package org.forgerock.openam.entitlement.conditions.environment;

import com.iplanet.sso.SSOException;
import com.iplanet.sso.SSOToken;
import com.sun.identity.authentication.config.AMAuthenticationManager;
import com.sun.identity.authentication.config.AMConfigurationException;
import com.sun.identity.authentication.util.AMAuthUtils;
import com.sun.identity.authentication.util.ISAuthConstants;
import com.sun.identity.entitlement.ConditionDecision;
import com.sun.identity.entitlement.EntitlementConditionAdaptor;
import com.sun.identity.entitlement.EntitlementException;
import com.sun.identity.entitlement.PrivilegeManager;
import com.sun.identity.policy.PolicyEvaluator;
import com.sun.identity.policy.util.PolicyDecisionUtils;
import com.sun.identity.security.AdminTokenAction;
import com.sun.identity.shared.datastruct.CollectionHelper;
import com.sun.identity.shared.debug.Debug;
import java.security.AccessController;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.StringTokenizer;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.security.auth.Subject;
import org.apache.commons.configuration.tree.DefaultExpressionEngine;
import org.forgerock.openam.sdk.org.json.JSONArray;
import org.forgerock.openam.sdk.org.json.JSONException;
import org.forgerock.openam.sdk.org.json.JSONObject;
import org.forgerock.openam.utils.CollectionUtils;
import org.forgerock.openam.utils.StringUtils;

/* loaded from: input_file:WEB-INF/lib/openam-clientsdk-15.0.1.jar:org/forgerock/openam/entitlement/conditions/environment/ResourceEnvIPCondition.class */
public class ResourceEnvIPCondition extends EntitlementConditionAdaptor {
    public static final String ENV_CONDITION_VALUE = "resourceEnvIPConditionValue";
    private static final String KEY_VALUE = "\\s*(\\w+)\\s*=\\s*(\\S+)\\s*";
    private static final Pattern CONDITION_PATTERN = Pattern.compile("\\s*IF\\s*(\\w+)\\s*=\\s*(\\S+)\\s*THEN\\s*(\\w+)\\s*=\\s*(\\S+)\\s*", 2);
    private final Debug debug;
    private final String debugName = "ResourceEnvIPCondition";
    private String localDebugName;
    private Set<String> resourceEnvIPConditionValue;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:WEB-INF/lib/openam-clientsdk-15.0.1.jar:org/forgerock/openam/entitlement/conditions/environment/ResourceEnvIPCondition$EnvironmentCondition.class */
    public static final class EnvironmentCondition {
        final String paramName;
        final String paramValue;
        final String adviceName;
        final String adviceValue;

        EnvironmentCondition(String str, String str2, String str3, String str4) {
            this.paramName = str;
            this.paramValue = str2;
            this.adviceName = str3;
            this.adviceValue = str4;
        }

        public boolean equals(Object obj) {
            return this == obj || ((obj instanceof EnvironmentCondition) && isEqualTo((EnvironmentCondition) obj));
        }

        public boolean isEqualTo(EnvironmentCondition environmentCondition) {
            return this.adviceName.equals(environmentCondition.adviceName) && this.adviceValue.equalsIgnoreCase(environmentCondition.adviceValue) && this.paramName.equals(environmentCondition.paramName) && this.paramValue.equalsIgnoreCase(environmentCondition.paramValue);
        }

        public int hashCode() {
            return (31 * ((31 * ((31 * this.paramName.hashCode()) + this.paramValue.toLowerCase().hashCode())) + this.adviceName.hashCode())) + this.adviceValue.toLowerCase().hashCode();
        }

        public String toString() {
            return "IF " + this.paramName + "=" + this.paramValue + " THEN " + this.adviceName + "=" + this.adviceValue;
        }
    }

    public ResourceEnvIPCondition() {
        this(PrivilegeManager.debug);
    }

    public ResourceEnvIPCondition(Debug debug) {
        this.debugName = "ResourceEnvIPCondition";
        this.localDebugName = "";
        this.resourceEnvIPConditionValue = new HashSet();
        this.debug = debug;
    }

