package org.exist.security.xacml;

import com.sun.xacml.AbstractPolicy;
import com.sun.xacml.Indenter;
import com.sun.xacml.ParsingException;
import com.sun.xacml.Policy;
import com.sun.xacml.PolicySet;
import com.sun.xacml.PolicyTreeElement;
import com.sun.xacml.ProcessingException;
import com.sun.xacml.Target;
import com.sun.xacml.cond.Apply;
import com.sun.xacml.ctx.Status;
import com.sun.xacml.finder.PolicyFinderResult;
import java.io.CharArrayWriter;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.net.URI;
import java.net.URL;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import orbeon.apache.xml.serializer.SerializerConstants;
import org.apache.log4j.Logger;
import org.exist.EXistException;
import org.exist.collections.Collection;
import org.exist.dom.DefaultDocumentSet;
import org.exist.dom.DocumentImpl;
import org.exist.dom.DocumentSet;
import org.exist.dom.NodeSet;
import org.exist.dom.QName;
import org.exist.dom.StoredNode;
import org.exist.external.org.apache.commons.io.output.ByteArrayOutputStream;
import org.exist.numbering.NodeId;
import org.exist.security.PermissionDeniedException;
import org.exist.security.XMLSecurityManager;
import org.exist.storage.DBBroker;
import org.exist.storage.UpdateListener;
import org.exist.storage.txn.TransactionManager;
import org.exist.storage.txn.Txn;
import org.exist.xmldb.XmldbURI;
import org.exist.xquery.XPathException;
import org.exist.xquery.value.AnyURIValue;
import org.icepdf.core.util.PdfOps;
import org.w3c.dom.Document;
import org.w3c.dom.Element;

/* loaded from: input_file:WEB-INF/lib/exist-1_4_1_dev_orbeon_20110104.jar:org/exist/security/xacml/XACMLUtil.class */
public class XACMLUtil implements UpdateListener {
    private static final Logger LOG = Logger.getLogger(ExistPolicyModule.class);
    private static final Map POLICY_CACHE = Collections.synchronizedMap(new HashMap(8));
    private static final XmldbURI[] samplePolicyDocs = {XmldbURI.create("policies/main_modules_policy.xml"), XmldbURI.create("policies/builtin_policy.xml"), XmldbURI.create("policies/external_modules_policy.xml"), XmldbURI.create("policies/reflection_policy.xml")};
    private ExistPDP pdp;

    private XACMLUtil() {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public XACMLUtil(ExistPDP existPDP) {
        if (existPDP == null) {
            throw new NullPointerException("ExistPDP cannot be null");
        }
        this.pdp = existPDP;
        existPDP.getBrokerPool().getNotificationService().subscribe(this);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void initializePolicyCollection() {
        DBBroker dBBroker = null;
        try {
            try {
                dBBroker = this.pdp.getBrokerPool().get(XMLSecurityManager.SYSTEM_USER);
                initializePolicyCollection(dBBroker);
                this.pdp.getBrokerPool().release(dBBroker);
            } catch (EXistException e) {
                LOG.error("Could not get broker pool to initialize policy collection", e);
                this.pdp.getBrokerPool().release(dBBroker);
            }
        } catch (Throwable th) {
            this.pdp.getBrokerPool().release(dBBroker);
            throw th;
        }
    }

    private void initializePolicyCollection(DBBroker dBBroker) {
        Collection policyCollection = getPolicyCollection(dBBroker);
        if (policyCollection != null && policyCollection.getDocumentCount() == 0) {
            Boolean bool = (Boolean) dBBroker.getConfiguration().getProperty(XACMLConstants.LOAD_DEFAULT_POLICIES_PROPERTY);
            if (bool == null || bool.booleanValue()) {
                storeDefaultPolicies(dBBroker);
            }
        }
    }

    @Override // org.exist.storage.UpdateListener
    public void documentUpdated(DocumentImpl documentImpl, int i) {
        if (inPolicyCollection(documentImpl)) {
            if (i == 2 || i == 1) {
                POLICY_CACHE.remove(documentImpl.getURI());
            }
        }
    }

    @Override // org.exist.storage.UpdateListener
    public void nodeMoved(NodeId nodeId, StoredNode storedNode) {
    }

