package org.exist.security.xacml;

import com.sun.xacml.EvaluationCtx;
import com.sun.xacml.attr.AttributeValue;
import com.sun.xacml.attr.BagAttribute;
import com.sun.xacml.attr.StringAttribute;
import com.sun.xacml.cond.EvaluationResult;
import com.sun.xacml.ctx.Status;
import com.sun.xacml.finder.AttributeFinderModule;
import java.net.URI;
import java.util.Collections;
import java.util.HashSet;
import java.util.Set;
import org.apache.log4j.Logger;
import org.archive.net.UURIFactory;
import org.exist.security.User;

/* loaded from: input_file:WEB-INF/lib/exist-1.2.4.jar:org/exist/security/xacml/UserAttributeModule.class */
public class UserAttributeModule extends AttributeFinderModule {
    private static final Logger LOG;
    private ExistPDP pdp;
    static Class class$org$exist$security$xacml$UserAttributeModule;

    private UserAttributeModule() {
    }

    public UserAttributeModule(ExistPDP existPDP) {
        this.pdp = existPDP;
    }

    public EvaluationResult findAttribute(URI uri, URI uri2, URI uri3, URI uri4, EvaluationCtx evaluationCtx, int i) {
        if (i != 0) {
            return errorResult("Invalid designator type: UserAttributeModule only handles subjects");
        }
        if (uri3 != null) {
            return errorResult("UserAttributeModule cannot handle requests with an issuer specified.");
        }
        if (!XACMLConstants.ACCESS_SUBJECT.equals(uri4)) {
            return errorResult(new StringBuffer().append("UserAttributeModule can only handle subject category '").append(XACMLConstants.ACCESS_SUBJECT).append(UURIFactory.SQUOT).toString());
        }
        if (!XACMLConstants.STRING_TYPE.equals(uri)) {
            return errorResult(new StringBuffer().append("UserAttributeModule can only handle data type '").append(XACMLConstants.STRING_TYPE).append(UURIFactory.SQUOT).toString());
        }
        EvaluationResult subjectAttribute = evaluationCtx.getSubjectAttribute(uri, XACMLConstants.SUBJECT_ID_ATTRIBUTE, uri3, uri4);
        if (subjectAttribute.indeterminate()) {
            return subjectAttribute;
        }
        AttributeValue attributeValue = subjectAttribute.getAttributeValue();
        if (attributeValue == null) {
            return errorResult("Could not find user for context: null subject-id");
        }
        if (attributeValue.isBag()) {
            BagAttribute bagAttribute = (BagAttribute) attributeValue;
            if (bagAttribute.isEmpty()) {
                return errorResult("Could not find user for context: no subject-id found");
            }
            if (bagAttribute.size() > 1) {
                return errorResult("Error finding attribute: Subject-id attribute is not unique.");
            }
            attributeValue = (AttributeValue) bagAttribute.iterator().next();
        }
        if (!(attributeValue instanceof StringAttribute)) {
            return errorResult("Error finding attribute: Subject-id attribute must be a string.");
        }
        String value = ((StringAttribute) attributeValue).getValue();
        User user = this.pdp.getBrokerPool().getSecurityManager().getUser(value);
        return user == null ? errorResult(new StringBuffer().append("No user exists for UID '").append(value).append(UURIFactory.SQUOT).toString()) : XACMLConstants.GROUP_ATTRIBUTE.equals(uri2) ? getGroups(user) : XACMLConstants.USER_NAME_ATTRIBUTE.equals(uri2) ? new EvaluationResult(new StringAttribute(user.getName())) : errorResult(new StringBuffer().append("UserAttributeModule cannot handle attribute '").append(uri2).append(UURIFactory.SQUOT).toString());
    }

    private EvaluationResult getGroups(User user) {
        String[] groups = user.getGroups();
        int length = groups == null ? 0 : groups.length;
        HashSet hashSet = new HashSet(length);
        for (int i = 0; i < length; i++) {
            hashSet.add(new StringAttribute(groups[i]));
        }
        return new EvaluationResult(new BagAttribute(XACMLConstants.STRING_TYPE, hashSet));
    }

    private static EvaluationResult errorResult(String str) {
        LOG.warn(str);
        return new EvaluationResult(new Status(Collections.singletonList("urn:oasis:names:tc:xacml:1.0:status:processing-error"), str));
    }

    public boolean isDesignatorSupported() {
        return true;
    }

    public Set getSupportedDesignatorTypes() {
        return Collections.singleton(new Integer(0));
    }

    public Set getSupportedIds() {
        HashSet hashSet = new HashSet(4);
        hashSet.add(XACMLConstants.GROUP_ATTRIBUTE);
        hashSet.add(XACMLConstants.USER_NAME_ATTRIBUTE);
        return hashSet;
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        if (class$org$exist$security$xacml$UserAttributeModule == null) {
            cls = class$("org.exist.security.xacml.UserAttributeModule");
            class$org$exist$security$xacml$UserAttributeModule = cls;
        } else {
            cls = class$org$exist$security$xacml$UserAttributeModule;
        }
        LOG = Logger.getLogger(cls);
    }
}