    @Override // com.sun.identity.entitlement.EntitlementCondition
    public ConditionDecision evaluate(String str, Subject subject, String str2, Map<String, Set<String>> map) throws EntitlementException {
        if (this.debug.messageEnabled()) {
            this.localDebugName = "ResourceEnvIPCondition.evaluate(): ";
            this.debug.message(this.localDebugName + "client environment map: " + map);
        }
        boolean z = false;
        HashMap hashMap = new HashMap();
        SSOToken sSOToken = subject == null ? null : (SSOToken) subject.getPrivateCredentials().iterator().next();
        try {
            EnvironmentCondition matchEnvironment = matchEnvironment(map, sSOToken);
            if (matchEnvironment != null) {
                String str3 = matchEnvironment.adviceName;
                String str4 = matchEnvironment.adviceValue;
                if (this.debug.messageEnabled()) {
                    this.debug.message(this.localDebugName + "adviceName : " + str3 + " and adviceValue : " + str4);
                }
                if (!StringUtils.isEmpty(str3) && !StringUtils.isEmpty(str4)) {
                    if (str3.equalsIgnoreCase(ISAuthConstants.MODULE_PARAM)) {
                        Set<String> adviceMessagesforAuthScheme = getAdviceMessagesforAuthScheme(str4, sSOToken, map);
                        if (adviceMessagesforAuthScheme.isEmpty()) {
                            z = true;
                        } else {
                            hashMap.put("AuthSchemeConditionAdvice", adviceMessagesforAuthScheme);
                        }
                    } else if (str3.equalsIgnoreCase("service")) {
                        Set<String> adviceMessagesforAuthService = getAdviceMessagesforAuthService(str4, sSOToken, map);
                        if (adviceMessagesforAuthService.isEmpty()) {
                            z = true;
                        } else {
                            hashMap.put("AuthenticateToServiceConditionAdvice", adviceMessagesforAuthService);
                        }
                    } else if (str3.equalsIgnoreCase("authlevel")) {
                        Set<String> adviceMessagesforAuthLevel = getAdviceMessagesforAuthLevel(str4, sSOToken, map);
                        if (adviceMessagesforAuthLevel.isEmpty()) {
                            z = true;
                        } else {
                            hashMap.put("AuthLevelConditionAdvice", adviceMessagesforAuthLevel);
                        }
                    } else if (str3.equalsIgnoreCase("role")) {
                        Set<String> adviceMessagesforRole = getAdviceMessagesforRole(str4, sSOToken, map);
                        if (adviceMessagesforRole.isEmpty()) {
                            z = true;
                        } else {
                            hashMap.put(PolicyDecisionUtils.AUTH_ROLE_ADVICE, adviceMessagesforRole);
                        }
                    } else if (str3.equalsIgnoreCase("user")) {
                        Set<String> adviceMessagesforUser = getAdviceMessagesforUser(str4, sSOToken, map);
                        if (adviceMessagesforUser.isEmpty()) {
                            z = true;
                        } else {
                            hashMap.put(PolicyDecisionUtils.AUTH_USER_ADVICE, adviceMessagesforUser);
                        }
                    } else if (str3.equalsIgnoreCase(ISAuthConstants.REDIRECT_URL_PARAM)) {
                        Set<String> adviceMessagesforRedirectURL = getAdviceMessagesforRedirectURL(str4, sSOToken, map);
                        if (adviceMessagesforRedirectURL.isEmpty()) {
                            z = true;
                        } else {
                            hashMap.put(PolicyDecisionUtils.AUTH_REDIRECTION_ADVICE, adviceMessagesforRedirectURL);
                        }
                    } else if (str3.equalsIgnoreCase("realm") || str3.equalsIgnoreCase("org")) {
                        Set<String> adviceMessagesforRealm = getAdviceMessagesforRealm(str4, sSOToken, map);
                        if (adviceMessagesforRealm.isEmpty()) {
                            z = true;
                        } else {
                            hashMap.put("AuthenticateToRealmConditionAdvice", adviceMessagesforRealm);
                        }
                    } else if (this.debug.messageEnabled()) {
                        this.debug.message(this.localDebugName + "adviceName is invalid");
                    }
                }
            } else if (this.debug.messageEnabled()) {
                this.debug.message(this.localDebugName + "Advice is NULL since there is no matching condition found.");
            }
        } catch (SSOException e) {
            this.debug.error("ResourceEnvIPCondition.evaluate(): Condition evaluation failed", e);
        }
        return new ConditionDecision(z, hashMap);
    }

