package com.sun.identity.policy;

import com.iplanet.sso.SSOException;
import com.sun.identity.shared.datastruct.CollectionHelper;
import com.sun.identity.sm.SMSException;
import com.sun.identity.sm.ServiceConfig;
import com.sun.identity.sm.ServiceConfigManager;
import com.sun.identity.sm.ServiceListener;
import com.sun.identity.sm.ServiceSchema;
import com.sun.identity.sm.ServiceSchemaManager;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import java.util.StringTokenizer;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentMap;
import org.forgerock.openam.ldap.LDAPUtils;

/* loaded from: input_file:WEB-INF/lib/openam-clientsdk-15.0.1.jar:com/sun/identity/policy/PolicyConfig.class */
public class PolicyConfig implements ServiceListener {
    public static final String LDAP_SERVER = "iplanet-am-policy-config-ldap-server";
    public static final String LDAP_BASE_DN = "iplanet-am-policy-config-ldap-base-dn";
    public static final String LDAP_USERS_BASE_DN = "iplanet-am-policy-config-ldap-users-base-dn";
    public static final String LDAP_BIND_DN = "iplanet-am-policy-config-ldap-bind-dn";
    public static final String LDAP_BIND_PASSWORD = "iplanet-am-policy-config-ldap-bind-password";
    public static final String LDAP_ORG_SEARCH_FILTER = "iplanet-am-policy-config-ldap-organizations-search-filter";
    public static final String LDAP_ORG_SEARCH_SCOPE = "iplanet-am-policy-config-ldap-organizations-search-scope";
    public static final String LDAP_GROUP_SEARCH_FILTER = "iplanet-am-policy-config-ldap-groups-search-filter";
    public static final String LDAP_GROUP_SEARCH_SCOPE = "iplanet-am-policy-config-ldap-groups-search-scope";
    public static final String LDAP_USERS_SEARCH_FILTER = "iplanet-am-policy-config-ldap-users-search-filter";
    public static final String LDAP_USERS_SEARCH_SCOPE = "iplanet-am-policy-config-ldap-users-search-scope";
    public static final String LDAP_ROLES_SEARCH_FILTER = "iplanet-am-policy-config-ldap-roles-search-filter";
    public static final String LDAP_ROLES_SEARCH_SCOPE = "iplanet-am-policy-config-ldap-roles-search-scope";
    public static final String LDAP_ORG_SEARCH_ATTRIBUTE = "iplanet-am-policy-config-ldap-organizations-search-attribute";
    public static final String LDAP_GROUP_SEARCH_ATTRIBUTE = "iplanet-am-policy-config-ldap-groups-search-attribute";
    public static final String LDAP_USER_SEARCH_ATTRIBUTE = "iplanet-am-policy-config-ldap-users-search-attribute";
    public static final String LDAP_ROLES_SEARCH_ATTRIBUTE = "iplanet-am-policy-config-ldap-roles-search-attribute";
    public static final String LDAP_SEARCH_TIME_OUT = "iplanet-am-policy-config-search-timeout";
    public static final String LDAP_SEARCH_LIMIT = "iplanet-am-policy-config-search-limit";
    public static final String LDAP_CONNECTION_POOL_MIN_SIZE = "iplanet-am-policy-config-connection_pool_min_size";
    public static final String LDAP_CONNECTION_POOL_MAX_SIZE = "iplanet-am-policy-config-connection_pool_max_size";
    public static final String LDAP_SSL_ENABLED = "iplanet-am-policy-config-ldap-ssl-enabled";
    public static final String IS_ROLES_BASE_DN = "iplanet-am-policy-config-is-roles-base-dn";
    public static final String IS_ROLES_SEARCH_SCOPE = "iplanet-am-policy-config-is-roles-search-scope";
    public static final String SELECTED_SUBJECTS = "iplanet-am-policy-selected-subjects";
    public static final String SELECTED_REFERRALS = "iplanet-am-policy-selected-referrals";
    public static final String SELECTED_CONDITIONS = "iplanet-am-policy-selected-conditions";
    public static final String SELECTED_RESPONSE_PROVIDERS = "sun-am-policy-selected-responseproviders";
    public static final String SELECTED_DYNAMIC_ATTRIBUTES = "sun-am-policy-dynamic-response-attributes";
    public static final String USER_ALIAS_ENABLED = "iplanet-am-policy-config-user-alias-enabled";
    public static final String RESOURCE_COMPARATOR = "iplanet-am-policy-config-resource-comparator";
    public static final String RESOURCE_COMPARATOR_TYPE = "serviceType";
    public static final String RESOURCE_COMPARATOR_CLASS = "class";
    public static final String RESOURCE_COMPARATOR_DELIMITER = "delimiter";
    public static final String RESOURCE_COMPARATOR_WILDCARD = "wildcard";
    public static final String RESOURCE_COMPARATOR_ONE_LEVEL_WILDCARD = "oneLevelWildcard";
    public static final String RESOURCE_COMPARATOR_CASE_SENSITIVE = "caseSensitive";
    public static final String CONTINUE_EVALUATION_ON_DENY_DECISION = "iplanet-am-policy-config-continue-evaluation-on-deny-decision";
    public static final String ORG_ALIAS_MAPPED_RESOURCES_ENABLED = "sun-am-policy-config-org-alias-mapped-resources-enabled";
    public static final String ADVICES_HANDLEABLE_BY_AM = "sun-am-policy-config-advices-handleable-by-am";
    public static final String ORG_DN = "orgDN";
    public static final String SUBJECTS_RESULT_TTL = "iplanet-am-policy-config-subjects-result-ttl";
    public static final String POLICY_CONFIG_SERVICE = "iPlanetAMPolicyConfigService";
    private static PolicyCache policyCache;
    public static final String ISDS_HOST = PolicyUtils.getISDSHostName();
    private static ServiceConfigManager scm = null;
    private static ServiceSchemaManager ssm = null;
    private static PolicyConfig pcm = new PolicyConfig();
    private static ConcurrentMap<String, Map> attrMap = new ConcurrentHashMap();
    private static Map resourceCompMap = new HashMap();
    static boolean continueEvaluationOnDenyDecisionFlag = false;
    static Set advicesHandleableByAM = null;
    static boolean orgAliasMappedResourcesEnabledFlag = false;

