package pl.edu.icm.yadda.aas.xacml.policy.evaluatable;

import an.xacml.Evaluatable;
import an.xacml.ExtendedRequest;
import an.xacml.IndeterminateException;
import an.xacml.context.Result;
import an.xacml.engine.BuiltInFunctionExistsException;
import an.xacml.engine.BuiltInFunctionNotFoundException;
import an.xacml.engine.EvaluationContext;
import an.xacml.engine.FunctionRegistry;
import an.xacml.policy.AbstractPolicy;
import an.xacml.policy.function.BuiltInFunction;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.net.URI;
import java.util.ArrayList;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import pl.edu.icm.yadda.aas.xacml.policy.builder.IPolicyBuilder;
import pl.edu.icm.yadda.aas.xacml.policy.builder.PolicyBuilderException;
import pl.edu.icm.yadda.service2.aas.acl.IACLObject;
import pl.edu.icm.yadda.service2.aas.acl.MultipleACLObject;
import pl.edu.icm.yadda.service2.aas.acl.SingleACLObject;

/* loaded from: input_file:WEB-INF/lib/yadda-aas2-4.1.1.jar:pl/edu/icm/yadda/aas/xacml/policy/evaluatable/RequestACLEvaluatable.class */
public class RequestACLEvaluatable implements Evaluatable {
    protected IPolicyBuilder policyBuilder;
    protected final Logger log = LoggerFactory.getLogger(getClass());
    protected boolean throwIndeterminateWhenNoPolicy = false;
    protected URI defaultMultipleACLsCombinationAlgorithm = null;

    @Override // an.xacml.Evaluatable
    public Result evaluate(EvaluationContext evaluationContext) throws IndeterminateException {
        IACLObject aclObject = ((ExtendedRequest) evaluationContext.getRequest()).getAclObject();
        if (aclObject == null) {
            if (this.throwIndeterminateWhenNoPolicy) {
                throw new IndeterminateException("no ACLs found in request!");
            }
            return Result.PERMIT;
        }
        this.log.debug("evaluating acls...");
        Result evaluate = evaluate(aclObject, evaluationContext);
        this.log.debug("acls evaluated to result: " + (evaluate != null ? evaluate.getDecision() : "null"));
        return evaluate;
    }

    protected Result evaluate(IACLObject iACLObject, final EvaluationContext evaluationContext) throws IndeterminateException {
        if (iACLObject instanceof SingleACLObject) {
            try {
                AbstractPolicy buildPolicy = this.policyBuilder.buildPolicy(new ByteArrayInputStream(((SingleACLObject) iACLObject).getPolicyContent().getBytes()));
                if (buildPolicy != null) {
                    return buildPolicy.evaluate(evaluationContext);
                }
                throw new IndeterminateException("couldn't create policy from ACL: " + ((SingleACLObject) iACLObject).getPolicyContent());
            } catch (PolicyBuilderException e) {
                throw new IndeterminateException("exception thrown when building policy from ACL: " + ((SingleACLObject) iACLObject).getPolicyContent(), e);
            }
        }
        if (!(iACLObject instanceof MultipleACLObject)) {
            throw new IndeterminateException("unsupported instance of acl object: " + iACLObject.getClass().getCanonicalName());
        }
        MultipleACLObject multipleACLObject = (MultipleACLObject) iACLObject;
        BuiltInFunction provideFunction = provideFunction(multipleACLObject.getCombAlgorithm());
        ArrayList arrayList = new ArrayList(multipleACLObject.getAcls().length);
        for (final IACLObject iACLObject2 : multipleACLObject.getAcls()) {
            arrayList.add(new Evaluatable() { // from class: pl.edu.icm.yadda.aas.xacml.policy.evaluatable.RequestACLEvaluatable.1
                @Override // an.xacml.Evaluatable
                public Result evaluate(EvaluationContext evaluationContext2) throws IndeterminateException {
                    return RequestACLEvaluatable.this.evaluate(iACLObject2, evaluationContext);
                }
            });
        }
        try {
            return (Result) provideFunction.invoke(evaluationContext, new Object[]{arrayList.iterator()});
        } catch (Exception e2) {
            throw new IndeterminateException("exception occured when applying combination algorithm: " + provideFunction.getFunctionId(), e2);
        }
    }

    protected BuiltInFunction provideFunction(URI uri) throws IndeterminateException {
        try {
            if (uri != null) {
                return FunctionRegistry.getInstance().lookup(uri);
            }
            if (this.defaultMultipleACLsCombinationAlgorithm != null) {
                return FunctionRegistry.getInstance().lookup(this.defaultMultipleACLsCombinationAlgorithm);
            }
            throw new IndeterminateException("cannot determine combination algorithm: neither parameter nor default combination algorithm was defined!");
        } catch (BuiltInFunctionExistsException e) {
            throw new IndeterminateException("exception thrown when finding combining algorithm for " + uri, e);
        } catch (BuiltInFunctionNotFoundException e2) {
            throw new IndeterminateException("no combination algorithm found for " + uri, e2);
        } catch (IOException e3) {
            throw new IndeterminateException("exception thrown when finding combining algorithm for " + uri, e3);
        } catch (ClassNotFoundException e4) {
            throw new IndeterminateException("exception thrown when finding combining algorithm for " + uri, e4);
        }
    }

    public void setThrowIndeterminateWhenNoPolicy(boolean z) {
        this.throwIndeterminateWhenNoPolicy = z;
    }

    public void setPolicyBuilder(IPolicyBuilder iPolicyBuilder) {
        this.policyBuilder = iPolicyBuilder;
    }

    public void setDefaultMultipleACLsCombinationAlgorithm(URI uri) {
        this.defaultMultipleACLsCombinationAlgorithm = uri;
    }
}