    private Set<String> getAdviceMessagesforAuthScheme(String str, SSOToken sSOToken, Map<String, Set<String>> map) throws EntitlementException, SSOException {
        if (this.debug.messageEnabled()) {
            this.localDebugName = "ResourceEnvIPCondition.getAdviceMessagesforAuthScheme(): ";
        }
        HashSet hashSet = new HashSet();
        Set<String> set = null;
        Set<String> set2 = null;
        if (map != null && map.get("requestAuthSchemes") != null) {
            try {
                set = map.get("requestAuthSchemes");
                if (this.debug.messageEnabled()) {
                    this.debug.message(this.localDebugName + "requestAuthSchemes from env=" + set);
                }
            } catch (ClassCastException e) {
                throw new EntitlementException(EntitlementException.PROPERTY_VALUE_NOT_DEFINED, new String[]{"requestAuthSchemes"}, e);
            }
        } else if (sSOToken != null) {
            set = AMAuthUtils.getRealmQualifiedAuthenticatedSchemes(sSOToken);
            set2 = AMAuthUtils.getAuthenticatedSchemes(sSOToken);
            if (this.debug.messageEnabled()) {
                this.debug.message(this.localDebugName + "requestAuthSchemes from ssoToken=" + set);
                this.debug.message(this.localDebugName + "requestAuthSchemesIgnoreRealm from ssoToken= " + set2);
            }
        }
        if (set == null) {
            set = Collections.EMPTY_SET;
        }
        if (set2 == null) {
            set2 = Collections.EMPTY_SET;
        }
        if (!set.contains(str)) {
            String realmFromRealmQualifiedData = AMAuthUtils.getRealmFromRealmQualifiedData(str);
            if (realmFromRealmQualifiedData != null && realmFromRealmQualifiedData.length() != 0) {
                hashSet.add(str);
                if (this.debug.messageEnabled()) {
                    this.debug.message(this.localDebugName + "authScheme not satisfied = " + str);
                }
            } else if ((realmFromRealmQualifiedData == null || realmFromRealmQualifiedData.length() == 0) && !set2.contains(str)) {
                hashSet.add(str);
                if (this.debug.messageEnabled()) {
                    this.debug.message(this.localDebugName + "authScheme not satisfied = " + str);
                }
            }
        }
        if (this.debug.messageEnabled()) {
            this.debug.message(this.localDebugName + "authScheme = " + str + ", requestAuthSchemes = " + set + ",  adviceMessages = " + hashSet);
        }
        return hashSet;
    }

    private Set<String> getAdviceMessagesforAuthService(String str, SSOToken sSOToken, Map<String, Set<String>> map) throws EntitlementException, SSOException {
        if (this.debug.messageEnabled()) {
            this.localDebugName = "ResourceEnvIPCondition.getAdviceMessagesforAuthService(): ";
        }
        HashSet hashSet = new HashSet();
        Set<String> hashSet2 = new HashSet();
        boolean z = false;
        if (map != null && map.get("requestAuthenticatedToServices") != null) {
            try {
                hashSet2 = map.get("requestAuthenticatedToServices");
                if (this.debug.messageEnabled()) {
                    this.debug.message(this.localDebugName + "requestAuthnServices from request = " + hashSet2);
                }
            } catch (ClassCastException e) {
                throw new EntitlementException(EntitlementException.PROPERTY_VALUE_NOT_DEFINED, new String[]{"requestAuthenticatedToServices"}, e);
            }
        } else if (sSOToken != null) {
            Set realmQualifiedAuthenticatedServices = AMAuthUtils.getRealmQualifiedAuthenticatedServices(sSOToken);
            if (realmQualifiedAuthenticatedServices != null) {
                hashSet2.addAll(realmQualifiedAuthenticatedServices);
            }
            if (this.debug.messageEnabled()) {
                this.debug.message(this.localDebugName + "requestAuthnServices from ssoToken = " + hashSet2);
            }
        }
        if (!hashSet2.contains(str)) {
            String realmFromRealmQualifiedData = AMAuthUtils.getRealmFromRealmQualifiedData(str);
            if (realmFromRealmQualifiedData != null && realmFromRealmQualifiedData.length() != 0) {
                hashSet.add(str);
                if (this.debug.messageEnabled()) {
                    this.debug.message(this.localDebugName + "authService not satisfied = " + str);
                }
            } else if (realmFromRealmQualifiedData == null || realmFromRealmQualifiedData.length() == 0) {
                Iterator<String> it = hashSet2.iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    if (str.equals(AMAuthUtils.getDataFromRealmQualifiedData(it.next()))) {
                        z = true;
                        break;
                    }
                }
            }
        }
        if (!z) {
            hashSet.add(str);
        }
        if (this.debug.messageEnabled()) {
            this.debug.message(this.localDebugName + "authenticateToService = " + str + ", requestAuthnServices = " + hashSet2 + ", adviceMessages = " + hashSet);
        }
        return hashSet;
    }

