package com.dtolabs.rundeck.core.authorization.providers;

import com.dtolabs.rundeck.core.authorization.Attribute;
import com.dtolabs.rundeck.core.authorization.Authorization;
import com.dtolabs.rundeck.core.authorization.Decision;
import com.dtolabs.rundeck.core.authorization.Explanation;
import java.io.File;
import java.io.IOException;
import java.io.PrintStream;
import java.security.Principal;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.security.auth.Subject;
import org.apache.log4j.Logger;

/* loaded from: input_file:com/dtolabs/rundeck/core/authorization/providers/SAREAuthorization.class */
public class SAREAuthorization implements Authorization {
    private static final Logger logger = Logger.getLogger(SAREAuthorization.class);
    private final Policies policies;
    private final File baseDirectory;
    private long decisionsMade;

    public SAREAuthorization(File file) throws IOException, PoliciesParseException {
        this.policies = Policies.load(file);
        this.baseDirectory = file;
    }

    public SAREAuthorization(Policies policies) throws IOException, PoliciesParseException {
        this.policies = policies;
        this.baseDirectory = null;
    }

    private Decision internalEvaluate(Map<String, String> map, Subject subject, String str, Set<Attribute> set, List<AclContext> list) {
        long currentTimeMillis = System.currentTimeMillis();
        if (list.size() < 1) {
            return authorize(false, "No context matches subject or environment", Explanation.Code.REJECTED_NO_SUBJECT_OR_ENV_FOUND, map, subject, str, set, System.currentTimeMillis() - currentTimeMillis);
        }
        if (map == null) {
            throw new IllegalArgumentException("Resource does not identify any resource because it's an empty resource property or null.");
        }
        for (Map.Entry<String, String> entry : map.entrySet()) {
            if (entry.getKey() == null) {
                throw new IllegalArgumentException("Resource definition cannot contain null property name.");
            }
            if (entry.getValue() == null) {
                throw new IllegalArgumentException("Resource definition cannot contain null value.  Corresponding key: " + entry.getKey());
            }
        }
        if (subject == null) {
            throw new IllegalArgumentException("Invalid subject, subject is null.");
        }
        if (str == null || str.length() <= 0) {
            return authorize(false, "No action provided.", Explanation.Code.REJECTED_NO_ACTION_PROVIDED, map, subject, str, set, System.currentTimeMillis() - currentTimeMillis);
        }
        if (set == null) {
            set = Collections.emptySet();
        }
        this.decisionsMade++;
        ContextDecision contextDecision = null;
        ContextDecision contextDecision2 = null;
        boolean z = false;
        Iterator<AclContext> it = list.iterator();
        while (it.hasNext()) {
            ContextDecision includes = it.next().includes(map, str);
            if (Explanation.Code.REJECTED_DENIED == includes.getCode()) {
                return createAuthorize(false, includes, map, subject, str, set, System.currentTimeMillis() - currentTimeMillis);
            }
            if (includes.granted()) {
                contextDecision = includes;
                z = true;
            }
            contextDecision2 = includes;
        }
        return z ? createAuthorize(true, contextDecision, map, subject, str, set, System.currentTimeMillis() - currentTimeMillis) : contextDecision2 == null ? authorize(false, "No resource or action matched.", Explanation.Code.REJECTED_NO_RESOURCE_OR_ACTION_MATCH, map, subject, str, set, System.currentTimeMillis() - currentTimeMillis) : createAuthorize(false, contextDecision2, map, subject, str, set, System.currentTimeMillis() - currentTimeMillis);
    }

    @Override // com.dtolabs.rundeck.core.authorization.Authorization
    public Decision evaluate(Map<String, String> map, Subject subject, String str, Set<Attribute> set) {
        return evaluate(map, subject, str, set, this.policies.narrowContext(subject, set));
    }

    private Decision evaluate(Map<String, String> map, Subject subject, String str, Set<Attribute> set, List<AclContext> list) {
        Decision internalEvaluate = internalEvaluate(map, subject, str, set, list);
        StringBuilder sb = new StringBuilder();
        sb.append("Evaluating ").append(internalEvaluate).append(" (").append(internalEvaluate.evaluationDuration()).append("ms)");
        logger.info(sb.toString());
        return internalEvaluate;
    }