    @Override // org.exist.storage.UpdateListener
    public void unsubscribe() {
    }

    public static boolean inPolicyCollection(DocumentImpl documentImpl) {
        return XACMLConstants.POLICY_COLLECTION.equals(documentImpl.getCollection().getURI());
    }

    public void close() {
        this.pdp.getBrokerPool().getNotificationService().unsubscribe(this);
    }

    public AbstractPolicy findPolicy(DBBroker dBBroker, URI uri, int i) throws ParsingException, ProcessingException, XPathException {
        QName idAttributeQName = getIdAttributeQName(i);
        if (idAttributeQName == null) {
            throw new NullPointerException("Invalid reference type: " + i);
        }
        DocumentImpl policyDocument = getPolicyDocument(dBBroker, idAttributeQName, uri);
        if (policyDocument == null) {
            return null;
        }
        return getPolicyDocument(policyDocument);
    }

    public static DocumentSet getPolicyDocuments(DBBroker dBBroker, boolean z) {
        int documentCount;
        Collection policyCollection = getPolicyCollection(dBBroker);
        if (policyCollection == null || (documentCount = policyCollection.getDocumentCount()) == 0) {
            return null;
        }
        return policyCollection.allDocs(dBBroker, new DefaultDocumentSet(documentCount), z, false);
    }

    public static Collection getPolicyCollection(DBBroker dBBroker) {
        Collection collection = dBBroker.getCollection(XACMLConstants.POLICY_COLLECTION_URI);
        if (collection == null) {
            TransactionManager transactionManager = dBBroker.getBrokerPool().getTransactionManager();
            Txn beginTransaction = transactionManager.beginTransaction();
            try {
                collection = dBBroker.getOrCreateCollection(beginTransaction, XACMLConstants.POLICY_COLLECTION_URI);
                dBBroker.saveCollection(beginTransaction, collection);
                transactionManager.commit(beginTransaction);
            } catch (IOException e) {
                transactionManager.abort(beginTransaction);
                LOG.error("Error creating policy collection", e);
                return null;
            } catch (EXistException e2) {
                transactionManager.abort(beginTransaction);
                LOG.error("Error creating policy collection", e2);
                return null;
            } catch (PermissionDeniedException e3) {
                transactionManager.abort(beginTransaction);
                LOG.error("Error creating policy collection", e3);
                return null;
            }
        }
        return collection;
    }

    public DocumentImpl getPolicyDocument(DBBroker dBBroker, QName qName, URI uri) throws ProcessingException, XPathException {
        DocumentSet policyDocuments = getPolicyDocuments(dBBroker, qName, uri);
        int documentCount = policyDocuments == null ? 0 : policyDocuments.getDocumentCount();
        if (documentCount == 0) {
            LOG.warn("Could not find " + qName.getLocalName() + " '" + uri + PdfOps.SINGLE_QUOTE_TOKEN, null);
            return null;
        }
        if (documentCount > 1) {
            throw new ProcessingException("Too many applicable policies for " + qName.getLocalName() + " '" + uri + PdfOps.SINGLE_QUOTE_TOKEN);
        }
        return (DocumentImpl) policyDocuments.getDocumentIterator().next();
    }

    public DocumentSet getPolicyDocuments(DBBroker dBBroker, QName qName, URI uri) throws ProcessingException, XPathException {
        if (qName == null || uri == null) {
            return null;
        }
        AnyURIValue anyURIValue = new AnyURIValue(uri);
        DocumentSet policyDocuments = getPolicyDocuments(dBBroker, true);
        policyDocuments.docsToNodeSet();
        NodeSet find = dBBroker.getValueIndex().find(4, policyDocuments, null, 0, qName, anyURIValue);
        if (find == null) {
            return null;
        }
        return find.getDocumentSet();
    }

    public static QName getIdAttributeQName(int i) {
        if (i == 0) {
            return new QName(XACMLConstants.POLICY_ID_LOCAL_NAME, XACMLConstants.XACML_POLICY_NAMESPACE);
        }
        if (i == 1) {
            return new QName(XACMLConstants.POLICY_SET_ID_LOCAL_NAME, XACMLConstants.XACML_POLICY_NAMESPACE);
        }
        return null;
    }

    public static PolicyFinderResult errorResult(String str, Throwable th) {
        LOG.warn(str, th);
        return new PolicyFinderResult(new Status(Collections.singletonList("urn:oasis:names:tc:xacml:1.0:status:processing-error"), str));
    }

    public AbstractPolicy getPolicyDocument(DocumentImpl documentImpl) throws ParsingException {
        String xmldbURI = documentImpl.getURI().toString();
        AbstractPolicy abstractPolicy = (AbstractPolicy) POLICY_CACHE.get(xmldbURI);
        if (abstractPolicy == null) {
            abstractPolicy = parsePolicyDocument(documentImpl);
            POLICY_CACHE.put(xmldbURI, abstractPolicy);
        }
        return abstractPolicy;
    }

    public AbstractPolicy parsePolicyDocument(Document document) throws ParsingException {
        Element documentElement = document.getDocumentElement();
        String tagName = documentElement.getTagName();
        if (tagName.equals(XACMLConstants.POLICY_SET_ELEMENT_LOCAL_NAME)) {
            return PolicySet.getInstance(documentElement, this.pdp.getPDPConfig().getPolicyFinder());
        }
        if (tagName.equals(XACMLConstants.POLICY_ELEMENT_LOCAL_NAME)) {
            return Policy.getInstance(documentElement);
        }
        throw new ParsingException("The root element of the policy document must be 'PolicySetId' or 'PolicySetId', was: '" + tagName + PdfOps.SINGLE_QUOTE_TOKEN);
    }

