package com.sun.identity.cli.entitlement;

import com.iplanet.sso.SSOToken;
import com.sun.identity.cli.AuthenticatedCommand;
import com.sun.identity.cli.CLIException;
import com.sun.identity.cli.ExitCodes;
import com.sun.identity.cli.RequestContext;
import com.sun.identity.entitlement.Application;
import com.sun.identity.entitlement.ApplicationPrivilege;
import com.sun.identity.entitlement.EntitlementException;
import com.sun.identity.entitlement.SubjectImplementation;
import com.sun.identity.entitlement.opensso.OpenSSOGroupSubject;
import com.sun.identity.entitlement.opensso.OpenSSOUserSubject;
import com.sun.identity.entitlement.opensso.SubjectUtils;
import com.sun.identity.idm.AMIdentity;
import com.sun.identity.idm.IdType;
import java.text.MessageFormat;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.security.auth.Subject;
import org.forgerock.openam.entitlement.ResourceType;
import org.forgerock.openam.entitlement.service.ApplicationServiceFactory;
import org.forgerock.openam.entitlement.service.ResourceTypeService;

/* loaded from: input_file:com/sun/identity/cli/entitlement/ApplicationPrivilegeBase.class */
public abstract class ApplicationPrivilegeBase extends AuthenticatedCommand {
    public static final String PARAM_NAME = "name";
    public static final String PARAM_DESCRIPTION = "description";
    public static final String PARAM_ADD = "add";
    public static final String PARAM_ACTIONS = "actions";
    public static final String PARAM_SUBJECT_TYPE = "subjecttype";
    public static final String PARAM_SUBJECTS = "subjects";
    public static final String PARAM_APPL_NAME = "application";
    public static final String PARAM_RESOURCES = "resources";
    public static final String PARAM_ACTION_READ = "READ";
    public static final String PARAM_ACTION_MODIFY = "MODIFY";
    public static final String PARAM_ACTION_DELEGATE = "DELEGATE";
    public static final String PARAM_ACTION_ALL = "ALL";
    public static final String PARAM_SUBJECT_USER = "User";
    public static final String PARAM_SUBJECT_GROUP = "Group";
    private static Map<String, ApplicationPrivilege.PossibleAction> mapActionsToEnum = new HashMap();
    private static Map<ApplicationPrivilege.PossibleAction, String> mapEnumToActions = new HashMap();
    private final ResourceTypeService resourceTypeService;
    private final ApplicationServiceFactory applicationServiceFactory;

    public ApplicationPrivilegeBase(ResourceTypeService resourceTypeService, ApplicationServiceFactory applicationServiceFactory) {
        this.resourceTypeService = resourceTypeService;
        this.applicationServiceFactory = applicationServiceFactory;
    }

    @Override // com.sun.identity.cli.AuthenticatedCommand, com.sun.identity.cli.CLICommandBase, com.sun.identity.cli.CLICommand
    public void handleRequest(RequestContext requestContext) throws CLIException {
        super.handleRequest(requestContext);
        ldapLogin();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public ApplicationPrivilege.PossibleAction getActions() throws CLIException {
        String stringOptionValue = getStringOptionValue("actions");
        ApplicationPrivilege.PossibleAction possibleAction = mapActionsToEnum.get(stringOptionValue);
        if (possibleAction == null) {
            throw new CLIException(MessageFormat.format(getResourceString("privilege-application-action-invalid"), stringOptionValue), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
        }
        return possibleAction;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Set<SubjectImplementation> getSubjects(RequestContext requestContext) throws CLIException {
        HashSet hashSet = new HashSet();
        boolean isUserSubject = isUserSubject();
        IdType idType = isUserSubject ? IdType.USER : IdType.GROUP;
        String stringOptionValue = getStringOptionValue("realm");
        Iterator it = requestContext.getOption("subjects").iterator();
        while (it.hasNext()) {
            String universalId = new AMIdentity((SSOToken) null, (String) it.next(), idType, stringOptionValue, (String) null).getUniversalId();
            hashSet.add(isUserSubject ? new OpenSSOUserSubject(universalId) : new OpenSSOGroupSubject(universalId));
        }
        return hashSet;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Map<String, Set<String>> getApplicationResourcesMap(RequestContext requestContext, String str) throws CLIException, EntitlementException {
        String stringOptionValue = getStringOptionValue(PARAM_APPL_NAME);
        Subject createSubject = SubjectUtils.createSubject(getAdminSSOToken());
        Application application = this.applicationServiceFactory.create(createSubject, str).getApplication(stringOptionValue);
        if (application == null) {
            throw new CLIException(MessageFormat.format(getResourceString("privilege-application-application-invalid"), stringOptionValue), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
        }
        HashSet hashSet = new HashSet();
        List option = requestContext.getOption(PARAM_RESOURCES);
        if (option == null || option.isEmpty()) {
            hashSet.addAll(getAllBaseResources(createSubject, str, application));
        } else {
            hashSet.addAll(option);
        }
        HashMap hashMap = new HashMap();
        hashMap.put(stringOptionValue, hashSet);
        return hashMap;
    }

