package com.sun.identity.cli.entitlement;

import com.iplanet.sso.SSOToken;
import com.sun.identity.cli.AuthenticatedCommand;
import com.sun.identity.cli.CLIException;
import com.sun.identity.cli.ExitCodes;
import com.sun.identity.cli.IArgument;
import com.sun.identity.cli.IOutput;
import com.sun.identity.cli.RequestContext;
import com.sun.identity.entitlement.EntitlementException;
import com.sun.identity.entitlement.PrivilegeManager;
import com.sun.identity.entitlement.opensso.SubjectUtils;
import com.sun.identity.entitlement.util.SearchFilter;
import com.sun.identity.entitlement.xacml3.SearchFilterFactory;
import com.sun.identity.entitlement.xacml3.XACMLExportImport;
import com.sun.identity.entitlement.xacml3.XACMLPrivilegeUtils;
import com.sun.identity.entitlement.xacml3.XACMLReaderWriter;
import com.sun.identity.entitlement.xacml3.core.PolicySet;
import com.sun.identity.entitlement.xacml3.validation.PrivilegeValidator;
import com.sun.identity.entitlement.xacml3.validation.RealmValidator;
import com.sun.identity.sm.OrganizationConfigManager;
import com.sun.identity.sm.SMSException;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.io.PrintWriter;
import java.text.MessageFormat;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.logging.Level;
import javax.security.auth.Subject;
import org.forgerock.guice.core.InjectorHolder;
import org.forgerock.openam.cli.entitlement.XACMLUtils;
import org.forgerock.openam.entitlement.service.ApplicationServiceFactory;
import org.forgerock.openam.entitlement.service.ResourceTypeService;
import org.forgerock.openam.utils.CollectionUtils;

/* loaded from: input_file:com/sun/identity/cli/entitlement/ListXACML.class */
public class ListXACML extends AuthenticatedCommand {
    private static final String ARGUMENT_POLICY_NAMES = "policynames";
    private SSOToken adminSSOToken;
    private Subject adminSubject;
    private String realm;
    private boolean getPolicyNamesOnly;
    private List filters;
    private String outfile;
    private IOutput outputWriter;
    private final SearchFilterFactory searchFilterFactory = new SearchFilterFactory();

    @Override // com.sun.identity.cli.AuthenticatedCommand, com.sun.identity.cli.CLICommandBase, com.sun.identity.cli.CLICommand
    public void handleRequest(RequestContext requestContext) throws CLIException {
        super.handleRequest(requestContext);
        ldapLogin();
        this.adminSSOToken = getAdminSSOToken();
        if (!XACMLUtils.hasPermission(this.realm, this.adminSSOToken, ApplicationPrivilegeBase.PARAM_ACTION_READ)) {
            String format = MessageFormat.format(getResourceString("permission-denied"), "list-xacml", getAdminID());
            writeLog(1, Level.INFO, "FAILED_GET_POLICY_IN_REALM", this.realm, "ANY", format);
            throw new CLIException(format, ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
        }
        this.adminSubject = SubjectUtils.createSubject(this.adminSSOToken);
        this.realm = getStringOptionValue("realm");
        this.getPolicyNamesOnly = isOptionSet(IArgument.NAMES_ONLY);
        this.filters = convertToSearchFilters(requestContext.getOption(ARGUMENT_POLICY_NAMES));
        this.outfile = getStringOptionValue(IArgument.OUTPUT_FILE);
        this.outputWriter = getOutputWriter();
        if (this.getPolicyNamesOnly) {
            getPolicyNames();
        } else {
            getPolicies();
        }
    }

    private List<String> convertToSearchFilters(List<String> list) {
        if (CollectionUtils.isEmpty(list)) {
            return Collections.EMPTY_LIST;
        }
        for (int i = 0; i < list.size(); i++) {
            list.set(i, "name=" + list.get(i).trim());
        }
        return list;
    }

    private Set<SearchFilter> getFilters(List<String> list) throws EntitlementException {
        if (list == null || list.isEmpty()) {
            return Collections.EMPTY_SET;
        }
        HashSet hashSet = new HashSet();
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            hashSet.add(this.searchFilterFactory.getFilter(it.next()));
        }
        return hashSet;
    }

