package org.opencastproject.authorization.xacml;

import java.io.InputStream;
import java.io.StringWriter;
import java.util.Iterator;
import java.util.List;
import javax.xml.bind.JAXBContext;
import javax.xml.bind.JAXBElement;
import javax.xml.bind.JAXBException;
import org.jboss.security.xacml.core.model.policy.ActionMatchType;
import org.jboss.security.xacml.core.model.policy.ActionType;
import org.jboss.security.xacml.core.model.policy.ActionsType;
import org.jboss.security.xacml.core.model.policy.ApplyType;
import org.jboss.security.xacml.core.model.policy.AttributeDesignatorType;
import org.jboss.security.xacml.core.model.policy.AttributeValueType;
import org.jboss.security.xacml.core.model.policy.ConditionType;
import org.jboss.security.xacml.core.model.policy.EffectType;
import org.jboss.security.xacml.core.model.policy.ObjectFactory;
import org.jboss.security.xacml.core.model.policy.PolicyType;
import org.jboss.security.xacml.core.model.policy.ResourceMatchType;
import org.jboss.security.xacml.core.model.policy.ResourceType;
import org.jboss.security.xacml.core.model.policy.ResourcesType;
import org.jboss.security.xacml.core.model.policy.RuleType;
import org.jboss.security.xacml.core.model.policy.SubjectAttributeDesignatorType;
import org.jboss.security.xacml.core.model.policy.TargetType;
import org.opencastproject.mediapackage.MediaPackage;
import org.opencastproject.security.api.AccessControlEntry;
import org.opencastproject.security.api.AccessControlList;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/opencastproject/authorization/xacml/XACMLUtils.class */
public final class XACMLUtils {
    public static final String RULE_COMBINING_ALG = "urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:permit-overrides";
    public static final String ACTION_IDENTIFIER = "urn:oasis:names:tc:xacml:1.0:action:action-id";
    public static final String RESOURCE_IDENTIFIER = "urn:oasis:names:tc:xacml:1.0:resource:resource-id";
    public static final String SUBJECT_IDENTIFIER = "urn:oasis:names:tc:xacml:1.0:subject:subject-id";
    public static final String SUBJECT_ROLE_IDENTIFIER = "urn:oasis:names:tc:xacml:2.0:subject:role";
    public static final String XACML_STRING_EQUAL = "urn:oasis:names:tc:xacml:1.0:function:string-equal";
    public static final String XACML_STRING_IS_IN = "urn:oasis:names:tc:xacml:1.0:function:string-is-in";
    public static final String W3C_STRING = "http://www.w3.org/2001/XMLSchema#string";
    public static final String ISSUER = "matterhorn";
    protected static JAXBContext jBossXacmlJaxbContext;
    private static final Logger logger = LoggerFactory.getLogger(XACMLUtils.class);

    private XACMLUtils() {
    }

    public static AccessControlList parseXacml(InputStream inputStream) throws XACMLParsingException {
        try {
            AccessControlList accessControlList = new AccessControlList();
            List entries = accessControlList.getEntries();
            PolicyType policyType = (PolicyType) ((JAXBElement) jBossXacmlJaxbContext.createUnmarshaller().unmarshal(inputStream)).getValue();
            for (Object obj : policyType.getCombinerParametersOrRuleCombinerParametersOrVariableDefinition()) {
                if (!(obj instanceof RuleType)) {
                    throw new XACMLParsingException("Object " + obj + " of policy " + policyType + " is not of type RuleType");
                }
                RuleType ruleType = (RuleType) obj;
                if (ruleType.getTarget() != null) {
                    String str = null;
                    try {
                        String str2 = (String) ruleType.getTarget().getActions().getAction().get(0).getActionMatch().get(0).getAttributeValue().getContent().get(0);
                        Iterator<JAXBElement<?>> it = ((ApplyType) ruleType.getCondition().getExpression().getValue()).getExpression().iterator();
                        while (true) {
                            if (!it.hasNext()) {
                                break;
                            }
                            JAXBElement<?> next = it.next();
                            if (next.getValue() instanceof AttributeValueType) {
                                str = (String) ((AttributeValueType) next.getValue()).getContent().get(0);
                                break;
                            }
                        }
                        if (str == null) {
                            throw new XACMLParsingException("Unable to find role in rule " + ruleType + " of policy " + policyType);
                        }
                        entries.add(new AccessControlEntry(str, str2, ruleType.getEffect().equals(EffectType.PERMIT)));
                    } catch (Exception e) {
                        throw new XACMLParsingException("Rule " + ruleType + " of policy " + policyType + " could not be parsed", e);
                    }
                } else {
                    if (!ruleType.getRuleId().equals("DenyRule")) {
                        throw new XACMLParsingException("Empty rule " + ruleType + " in policy " + policyType);
                    }
                    logger.trace("Skipping global deny rule");
                }
            }
            return accessControlList;
        } catch (Exception e2) {
            if (e2 instanceof XACMLParsingException) {
                throw ((XACMLParsingException) e2);
            }
            throw new XACMLParsingException("XACML could not be parsed", e2);
        }
    }