    private PolicyConfig() {
    }

    private static ServiceConfigManager getServiceConfigManager() throws SSOException, SMSException {
        if (scm == null) {
            scm = new ServiceConfigManager(POLICY_CONFIG_SERVICE, ServiceTypeManager.getSSOToken());
            scm.addListener(pcm);
        }
        return scm;
    }

    private static ServiceSchemaManager getServiceSchemaManager() throws SSOException, SMSException {
        if (ssm == null) {
            ssm = new ServiceSchemaManager(POLICY_CONFIG_SERVICE, ServiceTypeManager.getSSOToken());
            ssm.addListener(pcm);
        }
        return ssm;
    }

    public static Map getResourceCompareConfig(String str) throws PolicyException {
        Map map = null;
        if (str == null || !resourceCompMap.containsKey(str)) {
            try {
                ServiceSchema globalSchema = getServiceSchemaManager().getGlobalSchema();
                if (globalSchema != null) {
                    Map<String, Set<String>> attributeDefaults = globalSchema.getAttributeDefaults();
                    setContinueEvaluationOnDenyDecision(attributeDefaults);
                    setOrgAliasMappedResourcesEnabled(attributeDefaults);
                    setAdvicesHandleableByAM(attributeDefaults);
                    processResourceMap(attributeDefaults);
                }
            } catch (SSOException e) {
                PolicyManager.debug.error("getResourceCompConfig: Unable to get ServiceSchemaManager", e);
                throw new PolicyException(e);
            } catch (SMSException e2) {
                PolicyManager.debug.error("getResourceCompConfig: Unable to get ServiceConfig", e2);
                throw new PolicyException(e2);
            }
        }
        if (str != null) {
            synchronized (resourceCompMap) {
                map = (Map) resourceCompMap.get(str);
            }
        }
        return map;
    }

    public static Map getPolicyConfig(String str) throws PolicyException {
        String formatToRFC = LDAPUtils.formatToRFC(str);
        if (policyCache == null) {
            policyCache = PolicyCache.getInstance();
        }
        Map map = attrMap.get(formatToRFC);
        if (map == null) {
            try {
                Map loadPolicyConfig = loadPolicyConfig(formatToRFC);
                if (loadPolicyConfig != null) {
                    map = attrMap.putIfAbsent(formatToRFC, loadPolicyConfig);
                    if (map == null) {
                        map = loadPolicyConfig;
                    }
                }
            } catch (SSOException e) {
                PolicyManager.debug.error("getPolicyConfig: Unable to get ServiceConfig", e);
                throw new PolicyException(e);
            } catch (SMSException e2) {
                PolicyManager.debug.error("getPolicyConfig: Unable to get ServiceConfig", e2);
                throw new PolicyException(e2);
            }
        }
        return map;
    }

