package org.xdi.oxauth.service.uma.authorization;

import java.io.ByteArrayInputStream;
import java.io.InputStream;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang.StringUtils;
import org.jboss.seam.ScopeType;
import org.jboss.seam.annotations.AutoCreate;
import org.jboss.seam.annotations.In;
import org.jboss.seam.annotations.Logger;
import org.jboss.seam.annotations.Name;
import org.jboss.seam.annotations.Scope;
import org.jboss.seam.log.Log;
import org.python.core.PyObject;
import org.xdi.model.ProgrammingLanguage;
import org.xdi.oxauth.model.common.AuthorizationGrant;
import org.xdi.oxauth.model.common.UnmodifiableAuthorizationGrant;
import org.xdi.oxauth.model.common.uma.UmaRPT;
import org.xdi.oxauth.model.uma.RptAuthorizationRequest;
import org.xdi.oxauth.model.uma.persistence.ResourceSetPermission;
import org.xdi.oxauth.model.uma.persistence.UmaPolicy;
import org.xdi.oxauth.service.uma.PolicyService;
import org.xdi.oxauth.util.ServerUtil;
import org.xdi.service.PythonService;

@Name("umaAuthorizationService")
@AutoCreate
@Scope(ScopeType.STATELESS)
/* loaded from: input_file:org/xdi/oxauth/service/uma/authorization/AuthorizationService.class */
public class AuthorizationService {
    private static final String PYTHON_CLASS_NAME = "PythonExternalAuthorization";

    @Logger
    private Log log;

    @In
    private PythonService pythonService;

    @In
    private PolicyService umaPolicyService;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.xdi.oxauth.service.uma.authorization.AuthorizationService$1, reason: invalid class name */
    /* loaded from: input_file:org/xdi/oxauth/service/uma/authorization/AuthorizationService$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$xdi$model$ProgrammingLanguage = new int[ProgrammingLanguage.values().length];

        static {
            try {
                $SwitchMap$org$xdi$model$ProgrammingLanguage[ProgrammingLanguage.PYTHON.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$xdi$model$ProgrammingLanguage[ProgrammingLanguage.JAVA_SCRIPT.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
        }
    }

    public boolean allowToAddPermission(AuthorizationGrant authorizationGrant, UmaRPT umaRPT, ResourceSetPermission resourceSetPermission, HttpServletRequest httpServletRequest, RptAuthorizationRequest rptAuthorizationRequest) {
        this.log.trace("Check policies for permission, id: {0}", new Object[]{resourceSetPermission.getDn()});
        List<UmaPolicy> loadPoliciesByScopeDns = this.umaPolicyService.loadPoliciesByScopeDns(resourceSetPermission.getScopeDns());
        if (loadPoliciesByScopeDns == null || loadPoliciesByScopeDns.isEmpty()) {
            this.log.trace("No policies protection, allowed to grant permission.", new Object[0]);
            return true;
        }
        AuthorizationContext authorizationContext = new AuthorizationContext(umaRPT, resourceSetPermission, new UnmodifiableAuthorizationGrant(authorizationGrant), httpServletRequest, rptAuthorizationRequest.getClaims());
        for (UmaPolicy umaPolicy : loadPoliciesByScopeDns) {
            if (!applyPolicy(umaPolicy, authorizationContext)) {
                this.log.trace("Reject access. Policy dn: {0}", new Object[]{umaPolicy.getDn()});
                return false;
            }
        }
        this.log.trace("All policies are ok, grant access.", new Object[0]);
        return true;
    }

    /* JADX WARN: Can't fix incorrect switch cases order, some code will duplicate */
    /* JADX WARN: Failed to find 'out' block for switch in B:5:0x0027. Please report as an issue. */
    private boolean applyPolicy(UmaPolicy umaPolicy, AuthorizationContext authorizationContext) {
        try {
            this.log.trace("Apply policy id: {0} ...", new Object[]{umaPolicy.getInum()});
            ProgrammingLanguage programmingLanguage = umaPolicy.getProgrammingLanguage();
            if (programmingLanguage != null) {
                switch (AnonymousClass1.$SwitchMap$org$xdi$model$ProgrammingLanguage[programmingLanguage.ordinal()]) {
                    case 1:
                        IPolicyExternalAuthorization createPythonAuthorization = createPythonAuthorization(umaPolicy.getPolicyScript());
                        if (createPythonAuthorization != null) {
                            boolean authorize = createPythonAuthorization.authorize(authorizationContext);
                            this.log.trace("Policy result: {0}", new Object[]{Boolean.valueOf(authorize)});
                            return authorize;
                        }
                        break;
                    case 2:
                        this.log.error("JavaScript is not supported! Please use python instead.", new Object[0]);
                        break;
                }
            } else {
                this.log.error("Unable to identify programming language.", new Object[0]);
            }
            return false;
        } catch (Exception e) {
            this.log.error(e.getMessage(), e, new Object[0]);
            return false;
        }
    }

    private IPolicyExternalAuthorization createPythonAuthorization(String str) {
        try {
            if (StringUtils.isNotBlank(str)) {
                ByteArrayInputStream byteArrayInputStream = null;
                try {
                    try {
                        byteArrayInputStream = new ByteArrayInputStream(str.getBytes("UTF-8"));
                        IPolicyExternalAuthorization iPolicyExternalAuthorization = (IPolicyExternalAuthorization) this.pythonService.loadPythonScript(byteArrayInputStream, PYTHON_CLASS_NAME, IPolicyExternalAuthorization.class, new PyObject[0]);
                        if (iPolicyExternalAuthorization == null) {
                            this.log.error("Policy python script does not implement IPolicyExternalAuthorization interface or script is corrupted.", new Object[0]);
                        }
                        return iPolicyExternalAuthorization;
                    } finally {
                        IOUtils.closeQuietly((InputStream) null);
                    }
                } catch (Exception e) {
                    this.log.error(e.getMessage(), e, new Object[0]);
                    IOUtils.closeQuietly(byteArrayInputStream);
                }
            }
        } catch (Exception e2) {
            this.log.error(e2.getMessage(), e2, new Object[0]);
        }
        this.log.error("Failed to prepare python external authorization", new Object[0]);
        this.log.info("Using FALSE external authorization class.", new Object[0]);
        return PolicyExternalAuthorizationEnum.FALSE;
    }

    public static AuthorizationService instance() {
        return (AuthorizationService) ServerUtil.instance(AuthorizationService.class);
    }
}
