package an.xacml.policy.function.userdb;

import an.xacml.CachedDataObjectHolder;
import an.xacml.Constants;
import an.xacml.ExtendedRequest;
import an.xacml.IndeterminateException;
import an.xacml.engine.EvaluationContext;
import an.xacml.policy.AttributeValue;
import an.xacml.policy.function.BuiltInFunction;
import an.xml.XMLDataTypeMappingException;
import java.net.URI;
import java.util.HashMap;
import java.util.Set;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Required;
import pl.edu.icm.yadda.aas.retrievers.AbstractUserDBDataProvider;
import pl.edu.icm.yadda.aas.retrievers.AttributeRetrieverHelper;
import pl.edu.icm.yadda.aas.retrievers.UserDataPartAwareCachedDataObjectHolder;
import pl.edu.icm.yadda.common.pagination.PaginationResult;
import pl.edu.icm.yadda.service2.user.UserCatalog;
import pl.edu.icm.yadda.service2.user.exception.DomainNotSpecifiedException;
import pl.edu.icm.yadda.service2.user.model.GroupName;
import pl.edu.icm.yadda.service2.user.model.UserData;

/* loaded from: input_file:WEB-INF/lib/yadda-aas2-1.12.15-polindex.jar:an/xacml/policy/function/userdb/QueryEffectiveUserDBFunction.class */
public class QueryEffectiveUserDBFunction implements BuiltInFunction {
    public static final URI FUNCTION_ID = URI.create("urn:yadda:function:userdb:query-effective");
    protected UserCatalog userCatalog;
    protected String predefinedDomain;
    protected final Logger log = LoggerFactory.getLogger(getClass());
    protected boolean identifyByEmail = false;
    protected String securityDataType = "user";

    @Override // an.xacml.policy.function.BuiltInFunction
    public URI getFunctionId() {
        return FUNCTION_ID;
    }

    protected String getDomain(EvaluationContext evaluationContext, Object[] objArr) throws IndeterminateException {
        String domainFromRequest = AttributeRetrieverHelper.getDomainFromRequest(evaluationContext.getRequest());
        return domainFromRequest != null ? domainFromRequest : objArr.length > 2 ? (String) ((AttributeValue) objArr[2]).getValue() : this.predefinedDomain;
    }

    @Override // an.xacml.policy.function.BuiltInFunction
    public Object invoke(EvaluationContext evaluationContext, Object[] objArr) throws Exception {
        if (objArr == null || objArr.length < 2) {
            throw new IndeterminateException("invalid number of parameters passed: " + (objArr != null ? Integer.valueOf(objArr.length) : "0") + "; Expected at least 2 parameters!");
        }
        String str = (String) ((AttributeValue) objArr[0]).getValue();
        String str2 = (String) ((AttributeValue) objArr[1]).getValue();
        String domain = getDomain(evaluationContext, objArr);
        if ("roles".equals(str2)) {
            UserData singleCachedUserData = getSingleCachedUserData(str, evaluationContext, this.securityDataType, UserData.UserDataParts.EFFECTIVE_ROLES);
            if (singleCachedUserData == null) {
                if (this.identifyByEmail) {
                    try {
                        HashMap hashMap = new HashMap();
                        hashMap.put("email", str);
                        PaginationResult<UserData> searchUsers = this.userCatalog.searchUsers(domain, null, null, hashMap, null, 0, Integer.MAX_VALUE, UserData.UserDataParts.EFFECTIVE_ROLES);
                        if (searchUsers == null || searchUsers.getResults() == null || searchUsers.getResults().size() <= 0) {
                            throw new IndeterminateException("unable to find user for email: " + str + " in domain: " + domain);
                        }
                        if (searchUsers.getResults().size() != 1) {
                            throw new IndeterminateException("got " + searchUsers.getResults().size() + " users for email: " + str + " in domain: " + domain);
                        }
                        singleCachedUserData = searchUsers.getResults().iterator().next();
                    } catch (DomainNotSpecifiedException e) {
                        throw new IndeterminateException("domain was not specified but this implementation requires one", e);
                    }
                } else {
                    singleCachedUserData = this.userCatalog.loadUser(str, domain, UserData.UserDataParts.EFFECTIVE_ROLES);
                }
            }
            return prepareRoleResults(singleCachedUserData != null ? singleCachedUserData.getEffectiveRoles() : null);
        }
        if (!"groups".equals(str2)) {
            throw new IndeterminateException("invalid effective data type " + str2 + ", only 'roles' and 'groups' are supported!");
        }
        UserData singleCachedUserData2 = getSingleCachedUserData(str, evaluationContext, this.securityDataType, UserData.UserDataParts.EFFECTIVE_GROUPS);
        if (singleCachedUserData2 == null) {
            if (this.identifyByEmail) {
                try {
                    HashMap hashMap2 = new HashMap();
                    hashMap2.put("email", str);
                    PaginationResult<UserData> searchUsers2 = this.userCatalog.searchUsers(domain, null, null, hashMap2, null, 0, Integer.MAX_VALUE, UserData.UserDataParts.EFFECTIVE_GROUPS);
                    if (searchUsers2 == null || searchUsers2.getResults() == null || searchUsers2.getResults().size() <= 0) {
                        throw new IndeterminateException("unable to find user for email: " + str + " in domain: " + domain);
                    }
                    if (searchUsers2.getResults().size() != 1) {
                        throw new IndeterminateException("got " + searchUsers2.getResults().size() + " users for email: " + str + " in domain: " + domain);
                    }
                    singleCachedUserData2 = searchUsers2.getResults().iterator().next();
                } catch (DomainNotSpecifiedException e2) {
                    throw new IndeterminateException("domain was not specified but this implementation requires one", e2);
                }
            } else {
                singleCachedUserData2 = this.userCatalog.loadUser(str, domain, UserData.UserDataParts.EFFECTIVE_GROUPS);
            }
        }
        return prepareGroupResults(singleCachedUserData2 != null ? singleCachedUserData2.getEffectiveGroups() : null);
    }

