package org.forgerock.openam.entitlement.conditions.environment;

import com.iplanet.am.util.SystemProperties;
import com.iplanet.sso.SSOException;
import com.iplanet.sso.SSOToken;
import com.sun.identity.entitlement.ConditionDecision;
import com.sun.identity.entitlement.EntitlementConditionAdaptor;
import com.sun.identity.entitlement.EntitlementException;
import com.sun.identity.entitlement.PrivilegeManager;
import com.sun.identity.shared.debug.Debug;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import javax.security.auth.Subject;
import org.forgerock.openam.core.CoreWrapper;
import org.forgerock.openam.sdk.org.json.JSONArray;
import org.forgerock.openam.sdk.org.json.JSONException;
import org.forgerock.openam.sdk.org.json.JSONObject;
import org.forgerock.openam.utils.CollectionUtils;

/* loaded from: input_file:WEB-INF/lib/openam-clientsdk-15.0.1.jar:org/forgerock/openam/entitlement/conditions/environment/SessionPropertyCondition.class */
public class SessionPropertyCondition extends EntitlementConditionAdaptor {
    private static final boolean IGNORE_VALUE_CASE_DEFAULT = true;
    private static final String DELIMITER = "|";
    private final Debug debug;
    private final CoreWrapper coreWrapper;
    private boolean ignoreValueCase;
    private Map<String, Set<String>> properties;

    public SessionPropertyCondition() {
        this(PrivilegeManager.debug, new CoreWrapper());
    }

    SessionPropertyCondition(Debug debug, CoreWrapper coreWrapper) {
        this.ignoreValueCase = true;
        this.properties = new HashMap();
        this.debug = debug;
        this.coreWrapper = coreWrapper;
    }

    @Override // com.sun.identity.entitlement.EntitlementCondition
    public void setState(String str) {
        try {
            JSONObject jSONObject = new JSONObject(str);
            setState(jSONObject);
            JSONObject jSONObject2 = jSONObject.getJSONObject(SystemProperties.PROPERTIES);
            Iterator<String> keys = jSONObject2.keys();
            while (keys.hasNext()) {
                String next = keys.next();
                HashSet hashSet = new HashSet();
                JSONArray jSONArray = jSONObject2.getJSONArray(next);
                for (int i = 0; i < jSONArray.length(); i++) {
                    hashSet.add(jSONArray.getString(i));
                }
                this.properties.put(next, hashSet);
            }
            this.ignoreValueCase = jSONObject.getBoolean("valueCaseInsensitive");
        } catch (JSONException e) {
            this.debug.message("SessionPropertyCondition: Failed to set state", e);
        }
    }

    @Override // com.sun.identity.entitlement.EntitlementCondition
    public String getState() {
        return toString();
    }

    @Override // com.sun.identity.entitlement.EntitlementCondition
    public ConditionDecision evaluate(String str, Subject subject, String str2, Map<String, Set<String>> map) throws EntitlementException {
        boolean z = true;
        if (this.debug.messageEnabled()) {
            this.debug.message("SessionPropertyCondition.evaluate():entering, ignoreValueCase= " + this.ignoreValueCase);
        }
        if (subject == null) {
            return new ConditionDecision(false, (Map<String, Set<String>>) Collections.emptyMap());
        }
        SSOToken sSOToken = (SSOToken) getValue(subject.getPrivateCredentials());
        if (this.properties == null || this.properties.isEmpty()) {
            this.debug.message("SessionPropertyCondition.evaluate():no parameter defined,defaulting allow=true");
            z = true;
        } else {
            for (String str3 : this.properties.keySet()) {
                Set<String> set = this.properties.get(str3);
                if (this.debug.messageEnabled()) {
                    this.debug.message("SessionPropertyCondition.evaluate():propertyName = " + str3 + ",conditionValues = " + set);
                }
                if (!str3.equals("valueCaseInsensitive") && set != null && !set.isEmpty()) {
                    try {
                        String property = sSOToken.getProperty(str3);
                        Set<String> set2 = null;
                        if (property != null && property.contains("|")) {
                            set2 = this.coreWrapper.delimStringToSet(property, "|");
                        }
                        if (this.debug.messageEnabled()) {
                            this.debug.message("SessionPropertyCondition.evaluate():,sessionValue = " + property + ",sessionValues = " + set2);
                        }
                        if (property == null) {
                            z = false;
                        } else if (set2 != null) {
                            if (this.ignoreValueCase) {
                                for (String str4 : set2) {
                                    Iterator<String> it = set.iterator();
                                    while (it.hasNext()) {
                                        if (str4.equalsIgnoreCase(it.next())) {
                                            break;
                                        }
                                    }
                                }
                                z = false;
                            } else {
                                Iterator it2 = set2.iterator();
                                while (it2.hasNext()) {
                                    if (set.contains((String) it2.next())) {
                                        break;
                                    }
                                }
                                z = false;
                            }
                        } else if (this.ignoreValueCase) {
                            Iterator<String> it3 = set.iterator();
                            while (it3.hasNext()) {
                                if (property.equalsIgnoreCase(it3.next())) {
                                    break;
                                }
                            }
                            z = false;
                        } else if (!set.contains(property)) {
                            z = false;
                        }
                    } catch (SSOException e) {
                        this.debug.error("Condition evaluation failed", e);
                        throw new EntitlementException(510, e);
                    }
                }
            }
        }
        if (this.debug.messageEnabled()) {
            this.debug.message("SessionPropertyCondition.evaluate():allowed= " + z);
        }
        return new ConditionDecision(z, (Map<String, Set<String>>) Collections.emptyMap());
    }

