package org.apache.openaz.xacml.std.pip.engines.ldap;

import java.io.StringWriter;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.naming.NamingException;
import javax.naming.directory.SearchResult;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.openaz.xacml.api.Attribute;
import org.apache.openaz.xacml.api.AttributeValue;
import org.apache.openaz.xacml.api.DataType;
import org.apache.openaz.xacml.api.DataTypeException;
import org.apache.openaz.xacml.api.DataTypeFactory;
import org.apache.openaz.xacml.api.pip.PIPEngine;
import org.apache.openaz.xacml.api.pip.PIPException;
import org.apache.openaz.xacml.api.pip.PIPFinder;
import org.apache.openaz.xacml.api.pip.PIPRequest;
import org.apache.openaz.xacml.api.pip.PIPResponse;
import org.apache.openaz.xacml.std.StdAttribute;
import org.apache.openaz.xacml.std.datatypes.DataTypes;
import org.apache.openaz.xacml.std.pip.StdPIPRequest;
import org.apache.openaz.xacml.std.pip.engines.Configurables;
import org.apache.openaz.xacml.std.pip.engines.csv.HyperCSVEngine;
import org.apache.openaz.xacml.util.FactoryException;
import org.apache.velocity.VelocityContext;
import org.apache.velocity.app.Velocity;
import org.apache.velocity.app.event.EventCartridge;
import org.apache.velocity.app.event.ReferenceInsertionEventHandler;
import org.apache.velocity.exception.MethodInvocationException;
import org.apache.velocity.exception.ParseErrorException;
import org.apache.velocity.exception.ResourceNotFoundException;

/* loaded from: input_file:org/apache/openaz/xacml/std/pip/engines/ldap/ConfigurableLDAPResolver.class */
public class ConfigurableLDAPResolver implements LDAPResolver {
    private static DataTypeFactory dataTypeFactory;
    private Log logger = LogFactory.getLog(getClass());
    private String defaultIssuer;
    private String id;
    private String base;
    private String filter;
    private Map<String, PIPRequest> baseParameters;
    private Map<String, PIPRequest> filterParameters;
    private Map<String, PIPRequest> filterView;

    /* loaded from: input_file:org/apache/openaz/xacml/std/pip/engines/ldap/ConfigurableLDAPResolver$VelocityParameterHandler.class */
    private class VelocityParameterHandler implements ReferenceInsertionEventHandler {
        private Pattern vpp;

        private VelocityParameterHandler() {
            this.vpp = Pattern.compile("\\{(\\w)+\\}");
        }

        public Object referenceInsert(String str, Object obj) {
            String str2;
            Matcher matcher = this.vpp.matcher(str);
            if (matcher.find()) {
                String group = matcher.group();
                str2 = group.substring(1, group.length() - 1);
            } else {
                str2 = HyperCSVEngine.HYPER_PASS;
            }
            if (ConfigurableLDAPResolver.this.logger.isTraceEnabled()) {
                ConfigurableLDAPResolver.this.logger.trace("(" + ConfigurableLDAPResolver.this.id + ") Velocity parameter: " + str2);
            }
            return str2;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/openaz/xacml/std/pip/engines/ldap/ConfigurableLDAPResolver$VelocityParameterReader.class */
    public class VelocityParameterReader extends VelocityParameterHandler {
        private Set<String> parameters;

        private VelocityParameterReader() {
            super();
            this.parameters = new HashSet();
        }

        @Override // org.apache.openaz.xacml.std.pip.engines.ldap.ConfigurableLDAPResolver.VelocityParameterHandler
        public Object referenceInsert(String str, Object obj) {
            this.parameters.add((String) super.referenceInsert(str, obj));
            return HyperCSVEngine.HYPER_PASS;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/openaz/xacml/std/pip/engines/ldap/ConfigurableLDAPResolver$VelocityParameterWriter.class */
    public class VelocityParameterWriter extends VelocityParameterHandler {
        private PIPFinder finder;
        private Map<String, PIPRequest> parameters;

        public VelocityParameterWriter(PIPFinder pIPFinder, Map<String, PIPRequest> map) {
            super();
            this.finder = pIPFinder;
            this.parameters = map;
        }