    private Set<String> getAdviceMessagesforAuthLevel(String str, SSOToken sSOToken, Map<String, Set<String>> map) throws EntitlementException, SSOException {
        if (this.debug.messageEnabled()) {
            this.localDebugName = "ResourceEnvIPCondition.getAdviceMessagesforAuthLevel(): ";
        }
        HashSet hashSet = new HashSet();
        try {
            String realmFromRealmQualifiedData = AMAuthUtils.getRealmFromRealmQualifiedData(str);
            int parseInt = Integer.parseInt(AMAuthUtils.getDataFromRealmQualifiedData(str));
            int maxRequestAuthLevel = getMaxRequestAuthLevel(map, realmFromRealmQualifiedData, str);
            if (maxRequestAuthLevel == Integer.MIN_VALUE && sSOToken != null) {
                maxRequestAuthLevel = getMaxRequestAuthLevel(sSOToken, realmFromRealmQualifiedData, str);
            }
            if (maxRequestAuthLevel < parseInt) {
                hashSet.add(str);
            }
            if (this.debug.messageEnabled()) {
                this.debug.message(this.localDebugName + "authLevel=" + str + "authRealm=" + realmFromRealmQualifiedData + ", maxRequestAuthLevel=" + maxRequestAuthLevel + ",adviceMessages=" + hashSet);
            }
            return hashSet;
        } catch (NumberFormatException e) {
            throw new EntitlementException(800, "AuthLevel");
        }
    }

    private Set<String> getAdviceMessagesforRole(String str, SSOToken sSOToken, Map<String, Set<String>> map) throws SSOException {
        if (this.debug.messageEnabled()) {
            this.localDebugName = "ResourceEnvIPCondition.getAdviceMessagesforRole(): ";
        }
        HashSet hashSet = new HashSet();
        boolean z = false;
        if (sSOToken != null) {
            String property = sSOToken.getProperty(ISAuthConstants.ROLE);
            if (this.debug.messageEnabled()) {
                this.debug.message(this.localDebugName + "userAuthRoleNames from token =" + property);
            }
            if (property != null) {
                StringTokenizer stringTokenizer = new StringTokenizer(property, "|");
                while (stringTokenizer.hasMoreElements()) {
                    String str2 = (String) stringTokenizer.nextElement();
                    if (str2 != null && str2.equals(str)) {
                        z = true;
                    }
                }
            }
        }
        if (!z) {
            hashSet.add(str);
        }
        if (this.debug.messageEnabled()) {
            this.debug.message(this.localDebugName + "auth role =" + str + ", adviceMessages=" + hashSet);
        }
        return hashSet;
    }