    public static String getXacml(MediaPackage mediaPackage, AccessControlList accessControlList) throws JAXBException {
        ObjectFactory objectFactory = new ObjectFactory();
        PolicyType policyType = new PolicyType();
        policyType.setPolicyId(mediaPackage.getIdentifier().toString());
        policyType.setVersion("2.0");
        policyType.setRuleCombiningAlgId("urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:permit-overrides");
        TargetType targetType = new TargetType();
        ResourcesType resourcesType = new ResourcesType();
        ResourceType resourceType = new ResourceType();
        ResourceMatchType resourceMatchType = new ResourceMatchType();
        resourceMatchType.setMatchId("urn:oasis:names:tc:xacml:1.0:function:string-equal");
        AttributeValueType attributeValueType = new AttributeValueType();
        attributeValueType.setDataType("http://www.w3.org/2001/XMLSchema#string");
        attributeValueType.getContent().add(mediaPackage.getIdentifier().toString());
        AttributeDesignatorType attributeDesignatorType = new AttributeDesignatorType();
        attributeDesignatorType.setAttributeId("urn:oasis:names:tc:xacml:1.0:resource:resource-id");
        attributeDesignatorType.setDataType("http://www.w3.org/2001/XMLSchema#string");
        resourceMatchType.setResourceAttributeDesignator(attributeDesignatorType);
        resourceMatchType.setAttributeValue(attributeValueType);
        resourceType.getResourceMatch().add(resourceMatchType);
        resourcesType.getResource().add(resourceType);
        targetType.setResources(resourcesType);
        policyType.setTarget(targetType);
        for (AccessControlEntry accessControlEntry : accessControlList.getEntries()) {
            boolean isAllow = accessControlEntry.isAllow();
            RuleType ruleType = new RuleType();
            ruleType.setRuleId(accessControlEntry.getRole() + "_" + accessControlEntry.getAction() + (isAllow ? "_Permit" : "_Deny"));
            if (isAllow) {
                ruleType.setEffect(EffectType.PERMIT);
            } else {
                ruleType.setEffect(EffectType.DENY);
            }
            TargetType targetType2 = new TargetType();
            ActionsType actionsType = new ActionsType();
            ActionType actionType = new ActionType();
            ActionMatchType actionMatchType = new ActionMatchType();
            actionMatchType.setMatchId("urn:oasis:names:tc:xacml:1.0:function:string-equal");
            AttributeValueType attributeValueType2 = new AttributeValueType();
            attributeValueType2.setDataType("http://www.w3.org/2001/XMLSchema#string");
            attributeValueType2.getContent().add(accessControlEntry.getAction());
            AttributeDesignatorType attributeDesignatorType2 = new AttributeDesignatorType();
            attributeDesignatorType2.setAttributeId("urn:oasis:names:tc:xacml:1.0:action:action-id");
            attributeDesignatorType2.setDataType("http://www.w3.org/2001/XMLSchema#string");
            actionMatchType.setActionAttributeDesignator(attributeDesignatorType2);
            actionMatchType.setAttributeValue(attributeValueType2);
            actionType.getActionMatch().add(actionMatchType);
            actionsType.getAction().add(actionType);
            targetType2.setActions(actionsType);
            ruleType.setTarget(targetType2);
            ConditionType conditionType = new ConditionType();
            ApplyType applyType = new ApplyType();
            applyType.setFunctionId("urn:oasis:names:tc:xacml:1.0:function:string-is-in");
            AttributeValueType attributeValueType3 = new AttributeValueType();
            attributeValueType3.setDataType("http://www.w3.org/2001/XMLSchema#string");
            attributeValueType3.getContent().add(accessControlEntry.getRole());
            SubjectAttributeDesignatorType subjectAttributeDesignatorType = new SubjectAttributeDesignatorType();
            subjectAttributeDesignatorType.setDataType("http://www.w3.org/2001/XMLSchema#string");
            subjectAttributeDesignatorType.setAttributeId("urn:oasis:names:tc:xacml:2.0:subject:role");
            applyType.getExpression().add(objectFactory.createAttributeValue(attributeValueType3));
            applyType.getExpression().add(objectFactory.createSubjectAttributeDesignator(subjectAttributeDesignatorType));
            conditionType.setExpression(objectFactory.createApply(applyType));
            ruleType.setCondition(conditionType);
            policyType.getCombinerParametersOrRuleCombinerParametersOrVariableDefinition().add(ruleType);
        }
        RuleType ruleType2 = new RuleType();
        ruleType2.setEffect(EffectType.DENY);
        ruleType2.setRuleId("DenyRule");
        policyType.getCombinerParametersOrRuleCombinerParametersOrVariableDefinition().add(ruleType2);
        StringWriter stringWriter = new StringWriter();
        jBossXacmlJaxbContext.createMarshaller().marshal(objectFactory.createPolicy(policyType), stringWriter);
        return stringWriter.getBuffer().toString();
    }

    static {
        try {
            jBossXacmlJaxbContext = JAXBContext.newInstance("org.jboss.security.xacml.core.model.policy", PolicyType.class.getClassLoader());
        } catch (JAXBException e) {
            throw new RuntimeException((Throwable) e);
        }
    }
}