    private Set<String> getAllBaseResources(Subject subject, String str, Application application) throws EntitlementException {
        HashSet hashSet = new HashSet();
        for (String str2 : application.getResourceTypeUuids()) {
            ResourceType resourceType = this.resourceTypeService.getResourceType(subject, str, str2);
            if (resourceType == null) {
                throw new EntitlementException(219, new Object[]{str2, str});
            }
            hashSet.addAll(resourceType.getPatterns());
        }
        return hashSet;
    }

    private boolean isUserSubject() throws CLIException {
        String stringOptionValue = getStringOptionValue(PARAM_SUBJECT_TYPE);
        if (stringOptionValue.equalsIgnoreCase(PARAM_SUBJECT_USER)) {
            return true;
        }
        if (stringOptionValue.equalsIgnoreCase(PARAM_SUBJECT_GROUP)) {
            return false;
        }
        throw new CLIException(MessageFormat.format(getResourceString("privilege-application-subject-type-invalid"), stringOptionValue), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getDisplayAction(ApplicationPrivilege applicationPrivilege) {
        return mapEnumToActions.get(applicationPrivilege.getActionValues());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Map<String, Set<String>> getApplicationToResources(ApplicationPrivilege applicationPrivilege) {
        HashMap hashMap = new HashMap();
        for (String str : applicationPrivilege.getApplicationNames()) {
            hashMap.put(str, applicationPrivilege.getResourceNames(str));
        }
        return hashMap;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Map<String, Set<String>> getSubjects(ApplicationPrivilege applicationPrivilege) {
        HashMap hashMap = new HashMap();
        for (OpenSSOUserSubject openSSOUserSubject : applicationPrivilege.getSubjects()) {
            Object obj = null;
            String str = null;
            if (openSSOUserSubject instanceof OpenSSOUserSubject) {
                obj = PARAM_SUBJECT_USER;
                str = openSSOUserSubject.getID();
            } else if (openSSOUserSubject instanceof OpenSSOGroupSubject) {
                obj = PARAM_SUBJECT_GROUP;
                str = ((OpenSSOGroupSubject) openSSOUserSubject).getID();
            }
            if (obj != null) {
                Set set = (Set) hashMap.get(obj);
                if (set == null) {
                    set = new HashSet();
                    hashMap.put(obj, set);
                }
                set.add(str);
            }
        }
        return hashMap;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void removeFromMap(Map<String, Set<String>> map, Map<String, Set<String>> map2) {
        for (String str : map2.keySet()) {
            Set<String> set = map2.get(str);
            Set<String> set2 = map.get(str);
            if (set2 != null) {
                set2.removeAll(set);
                if (set2.isEmpty()) {
                    map.remove(str);
                }
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Map<String, Set<String>> mergeMap(Map<String, Set<String>> map, Map<String, Set<String>> map2) {
        HashMap hashMap = new HashMap();
        HashSet<String> hashSet = new HashSet();
        Iterator<String> it = map.keySet().iterator();
        while (it.hasNext()) {
            hashSet.add(it.next());
        }
        Iterator<String> it2 = map2.keySet().iterator();
        while (it2.hasNext()) {
            hashSet.add(it2.next());
        }
        for (String str : hashSet) {
            HashSet hashSet2 = new HashSet();
            hashMap.put(str, hashSet2);
            Set<String> set = map.get(str);
            Set<String> set2 = map2.get(str);
            if (set != null) {
                hashSet2.addAll(set);
            }
            if (set2 != null) {
                hashSet2.addAll(set2);
            }
        }
        return hashMap;
    }

    static {
        mapActionsToEnum.put(PARAM_ACTION_READ, ApplicationPrivilege.PossibleAction.READ);
        mapActionsToEnum.put(PARAM_ACTION_MODIFY, ApplicationPrivilege.PossibleAction.READ_MODIFY);
        mapActionsToEnum.put(PARAM_ACTION_DELEGATE, ApplicationPrivilege.PossibleAction.READ_DELEGATE);
        mapActionsToEnum.put(PARAM_ACTION_ALL, ApplicationPrivilege.PossibleAction.READ_MODIFY_DELEGATE);
        mapEnumToActions.put(ApplicationPrivilege.PossibleAction.READ, PARAM_ACTION_READ);
        mapEnumToActions.put(ApplicationPrivilege.PossibleAction.READ_MODIFY, PARAM_ACTION_MODIFY);
        mapEnumToActions.put(ApplicationPrivilege.PossibleAction.READ_DELEGATE, PARAM_ACTION_DELEGATE);
        mapEnumToActions.put(ApplicationPrivilege.PossibleAction.READ_MODIFY_DELEGATE, PARAM_ACTION_ALL);
    }
}