    private Set<String> getAdviceMessagesforUser(String str, SSOToken sSOToken, Map<String, Set<String>> map) throws SSOException {
        if (this.debug.messageEnabled()) {
            this.localDebugName = "ResourceEnvIPCondition.getAdviceMessagesforUser(): ";
        }
        HashSet hashSet = new HashSet();
        boolean z = false;
        if (sSOToken != null) {
            String property = sSOToken.getProperty(ISAuthConstants.USER_TOKEN);
            if (this.debug.messageEnabled()) {
                this.debug.message(this.localDebugName + "userAuthRoleNames from token =" + property);
            }
            if (property != null) {
                StringTokenizer stringTokenizer = new StringTokenizer(property, "|");
                while (stringTokenizer.hasMoreElements()) {
                    String str2 = (String) stringTokenizer.nextElement();
                    if (str2 != null && str2.equals(str)) {
                        z = true;
                    }
                }
            }
        }
        if (!z) {
            hashSet.add(str);
        }
        if (this.debug.messageEnabled()) {
            this.debug.message(this.localDebugName + "auth user =" + str + ", adviceMessages=" + hashSet);
        }
        return hashSet;
    }

    private Set<String> getAdviceMessagesforRealm(String str, SSOToken sSOToken, Map<String, Set<String>> map) throws EntitlementException, SSOException {
        if (this.debug.messageEnabled()) {
            this.localDebugName = "ResourceEnvIPCondition.getAdviceMessagesforRealm(): ";
        }
        HashSet hashSet = new HashSet();
        Set<String> hashSet2 = new HashSet();
        if (map != null && map.get("requestAuthenticatedToRealms") != null) {
            try {
                hashSet2 = map.get("requestAuthenticatedToRealms");
                if (this.debug.messageEnabled()) {
                    this.debug.message(this.localDebugName + "requestAuthnRealms, from request / env = " + hashSet2);
                }
            } catch (ClassCastException e) {
                throw new EntitlementException(EntitlementException.PROPERTY_IS_NOT_A_SET, new String[]{"requestAuthenticatedToRealms"}, e);
            }
        } else if (sSOToken != null) {
            Set authenticatedRealms = AMAuthUtils.getAuthenticatedRealms(sSOToken);
            if (authenticatedRealms != null) {
                hashSet2.addAll(authenticatedRealms);
            }
            if (this.debug.messageEnabled()) {
                this.debug.message(this.localDebugName + "requestAuthnRealms, from ssoToken = " + hashSet2);
            }
        }
        if (!hashSet2.contains(str)) {
            hashSet.add(str);
            if (this.debug.messageEnabled()) {
                this.debug.message(this.localDebugName + "authenticateToRealm not satisfied = " + str);
            }
        }
        if (this.debug.messageEnabled()) {
            this.debug.message(this.localDebugName + "authRealm = " + str + ", requestAuthnRealms = " + hashSet2 + ", adviceMessages = " + hashSet);
        }
        return hashSet;
    }