    private void getPolicyNames() throws CLIException {
        try {
            PrivilegeManager privilegeManager = PrivilegeManager.getInstance(this.realm, this.adminSubject);
            String[] strArr = {this.realm};
            writeLog(0, Level.INFO, "ATTEMPT_TO_GET_POLICY_NAMES_IN_REALM", strArr);
            Set searchNames = privilegeManager.searchNames(getFilters(this.filters));
            if (searchNames == null || searchNames.isEmpty()) {
                this.outputWriter.printlnMessage(MessageFormat.format(getResourceString("get-policy-names-in-realm-no-policies"), this.realm));
            } else {
                FileOutputStream fileOutputStream = null;
                PrintWriter printWriter = null;
                if (this.outfile != null) {
                    try {
                        fileOutputStream = new FileOutputStream(this.outfile, true);
                        printWriter = new PrintWriter((OutputStream) fileOutputStream, true);
                    } catch (FileNotFoundException e) {
                        debugError("ListXACML.handleXACMLPolicyRequest", e);
                        if (fileOutputStream != null) {
                            try {
                                fileOutputStream.close();
                            } catch (IOException e2) {
                                throw new CLIException(e, 24);
                            }
                        }
                        throw new CLIException(e, 24);
                    } catch (SecurityException e3) {
                        debugError("ListXACML.handleXACMLPolicyRequest", e3);
                        if (fileOutputStream != null) {
                            try {
                                fileOutputStream.close();
                            } catch (IOException e4) {
                                throw new CLIException(e3, 24);
                            }
                        }
                        throw new CLIException(e3, 24);
                    }
                }
                new String[2][0] = this.realm;
                StringBuilder sb = new StringBuilder();
                Iterator it = searchNames.iterator();
                while (it.hasNext()) {
                    sb.append((String) it.next()).append("\n");
                }
                if (printWriter != null) {
                    printWriter.write(sb.toString());
                } else {
                    this.outputWriter.printlnMessage(sb.toString());
                }
                if (printWriter != null) {
                    try {
                        printWriter.close();
                        fileOutputStream.close();
                    } catch (IOException e5) {
                    }
                }
            }
            writeLog(0, Level.INFO, "GOT_POLICY_NAMES_IN_REALM", strArr);
            this.outputWriter.printlnMessage(MessageFormat.format(getResourceString("get-policy-names-in-realm-succeed"), this.realm));
        } catch (EntitlementException e6) {
            String[] strArr2 = {this.realm, null, e6.getMessage()};
            debugError("ListXACML.handleRequest", e6);
            writeLog(1, Level.INFO, "FAILED_GET_POLICY_NAMES_IN_REALM", strArr2);
            throw new CLIException((Throwable) e6, ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
        }
    }

    private void getPolicies() throws CLIException {
        FileOutputStream fileOutputStream = null;
        PrintWriter printWriter = null;
        if (this.outfile != null) {
            try {
                fileOutputStream = new FileOutputStream(this.outfile, true);
                printWriter = new PrintWriter((OutputStream) fileOutputStream, true);
            } catch (FileNotFoundException e) {
                debugError("ListXACML.handleXACMLPolicyRequest", e);
                if (fileOutputStream != null) {
                    try {
                        fileOutputStream.close();
                    } catch (IOException e2) {
                        throw new CLIException(e, 24);
                    }
                }
                throw new CLIException(e, 24);
            } catch (SecurityException e3) {
                debugError("ListXACML.handleXACMLPolicyRequest", e3);
                if (fileOutputStream != null) {
                    try {
                        fileOutputStream.close();
                    } catch (IOException e4) {
                        throw new CLIException(e3, 24);
                    }
                }
                throw new CLIException(e3, 24);
            }
        }
        try {
            PolicySet exportXACML = new XACMLExportImport(new XACMLExportImport.PrivilegeManagerFactory(), new XACMLReaderWriter(), new PrivilegeValidator(new RealmValidator(new OrganizationConfigManager(this.adminSSOToken, "/"))), new SearchFilterFactory(), PrivilegeManager.debug, (ApplicationServiceFactory) InjectorHolder.getInstance(ApplicationServiceFactory.class), (ResourceTypeService) InjectorHolder.getInstance(ResourceTypeService.class)).exportXACML(this.realm, this.adminSubject, this.filters);
            if (exportXACML == null || exportXACML.getPolicySetOrPolicyOrPolicySetIdReference().isEmpty()) {
                this.outputWriter.printlnMessage(MessageFormat.format(getResourceString("get-policy-in-realm-no-policies"), this.realm));
                return;
            }
            try {
                if (printWriter != null) {
                    printWriter.write(XACMLPrivilegeUtils.toXML(exportXACML));
                } else {
                    this.outputWriter.printlnMessage(XACMLPrivilegeUtils.toXML(exportXACML));
                }
                writeLog(0, Level.INFO, "SUCCEED_GET_POLICY_IN_REALM", this.realm);
                this.outputWriter.printlnMessage(MessageFormat.format(getResourceString("get-policy-in-realm-succeed"), this.realm));
                if (printWriter != null) {
                    try {
                        printWriter.close();
                        fileOutputStream.close();
                    } catch (IOException e5) {
                    }
                }
            } catch (EntitlementException e6) {
                throw new CLIException((Throwable) e6, 24);
            }
        } catch (SMSException e7) {
            String[] strArr = {this.realm, e7.getMessage()};
            debugError("ListXACML.handleRequest", e7);
            writeLog(1, Level.INFO, "FAILED_GET_POLICY_IN_REALM", strArr);
            throw new CLIException((Throwable) e7, ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
        } catch (EntitlementException e8) {
            String[] strArr2 = {this.realm, e8.getMessage()};
            debugError("ListXACML.handleRequest", e8);
            writeLog(1, Level.INFO, "FAILED_GET_POLICY_IN_REALM", strArr2);
            throw new CLIException((Throwable) e8, ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
        }
    }
}
