package com.bea.security.providers.xacml;

import com.bea.common.security.xacml.Type;
import com.bea.common.security.xacml.URISyntaxException;
import com.bea.common.security.xacml.attr.Bag;
import com.bea.common.security.xacml.attr.GenericBag;
import com.bea.common.security.xacml.attr.JavaObjectAttribute;
import com.bea.common.security.xacml.attr.StringAttribute;
import com.bea.common.security.xacml.attr.StringAttributeBag;
import com.bea.common.security.xacml.policy.SubjectAttributeDesignator;
import com.bea.security.xacml.AttributeEvaluator;
import com.bea.security.xacml.AttributeEvaluatorWrapper;
import com.bea.security.xacml.Configuration;
import com.bea.security.xacml.EvaluationCtx;
import com.bea.security.xacml.IndeterminateEvaluationException;
import com.bea.security.xacml.MissingAttributeException;
import com.bea.security.xacml.attr.AttributeEvaluatableFactory;
import com.bea.security.xacml.attr.SubjectAttributeEvaluatableFactory;
import java.net.URI;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import javax.security.auth.Subject;
import weblogic.security.utils.ESubjectImpl;

/* loaded from: input_file:com/bea/security/providers/xacml/SubjectAttributeDesignatorFactory.class */
public class SubjectAttributeDesignatorFactory implements com.bea.security.xacml.attr.designator.SubjectAttributeDesignatorFactory {
    public static final String SUBJECTCATEGORY_ACCESSSSUBJECT = "urn:oasis:names:tc:xacml:1.0:subject-category:access-subject";
    public static final String SUBJECTID_ATTR = "urn:oasis:names:tc:xacml:1.0:subject:subject-id";
    public static final String AUTHENTICATIONTIME_ATTR = "urn:oasis:names:tc:xacml:1.0:subject:authentication-time";
    public static final String AUTHENTICATIONMETHOD_ATTR = "urn:oasis:names:tc:xacml:1.0:subject:authn-locality:authentication-method";
    public static final String REQUESTTIME_ATTR = "urn:oasis:names:tc:xacml:1.0:subject:request-time";
    public static final String SESSIONSTARTTIME_ATTR = "urn:oasis:names:tc:xacml:1.0:subject:session-start-time";
    public static final String IPADDRESS_ATTR = "urn:oasis:names:tc:xacml:1.0:subject:authn-locality:ip-address";
    public static final String DNSNAME_ATTR = "urn:oasis:names:tc:xacml:1.0:subject:authn-locality:dns-name";
    public static final String GROUP_ATTR = "urn:oasis:names:tc:xacml:2.0:subject:group";
    public static final String ROLE_ATTR = "urn:oasis:names:tc:xacml:2.0:subject:role";
    public static final String CONTEXT_ATTR = "urn:bea:xacml:2.0:subject:context:";
    private final URI SUBJECTCATEGORY_ACCESSSUBJECT_URI;
    private final URI SUBJECTID_ATTR_URI;
    private final URI AUTHENTICATIONTIME_ATTR_URI;
    private final URI AUTHENTICATIONMETHOD_ATTR_URI;
    private final URI REQUESTTIME_ATTR_URI;
    private final URI SESSIONSTARTTIME_ATTR_URI;
    private final URI IPADDRESS_ATTR_URI;
    private final URI DNSNAME_ATTR_URI;
    private final URI GROUP_ATTR_URI;
    private final URI ROLE_ATTR_URI;
    private final URI STRING_TYPE;
    private final URI OBJECT_TYPE;
    private String subjectIssuer;
    private EvaluationCtxFactory fac;
    private static final StringAttribute EVERYONE = new StringAttribute(ESubjectImpl.EVERYONE_GROUP);
    private static final Bag<StringAttribute> EMPTY_BAG = new StringAttributeBag(Collections.unmodifiableList(new ArrayList()));