    private Set<String> getAdviceMessagesforRedirectURL(String str, SSOToken sSOToken, Map map) throws EntitlementException, SSOException {
        if (this.debug.messageEnabled()) {
            this.localDebugName = "ResourceEnvIPCondition.getAdviceMessagesforRedirectURL(): ";
        }
        HashSet hashSet = new HashSet();
        Set set = null;
        Set<String> set2 = null;
        boolean z = false;
        boolean z2 = false;
        String str2 = "/";
        if (map != null && map.get("requestAuthSchemes") != null) {
            try {
                str2 = CollectionHelper.getMapAttr(map, PolicyEvaluator.REALM_DN, str2);
                set = (Set) map.get("requestAuthSchemes");
                if (this.debug.messageEnabled()) {
                    this.debug.message(this.localDebugName + "requestAuthSchemes from env= " + set + " AND orgName from env= " + str2);
                }
            } catch (ClassCastException e) {
                throw new EntitlementException(EntitlementException.PROPERTY_IS_NOT_A_SET, new String[]{"requestAuthSchemes"}, e);
            }
        } else if (sSOToken != null) {
            str2 = sSOToken.getProperty("Organization");
            set = AMAuthUtils.getRealmQualifiedAuthenticatedSchemes(sSOToken);
            set2 = AMAuthUtils.getAuthenticatedSchemes(sSOToken);
            if (this.debug.messageEnabled()) {
                this.debug.message(this.localDebugName + "orgName from ssoToken= " + str2);
                this.debug.message(this.localDebugName + "requestAuthSchemes from ssoToken= " + set);
                this.debug.message(this.localDebugName + "requestAuthSchemesIgnoreRealm from ssoToken= " + set2);
            }
        }
        if (set == null) {
            set = Collections.EMPTY_SET;
        }
        if (set2 == null) {
            set2 = Collections.EMPTY_SET;
        }
        String str3 = null;
        String str4 = null;
        try {
            SSOToken sSOToken2 = (SSOToken) AccessController.doPrivileged(AdminTokenAction.getInstance());
            Iterator it = set.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                String str5 = (String) it.next();
                str3 = AMAuthUtils.getDataFromRealmQualifiedData(str5);
                String realmFromRealmQualifiedData = AMAuthUtils.getRealmFromRealmQualifiedData(str5);
                if (realmFromRealmQualifiedData == null || realmFromRealmQualifiedData.length() == 0) {
                    break;
                }
                str4 = new AMAuthenticationManager(sSOToken2, str2).getAuthenticationInstance(str3).getType();
                if (ISAuthConstants.FEDERATION_MODULE.equals(str4)) {
                    z2 = true;
                    break;
                }
            }
            z = true;
            if (z) {
                Iterator<String> it2 = set2.iterator();
                while (true) {
                    if (!it2.hasNext()) {
                        break;
                    }
                    str3 = it2.next();
                    str4 = new AMAuthenticationManager(sSOToken2, str2).getAuthenticationInstance(str3).getType();
                    if (ISAuthConstants.FEDERATION_MODULE.equals(str4)) {
                        z2 = true;
                        break;
                    }
                }
            }
            if (!z2) {
                hashSet.add(str);
            }
            if (this.debug.messageEnabled()) {
                this.debug.message(this.localDebugName + "redirectURL=" + str + "schemeInstance=" + str3 + ",authSchemeType=" + str4 + ",adviceMessages=" + hashSet);
            }
            return hashSet;
        } catch (AMConfigurationException e2) {
            if (this.debug.warningEnabled()) {
                this.debug.warning(this.localDebugName + "got AMConfigurationException: schemeInstance=" + str3 + ", authSchemeType = " + str4);
            }
            throw new EntitlementException(EntitlementException.AUTH_SCHEME_NOT_FOUND, new String[]{str3}, e2);
        }
    }

    private int getMaxRequestAuthLevel(Map<String, Set<String>> map, String str, String str2) throws EntitlementException {
        if (this.debug.messageEnabled()) {
            this.localDebugName = "ResourceEnvIPCondition.getMaxRequestAuthLevel(): ";
        }
        int i = Integer.MIN_VALUE;
        if (this.debug.messageEnabled()) {
            this.debug.message(this.localDebugName + "entering: envMap= " + map + ", authRealm= " + str + ", conditionAuthLevel= " + str2);
        }
        Object obj = map.get("requestAuthLevel");
        if (obj != null) {
            if (!(obj instanceof Integer)) {
                if (!(obj instanceof Set)) {
                    if (this.debug.warningEnabled()) {
                        this.debug.warning(this.localDebugName + "requestAuthLevel in env neither Integer nor Set");
                    }
                    throw new EntitlementException(EntitlementException.AUTH_LEVEL_NOT_INT_OR_SET);
                }
                Set set = (Set) obj;
                if (!set.isEmpty()) {
                    for (Object obj2 : set) {
                        if (!(obj2 instanceof String)) {
                            if (this.debug.warningEnabled()) {
                                this.debug.warning(this.localDebugName + "requestAuthLevel Set element not String");
                            }
                            throw new EntitlementException(EntitlementException.AUTH_LEVEL_NOT_INT_OR_SET);
                        }
                        String str3 = (String) obj2;
                        int authLevel = getAuthLevel(str3);
                        if (str == null || str.length() == 0) {
                            if (authLevel > i) {
                                i = authLevel;
                            }
                        } else if (str.equals(AMAuthUtils.getRealmFromRealmQualifiedData(str3)) && authLevel > i) {
                            i = authLevel;
                        }
                    }
                }
            } else if (str == null || str.length() == 0) {
                i = ((Integer) obj).intValue();
                if (this.debug.messageEnabled()) {
                    this.debug.message(this.localDebugName + "Integer level in env= " + i);
                }
            }
        }
        if (this.debug.messageEnabled()) {
            this.debug.message(this.localDebugName + "returning: maxAuthLevel=" + i);
        }
        return i;
    }

