package com.bea.security.xacml.cache.role;

import com.bea.common.security.xacml.DocumentParseException;
import com.bea.common.security.xacml.URISyntaxException;
import com.bea.common.security.xacml.attr.AnyURIAttribute;
import com.bea.common.security.xacml.attr.Bag;
import com.bea.common.security.xacml.attr.StringAttribute;
import com.bea.common.security.xacml.policy.Action;
import com.bea.common.security.xacml.policy.ActionAttributeDesignator;
import com.bea.common.security.xacml.policy.ActionMatch;
import com.bea.common.security.xacml.policy.Actions;
import com.bea.common.security.xacml.policy.AttributeValue;
import com.bea.common.security.xacml.policy.Resource;
import com.bea.common.security.xacml.policy.ResourceAttributeDesignator;
import com.bea.common.security.xacml.policy.ResourceMatch;
import com.bea.common.security.xacml.policy.Resources;
import com.bea.common.security.xacml.policy.Target;
import com.bea.security.xacml.InvalidRoleAssignmentPolicyException;
import com.bea.security.xacml.target.KnownActionMatch;
import com.bea.security.xacml.target.KnownMatch;
import com.bea.security.xacml.target.KnownResourceMatch;
import java.net.URI;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;

/* loaded from: input_file:com/bea/security/xacml/cache/role/RoleMatchUtil.class */
public class RoleMatchUtil {
    public static final String ROLE_ID = "urn:oasis:names:tc:xacml:2.0:subject:role";
    public static final String ACTION_ID = "urn:oasis:names:tc:xacml:1.0:action:action-id";
    public static final String ENABLE_ROLE = "urn:oasis:names:tc:xacml:2.0:actions:enableRole";
    public static final String STRING_EQUAL = "urn:oasis:names:tc:xacml:1.0:function:string-equal";
    public static final String STRING_TYPE = "http://www.w3.org/2001/XMLSchema#string";
    public static final String ANYURI_EQUAL = "urn:oasis:names:tc:xacml:1.0:function:anyURI-equal";
    public static final String ANYURI_TYPE = "http://www.w3.org/2001/XMLSchema#anyURI";
    private final URI roleId;
    private final URI actionId;
    private final URI enableRole;
    private final URI stringEqual;
    private final URI stringType;
    private final URI anyURIEqual;
    private final URI anyURIType;
    private final KnownMatch enableRoleMatch;
    private final ActionMatch enableRoleActionMatch;

    public RoleMatchUtil() throws URISyntaxException {
        try {
            this.roleId = new URI("urn:oasis:names:tc:xacml:2.0:subject:role");
            this.actionId = new URI("urn:oasis:names:tc:xacml:1.0:action:action-id");
            this.enableRole = new URI(ENABLE_ROLE);
            this.stringEqual = new URI("urn:oasis:names:tc:xacml:1.0:function:string-equal");
            this.stringType = new URI("http://www.w3.org/2001/XMLSchema#string");
            this.anyURIEqual = new URI(ANYURI_EQUAL);
            this.anyURIType = new URI("http://www.w3.org/2001/XMLSchema#anyURI");
            this.enableRoleMatch = new KnownActionMatch(this.anyURIEqual, this.actionId, this.anyURIType, (Bag) new AnyURIAttribute(this.enableRole), true);
            this.enableRoleActionMatch = new ActionMatch(this.anyURIEqual, new AttributeValue(new AnyURIAttribute(this.enableRole)), new ActionAttributeDesignator(this.actionId, this.anyURIType, true));
        } catch (java.net.URISyntaxException e) {
            throw new URISyntaxException(e);
        }
    }

    public boolean isRoleTarget(Target target) throws InvalidRoleAssignmentPolicyException {
        Actions actions;
        List<Action> actions2;
        List<Resource> resources;
        Resource resource;
        List<ResourceMatch> matches;
        ResourceAttributeDesignator designator;
        if (target == null || (actions = target.getActions()) == null || (actions2 = actions.getActions()) == null) {
            return false;
        }
        Iterator<Action> it = actions2.iterator();
        while (it.hasNext()) {
            List<ActionMatch> matches2 = it.next().getMatches();
            if (matches2 != null && matches2.contains(this.enableRoleActionMatch)) {
                Resources resources2 = target.getResources();
                if (resources2 != null && (resources = resources2.getResources()) != null && resources.size() == 1 && (resource = resources.get(0)) != null && (matches = resource.getMatches()) != null) {
                    for (ResourceMatch resourceMatch : matches) {
                        if (this.stringEqual.equals(resourceMatch.getMatchId()) && (designator = resourceMatch.getDesignator()) != null && this.roleId.equals(designator.getAttributeId()) && this.stringType.equals(designator.getDataType())) {
                            return true;
                        }
                    }
                }
                throw new InvalidRoleAssignmentPolicyException("Policy or PolicySet has enableRole action-id, but no or invalid target role");
            }
        }
        return false;
    }

    public String getTargetRole(Target target) throws MultipleRoleTargetException {
        Resources resources;
        ResourceAttributeDesignator designator;
        String str = null;
        if (target != null && (resources = target.getResources()) != null) {
            List<Resource> resources2 = resources.getResources();
            if (resources2.size() > 1) {
                throw new MultipleRoleTargetException("Multiple roles present in target; use alternate inspection method");
            }
            Iterator<Resource> it = resources2.iterator();
            while (it.hasNext()) {
                List<ResourceMatch> matches = it.next().getMatches();
                if (matches != null) {
                    for (ResourceMatch resourceMatch : matches) {
                        if (this.stringEqual.equals(resourceMatch.getMatchId()) && (designator = resourceMatch.getDesignator()) != null && this.roleId.equals(designator.getAttributeId()) && this.stringType.equals(designator.getDataType())) {
                            if (str != null) {
                                throw new MultipleRoleTargetException("Multiple role matches present in target; use alternate inspection method");
                            }
                            str = ((StringAttribute) resourceMatch.getAttributeValue().getValue()).getValue();
                        }
                    }
                }
            }
        }
        return str;
    }

    public Target generateTarget(String str) throws DocumentParseException {
        return new Target(new Resources(Collections.singletonList(new Resource(Collections.singletonList(new ResourceMatch(this.stringEqual, new AttributeValue(new StringAttribute(str)), new ResourceAttributeDesignator(this.roleId, this.stringType, true)))))), new Actions(Collections.singletonList(new Action(Collections.singletonList(this.enableRoleActionMatch)))));
    }

    public ActionMatch generateActionMatch() {
        return this.enableRoleActionMatch;
    }

    public ResourceMatch generateResourceMatch(String str) {
        return new ResourceMatch(this.stringEqual, new AttributeValue(new StringAttribute(str)), new ResourceAttributeDesignator(this.roleId, this.stringType, true));
    }

    public KnownMatch generateRoleAssignmentMatch(String str) {
        return new KnownResourceMatch(this.stringEqual, this.roleId, this.stringType, (Bag) new StringAttribute(str), true);
    }

    public KnownMatch getEnableRoleMatch() {
        return this.enableRoleMatch;
    }
}