    public SubjectAttributeDesignatorFactory(String str, EvaluationCtxFactory evaluationCtxFactory) throws URISyntaxException {
        try {
            this.SUBJECTCATEGORY_ACCESSSUBJECT_URI = new URI("urn:oasis:names:tc:xacml:1.0:subject-category:access-subject");
            this.SUBJECTID_ATTR_URI = new URI("urn:oasis:names:tc:xacml:1.0:subject:subject-id");
            this.AUTHENTICATIONTIME_ATTR_URI = new URI("urn:oasis:names:tc:xacml:1.0:subject:authentication-time");
            this.AUTHENTICATIONMETHOD_ATTR_URI = new URI("urn:oasis:names:tc:xacml:1.0:subject:authn-locality:authentication-method");
            this.REQUESTTIME_ATTR_URI = new URI("urn:oasis:names:tc:xacml:1.0:subject:request-time");
            this.SESSIONSTARTTIME_ATTR_URI = new URI("urn:oasis:names:tc:xacml:1.0:subject:session-start-time");
            this.IPADDRESS_ATTR_URI = new URI("urn:oasis:names:tc:xacml:1.0:subject:authn-locality:ip-address");
            this.DNSNAME_ATTR_URI = new URI("urn:oasis:names:tc:xacml:1.0:subject:authn-locality:dns-name");
            this.GROUP_ATTR_URI = new URI("urn:oasis:names:tc:xacml:2.0:subject:group");
            this.ROLE_ATTR_URI = new URI("urn:oasis:names:tc:xacml:2.0:subject:role");
            this.STRING_TYPE = Type.STRING.getDataType();
            this.OBJECT_TYPE = Type.OBJECT.getDataType();
            this.subjectIssuer = str;
            this.fac = evaluationCtxFactory;
        } catch (java.net.URISyntaxException e) {
            throw new URISyntaxException(e);
        }
    }

    public SubjectConverter getSubjectConverter(final EvaluationCtx evaluationCtx) {
        return evaluationCtx instanceof ExtendedEvaluationCtx ? ((ExtendedEvaluationCtx) evaluationCtx).getSubjectConverter() : new SubjectConverter() { // from class: com.bea.security.providers.xacml.SubjectAttributeDesignatorFactory.1
            private SubjectAttributeEvaluatableFactory aef;

            {
                this.aef = evaluationCtx.getSubjectAttributes();
            }

            @Override // com.bea.security.providers.xacml.SubjectConverter
            public boolean isUserAnonymous() {
                return this.aef.getEvaluatable(SubjectAttributeDesignatorFactory.this.SUBJECTID_ATTR_URI, SubjectAttributeDesignatorFactory.this.STRING_TYPE) == null;
            }

            @Override // com.bea.security.providers.xacml.SubjectConverter
            public boolean isUser(StringAttribute stringAttribute) throws IndeterminateEvaluationException {
                AttributeEvaluator evaluatable = this.aef.getEvaluatable(SubjectAttributeDesignatorFactory.this.SUBJECTID_ATTR_URI, SubjectAttributeDesignatorFactory.this.STRING_TYPE);
                if (evaluatable != null) {
                    return evaluatable.evaluateToBag(evaluationCtx).contains(stringAttribute);
                }
                return false;
            }

            @Override // com.bea.security.providers.xacml.SubjectConverter
            public boolean isMemberOf(StringAttribute stringAttribute) throws IndeterminateEvaluationException {
                if (SubjectAttributeDesignatorFactory.EVERYONE.equals(stringAttribute)) {
                    return true;
                }
                AttributeEvaluator evaluatable = this.aef.getEvaluatable(SubjectAttributeDesignatorFactory.this.GROUP_ATTR_URI, SubjectAttributeDesignatorFactory.this.STRING_TYPE);
                if (evaluatable != null) {
                    return evaluatable.evaluateToBag(evaluationCtx).contains(stringAttribute);
                }
                return false;
            }

            @Override // com.bea.security.providers.xacml.SubjectConverter
            public Bag<StringAttribute> getUserNameAttributes() throws IndeterminateEvaluationException {
                AttributeEvaluator evaluatable = this.aef.getEvaluatable(SubjectAttributeDesignatorFactory.this.SUBJECTID_ATTR_URI, SubjectAttributeDesignatorFactory.this.STRING_TYPE);
                if (evaluatable != null) {
                    return evaluatable.evaluateToBag(evaluationCtx);
                }
                return null;
            }