    private int getMaxRequestAuthLevel(SSOToken sSOToken, String str, String str2) throws EntitlementException, SSOException {
        if (this.debug.messageEnabled()) {
            this.localDebugName = "ResourceEnvIPCondition.getMaxRequestAuthLevel(): ";
        }
        int i = Integer.MIN_VALUE;
        if (this.debug.messageEnabled()) {
            this.debug.message(this.localDebugName + "entering: authRealm = " + str + ", conditionAuthLevel= " + str2);
        }
        if (str == null || str.length() == 0) {
            Set<String> authenticatedLevels = sSOToken == null ? null : AMAuthUtils.getAuthenticatedLevels(sSOToken);
            if (this.debug.messageEnabled()) {
                this.debug.message(this.localDebugName + "levels from token= " + (authenticatedLevels == null ? "NULL" : authenticatedLevels));
            }
            if (authenticatedLevels != null && !authenticatedLevels.isEmpty()) {
                Iterator<String> it = authenticatedLevels.iterator();
                while (it.hasNext()) {
                    int authLevel = getAuthLevel(it.next());
                    i = authLevel > i ? authLevel : i;
                }
            }
        } else {
            Set<String> realmQualifiedAuthenticatedLevels = sSOToken == null ? null : AMAuthUtils.getRealmQualifiedAuthenticatedLevels(sSOToken);
            if (this.debug.messageEnabled()) {
                this.debug.message(this.localDebugName + "qualifiedLevels from token= " + (realmQualifiedAuthenticatedLevels == null ? "NULL" : realmQualifiedAuthenticatedLevels));
            }
            if (realmQualifiedAuthenticatedLevels != null && !realmQualifiedAuthenticatedLevels.isEmpty()) {
                for (String str3 : realmQualifiedAuthenticatedLevels) {
                    if (str.equals(AMAuthUtils.getRealmFromRealmQualifiedData(str3))) {
                        int authLevel2 = getAuthLevel(str3);
                        i = authLevel2 > i ? authLevel2 : i;
                    }
                }
            }
        }
        if (this.debug.messageEnabled()) {
            this.debug.message(this.localDebugName + "returning: maxAuthLevel= " + i);
        }
        return i;
    }

    private int getAuthLevel(String str) throws EntitlementException {
        if (this.debug.messageEnabled()) {
            this.localDebugName = "ResourceEnvIPCondition.getAuthLevel(): ";
        }
        String dataFromRealmQualifiedData = AMAuthUtils.getDataFromRealmQualifiedData(str);
        try {
            return Integer.parseInt(dataFromRealmQualifiedData);
        } catch (NumberFormatException e) {
            if (this.debug.warningEnabled()) {
                this.debug.warning(this.localDebugName + "got NumberFormatException: qualifiedLevel=" + str + ", levelString = " + dataFromRealmQualifiedData);
            }
            throw new EntitlementException(EntitlementException.AUTH_LEVEL_NOT_INTEGER, new String[]{dataFromRealmQualifiedData}, e);
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:53:0x030a, code lost:
    
        if (r0.contains("*") == false) goto L107;
     */
    /* JADX WARN: Code restructure failed: missing block: B:54:0x030d, code lost:
    
        r11 = r0;
     */
    /* JADX WARN: Code restructure failed: missing block: B:56:0x0326, code lost:
    
        throw new com.sun.identity.entitlement.EntitlementException(com.sun.identity.entitlement.EntitlementException.RESOURCE_ENV_NOT_KNOWN, r0);
     */
    /* JADX WARN: Code restructure failed: missing block: B:95:0x027d, code lost:
    
        if (r8.debug.errorEnabled() == false) goto L85;
     */
    /* JADX WARN: Code restructure failed: missing block: B:96:0x0280, code lost:
    
        r8.debug.error("ResourceEnvIPCondition.matchEnvironment(): invalid property value, " + r18);
     */
    /* JADX WARN: Code restructure failed: missing block: B:98:0x02af, code lost:
    
