package org.forgerock.openam.entitlement.conditions.environment;

import com.iplanet.sso.SSOToken;
import com.sun.identity.entitlement.ConditionDecision;
import com.sun.identity.entitlement.EntitlementConditionAdaptor;
import com.sun.identity.entitlement.EntitlementException;
import com.sun.identity.entitlement.PrivilegeManager;
import com.sun.identity.shared.debug.Debug;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import javax.security.auth.Subject;
import org.forgerock.openam.core.CoreWrapper;
import org.forgerock.openam.ldap.LDAPUtils;
import org.forgerock.openam.sdk.org.json.JSONException;
import org.forgerock.openam.sdk.org.json.JSONObject;
import org.forgerock.openam.utils.CollectionUtils;
import org.forgerock.openam.utils.StringUtils;

/* loaded from: input_file:WEB-INF/lib/openam-clientsdk-15.0.1.jar:org/forgerock/openam/entitlement/conditions/environment/AuthenticateToServiceCondition.class */
public class AuthenticateToServiceCondition extends EntitlementConditionAdaptor {
    private static final String AUTHENTICATE_TO_SERVICE_ATTR = "authenticateToService";
    private final Debug debug;
    private final CoreWrapper coreWrapper;
    private final EntitlementCoreWrapper entitlementCoreWrapper;
    private String authenticateToService;
    private boolean realmEmpty;

    public AuthenticateToServiceCondition() {
        this(PrivilegeManager.debug, new CoreWrapper(), new EntitlementCoreWrapper());
    }

    AuthenticateToServiceCondition(Debug debug, CoreWrapper coreWrapper, EntitlementCoreWrapper entitlementCoreWrapper) {
        this.authenticateToService = null;
        this.realmEmpty = false;
        this.debug = debug;
        this.coreWrapper = coreWrapper;
        this.entitlementCoreWrapper = entitlementCoreWrapper;
    }

    @Override // com.sun.identity.entitlement.EntitlementCondition
    public void setState(String str) {
        try {
            JSONObject jSONObject = new JSONObject(str);
            setState(jSONObject);
            this.authenticateToService = jSONObject.getString(AUTHENTICATE_TO_SERVICE_ATTR);
            this.realmEmpty = StringUtils.isBlank(this.coreWrapper.getRealmFromRealmQualifiedData(this.authenticateToService));
        } catch (JSONException e) {
            this.debug.message("AuthenticateToServiceCondition: Failed to set state", e);
        }
    }

    @Override // com.sun.identity.entitlement.EntitlementCondition
    public String getState() {
        return toString();
    }

    @Override // com.sun.identity.entitlement.EntitlementCondition
    public ConditionDecision evaluate(String str, Subject subject, String str2, Map<String, Set<String>> map) throws EntitlementException {
        if (StringUtils.isBlank(this.authenticateToService)) {
            if (this.debug.errorEnabled()) {
                this.debug.error("AuthenticateToServiceCondition.evaluate(): property value not defined, AuthenticateToService");
            }
            throw new EntitlementException(EntitlementException.PROPERTY_VALUE_NOT_DEFINED, new Object[]{"AuthenticateToService"}, (Throwable) null);
        }
        boolean z = false;
        HashSet hashSet = new HashSet();
        if (map.get("requestAuthenticatedToServices") != null) {
            hashSet.addAll(map.get("requestAuthenticatedToServices"));
            if (this.debug.messageEnabled()) {
                this.debug.message("At AuthenticateToServiceCondition.evaluate(): requestAuthnServices from request = " + hashSet);
            }
        } else if (subject != null) {
            Set<String> realmQualifiedAuthenticatedServices = this.entitlementCoreWrapper.getRealmQualifiedAuthenticatedServices((SSOToken) subject.getPrivateCredentials().iterator().next());
            if (realmQualifiedAuthenticatedServices != null) {
                hashSet.addAll(realmQualifiedAuthenticatedServices);
            }
            if (this.debug.messageEnabled()) {
                this.debug.message("At AuthenticateToServiceCondition.evaluate(): requestAuthnServices from ssoToken = " + hashSet);
            }
        }
        if (hashSet.contains(this.authenticateToService)) {
            z = true;
        } else if (this.realmEmpty) {
            Iterator it = hashSet.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                if (this.authenticateToService.equals(this.coreWrapper.getDataFromRealmQualifiedData((String) it.next()))) {
                    z = true;
                    break;
                }
            }
        }
        HashMap hashMap = new HashMap();
        String realmAwareService = getRealmAwareService(this.authenticateToService, str);
        if (!z) {
            HashSet hashSet2 = new HashSet(1);
            hashSet2.add(realmAwareService);
            hashMap.put("AuthenticateToServiceConditionAdvice", hashSet2);
            if (this.debug.messageEnabled()) {
                this.debug.message("At AuthenticateToServiceCondition.evaluate():authenticateToService not satisfied = " + realmAwareService);
            }
        }
        if (this.debug.messageEnabled()) {
            this.debug.message("At AuthenticateToServiceCondition.evaluate():authenticateToService = " + realmAwareService + ", requestAuthnServices = " + hashSet + ",  allowed = " + z);
        }
        return new ConditionDecision(z, hashMap);
    }

    private String getRealmAwareService(String str, String str2) {
        if (LDAPUtils.isDN(str2)) {
            str2 = this.coreWrapper.convertOrgNameToRealmName(str2);
        }
        return !str.contains(":") ? str2 + ":" + str : str;
    }

    private JSONObject toJSONObject() throws JSONException {
        JSONObject jSONObject = new JSONObject();
        toJSONObject(jSONObject);
        jSONObject.put(AUTHENTICATE_TO_SERVICE_ATTR, this.authenticateToService);
        return jSONObject;
    }

    public String toString() {
        String str = null;
        try {
            str = toJSONObject().toString(2);
        } catch (JSONException e) {
            PrivilegeManager.debug.error("AuthenticateToServiceCondition.toString()", e);
        }
        return str;
    }

    public String getAuthenticateToService() {
        return this.authenticateToService;
    }

    public void setAuthenticateToService(String str) {
        this.authenticateToService = str;
    }

    @Override // com.sun.identity.entitlement.EntitlementCondition
    public void validate() throws EntitlementException {
        if (StringUtils.isBlank(this.authenticateToService)) {
            throw new EntitlementException(EntitlementException.PROPERTY_VALUE_NOT_DEFINED, "AuthenticateToService");
        }
    }

    @Override // com.sun.identity.entitlement.EntitlementConditionAdaptor
    public boolean equals(Object obj) {
        if (!super.equals(obj) || !getClass().equals(obj.getClass())) {
            return false;
        }
        AuthenticateToServiceCondition authenticateToServiceCondition = (AuthenticateToServiceCondition) obj;
        if (this.realmEmpty != authenticateToServiceCondition.realmEmpty) {
            return false;
        }
        return CollectionUtils.genericCompare(this.authenticateToService, authenticateToServiceCondition.authenticateToService);
    }

    @Override // com.sun.identity.entitlement.EntitlementConditionAdaptor
    public int hashCode() {
        int hashCode = super.hashCode();
        if (this.authenticateToService != null) {
            hashCode = (31 * hashCode) + this.authenticateToService.hashCode();
        }
        return (31 * hashCode) + (this.realmEmpty ? 1 : 0);
    }
}