            @Override // com.bea.security.providers.xacml.SubjectConverter
            public Bag<StringAttribute> getGroupAttributes() throws IndeterminateEvaluationException {
                AttributeEvaluator evaluatable = this.aef.getEvaluatable(SubjectAttributeDesignatorFactory.this.GROUP_ATTR_URI, SubjectAttributeDesignatorFactory.this.STRING_TYPE);
                return evaluatable != null ? evaluatable.evaluateToBag(evaluationCtx) : SubjectAttributeDesignatorFactory.EVERYONE;
            }

            @Override // com.bea.security.providers.xacml.SubjectConverter
            public AttributeEvaluator getEvaluator(URI uri, URI uri2, String str, URI uri3) {
                return this.aef.getEvaluatable(uri, uri2, str, uri3);
            }
        };
    }

    public SubjectConverter getSubjectConverter(EvaluationCtx evaluationCtx, Subject subject) {
        return this.fac.getSubjectConverter(subject);
    }

    public RoleConverter getRoleConverter(final EvaluationCtx evaluationCtx) {
        return evaluationCtx instanceof ExtendedEvaluationCtx ? ((ExtendedEvaluationCtx) evaluationCtx).getRoleConverter() : new RoleConverter() { // from class: com.bea.security.providers.xacml.SubjectAttributeDesignatorFactory.2
            private AttributeEvaluatableFactory aef;

            {
                this.aef = evaluationCtx.getSubjectAttributes();
            }

            @Override // com.bea.security.providers.xacml.RoleConverter
            public boolean isInRole(StringAttribute stringAttribute) throws IndeterminateEvaluationException {
                AttributeEvaluator evaluatable = this.aef.getEvaluatable(SubjectAttributeDesignatorFactory.this.ROLE_ATTR_URI, SubjectAttributeDesignatorFactory.this.STRING_TYPE);
                if (evaluatable != null) {
                    return evaluatable.evaluateToBag(evaluationCtx).contains(stringAttribute);
                }
                return false;
            }

            @Override // com.bea.security.providers.xacml.RoleConverter
            public Bag<StringAttribute> getRoleAttributes() throws IndeterminateEvaluationException {
                AttributeEvaluator evaluatable = this.aef.getEvaluatable(SubjectAttributeDesignatorFactory.this.ROLE_ATTR_URI, SubjectAttributeDesignatorFactory.this.STRING_TYPE);
                if (evaluatable != null) {
                    return evaluatable.evaluateToBag(evaluationCtx);
                }
                return null;
            }

            @Override // com.bea.security.providers.xacml.RoleConverter
            public AttributeEvaluator getEvaluator(URI uri, URI uri2, String str, URI uri3) {
                return this.aef.getEvaluatable(uri, uri2, str);
            }
        };
    }

    public ContextConverter getContextConverter(final EvaluationCtx evaluationCtx) {
        return evaluationCtx instanceof ExtendedEvaluationCtx ? ((ExtendedEvaluationCtx) evaluationCtx).getContextConverter() : new ContextConverter() { // from class: com.bea.security.providers.xacml.SubjectAttributeDesignatorFactory.3
            private AttributeEvaluatableFactory aef;

            {
                this.aef = evaluationCtx.getEnvironmentAttributes();
            }

            @Override // com.bea.security.providers.xacml.ContextConverter
            public JavaObjectAttribute getContextValue(String str) throws IndeterminateEvaluationException {
                Bag evaluateToBag;
                try {
                    AttributeEvaluator evaluatable = this.aef.getEvaluatable(new URI(SubjectAttributeDesignatorFactory.CONTEXT_ATTR + str), SubjectAttributeDesignatorFactory.this.OBJECT_TYPE);
                    if (evaluatable == null || (evaluateToBag = evaluatable.evaluateToBag(evaluationCtx)) == null || evaluateToBag.size() <= 0) {
                        return null;
                    }
                    return (JavaObjectAttribute) evaluateToBag.iterator().next();
                } catch (java.net.URISyntaxException e) {
                    throw new IndeterminateEvaluationException(e);
                }
            }

