package org.exist.security.xacml;

import com.sun.xacml.AbstractPolicy;
import com.sun.xacml.EvaluationCtx;
import com.sun.xacml.MatchResult;
import com.sun.xacml.ParsingException;
import com.sun.xacml.finder.PolicyFinder;
import com.sun.xacml.finder.PolicyFinderModule;
import com.sun.xacml.finder.PolicyFinderResult;
import java.net.URI;
import java.util.Iterator;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.exist.EXistException;
import org.exist.dom.persistent.DocumentImpl;
import org.exist.dom.persistent.DocumentSet;
import org.exist.security.PermissionDeniedException;
import org.exist.storage.BrokerPool;
import org.exist.storage.DBBroker;

/* loaded from: input_file:WEB-INF/lib/exist-core-3.0.RC1.jar:org/exist/security/xacml/ExistPolicyModule.class */
public class ExistPolicyModule extends PolicyFinderModule {
    private static final Logger LOG = LogManager.getLogger((Class<?>) ExistPolicyModule.class);
    private ExistPDP pdp;

    private ExistPolicyModule() {
    }

    public ExistPolicyModule(ExistPDP existPDP) {
        if (existPDP == null) {
            throw new NullPointerException("BrokerPool cannot be null");
        }
        this.pdp = existPDP;
    }

    @Override // com.sun.xacml.finder.PolicyFinderModule
    public boolean isRequestSupported() {
        return true;
    }

    @Override // com.sun.xacml.finder.PolicyFinderModule
    public boolean isIdReferenceSupported() {
        return true;
    }

    @Override // com.sun.xacml.finder.PolicyFinderModule
    public void init(PolicyFinder policyFinder) {
    }

    @Override // com.sun.xacml.finder.PolicyFinderModule
    public PolicyFinderResult findPolicy(EvaluationCtx evaluationCtx) {
        BrokerPool brokerPool = this.pdp.getBrokerPool();
        DBBroker dBBroker = null;
        try {
            try {
                try {
                    dBBroker = brokerPool.get(brokerPool.getSecurityManager().getSystemSubject());
                    PolicyFinderResult findPolicy = findPolicy(dBBroker, evaluationCtx);
                    brokerPool.release(dBBroker);
                    return findPolicy;
                } catch (PermissionDeniedException e) {
                    PolicyFinderResult errorResult = XACMLUtil.errorResult("Error while finding policy: " + e.getMessage(), e);
                    brokerPool.release(dBBroker);
                    return errorResult;
                }
            } catch (EXistException e2) {
                PolicyFinderResult errorResult2 = XACMLUtil.errorResult("Error while finding policy: " + e2.getMessage(), e2);
                brokerPool.release(dBBroker);
                return errorResult2;
            }
        } catch (Throwable th) {
            brokerPool.release(dBBroker);
            throw th;
        }
    }

    private PolicyFinderResult findPolicy(DBBroker dBBroker, EvaluationCtx evaluationCtx) throws PermissionDeniedException {
        DocumentSet policyDocuments = XACMLUtil.getPolicyDocuments(dBBroker, false);
        if (policyDocuments == null) {
            return new PolicyFinderResult();
        }
        AbstractPolicy abstractPolicy = null;
        try {
            XACMLUtil util = this.pdp.getUtil();
            Iterator<DocumentImpl> documentIterator = policyDocuments.getDocumentIterator();
            while (documentIterator.hasNext()) {
                AbstractPolicy policyDocument = util.getPolicyDocument(documentIterator.next());
                MatchResult match = policyDocument.match(evaluationCtx);
                int result = match.getResult();
                if (result == 2) {
                    return new PolicyFinderResult(match.getStatus());
                }
                if (result == 0) {
                    if (abstractPolicy != null) {
                        return XACMLUtil.errorResult("Matched multiple policies for reqest", null);
                    }
                    abstractPolicy = policyDocument;
                }
            }
            return abstractPolicy == null ? new PolicyFinderResult() : new PolicyFinderResult(abstractPolicy);
        } catch (ParsingException e) {
            return XACMLUtil.errorResult("Error retrieving policies: " + e.getMessage(), e);
        }
    }

    @Override // com.sun.xacml.finder.PolicyFinderModule
    public PolicyFinderResult findPolicy(URI uri, int i) {
        BrokerPool brokerPool = this.pdp.getBrokerPool();
        try {
            try {
                DBBroker dBBroker = brokerPool.get(brokerPool.getSecurityManager().getSystemSubject());
                AbstractPolicy findPolicy = this.pdp.getUtil().findPolicy(dBBroker, uri, i);
                PolicyFinderResult policyFinderResult = findPolicy == null ? new PolicyFinderResult() : new PolicyFinderResult(findPolicy);
                brokerPool.release(dBBroker);
                return policyFinderResult;
            } catch (Exception e) {
                PolicyFinderResult errorResult = XACMLUtil.errorResult("Error resolving id '" + uri.toString() + "': " + e.getMessage(), e);
                brokerPool.release(null);
                return errorResult;
            }
        } catch (Throwable th) {
            brokerPool.release(null);
            throw th;
        }
    }
}