    public static void XMLEscape(StringBuffer stringBuffer) {
        if (stringBuffer == null) {
            return;
        }
        int i = 0;
        while (i < stringBuffer.length()) {
            String escape = getEscape(stringBuffer.charAt(i));
            if (escape == null) {
                i++;
            } else {
                stringBuffer.replace(i, i + 1, escape);
                i += escape.length();
            }
        }
    }

    public static String getEscape(char c) {
        switch (c) {
            case '\"':
                return SerializerConstants.ENTITY_QUOT;
            case '&':
                return SerializerConstants.ENTITY_AMP;
            case '\'':
                return "&apos;";
            case '<':
                return SerializerConstants.ENTITY_LT;
            case '>':
                return SerializerConstants.ENTITY_GT;
            default:
                return null;
        }
    }

    public static String XMLEscape(String str) {
        if (str == null) {
            return null;
        }
        StringBuffer stringBuffer = new StringBuffer(str);
        XMLEscape(stringBuffer);
        return stringBuffer.toString();
    }

    public static String serialize(PolicyTreeElement policyTreeElement, boolean z) {
        if (policyTreeElement == null) {
            return "";
        }
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        if (z) {
            policyTreeElement.encode(byteArrayOutputStream, new Indenter());
        } else {
            policyTreeElement.encode(byteArrayOutputStream);
        }
        return byteArrayOutputStream.toString();
    }

    public static String serialize(Target target, boolean z) {
        if (target == null) {
            return "";
        }
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        if (z) {
            target.encode(byteArrayOutputStream, new Indenter());
        } else {
            target.encode(byteArrayOutputStream);
        }
        return byteArrayOutputStream.toString();
    }

    public static String serialize(Apply apply, boolean z) {
        if (apply == null) {
            return "";
        }
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        if (z) {
            apply.encode(byteArrayOutputStream, new Indenter());
        } else {
            apply.encode(byteArrayOutputStream);
        }
        return byteArrayOutputStream.toString();
    }

    public static void storeDefaultPolicies(DBBroker dBBroker) {
        LOG.debug("Storing default XACML policies");
        for (int i = 0; i < samplePolicyDocs.length; i++) {
            XmldbURI xmldbURI = samplePolicyDocs[i];
            try {
                storePolicy(dBBroker, xmldbURI);
            } catch (IOException e) {
                LOG.warn("IO Error storing default policy '" + xmldbURI + PdfOps.SINGLE_QUOTE_TOKEN, e);
            } catch (EXistException e2) {
                LOG.warn("IO Error storing default policy '" + xmldbURI + PdfOps.SINGLE_QUOTE_TOKEN, e2);
            }
        }
    }

    public static void storePolicy(DBBroker dBBroker, XmldbURI xmldbURI) throws EXistException, IOException {
        String xACMLUtil;
        Collection policyCollection;
        XmldbURI lastSegment = xmldbURI.lastSegment();
        URL resource = XACMLUtil.class.getResource(xmldbURI.toString());
        if (resource == null || (xACMLUtil = toString(resource.openStream())) == null || (policyCollection = getPolicyCollection(dBBroker)) == null) {
            return;
        }
        TransactionManager transactionManager = dBBroker.getBrokerPool().getTransactionManager();
        Txn beginTransaction = transactionManager.beginTransaction();
        try {
            policyCollection.store(beginTransaction, dBBroker, policyCollection.validateXMLResource(beginTransaction, dBBroker, lastSegment, xACMLUtil), xACMLUtil, false);
            transactionManager.commit(beginTransaction);
        } catch (Exception e) {
            transactionManager.abort(beginTransaction);
            if (!(e instanceof EXistException)) {
                throw new EXistException("Error storing policy '" + xmldbURI + PdfOps.SINGLE_QUOTE_TOKEN, e);
            }
            throw ((EXistException) e);
        }
    }

    public static String toString(InputStream inputStream) throws IOException {
        if (inputStream == null) {
            return null;
        }
        InputStreamReader inputStreamReader = new InputStreamReader(inputStream);
        char[] cArr = new char[100];
        CharArrayWriter charArrayWriter = new CharArrayWriter(1000);
        while (true) {
            int read = inputStreamReader.read(cArr);
            if (read <= -1) {
                return charArrayWriter.toString();
            }
            charArrayWriter.write(cArr, 0, read);
        }
    }

    @Override // org.exist.storage.UpdateListener
    public void debug() {
    }
}
