package org.keycloak.authorization.policy.provider.time;

import java.text.SimpleDateFormat;
import java.util.Calendar;
import java.util.Date;
import org.keycloak.authorization.attribute.Attributes;
import org.keycloak.authorization.model.Policy;
import org.keycloak.authorization.policy.evaluation.Evaluation;
import org.keycloak.authorization.policy.evaluation.EvaluationContext;
import org.keycloak.authorization.policy.provider.PolicyProvider;

/* loaded from: input_file:BOOT-INF/lib/keycloak-authz-policy-common-11.0.2.jar:org/keycloak/authorization/policy/provider/time/TimePolicyProvider.class */
public class TimePolicyProvider implements PolicyProvider {
    static String DEFAULT_DATE_PATTERN = "yyyy-MM-dd HH:mm:ss";
    static String CONTEXT_TIME_ENTRY = "kc.time.date_time";

    @Override // org.keycloak.authorization.policy.provider.PolicyProvider
    public void evaluate(Evaluation evaluation) {
        Policy policy = evaluation.getPolicy();
        SimpleDateFormat simpleDateFormat = new SimpleDateFormat(DEFAULT_DATE_PATTERN);
        try {
            String str = null;
            EvaluationContext context = evaluation.getContext();
            if (context.getAttributes() != null && context.getAttributes().exists(CONTEXT_TIME_ENTRY)) {
                Attributes.Entry value = context.getAttributes().getValue(CONTEXT_TIME_ENTRY);
                if (!value.isEmpty()) {
                    str = value.asString(0);
                }
            }
            Date date = str == null ? new Date() : simpleDateFormat.parse(str);
            String str2 = policy.getConfig().get("nbf");
            if (str2 != null && !"".equals(str2) && date.before(simpleDateFormat.parse(format(str2)))) {
                evaluation.deny();
                return;
            }
            String str3 = policy.getConfig().get("noa");
            if (str3 != null && !"".equals(str3) && date.after(simpleDateFormat.parse(format(str3)))) {
                evaluation.deny();
                return;
            }
            if (isInvalid(date, 5, "dayMonth", policy) || isInvalid(date, 2, "month", policy) || isInvalid(date, 1, "year", policy) || isInvalid(date, 11, "hour", policy) || isInvalid(date, 12, "minute", policy)) {
                evaluation.deny();
            } else {
                evaluation.grant();
            }
        } catch (Exception e) {
            throw new RuntimeException("Could not evaluate time-based policy [" + policy.getName() + "].", e);
        }
    }

    private boolean isInvalid(Date date, int i, String str, Policy policy) {
        Calendar calendar = Calendar.getInstance();
        calendar.setTime(date);
        int i2 = calendar.get(i);
        if (2 == i) {
            i2++;
        }
        String str2 = policy.getConfig().get(str);
        if (str2 == null) {
            return false;
        }
        String str3 = policy.getConfig().get(str + "End");
        return str3 != null ? i2 < Integer.parseInt(str2) || i2 > Integer.parseInt(str3) : i2 != Integer.parseInt(str2);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String format(String str) {
        String trim = str.trim();
        if (trim.length() == 10) {
            str = trim + " 00:00:00";
        }
        return str;
    }

    @Override // org.keycloak.provider.Provider
    public void close() {
    }
}