    private <T> T getValue(Set<T> set) {
        if (set == null || !set.iterator().hasNext()) {
            return null;
        }
        return set.iterator().next();
    }

    private JSONObject toJSONObject() throws JSONException {
        JSONObject jSONObject = new JSONObject();
        toJSONObject(jSONObject);
        JSONObject jSONObject2 = new JSONObject();
        for (Map.Entry<String, Set<String>> entry : this.properties.entrySet()) {
            JSONArray jSONArray = new JSONArray();
            Iterator<String> it = entry.getValue().iterator();
            while (it.hasNext()) {
                jSONArray.put(it.next());
            }
            jSONObject2.put(entry.getKey(), jSONArray);
        }
        jSONObject.put(SystemProperties.PROPERTIES, jSONObject2);
        jSONObject.put("valueCaseInsensitive", this.ignoreValueCase);
        return jSONObject;
    }

    public String toString() {
        String str = null;
        try {
            str = toJSONObject().toString(2);
        } catch (JSONException e) {
            PrivilegeManager.debug.error("SessionPropertyCondition.toString()", e);
        }
        return str;
    }

    public boolean isIgnoreValueCase() {
        return this.ignoreValueCase;
    }

    public void setIgnoreValueCase(boolean z) {
        this.ignoreValueCase = z;
    }

    public Map<String, Set<String>> getProperties() {
        return this.properties;
    }

    public void setProperties(Map<String, Set<String>> map) {
        this.properties = map;
    }

    @Override // com.sun.identity.entitlement.EntitlementCondition
    public void validate() throws EntitlementException {
        if (this.properties == null || this.properties.isEmpty()) {
            throw new EntitlementException(EntitlementException.PROPERTY_VALUE_NOT_DEFINED, SystemProperties.PROPERTIES);
        }
    }

    @Override // com.sun.identity.entitlement.EntitlementConditionAdaptor
    public boolean equals(Object obj) {
        if (!super.equals(obj) || !getClass().equals(obj.getClass())) {
            return false;
        }
        SessionPropertyCondition sessionPropertyCondition = (SessionPropertyCondition) obj;
        if (this.ignoreValueCase != sessionPropertyCondition.ignoreValueCase) {
            return false;
        }
        return this.ignoreValueCase ? CollectionUtils.compareCaseInsensitiveMapOfSetOfStrings(this.properties, sessionPropertyCondition.properties) : CollectionUtils.genericCompare(this.properties, sessionPropertyCondition.properties);
    }

    @Override // com.sun.identity.entitlement.EntitlementConditionAdaptor
    public int hashCode() {
        int hashCode = (31 * super.hashCode()) + (this.ignoreValueCase ? 1 : 0);
        if (this.ignoreValueCase) {
            return (31 * hashCode) + CollectionUtils.createHashForCaseInsensitiveMapOfSetOfStrings(this.properties);
        }
        if (this.properties != null) {
            hashCode = (31 * hashCode) + this.properties.hashCode();
        }
        return hashCode;
    }
}