    @Override // com.sun.identity.sm.ServiceListener
    public void schemaChanged(String str, String str2) {
        PolicyManager.debug.message("PolicyConfig.schemaChanged():entering");
        try {
            ServiceSchema globalSchema = getServiceSchemaManager().getGlobalSchema();
            if (globalSchema != null) {
                Map<String, Set<String>> attributeDefaults = globalSchema.getAttributeDefaults();
                setContinueEvaluationOnDenyDecision(attributeDefaults);
                setOrgAliasMappedResourcesEnabled(attributeDefaults);
                setAdvicesHandleableByAM(attributeDefaults);
                setOrgAliasMappedResourcesEnabled(attributeDefaults);
                processResourceMap(attributeDefaults);
            }
        } catch (Exception e) {
            PolicyManager.debug.error("globalConfigChanged: Unable to get global config ", e);
        }
    }

    @Override // com.sun.identity.sm.ServiceListener
    public void globalConfigChanged(String str, String str2, String str3, String str4, int i) {
    }

    @Override // com.sun.identity.sm.ServiceListener
    public void organizationConfigChanged(String str, String str2, String str3, String str4, String str5, int i) {
        try {
            attrMap.put(str3, loadPolicyConfig(str3));
            if (policyCache != null) {
                policyCache.policyConfigChanged(str3);
            }
        } catch (SSOException e) {
            PolicyManager.debug.error("orgConfigChanged: Unable to get org config: " + str3, e);
        } catch (SMSException e2) {
            PolicyManager.debug.error("orgConfigChanged: Unable to get org config: " + str3, e2);
        }
    }

    private static Map loadPolicyConfig(String str) throws SMSException, SSOException {
        ServiceConfig organizationConfig = getServiceConfigManager().getOrganizationConfig(str, null);
        if (organizationConfig == null) {
            return null;
        }
        Map processOrgAttrMap = processOrgAttrMap(organizationConfig.getAttributes());
        processOrgAttrMap.put(ORG_DN, str);
        return processOrgAttrMap;
    }

    private static Map processOrgAttrMap(Map<String, Set<String>> map) {
        HashMap hashMap = new HashMap();
        for (Map.Entry<String, Set<String>> entry : map.entrySet()) {
            String key = entry.getKey();
            Set<String> value = entry.getValue();
            if (value != null && !value.isEmpty()) {
                if (key.equals(SELECTED_SUBJECTS) || key.equals(SELECTED_REFERRALS) || key.equals(SELECTED_RESPONSE_PROVIDERS) || key.equals(SELECTED_DYNAMIC_ATTRIBUTES) || key.equals(SELECTED_CONDITIONS)) {
                    hashMap.put(key, value);
                } else if (key.equals(LDAP_SERVER)) {
                    hashMap.put(key, CollectionHelper.getServerMapAttr(map, LDAP_SERVER));
                } else {
                    Iterator<String> it = value.iterator();
                    while (it.hasNext()) {
                        String next = it.next();
                        if (next != null) {
                            hashMap.put(key, next);
                            if (key.equals(LDAP_BIND_PASSWORD)) {
                                next = PolicyUtils.encrypt(next);
                                hashMap.put(key, next);
                            }
                            if (PolicyManager.debug.messageEnabled()) {
                                PolicyManager.debug.message("Attr Name = " + key + ";  Attr Value = " + next);
                            }
                        }
                    }
                }
            }
        }
        return hashMap;
    }

    private static void processResourceMap(Map map) {
        Set<String> set = (Set) map.get(RESOURCE_COMPARATOR);
        if (set == null || set.isEmpty()) {
            return;
        }
        for (String str : set) {
            if (str != null) {
                StringTokenizer stringTokenizer = new StringTokenizer(str, "|");
                String[] strArr = new String[6];
                int i = 0;
                while (stringTokenizer.hasMoreTokens()) {
                    int i2 = i;
                    i++;
                    strArr[i2] = stringTokenizer.nextToken();
                    if (i > 5) {
                        break;
                    }
                }
                HashMap hashMap = new HashMap();
                String str2 = null;
                for (int i3 = 0; i3 < i; i3++) {
                    int indexOf = strArr[i3].indexOf("=");
                    String substring = strArr[i3].substring(0, indexOf);
                    String substring2 = strArr[i3].substring(indexOf + 1);
                    if (substring == null) {
                        PolicyManager.debug.error("Resource comapartaor:  name is null");
                    } else if (substring2 == null) {
                        PolicyManager.debug.error("Resource comapartaor:  value is null");
                    } else {
                        if (PolicyManager.debug.messageEnabled()) {
                            PolicyManager.debug.message("Attr Name = " + substring + " Attr Value = " + substring2);
                        }
                        if (substring.equalsIgnoreCase(RESOURCE_COMPARATOR_TYPE)) {
                            str2 = substring2;
                        } else if (substring.equalsIgnoreCase("class")) {
                            hashMap.put("class", substring2);
                        } else if (substring.equalsIgnoreCase("delimiter")) {
                            hashMap.put("delimiter", substring2);
                        } else if (substring.equalsIgnoreCase("wildcard")) {
                            hashMap.put("wildcard", substring2);
                        } else if (substring.equalsIgnoreCase("oneLevelWildcard")) {
                            hashMap.put("oneLevelWildcard", substring2);
                        } else if (substring.equalsIgnoreCase("caseSensitive")) {
                            hashMap.put("caseSensitive", substring2);
                        }
                    }
                }
                if (PolicyManager.debug.messageEnabled()) {
                    PolicyManager.debug.message("PolicyConfig.processResourceMap():configMap.toString()" + hashMap.toString());
                }
                synchronized (resourceCompMap) {
                    resourceCompMap.put(str2, hashMap);
                }
            }
        }
    }

