))));
        } catch (RepositoryException e) {
            LOGGER.warn("Failed to retrieve a policy for " + uri.toString(), e);
            return new PolicyFinderResult();
        }
    }

    public void init(PolicyFinder policyFinder) {
        this.finder = policyFinder;
    }
}