            @Override // com.bea.security.providers.xacml.ContextConverter
            public AttributeEvaluator getEvaluator(URI uri, URI uri2, String str) {
                return this.aef.getEvaluatable(uri, uri2, str);
            }
        };
    }

    /* JADX INFO: Access modifiers changed from: private */
    public <T extends Bag> T debugDesignator(EvaluationCtx evaluationCtx, URI uri, URI uri2, T t) {
        if (evaluationCtx.isDebugEnabled()) {
            StringBuffer stringBuffer = new StringBuffer();
            stringBuffer.append("Accessed Subject: Id=");
            stringBuffer.append(uri);
            if (!this.SUBJECTCATEGORY_ACCESSSUBJECT_URI.equals(uri2)) {
                stringBuffer.append(", SC=");
                stringBuffer.append(uri2);
            }
            stringBuffer.append(", Value=");
            stringBuffer.append(t != null ? t : "not present");
            evaluationCtx.debug(stringBuffer.toString());
        }
        return t;
    }

    public SubjectAttributeEvaluatableFactory getFactory() {
        return new SubjectAttributeEvaluatableFactory() { // from class: com.bea.security.providers.xacml.SubjectAttributeDesignatorFactory.4
            @Override // com.bea.security.xacml.attr.AttributeEvaluatableFactory
            public AttributeEvaluator getEvaluatable(URI uri, URI uri2) {
                return getEvaluatable(uri, uri2, null, null);
            }

            @Override // com.bea.security.xacml.attr.AttributeEvaluatableFactory
            public AttributeEvaluator getEvaluatable(URI uri, URI uri2, String str) {
                return getEvaluatable(uri, uri2, str, null);
            }

            @Override // com.bea.security.xacml.attr.SubjectAttributeEvaluatableFactory
            public AttributeEvaluator getEvaluatable(URI uri, URI uri2, URI uri3) {
                return getEvaluatable(uri, uri2, null, uri3);
            }

