package com.sun.identity.entitlement;

import com.sun.identity.entitlement.interfaces.ResourceName;
import com.sun.identity.policy.PolicyConfig;
import com.sun.identity.policy.PolicyEvaluator;
import com.sun.identity.policy.PolicyException;
import com.sun.identity.shared.JSONUtils;
import com.sun.identity.sm.DNMapper;
import com.sun.identity.sm.OrganizationConfigManager;
import com.sun.identity.sm.SMSException;
import java.security.Principal;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.security.auth.Subject;
import org.forgerock.openam.entitlement.PolicyConstants;
import org.forgerock.openam.entitlement.utils.EntitlementUtils;
import org.forgerock.openam.ldap.LDAPUtils;
import org.forgerock.openam.sdk.org.json.JSONException;
import org.forgerock.openam.sdk.org.json.JSONObject;
import org.forgerock.openam.utils.CollectionUtils;

@Deprecated
/* loaded from: input_file:WEB-INF/lib/openam-clientsdk-15.0.1.jar:com/sun/identity/entitlement/ReferralPrivilege.class */
public final class ReferralPrivilege implements IPrivilege, Cloneable {
    private String name;
    private String description;
    private Map<String, Set<String>> mapApplNameToResources;
    private Map<String, Set<String>> origMapApplNameToResources;
    private Set<String> realms;
    private long creationDate;
    private long lastModifiedDate;
    private String lastModifiedBy;
    private String createdBy;
    private boolean active = true;

    public ReferralPrivilege() {
    }

    public ReferralPrivilege(String str, Map<String, Set<String>> map, Set<String> set) throws EntitlementException {
        if (str == null || str.trim().length() == 0) {
            throw new EntitlementException(250);
        }
        this.name = str;
        setMapApplNameToResources(map);
        setRealms(set);
    }

    public Object clone() {
        ReferralPrivilege referralPrivilege = new ReferralPrivilege();
        referralPrivilege.name = this.name;
        referralPrivilege.description = this.description;
        if (this.realms != null) {
            referralPrivilege.realms = new HashSet();
            referralPrivilege.realms.addAll(this.realms);
        }
        referralPrivilege.creationDate = this.creationDate;
        referralPrivilege.lastModifiedDate = this.lastModifiedDate;
        referralPrivilege.lastModifiedBy = this.lastModifiedBy;
        referralPrivilege.active = this.active;
        referralPrivilege.createdBy = this.createdBy;
        if (this.mapApplNameToResources != null) {
            referralPrivilege.mapApplNameToResources = new HashMap();
            for (String str : this.mapApplNameToResources.keySet()) {
                HashSet hashSet = new HashSet();
                hashSet.addAll(this.mapApplNameToResources.get(str));
                referralPrivilege.mapApplNameToResources.put(str, hashSet);
            }
        }
        return referralPrivilege;
    }

    public static ReferralPrivilege getInstance(JSONObject jSONObject) {
        try {
            ReferralPrivilege referralPrivilege = new ReferralPrivilege();
            referralPrivilege.name = jSONObject.optString("name");
            referralPrivilege.description = jSONObject.optString("description");
            if (jSONObject.has(EntitlementUtils.CONFIG_CREATED_BY)) {
                referralPrivilege.createdBy = jSONObject.getString(EntitlementUtils.CONFIG_CREATED_BY);
            }
            if (jSONObject.has(EntitlementUtils.CONFIG_LAST_MODIFIED_BY)) {
                referralPrivilege.lastModifiedBy = jSONObject.getString(EntitlementUtils.CONFIG_LAST_MODIFIED_BY);
            }
            if (jSONObject.has("active")) {
                referralPrivilege.active = jSONObject.getBoolean("active");
            }
            referralPrivilege.creationDate = JSONUtils.getLong(jSONObject, EntitlementUtils.CONFIG_CREATION_DATE);
            referralPrivilege.lastModifiedDate = JSONUtils.getLong(jSONObject, EntitlementUtils.CONFIG_LAST_MODIFIED_DATE);
            referralPrivilege.mapApplNameToResources = JSONUtils.getMapStringSetString(jSONObject, "mapApplNameToResources");
            referralPrivilege.origMapApplNameToResources = JSONUtils.getMapStringSetString(jSONObject, "origMapApplNameToResources");
            referralPrivilege.realms = JSONUtils.getSet(jSONObject, "realms");
            return referralPrivilege;
        } catch (JSONException e) {
            PolicyConstants.DEBUG.error("ReferralPrivilege.getInstance", e);
            return null;
        }
    }

    public void setMapApplNameToResources(Map<String, Set<String>> map) throws EntitlementException {
        if (map != null) {
            Iterator<String> it = map.keySet().iterator();
            while (it.hasNext()) {
                Set<String> set = map.get(it.next());
                if (set == null || set.isEmpty()) {
                    throw new EntitlementException(251);
                }
            }
        }
        this.mapApplNameToResources = new HashMap();
        if (map != null) {
            this.mapApplNameToResources.putAll(map);
        }
    }