        @Override // org.apache.openaz.xacml.std.pip.engines.ldap.ConfigurableLDAPResolver.VelocityParameterHandler
        public Object referenceInsert(String str, Object obj) {
            String str2 = (String) super.referenceInsert(str, obj);
            try {
                PIPRequest pIPRequest = this.parameters.get(str2);
                if (ConfigurableLDAPResolver.this.logger.isTraceEnabled()) {
                    ConfigurableLDAPResolver.this.logger.trace("(" + ConfigurableLDAPResolver.this.id + ") Velocity parameter: " + str2 + " requests " + pIPRequest);
                }
                if (null == pIPRequest) {
                    throw new RuntimeException("Parameter '" + str2 + "' is not available");
                }
                Object evaluatePIPRequest = ConfigurableLDAPResolver.this.evaluatePIPRequest(pIPRequest, this.finder);
                if (null != evaluatePIPRequest) {
                    return evaluatePIPRequest;
                }
                if (str2.startsWith("_")) {
                    return "*";
                }
                return null;
            } catch (PIPException e) {
                throw new RuntimeException(e);
            }
        }
    }

    @Override // org.apache.openaz.xacml.std.pip.engines.ConfigurableResolver
    public void configure(String str, Properties properties, String str2) throws PIPException {
        this.id = str;
        this.defaultIssuer = str2;
        this.base = properties.getProperty(str + ".base");
        this.filter = properties.getProperty(str + ".filter");
        Set<String> prepareVelocityTemplate = prepareVelocityTemplate(this.base);
        Set<String> prepareVelocityTemplate2 = prepareVelocityTemplate(this.filter);
        this.baseParameters = Configurables.getPIPRequestMap(str + ".base", "parameters", properties, null);
        this.filterParameters = Configurables.getPIPRequestMap(str + ".filter", "parameters", properties, null);
        if (!this.baseParameters.keySet().containsAll(prepareVelocityTemplate)) {
            throw new PIPException("The 'base' template contains parameters that were not specified in its map.");
        }
        if (!this.filterParameters.keySet().containsAll(prepareVelocityTemplate2)) {
            throw new PIPException("The 'filter' template contains parameters that were not specified in its map.");
        }
        this.filterView = Configurables.getPIPRequestMap(str + ".filter", "view", properties, str2);
        if (this.logger.isTraceEnabled()) {
            this.logger.trace("(" + str + ") \nbase '" + this.base + "', parameters " + this.baseParameters + "\nfilter '" + this.filter + "', parameters " + this.filterParameters + ", view " + this.filterView);
        }
    }

    public void store(String str, Properties properties) throws PIPException {
        properties.setProperty(str + ".base", this.base);
        properties.setProperty(str + ".filter", this.filter);
        Configurables.setPIPRequestMap(this.baseParameters, str + ".base", "parameters", properties);
        Configurables.setPIPRequestMap(this.filterParameters, str + ".filter", "parameters", properties);
        Configurables.setPIPRequestMap(this.filterView, str + ".filter", "view", properties);
    }

    private Set<String> prepareVelocityTemplate(String str) throws PIPException {
        VelocityContext velocityContext = new VelocityContext();
        EventCartridge eventCartridge = new EventCartridge();
        VelocityParameterReader velocityParameterReader = new VelocityParameterReader();
        eventCartridge.addEventHandler(velocityParameterReader);
        eventCartridge.attachToContext(velocityContext);
        try {
            Velocity.evaluate(velocityContext, new StringWriter(), "LdapResolver", str);
            if (this.logger.isTraceEnabled()) {
                this.logger.trace("(" + this.id + ") " + str + " with parameters " + velocityParameterReader.parameters);
            }
            return velocityParameterReader.parameters;
        } catch (ParseErrorException e) {
            throw new PIPException("Velocity template preparation failed", e);
        } catch (MethodInvocationException e2) {
            throw new PIPException("Velocity template preparation failed", e2);
        } catch (ResourceNotFoundException e3) {
            throw new PIPException("Velocity template preparation failed", e3);
        }
    }