            @Override // com.bea.security.xacml.attr.SubjectAttributeEvaluatableFactory
            public AttributeEvaluator getEvaluatable(final URI uri, final URI uri2, final String str, final URI uri3) {
                if (str == null || SubjectAttributeDesignatorFactory.this.subjectIssuer.equals(str)) {
                    if (uri3 != null && !SubjectAttributeDesignatorFactory.this.SUBJECTCATEGORY_ACCESSSUBJECT_URI.equals(uri3)) {
                        String uri4 = uri3.toString();
                        if (uri4.startsWith(SubjectAttributeDesignatorFactory.CONTEXT_ATTR)) {
                            final String substring = uri4.substring(SubjectAttributeDesignatorFactory.CONTEXT_ATTR.length());
                            if (SubjectAttributeDesignatorFactory.this.SUBJECTID_ATTR_URI.equals(uri) && SubjectAttributeDesignatorFactory.this.STRING_TYPE.equals(uri2)) {
                                return new AttributeEvaluatorWrapper(uri2) { // from class: com.bea.security.providers.xacml.SubjectAttributeDesignatorFactory.4.4
                                    @Override // com.bea.security.xacml.AttributeEvaluatorWrapper, com.bea.security.xacml.AttributeEvaluator
                                    public Bag evaluateToBag(EvaluationCtx evaluationCtx) throws IndeterminateEvaluationException {
                                        JavaObjectAttribute contextValue = SubjectAttributeDesignatorFactory.this.getContextConverter(evaluationCtx).getContextValue(substring);
                                        if (contextValue != null) {
                                            Object value = contextValue.getValue();
                                            if (value instanceof Subject) {
                                                Bag debugDesignator = SubjectAttributeDesignatorFactory.this.debugDesignator(evaluationCtx, uri, uri3, SubjectAttributeDesignatorFactory.this.getSubjectConverter(evaluationCtx, (Subject) value).getUserNameAttributes());
                                                return debugDesignator != null ? debugDesignator : SubjectAttributeDesignatorFactory.EMPTY_BAG;
                                            }
                                        }
                                        SubjectAttributeDesignatorFactory.this.debugDesignator(evaluationCtx, uri, uri3, null);
                                        return SubjectAttributeDesignatorFactory.EMPTY_BAG;
                                    }
                                };
                            }
                            if (SubjectAttributeDesignatorFactory.this.GROUP_ATTR_URI.equals(uri) && SubjectAttributeDesignatorFactory.this.STRING_TYPE.equals(uri2)) {
                                return new AttributeEvaluatorWrapper(uri2) { // from class: com.bea.security.providers.xacml.SubjectAttributeDesignatorFactory.4.5
                                    @Override // com.bea.security.xacml.AttributeEvaluatorWrapper, com.bea.security.xacml.AttributeEvaluator
                                    public Bag evaluateToBag(EvaluationCtx evaluationCtx) throws IndeterminateEvaluationException {
                                        JavaObjectAttribute contextValue = SubjectAttributeDesignatorFactory.this.getContextConverter(evaluationCtx).getContextValue(substring);
                                        if (contextValue != null) {
                                            Object value = contextValue.getValue();
                                            if (value instanceof Subject) {
                                                Bag debugDesignator = SubjectAttributeDesignatorFactory.this.debugDesignator(evaluationCtx, uri, uri3, SubjectAttributeDesignatorFactory.this.getSubjectConverter(evaluationCtx, (Subject) value).getGroupAttributes());
                                                return debugDesignator != null ? debugDesignator : SubjectAttributeDesignatorFactory.EMPTY_BAG;
                                            }
                                        }
                                        SubjectAttributeDesignatorFactory.this.debugDesignator(evaluationCtx, uri, uri3, null);
                                        return SubjectAttributeDesignatorFactory.EMPTY_BAG;
                                    }
                                };
                            }
                        }
                    } else {
                        if (SubjectAttributeDesignatorFactory.this.SUBJECTID_ATTR_URI.equals(uri) && SubjectAttributeDesignatorFactory.this.STRING_TYPE.equals(uri2)) {
                            return new AttributeEvaluatorWrapper(uri2) { // from class: com.bea.security.providers.xacml.SubjectAttributeDesignatorFactory.4.1
                                @Override // com.bea.security.xacml.AttributeEvaluatorWrapper, com.bea.security.xacml.AttributeEvaluator
                                public Bag evaluateToBag(EvaluationCtx evaluationCtx) throws IndeterminateEvaluationException {
                                    Bag debugDesignator = SubjectAttributeDesignatorFactory.this.debugDesignator(evaluationCtx, uri, uri3, SubjectAttributeDesignatorFactory.this.getSubjectConverter(evaluationCtx).getUserNameAttributes());
                                    return debugDesignator != null ? debugDesignator : SubjectAttributeDesignatorFactory.EMPTY_BAG;
                                }
                            };
                        }
                        if (SubjectAttributeDesignatorFactory.this.GROUP_ATTR_URI.equals(uri) && SubjectAttributeDesignatorFactory.this.STRING_TYPE.equals(uri2)) {
                            return new AttributeEvaluatorWrapper(uri2) { // from class: com.bea.security.providers.xacml.SubjectAttributeDesignatorFactory.4.2
                                @Override // com.bea.security.xacml.AttributeEvaluatorWrapper, com.bea.security.xacml.AttributeEvaluator
                                public Bag evaluateToBag(EvaluationCtx evaluationCtx) throws IndeterminateEvaluationException {
                                    Bag debugDesignator = SubjectAttributeDesignatorFactory.this.debugDesignator(evaluationCtx, uri, uri3, SubjectAttributeDesignatorFactory.this.getSubjectConverter(evaluationCtx).getGroupAttributes());
                                    return debugDesignator != null ? debugDesignator : SubjectAttributeDesignatorFactory.EMPTY_BAG;
                                }
                            };
                        }
                        if (SubjectAttributeDesignatorFactory.this.ROLE_ATTR_URI.equals(uri) && SubjectAttributeDesignatorFactory.this.STRING_TYPE.equals(uri2)) {
                            return new AttributeEvaluatorWrapper(uri2) { // from class: com.bea.security.providers.xacml.SubjectAttributeDesignatorFactory.4.3
                                @Override // com.bea.security.xacml.AttributeEvaluatorWrapper, com.bea.security.xacml.AttributeEvaluator
                                public Bag evaluateToBag(EvaluationCtx evaluationCtx) throws IndeterminateEvaluationException {
                                    Bag debugDesignator = SubjectAttributeDesignatorFactory.this.debugDesignator(evaluationCtx, uri, uri3, SubjectAttributeDesignatorFactory.this.getRoleConverter(evaluationCtx).getRoleAttributes());
                                    return debugDesignator != null ? debugDesignator : SubjectAttributeDesignatorFactory.EMPTY_BAG;
                                }
                            };
                        }
                    }
                }
                return new AttributeEvaluatorWrapper(uri2) { // from class: com.bea.security.providers.xacml.SubjectAttributeDesignatorFactory.4.6
                    @Override // com.bea.security.xacml.AttributeEvaluatorWrapper, com.bea.security.xacml.AttributeEvaluator
                    public Bag evaluateToBag(EvaluationCtx evaluationCtx) throws IndeterminateEvaluationException {
                        AttributeEvaluator evaluator = SubjectAttributeDesignatorFactory.this.getSubjectConverter(evaluationCtx).getEvaluator(uri, uri2, str, uri3);
                        if (evaluator == null) {
                            evaluator = SubjectAttributeDesignatorFactory.this.getRoleConverter(evaluationCtx).getEvaluator(uri, uri2, str, uri3);
                        }
                        Bag debugDesignator = SubjectAttributeDesignatorFactory.this.debugDesignator(evaluationCtx, uri, uri3, evaluator != null ? evaluator.evaluateToBag(evaluationCtx) : null);
                        if (debugDesignator != null) {
                            return debugDesignator;
                        }
                        Type findType = Type.findType(uri2.toString());
                        if (findType == null) {
                            throw new IndeterminateEvaluationException("Unknown type: " + uri2);
                        }
                        return new GenericBag(findType);
                    }
                };
            }
        };
    }