    public void setName(String str) {
        this.name = str;
    }

    public void setRealms(Set<String> set) throws EntitlementException {
        this.realms = new HashSet();
        if (set == null || set.isEmpty()) {
            return;
        }
        this.realms.addAll(set);
    }

    public Map<String, Set<String>> getMapApplNameToResources() {
        return deepCopyMap(this.mapApplNameToResources);
    }

    private static Map<String, Set<String>> deepCopyMap(Map<String, Set<String>> map) {
        HashMap hashMap = new HashMap();
        for (String str : map.keySet()) {
            HashSet hashSet = new HashSet();
            hashSet.addAll(map.get(str));
            hashMap.put(str, hashSet);
        }
        return hashMap;
    }

    public Map<String, Set<String>> getOriginalMapApplNameToResources() {
        return this.origMapApplNameToResources != null ? deepCopyMap(this.origMapApplNameToResources) : deepCopyMap(this.mapApplNameToResources);
    }

    @Override // com.sun.identity.entitlement.IPrivilege
    public String getName() {
        return this.name;
    }

    public void setDescription(String str) {
        this.description = str;
    }

    public String getDescription() {
        return this.description;
    }

    public Set<String> getRealms() {
        HashSet hashSet = new HashSet();
        hashSet.addAll(this.realms);
        return hashSet;
    }

    @Override // com.sun.identity.entitlement.IPrivilege
    public ResourceSaveIndexes getResourceSaveIndexes(Subject subject, String str) throws EntitlementException {
        ResourceSaveIndexes resourceSaveIndexes = null;
        for (String str2 : this.mapApplNameToResources.keySet()) {
            Application application = EntitlementUtils.getApplicationService(PolicyConstants.SUPER_ADMIN_SUBJECT, str).getApplication(str2);
            Iterator<String> it = this.mapApplNameToResources.get(str2).iterator();
            while (it.hasNext()) {
                ResourceSaveIndexes resourceSaveIndex = application.getResourceSaveIndex(it.next());
                if (resourceSaveIndexes == null) {
                    resourceSaveIndexes = resourceSaveIndex;
                } else {
                    resourceSaveIndexes.addAll(resourceSaveIndex);
                }
            }
        }
        return resourceSaveIndexes;
    }

    public long getCreationDate() {
        return this.creationDate;
    }

    public void setCreationDate(long j) {
        this.creationDate = j;
    }

    @Override // com.sun.identity.entitlement.IPrivilege
    public long getLastModifiedDate() {
        return this.lastModifiedDate;
    }

    public void setLastModifiedDate(long j) {
        this.lastModifiedDate = j;
    }

    public String getLastModifiedBy() {
        return this.lastModifiedBy;
    }

    public void setLastModifiedBy(String str) {
        this.lastModifiedBy = str;
    }

    public String getCreatedBy() {
        return this.createdBy;
    }

    public void setCreatedBy(String str) {
        this.createdBy = str;
    }

    public String toXML() {
        return toJSON();
    }

    public String toJSON() {
        JSONObject jSONObject = new JSONObject();
        try {
            jSONObject.put("name", this.name);
            jSONObject.put("description", this.description);
            jSONObject.put(EntitlementUtils.CONFIG_CREATED_BY, this.createdBy);
            jSONObject.put(EntitlementUtils.CONFIG_LAST_MODIFIED_BY, this.lastModifiedBy);
            jSONObject.put(EntitlementUtils.CONFIG_CREATION_DATE, this.creationDate);
            jSONObject.put(EntitlementUtils.CONFIG_LAST_MODIFIED_DATE, this.lastModifiedDate);
            jSONObject.put("active", this.active);
            jSONObject.put("mapApplNameToResources", (Map<?, ?>) this.mapApplNameToResources);
            if (this.origMapApplNameToResources != null) {
                jSONObject.put("origMapApplNameToResources", (Map<?, ?>) this.origMapApplNameToResources);
            }
            jSONObject.put("realms", (Collection<?>) this.realms);
            return jSONObject.toString(2);
        } catch (JSONException e) {
            PolicyConstants.DEBUG.error("ReferralPrivilege.toJSON", e);
            return "";
        }
    }

    public void canonicalizeResources(Subject subject, String str) throws EntitlementException {
        this.origMapApplNameToResources = deepCopyMap(this.mapApplNameToResources);
        for (String str2 : this.mapApplNameToResources.keySet()) {
            ResourceName resourceComparator = getResourceComparator(subject, str, str2);
            Set<String> set = this.mapApplNameToResources.get(str2);
            HashSet hashSet = new HashSet();
            Iterator<String> it = set.iterator();
            while (it.hasNext()) {
                hashSet.add(resourceComparator.canonicalize(it.next()));
            }
            this.mapApplNameToResources.put(str2, hashSet);
        }
    }

    private ResourceName getResourceComparator(Subject subject, String str, String str2) throws EntitlementException {
        return EntitlementUtils.getApplicationService(PolicyConstants.SUPER_ADMIN_SUBJECT, str).getApplication(str2).getResourceComparator();
    }

