package com.sun.identity.entitlement;

import com.sun.identity.entitlement.ApplicationPrivilege;
import com.sun.identity.entitlement.util.SearchFilter;
import com.sun.identity.shared.debug.Debug;
import java.security.Principal;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.regex.Pattern;
import javax.security.auth.Subject;
import org.forgerock.openam.entitlement.PolicyConstants;
import org.forgerock.openam.entitlement.ResourceType;
import org.forgerock.openam.entitlement.constraints.ConstraintValidator;
import org.forgerock.openam.entitlement.service.ApplicationServiceFactory;
import org.forgerock.openam.entitlement.service.ResourceTypeService;
import org.forgerock.openam.sdk.org.forgerock.guice.core.InjectorHolder;
import org.forgerock.openam.utils.CollectionUtils;
import org.forgerock.openam.utils.StringUtils;
import org.forgerock.openam.utils.Time;

/* loaded from: input_file:WEB-INF/lib/openam-clientsdk-15.0.0.jar:com/sun/identity/entitlement/PrivilegeManager.class */
public abstract class PrivilegeManager implements IPrivilegeManager<Privilege> {
    public static final Debug debug = PolicyConstants.DEBUG;
    private static final Pattern PRIVILEGE_NAME_PATTERN = Pattern.compile("[a-zA-Z0-9\\- _]*");
    public static final Subject superAdminSubject = PolicyConstants.SUPER_ADMIN_SUBJECT;
    private String realm;
    private Subject adminSubject;
    private final ResourceTypeService resourceTypeService;
    private final ApplicationServiceFactory applicationServiceFactory;
    private final ConstraintValidator validator;

    public static PrivilegeManager getInstance(String str, Subject subject) {
        try {
            PrivilegeManager privilegeManager = (PrivilegeManager) InjectorHolder.getInstance(Class.forName("com.sun.identity.entitlement.opensso.PolicyPrivilegeManager").asSubclass(PrivilegeManager.class));
            privilegeManager.initialize(str, subject);
            return privilegeManager;
        } catch (ClassNotFoundException e) {
            debug.error("PrivilegeManager.getInstance", e);
            return null;
        }
    }

    public PrivilegeManager(ApplicationServiceFactory applicationServiceFactory, ResourceTypeService resourceTypeService, ConstraintValidator constraintValidator) {
        this.applicationServiceFactory = applicationServiceFactory;
        this.resourceTypeService = resourceTypeService;
        this.validator = constraintValidator;
    }

    public void initialize(String str, Subject subject) {
        this.realm = str;
        this.adminSubject = subject;
    }

    public abstract Privilege findByName(String str, Subject subject) throws EntitlementException;

    @Override // com.sun.identity.entitlement.IPrivilegeManager
    public boolean canFindByName(String str) throws EntitlementException {
        return !searchNames(CollectionUtils.asSet(new SearchFilter(Privilege.NAME_SEARCH_ATTRIBUTE, str))).isEmpty();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void validate(Privilege privilege) throws EntitlementException {
        String name = privilege.getName();
        if (name == null || name.trim().isEmpty()) {
            throw new EntitlementException(3);
        }
        Entitlement entitlement = privilege.getEntitlement();
        if (entitlement == null) {
            throw new EntitlementException(4);
        }
        privilege.validateSubject(privilege.getSubject());
        Application application = this.applicationServiceFactory.create(this.adminSubject, this.realm).getApplication(entitlement.getApplicationName());
        if (application == null) {
            throw new EntitlementException(248, this.realm);
        }
        if (CollectionUtils.isEmpty(application.getResourceTypeUuids())) {
            if (StringUtils.isNotEmpty(privilege.getResourceTypeUuid())) {
                throw new EntitlementException(238);
            }
        } else {
            if (!application.getResourceTypeUuids().contains(privilege.getResourceTypeUuid())) {
                throw new EntitlementException(EntitlementException.POLICY_DEFINES_INVALID_RESOURCE_TYPE, privilege.getResourceTypeUuid());
            }
            ResourceType resourceType = this.resourceTypeService.getResourceType(superAdminSubject, this.realm, privilege.getResourceTypeUuid());
            if (resourceType == null) {
                throw new EntitlementException(EntitlementException.NO_SUCH_RESOURCE_TYPE, privilege.getResourceTypeUuid(), this.realm);
            }
            this.validator.verifyActions(entitlement.getActionValues().keySet()).against(resourceType).throwExceptionIfFailure();
            this.validator.verifyResources(entitlement.getResourceNames()).using(entitlement.getResourceComparator(superAdminSubject, this.realm)).against(resourceType).throwExceptionIfFailure();
        }
    }

    @Override // com.sun.identity.entitlement.IPrivilegeManager
    public void add(Privilege privilege) throws EntitlementException {
        validate(privilege);
        Date newDate = Time.newDate();
        privilege.setCreationDate(newDate.getTime());
        privilege.setLastModifiedDate(newDate.getTime());
        Set<Principal> principals = this.adminSubject.getPrincipals();
        String name = (principals == null || principals.isEmpty()) ? null : principals.iterator().next().getName();
        if (name != null) {
            privilege.setCreatedBy(name);
            privilege.setLastModifiedBy(name);
        }
    }

    public abstract void modify(String str, Privilege privilege) throws EntitlementException;

    @Override // com.sun.identity.entitlement.IPrivilegeManager
    public Set<String> searchNames(Set<SearchFilter> set, int i, int i2) throws EntitlementException {
        List<Privilege> search = search(set, i, i2);
        HashSet hashSet = new HashSet(search.size());
        Iterator<Privilege> it = search.iterator();
        while (it.hasNext()) {
            hashSet.add(it.next().getName());
        }
        return hashSet;
    }

    public List<Privilege> search(Set<SearchFilter> set, int i, int i2) throws EntitlementException {
        boolean z = i > 0;
        Set<String> searchPrivilegeNames = PrivilegeIndexStore.getInstance(this.adminSubject, this.realm).searchPrivilegeNames(set, true, i, false, false);
        ArrayList arrayList = new ArrayList(searchPrivilegeNames.size());
        ApplicationPrivilegeManager applicationPrivilegeManager = ApplicationPrivilegeManager.getInstance(this.realm, superAdminSubject);
        Iterator<String> it = searchPrivilegeNames.iterator();
        while (it.hasNext()) {
            Privilege findByName = findByName(it.next(), superAdminSubject);
            if (applicationPrivilegeManager.hasPrivilege(findByName, ApplicationPrivilege.Action.READ)) {
                arrayList.add(findByName);
                if (z && arrayList.size() >= i) {
                    break;
                }
            }
        }
        return arrayList;
    }

    public List<Privilege> search(Set<SearchFilter> set) throws EntitlementException {
        return search(set, 0, 0);
    }

    @Override // com.sun.identity.entitlement.IPrivilegeManager
    public Set<String> searchNames(Set<SearchFilter> set) throws EntitlementException {
        return searchNames(set, 0, 0);
    }

    public abstract List<Privilege> findAllPolicies() throws EntitlementException;

    public abstract List<Privilege> findAllPoliciesByApplication(String str) throws EntitlementException;

    public abstract List<Privilege> findAllPoliciesByIdentityUid(String str) throws EntitlementException;

    public String getRealm() {
        return this.realm;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Subject getAdminSubject() {
        return this.adminSubject;
    }

    protected abstract void notifyPrivilegeChanged(String str, Privilege privilege, Privilege privilege2, PolicyEventType policyEventType) throws EntitlementException;

    public static boolean isNameValid(String str) {
        return PRIVILEGE_NAME_PATTERN.matcher(str).matches();
    }
}