    private String evaluateVelocityTemplate(String str, Map<String, PIPRequest> map, PIPFinder pIPFinder) throws PIPException {
        StringWriter stringWriter = new StringWriter();
        VelocityContext velocityContext = new VelocityContext();
        EventCartridge eventCartridge = new EventCartridge();
        eventCartridge.addEventHandler(new VelocityParameterWriter(pIPFinder, map));
        eventCartridge.attachToContext(velocityContext);
        try {
            Velocity.evaluate(velocityContext, stringWriter, "LdapResolver", str);
            this.logger.warn("(" + this.id + ")  template yields " + stringWriter.toString());
            return stringWriter.toString();
        } catch (ParseErrorException e) {
            throw new PIPException("Velocity template evaluation failed", e);
        } catch (ResourceNotFoundException e2) {
            throw new PIPException("Velocity template evaluation failed", e2);
        } catch (MethodInvocationException e3) {
            throw new PIPException("Velocity template evaluation failed", e3);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Object evaluatePIPRequest(PIPRequest pIPRequest, PIPFinder pIPFinder) throws PIPException {
        if (this.logger.isTraceEnabled()) {
            this.logger.trace("(" + this.id + ") " + pIPRequest);
        }
        PIPResponse matchingAttributes = pIPFinder.getMatchingAttributes(pIPRequest, null);
        if (matchingAttributes.getStatus() != null && !matchingAttributes.getStatus().isOk()) {
            return null;
        }
        Collection<Attribute> attributes = matchingAttributes.getAttributes();
        if (attributes.size() <= 0) {
            return null;
        }
        if (attributes.size() > 1) {
            if (this.logger.isTraceEnabled()) {
                this.logger.trace("(" + this.id + ") PIPFinder returned more than one Attribute for " + pIPRequest);
            }
            throw new PIPException("PIPFinder returned more than one Attribute for " + pIPRequest.toString());
        }
        Collection<AttributeValue<?>> values = attributes.iterator().next().getValues();
        if (values.size() <= 0) {
            return null;
        }
        if (values.size() > 1) {
            if (!this.logger.isTraceEnabled()) {
                return null;
            }
            this.logger.trace("(" + this.id + ") PIPFinder returned more than one AttributeValue for " + pIPRequest);
            return null;
        }
        try {
            return DataTypes.DT_STRING.convert(values.iterator().next().getValue());
        } catch (DataTypeException e) {
            throw new PIPException("Fauiled to extract attribute value", e);
        }
    }

    @Override // org.apache.openaz.xacml.std.pip.engines.ldap.LDAPResolver
    public String getBase(PIPEngine pIPEngine, PIPRequest pIPRequest, PIPFinder pIPFinder) throws PIPException {
        if (this.filterView.containsValue(pIPRequest)) {
            if (this.logger.isTraceEnabled()) {
                this.logger.trace("(" + this.id + ") " + pIPRequest);
            }
            return evaluateVelocityTemplate(this.base, this.baseParameters, pIPFinder);
        }
        if (!this.logger.isTraceEnabled()) {
            return null;
        }
        this.logger.trace("(" + this.id + ") " + pIPRequest + " not in " + this.filterView);
        return null;
    }

    public void setBase(String str) throws PIPException {
        if (!this.baseParameters.keySet().containsAll(prepareVelocityTemplate(str))) {
            throw new PIPException("The 'base' template contains parameters that were not specified in its map.");
        }
        this.base = str;
    }

    @Override // org.apache.openaz.xacml.std.pip.engines.ldap.LDAPResolver
    public String getFilterString(PIPEngine pIPEngine, PIPRequest pIPRequest, PIPFinder pIPFinder) throws PIPException {
        if (this.logger.isTraceEnabled()) {
            this.logger.trace("(" + this.id + ") " + pIPRequest);
        }
        if (this.filterView.containsValue(pIPRequest)) {
            return evaluateVelocityTemplate(this.filter, this.filterParameters, pIPFinder);
        }
        if (!this.logger.isTraceEnabled()) {
            return null;
        }
        this.logger.trace("(" + this.id + ") request " + pIPRequest + " not in " + this.filterView);
        return null;
    }

    public void setFilterString(String str) throws PIPException {
        if (!this.filterParameters.keySet().containsAll(prepareVelocityTemplate(str))) {
            throw new PIPException("The 'filter' template contains parameters that were not specified in its map.");
        }
        this.filter = str;
    }