    protected AttributeValue[] prepareRoleResults(Set<String> set) throws IndeterminateException {
        if (set == null) {
            return new AttributeValue[0];
        }
        AttributeValue[] attributeValueArr = new AttributeValue[set.size()];
        int i = 0;
        for (String str : set) {
            try {
                attributeValueArr[i] = AttributeValue.getInstance(Constants.TYPE_STRING, str);
                i++;
            } catch (XMLDataTypeMappingException e) {
                throw new IndeterminateException("exception occurred when creating attribute value: " + str, e);
            }
        }
        return attributeValueArr;
    }

    protected AttributeValue[] prepareGroupResults(Set<GroupName> set) throws IndeterminateException {
        if (set == null) {
            return new AttributeValue[0];
        }
        AttributeValue[] attributeValueArr = new AttributeValue[set.size()];
        int i = 0;
        for (GroupName groupName : set) {
            try {
                attributeValueArr[i] = AttributeValue.getInstance(Constants.TYPE_STRING, groupName.getName());
                i++;
            } catch (XMLDataTypeMappingException e) {
                throw new IndeterminateException("exception occurred when creating attribute value: " + groupName.getName(), e);
            }
        }
        return attributeValueArr;
    }

    private UserData getSingleCachedUserData(String str, EvaluationContext evaluationContext, String str2, UserData.UserDataParts userDataParts) {
        if (evaluationContext == null || str == null) {
            this.log.error("Cannot get " + str2 + " data from cache! One of type, id, context is null!");
            return null;
        }
        if (!(evaluationContext.getRequest() instanceof ExtendedRequest)) {
            this.log.error("Cannot get data from cache! Request is not an instance of ExtendedRequest.");
            return null;
        }
        CachedDataObjectHolder cachedData = ((ExtendedRequest) evaluationContext.getRequest()).getRequestCache().getCachedData(AbstractUserDBDataProvider.REQUEST_CACHE_ENTRY_PREFIX + str2, str);
        if (cachedData == null || !(cachedData instanceof UserDataPartAwareCachedDataObjectHolder) || !(cachedData.getSingleDataObject() instanceof UserData)) {
            return null;
        }
        UserDataPartAwareCachedDataObjectHolder userDataPartAwareCachedDataObjectHolder = (UserDataPartAwareCachedDataObjectHolder) cachedData;
        if (userDataPartAwareCachedDataObjectHolder.getUserDataParts() == null) {
            return null;
        }
        for (UserData.UserDataParts userDataParts2 : userDataPartAwareCachedDataObjectHolder.getUserDataParts()) {
            if (userDataParts2.equals(userDataParts)) {
                return (UserData) userDataPartAwareCachedDataObjectHolder.getSingleDataObject();
            }
        }
        return null;
    }

    @Override // an.xacml.policy.function.BuiltInFunction
    public Object[] getAllAttributes() {
        return null;
    }

    @Override // an.xacml.policy.function.BuiltInFunction
    public Object getAttribute(Object obj) {
        return null;
    }

    @Required
    public void setUserCatalog(UserCatalog userCatalog) {
        this.userCatalog = userCatalog;
    }

    public void setPredefinedDomain(String str) {
        this.predefinedDomain = str;
    }

    public void setIdentifyByEmail(boolean z) {
        this.identifyByEmail = z;
    }
}