    @Override // com.sun.identity.entitlement.IPrivilege
    public List<Entitlement> evaluate(Subject subject, String str, Subject subject2, String str2, String str3, String str4, Set<String> set, Map<String, Set<String>> map, boolean z, Object obj) throws EntitlementException {
        List<Entitlement> list = null;
        if (!this.active) {
            return Collections.EMPTY_LIST;
        }
        EntitlementCombiner entitlementCombiner = EntitlementUtils.getApplicationService(PolicyConstants.SUPER_ADMIN_SUBJECT, str).getApplication(str2).getEntitlementCombiner();
        entitlementCombiner.init("/", str2, str3, str4, set, z);
        for (String str5 : this.realms) {
            if (doesRealmExist(str5)) {
                for (String str6 : this.mapApplNameToResources.keySet()) {
                    if (str6.equals(str2)) {
                        Set<String> set2 = this.mapApplNameToResources.get(str6);
                        ResourceName resourceComparator = getResourceComparator(subject, str5, str6);
                        boolean z2 = false;
                        Iterator<String> it = tagswapResourceNames(subject2, set2).iterator();
                        while (it.hasNext()) {
                            ResourceMatch compare = resourceComparator.compare(str3, resourceComparator.canonicalize(it.next()), true);
                            z2 = z ? !compare.equals(ResourceMatch.NO_MATCH) : compare.equals(ResourceMatch.EXACT_MATCH) || compare.equals(ResourceMatch.WILDCARD_MATCH) || compare.equals(ResourceMatch.SUB_RESOURCE_MATCH) || compare.equals(ResourceMatch.SUPER_RESOURCE_MATCH);
                            if (z2) {
                                break;
                            }
                        }
                        if (z2) {
                            PrivilegeEvaluator privilegeEvaluator = new PrivilegeEvaluator();
                            Subject subject3 = new Subject(false, subject2.getPrincipals(), new HashSet(), subject2.getPrivateCredentials());
                            Set<String> updateEnvironmentRealmDn = updateEnvironmentRealmDn(map, str5);
                            List<Entitlement> evaluate = privilegeEvaluator.evaluate(str5, subject, subject3, str2, str3, str4, map, z);
                            if (updateEnvironmentRealmDn != null) {
                                restoreEnvironmentRealmDn(map, updateEnvironmentRealmDn);
                            }
                            if (evaluate != null) {
                                entitlementCombiner.add(evaluate);
                                list = entitlementCombiner.getResults();
                            }
                        }
                    }
                }
            }
        }
        if (list == null) {
            list = new ArrayList(0);
        }
        return list;
    }

    private Set<String> tagswapResourceNames(Subject subject, Set<String> set) throws EntitlementException {
        HashSet hashSet = new HashSet();
        HashSet hashSet2 = new HashSet();
        if (subject != null) {
            Set<Principal> principals = subject.getPrincipals();
            if (!principals.isEmpty()) {
                Iterator<Principal> it = principals.iterator();
                while (it.hasNext()) {
                    String name = it.next().getName();
                    if (LDAPUtils.isDN(name)) {
                        hashSet2.add(LDAPUtils.rdnValueFromDn(name));
                    } else {
                        hashSet2.add(name);
                    }
                }
            }
        }
        if (hashSet2.isEmpty()) {
            hashSet.addAll(set);
        } else {
            for (String str : set) {
                Iterator it2 = hashSet2.iterator();
                while (it2.hasNext()) {
                    hashSet.add(str.replaceAll("\\$SELF", (String) it2.next()));
                }
            }
        }
        return hashSet;
    }

    public Set<String> getApplicationTypeNames(Subject subject, String str) throws EntitlementException {
        HashSet hashSet = new HashSet();
        Iterator<String> it = this.mapApplNameToResources.keySet().iterator();
        while (it.hasNext()) {
            hashSet.add(EntitlementUtils.getApplicationService(PolicyConstants.SUPER_ADMIN_SUBJECT, str).getApplication(it.next()).getApplicationType().getName());
        }
        return hashSet;
    }

    public boolean isActive() {
        return this.active;
    }

    public void setActive(boolean z) {
        this.active = z;
    }

    private Set<String> updateEnvironmentRealmDn(Map<String, Set<String>> map, String str) {
        String orgNameToDN = DNMapper.orgNameToDN(str);
        Map map2 = null;
        Set<String> set = null;
        try {
            map2 = PolicyConfig.getPolicyConfig(orgNameToDN);
        } catch (PolicyException e) {
            PolicyConstants.DEBUG.error("ReferralPrivilege.updateEnvironmentRealmDn: can not get policy config for sub-realm : " + str + " org : " + orgNameToDN, e);
        }
        if (map2 != null) {
            set = map.get(PolicyEvaluator.REALM_DN);
            map.put(PolicyEvaluator.REALM_DN, CollectionUtils.asSet(orgNameToDN));
        }
        return set;
    }

    private void restoreEnvironmentRealmDn(Map<String, Set<String>> map, Set<String> set) {
        map.put(PolicyEvaluator.REALM_DN, set);
    }

    private boolean doesRealmExist(String str) {
        try {
            new OrganizationConfigManager(EntitlementUtils.getAdminToken(), str);
            return true;
        } catch (SMSException e) {
            return false;
        }
    }
}