    @Override // com.dtolabs.rundeck.core.authorization.Authorization
    public Set<Decision> evaluate(Set<Map<String, String>> set, Subject subject, Set<String> set2, Set<Attribute> set3) {
        HashSet hashSet = new HashSet();
        long j = 0;
        List<AclContext> narrowContext = this.policies.narrowContext(subject, set3);
        for (Map<String, String> map : set) {
            Iterator<String> it = set2.iterator();
            while (it.hasNext()) {
                Decision evaluate = evaluate(map, subject, it.next(), set3, narrowContext);
                j += evaluate.evaluationDuration();
                hashSet.add(evaluate);
            }
        }
        return hashSet;
    }

    private static Decision authorize(boolean z, final String str, final Explanation.Code code, Map<String, String> map, Subject subject, String str2, Set<Attribute> set, long j) {
        return createAuthorize(z, new Explanation() { // from class: com.dtolabs.rundeck.core.authorization.providers.SAREAuthorization.1
            @Override // com.dtolabs.rundeck.core.authorization.Explanation
            public Explanation.Code getCode() {
                return Explanation.Code.this;
            }

            @Override // com.dtolabs.rundeck.core.authorization.Explanation
            public void describe(PrintStream printStream) {
                printStream.println(toString());
            }

            public String toString() {
                return "\t" + str + " => " + Explanation.Code.this;
            }
        }, map, subject, str2, set, j);
    }

    private static Decision createAuthorize(final boolean z, final Explanation explanation, final Map<String, String> map, final Subject subject, final String str, final Set<Attribute> set, final long j) {
        return new Decision() { // from class: com.dtolabs.rundeck.core.authorization.providers.SAREAuthorization.2
            private String representation;

            @Override // com.dtolabs.rundeck.core.authorization.Decision
            public boolean isAuthorized() {
                return z;
            }

            @Override // com.dtolabs.rundeck.core.authorization.Decision
            public Map<String, String> getResource() {
                return map;
            }

            @Override // com.dtolabs.rundeck.core.authorization.Decision
            public String getAction() {
                return str;
            }

            @Override // com.dtolabs.rundeck.core.authorization.Decision
            public Set<Attribute> getEnvironment() {
                return set;
            }

            @Override // com.dtolabs.rundeck.core.authorization.Decision
            public Subject getSubject() {
                return subject;
            }

            public String toString() {
                if (this.representation == null) {
                    StringBuilder sb = new StringBuilder();
                    sb.append("Decision for: ");
                    sb.append("res<");
                    Iterator it = map.entrySet().iterator();
                    while (it.hasNext()) {
                        Map.Entry entry = (Map.Entry) it.next();
                        sb.append((String) entry.getKey()).append(':').append((String) entry.getValue());
                        if (it.hasNext()) {
                            sb.append(", ");
                        }
                    }
                    sb.append("> subject<");
                    Iterator<Principal> it2 = subject.getPrincipals().iterator();
                    while (it2.hasNext()) {
                        Principal next = it2.next();
                        sb.append(next.getClass().getSimpleName());
                        sb.append(':');
                        sb.append(next.getName());
                        if (it2.hasNext()) {
                            sb.append(' ');
                        }
                    }
                    sb.append("> action<");
                    sb.append(str);
                    sb.append("> env<");
                    Iterator it3 = set.iterator();
                    while (it3.hasNext()) {
                        sb.append((Attribute) it3.next());
                        if (it3.hasNext()) {
                            sb.append(", ");
                        }
                    }
                    sb.append(">");
                    sb.append(": authorized: ");
                    sb.append(isAuthorized());
                    sb.append(": ");
                    sb.append(explanation.toString());
                    this.representation = sb.toString();
                }
                return this.representation;
            }

            @Override // com.dtolabs.rundeck.core.authorization.Decision
            public Explanation explain() {
                return explanation;
            }

            @Override // com.dtolabs.rundeck.core.authorization.Decision
            public long evaluationDuration() {
                return j;
            }
        };
    }

    public String toString() {
        return getClass().getName() + " (" + this.policies.count() + ") [" + this.baseDirectory.toString() + "]";
    }

    @Deprecated
    public List<String> hackMeSomeRoles() {
        return this.policies.listAllRoles();
    }
}