    @Override // com.bea.security.xacml.attr.designator.SubjectAttributeDesignatorFactory
    public AttributeEvaluator createDesignator(SubjectAttributeDesignator subjectAttributeDesignator, Configuration configuration, Iterator<com.bea.security.xacml.attr.designator.SubjectAttributeDesignatorFactory> it) throws URISyntaxException {
        SubjectAttributeEvaluatableFactory factory = getFactory();
        final URI attributeId = subjectAttributeDesignator.getAttributeId();
        final URI dataType = subjectAttributeDesignator.getDataType();
        String issuer = subjectAttributeDesignator.getIssuer();
        URI subjectCategory = subjectAttributeDesignator.getSubjectCategory();
        if (!subjectAttributeDesignator.isMustBePresent()) {
            return generateEvaluator(factory, attributeId, dataType, issuer, subjectCategory);
        }
        final AttributeEvaluator generateEvaluator = generateEvaluator(factory, attributeId, dataType, issuer, subjectCategory);
        return new AttributeEvaluatorWrapper(generateEvaluator.getType()) { // from class: com.bea.security.providers.xacml.SubjectAttributeDesignatorFactory.5
            @Override // com.bea.security.xacml.AttributeEvaluatorWrapper, com.bea.security.xacml.AttributeEvaluator
            public Bag evaluateToBag(EvaluationCtx evaluationCtx) throws IndeterminateEvaluationException {
                Bag evaluateToBag = generateEvaluator.evaluateToBag(evaluationCtx);
                if (evaluateToBag == null || evaluateToBag.isEmpty()) {
                    throw new MissingAttributeException(attributeId, dataType);
                }
                return evaluateToBag;
            }

            @Override // com.bea.security.xacml.AttributeEvaluatorWrapper, com.bea.security.xacml.AttributeEvaluator
            public Type getType() throws URISyntaxException {
                return generateEvaluator.getType();
            }
        };
    }

    private AttributeEvaluator generateEvaluator(SubjectAttributeEvaluatableFactory subjectAttributeEvaluatableFactory, URI uri, URI uri2, String str, URI uri3) {
        return str != null ? subjectAttributeEvaluatableFactory.getEvaluatable(uri, uri2, str, uri3) : subjectAttributeEvaluatableFactory.getEvaluatable(uri, uri2, uri3);
    }
}