    private Attribute decodeResultValue(SearchResult searchResult, String str, PIPRequest pIPRequest) {
        AttributeValue<?> attributeValue = null;
        HashSet hashSet = null;
        this.logger.warn("(" + this.id + ") SearchResult attributes: " + searchResult.getAttributes());
        try {
            DataType<?> dataType = dataTypeFactory.getDataType(pIPRequest.getDataTypeId());
            if (dataType == null) {
                if (!this.logger.isTraceEnabled()) {
                    return null;
                }
                this.logger.trace("(" + this.id + ") Unknown data type in " + pIPRequest);
                return null;
            }
            if ("dn".equalsIgnoreCase(str)) {
                attributeValue = dataType.createAttributeValue(searchResult.getNameInNamespace());
            } else {
                javax.naming.directory.Attribute attribute = searchResult.getAttributes().get(str);
                if (attribute == null) {
                    this.logger.warn("(" + this.id + ") SearchResult did not provide a value for '" + str + "'");
                    return null;
                }
                if (this.logger.isTraceEnabled()) {
                    this.logger.trace("(" + this.id + ") directory attribute '" + str + "' value is '" + attribute + "'");
                }
                if (attribute.size() == 1) {
                    attributeValue = dataType.createAttributeValue(attribute.get().toString());
                } else {
                    if (this.logger.isTraceEnabled()) {
                        this.logger.trace("(" + this.id + ") SearchResult yields a multi-valued '" + str + "'");
                    }
                    hashSet = new HashSet();
                    for (int i = 0; i < attribute.size(); i++) {
                        hashSet.add(dataType.createAttributeValue(attribute.get().toString()));
                    }
                }
            }
            StdAttribute stdAttribute = hashSet == null ? new StdAttribute(pIPRequest.getCategory(), pIPRequest.getAttributeId(), attributeValue, pIPRequest.getIssuer(), false) : new StdAttribute(pIPRequest.getCategory(), pIPRequest.getAttributeId(), (Collection<AttributeValue<?>>) hashSet, pIPRequest.getIssuer(), false);
            this.logger.warn("(" + this.id + ")  providing attribute " + stdAttribute);
            return stdAttribute;
        } catch (DataTypeException e) {
            this.logger.error("(" + this.id + ") Failed to decode search result", e);
            return null;
        } catch (NamingException e2) {
            this.logger.error("(" + this.id + ") Failed to decode search result", e2);
            return null;
        }
    }

    @Override // org.apache.openaz.xacml.std.pip.engines.ldap.LDAPResolver
    public List<Attribute> decodeResult(SearchResult searchResult) throws PIPException {
        ArrayList arrayList = new ArrayList();
        for (Map.Entry<String, PIPRequest> entry : this.filterView.entrySet()) {
            Attribute decodeResultValue = decodeResultValue(searchResult, entry.getKey(), entry.getValue());
            if (decodeResultValue != null) {
                arrayList.add(decodeResultValue);
            }
        }
        return arrayList;
    }

    @Override // org.apache.openaz.xacml.std.pip.engines.ConfigurableResolver
    public void attributesRequired(Collection<PIPRequest> collection) {
        Iterator<String> it = this.filterView.keySet().iterator();
        while (it.hasNext()) {
            collection.add(new StdPIPRequest(this.filterView.get(it.next())));
        }
    }

    @Override // org.apache.openaz.xacml.std.pip.engines.ConfigurableResolver
    public void attributesProvided(Collection<PIPRequest> collection) {
        Iterator<String> it = this.filterParameters.keySet().iterator();
        while (it.hasNext()) {
            PIPRequest pIPRequest = this.filterParameters.get(it.next());
            collection.add(new StdPIPRequest(pIPRequest.getCategory(), pIPRequest.getAttributeId(), pIPRequest.getDataTypeId(), pIPRequest.getIssuer() != null ? pIPRequest.getIssuer() : this.defaultIssuer));
        }
    }

    static {
        dataTypeFactory = null;
        try {
            dataTypeFactory = DataTypeFactory.newInstance();
            Velocity.setProperty("runtime.log.logsystem.log4j.logger", "MAIN_LOG");
            Velocity.init();
        } catch (FactoryException e) {
            throw new RuntimeException(e);
        }
    }
}