    public static long getSubjectsResultTtl(Map map) {
        String str = null;
        if (map != null) {
            str = (String) map.get(SUBJECTS_RESULT_TTL);
        }
        long j = 0;
        if (str != null) {
            try {
                j = Integer.parseInt(str) * 60 * 1000;
            } catch (NumberFormatException e) {
                if (PolicyManager.debug.warningEnabled()) {
                    PolicyManager.debug.warning("NumberFormatException while parsing  subjectsResultTtl defined in policyConfig  service  using default 600000");
                }
            }
        }
        return j;
    }

    static void setContinueEvaluationOnDenyDecision(Map map) {
        Set set;
        if (map != null && (set = (Set) map.get(CONTINUE_EVALUATION_ON_DENY_DECISION)) != null && !set.isEmpty()) {
            String str = (String) set.iterator().next();
            if (str != null) {
                continueEvaluationOnDenyDecisionFlag = Boolean.valueOf(str).booleanValue();
            }
            if (PolicyManager.debug.messageEnabled()) {
                PolicyManager.debug.message("PolicyConfig.setContinueEvaluationOnDenyDecision():global attribute  continueEvaluationOnDenyDecision=" + str);
            }
        }
        if (PolicyManager.debug.messageEnabled()) {
            PolicyManager.debug.message("PolicyConfig.setContinueEvaluationOnDenyDecision():continueEvaluationOnDenyDecision=" + continueEvaluationOnDenyDecisionFlag);
        }
    }

    static void setOrgAliasMappedResourcesEnabled(Map map) {
        Set set;
        if (map != null && (set = (Set) map.get(ORG_ALIAS_MAPPED_RESOURCES_ENABLED)) != null && !set.isEmpty()) {
            String str = (String) set.iterator().next();
            if (str != null) {
                orgAliasMappedResourcesEnabledFlag = Boolean.valueOf(str).booleanValue();
            }
            if (PolicyManager.debug.messageEnabled()) {
                PolicyManager.debug.message("PolicyConfig.setOrgAliasMappedResourcesEnabled():global attribute  orgAliasMappedResourcesEnabledFlag=" + str);
            }
        }
        if (PolicyManager.debug.messageEnabled()) {
            PolicyManager.debug.message("PolicyConfig.setOrgAliasMappedResourcesEnabled():orgAliasMappedResourcesEnabledFlag=" + orgAliasMappedResourcesEnabledFlag);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean continueEvaluationOnDenyDecision() {
        return continueEvaluationOnDenyDecisionFlag;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean orgAliasMappedResourcesEnabled() {
        return orgAliasMappedResourcesEnabledFlag;
    }

    private static void setAdvicesHandleableByAM(Map map) {
        Set set;
        if (map != null && (set = (Set) map.get(ADVICES_HANDLEABLE_BY_AM)) != null) {
            advicesHandleableByAM = set;
        }
        if (PolicyManager.debug.messageEnabled()) {
            PolicyManager.debug.message("PolicyConfig.setAdvicesHandleableByAM():global attribute advicesHandleableByAM=" + advicesHandleableByAM);
        }
        if (advicesHandleableByAM == null) {
            advicesHandleableByAM = Collections.EMPTY_SET;
        }
    }

    public static Set getAdvicesHandleableByAM() throws PolicyException {
        if (advicesHandleableByAM == null) {
            getResourceCompareConfig(null);
        }
        if (PolicyManager.debug.messageEnabled()) {
            PolicyManager.debug.message("PolicyConfig.getAdvicesHandleableByAM():returning global attribute advicesHandleableByAM=" + advicesHandleableByAM);
        }
        return advicesHandleableByAM;
    }
}
