package org.fcrepo.auth.xacml;

import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.Principal;
import java.util.Iterator;
import java.util.Set;
import javax.annotation.PostConstruct;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.servlet.http.HttpServletRequest;
import org.fcrepo.auth.roles.common.AbstractRolesAuthorizationDelegate;
import org.fcrepo.auth.roles.common.AccessRolesProvider;
import org.fcrepo.http.commons.session.SessionFactory;
import org.fcrepo.kernel.services.NodeService;
import org.jboss.security.xacml.sunxacml.EvaluationCtx;
import org.jboss.security.xacml.sunxacml.PDP;
import org.jboss.security.xacml.sunxacml.ctx.Result;
import org.jboss.security.xacml.sunxacml.finder.impl.CurrentEnvModule;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

@Component("fad")
/* loaded from: input_file:org/fcrepo/auth/xacml/XACMLAuthorizationDelegate.class */
public class XACMLAuthorizationDelegate extends AbstractRolesAuthorizationDelegate {
    private static final Logger LOGGER = LoggerFactory.getLogger(XACMLAuthorizationDelegate.class);
    private static final String SUBJECT_ATTRIBUTE_FINDER_BEAN = "subjectAttributeFinderModule";
    private static final String ENVIRONMENT_ATTRIBUTE_FINDER_BEAN = "environmentAttributeFinderModule";

    @Autowired
    private PDPFactory pdpFactory;
    private PDP pdp = null;
    private CurrentEnvModule currentEnvironmentAttributeModule = new CurrentEnvModule();

    @Autowired
    private TripleAttributeFinderModule tripleResourceAttributeFinderModule;

    @Autowired
    private SparqlResourceAttributeFinderModule sparqlResourceAttributeFinderModule;

    @Autowired
    private AccessRolesProvider accessRolesProvider;

    @Autowired
    private SessionFactory sessionFactory;

    @Autowired
    private NodeService nodeService;

    @PostConstruct
    public final void init() throws RepositoryException, IOException {
        this.pdp = this.pdpFactory.makePDP();
        if (this.pdp == null) {
            throw new Error("There is no PDP wired by the factory in the Spring context.");
        }
    }

    public boolean rolesHavePermission(Session session, String str, String[] strArr, Set<String> set) {
        Throwable th;
        boolean z = true;
        Iterator it = this.pdp.evaluate(buildEvaluationContext(session, str, strArr, set)).getResults().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            Result result = (Result) it.next();
            if (LOGGER.isDebugEnabled()) {
                try {
                    ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                    Throwable th2 = null;
                    try {
                        try {
                            result.encode(byteArrayOutputStream);
                            LOGGER.debug("ResponseCtx dump:\n{}", byteArrayOutputStream.toString("utf-8"));
                            if (byteArrayOutputStream != null) {
                                if (0 != 0) {
                                    try {
                                        byteArrayOutputStream.close();
                                    } catch (Throwable th3) {
                                        th2.addSuppressed(th3);
                                    }
                                } else {
                                    byteArrayOutputStream.close();
                                }
                            }
                        } finally {
                            if (byteArrayOutputStream == null) {
                                break;
                            }
                            if (th == null) {
                                break;
                            }
                            try {
                                break;
                            } catch (Throwable th4) {
                            }
                        }
                    } catch (Throwable th5) {
                        th2 = th5;
                        throw th5;
                        break;
                    }
                } catch (IOException e) {
                    LOGGER.info("Cannot print response context", e);
                }
            }
            if (0 != result.getDecision()) {
                z = false;
                break;
            }
        }
        return z;
    }

    private EvaluationCtx buildEvaluationContext(Session session, String str, String[] strArr, Set<String> set) {
        FedoraEvaluationCtxBuilder fedoraEvaluationCtxBuilder = new FedoraEvaluationCtxBuilder();
        fedoraEvaluationCtxBuilder.addFinderModule(this.currentEnvironmentAttributeModule);
        fedoraEvaluationCtxBuilder.addFinderModule(this.sparqlResourceAttributeFinderModule);
        fedoraEvaluationCtxBuilder.addFinderModule(this.tripleResourceAttributeFinderModule);
        LOGGER.debug("effective roles: {}", set);
        Principal principal = (Principal) session.getAttribute("fedora-user-principal");
        fedoraEvaluationCtxBuilder.addSubject(principal.getName(), set);
        fedoraEvaluationCtxBuilder.addResourceID(str);
        fedoraEvaluationCtxBuilder.addWorkspace(session.getWorkspace().getName());
        fedoraEvaluationCtxBuilder.addActions(strArr);
        fedoraEvaluationCtxBuilder.addOriginalRequestIP(((HttpServletRequest) session.getAttribute("fedora-servlet-request")).getRemoteAddr());
        Set<Principal> set2 = (Set) session.getAttribute("fedora-all-principals");
        LOGGER.debug("effective groups: {}", set2);
        fedoraEvaluationCtxBuilder.addGroups(principal, set2);
        return fedoraEvaluationCtxBuilder.build();
    }
}