        throw new com.sun.identity.entitlement.EntitlementException(400, r18);
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private org.forgerock.openam.entitlement.conditions.environment.ResourceEnvIPCondition.EnvironmentCondition matchEnvironment(java.util.Map r9, com.iplanet.sso.SSOToken r10) throws com.sun.identity.entitlement.EntitlementException, com.iplanet.sso.SSOException {
        /*
            Method dump skipped, instructions count: 812
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.forgerock.openam.entitlement.conditions.environment.ResourceEnvIPCondition.matchEnvironment(java.util.Map, com.iplanet.sso.SSOToken):org.forgerock.openam.entitlement.conditions.environment.ResourceEnvIPCondition$EnvironmentCondition");
    }

    private long stringToIp(String str) {
        long j = 0;
        while (true) {
            long j2 = j;
            if (!new StringTokenizer(str, DefaultExpressionEngine.DEFAULT_PROPERTY_DELIMITER).hasMoreElements()) {
                return j2;
            }
            j = (j2 * 256) + Short.parseShort(r0.nextToken());
        }
    }

    @Override // com.sun.identity.entitlement.EntitlementCondition
    public void setState(String str) {
        try {
            JSONObject jSONObject = new JSONObject(str);
            setState(jSONObject);
            JSONArray jSONArray = jSONObject.getJSONArray(ENV_CONDITION_VALUE);
            for (int i = 0; i < jSONArray.length(); i++) {
                this.resourceEnvIPConditionValue.add(jSONArray.getString(i));
            }
        } catch (JSONException e) {
            this.debug.error("ResourceEnvIPCondition.setState(): State invalid: " + str, e);
        }
    }

    @Override // com.sun.identity.entitlement.EntitlementCondition
    public String getState() {
        return toString();
    }

    private JSONObject toJSONObject() throws JSONException {
        JSONObject jSONObject = new JSONObject();
        toJSONObject(jSONObject);
        jSONObject.put(ENV_CONDITION_VALUE, (Collection<?>) this.resourceEnvIPConditionValue);
        return jSONObject;
    }

    public String toString() {
        String str = null;
        try {
            str = toJSONObject().toString(2);
        } catch (JSONException e) {
            this.debug.error("ResourceEnvIPCondition.toString(): ", e);
        }
        return str;
    }

    public Set<String> getResourceEnvIPConditionValue() {
        return this.resourceEnvIPConditionValue;
    }

    public void setResourceEnvIPConditionValue(Set<String> set) {
        this.resourceEnvIPConditionValue = set;
    }

    static List<EnvironmentCondition> parseConditions(Set<String> set) throws EntitlementException {
        ArrayList arrayList = new ArrayList(set.size());
        for (String str : set) {
            Matcher matcher = CONDITION_PATTERN.matcher(str);
            if (!matcher.matches()) {
                throw new EntitlementException(400, ENV_CONDITION_VALUE, str);
            }
            arrayList.add(new EnvironmentCondition(matcher.group(1), matcher.group(2), matcher.group(3), matcher.group(4)));
        }
        return arrayList;
    }

    @Override // com.sun.identity.entitlement.EntitlementCondition
    public void validate() throws EntitlementException {
        if (this.resourceEnvIPConditionValue == null || this.resourceEnvIPConditionValue.isEmpty()) {
            throw new EntitlementException(EntitlementException.PROPERTY_VALUE_NOT_DEFINED, ENV_CONDITION_VALUE);
        }
        parseConditions(this.resourceEnvIPConditionValue);
    }

    @Override // com.sun.identity.entitlement.EntitlementConditionAdaptor
    public boolean equals(Object obj) {
        if (super.equals(obj) && getClass().equals(obj.getClass())) {
            return CollectionUtils.genericCompare(this.resourceEnvIPConditionValue, ((ResourceEnvIPCondition) obj).resourceEnvIPConditionValue);
        }
        return false;
    }

    @Override // com.sun.identity.entitlement.EntitlementConditionAdaptor
    public int hashCode() {
        int hashCode = super.hashCode();
        if (this.resourceEnvIPConditionValue != null) {
            hashCode = (31 * hashCode) + this.resourceEnvIPConditionValue.hashCode();
        }
        return hashCode;
    }
}
