package org.forgerock.openam.entitlement.rest.model.json;

import com.iplanet.sso.SSOException;
import com.iplanet.sso.SSOToken;
import com.iplanet.sso.SSOTokenManager;
import com.sun.identity.authentication.share.AuthXMLTags;
import com.sun.identity.entitlement.ApplicationTypeManager;
import com.sun.identity.entitlement.Entitlement;
import com.sun.identity.entitlement.EntitlementException;
import com.sun.identity.entitlement.JwtPrincipal;
import com.sun.identity.entitlement.opensso.SubjectUtils;
import com.sun.identity.session.util.RestrictedTokenAction;
import com.sun.identity.session.util.RestrictedTokenContext;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.security.auth.Subject;
import org.forgerock.openam.entitlement.rest.PolicyEvaluator;
import org.forgerock.openam.rest.RealmContext;
import org.forgerock.openam.rest.resource.SubjectContext;
import org.forgerock.openam.sdk.org.forgerock.json.JsonValue;
import org.forgerock.openam.sdk.org.forgerock.json.jose.common.JwtReconstruction;
import org.forgerock.openam.sdk.org.forgerock.json.jose.exceptions.JwtReconstructionException;
import org.forgerock.openam.sdk.org.forgerock.json.jose.jwt.Jwt;
import org.forgerock.openam.sdk.org.forgerock.json.resource.ActionRequest;
import org.forgerock.openam.sdk.org.forgerock.services.context.Context;
import org.forgerock.openam.sdk.org.forgerock.util.Function;
import org.forgerock.openam.sdk.org.forgerock.util.Reject;
import org.forgerock.openam.sdk.org.forgerock.util.promise.NeverThrowsException;
import org.forgerock.openam.utils.CollectionUtils;
import org.forgerock.openam.utils.JsonValueBuilder;
import org.forgerock.openam.utils.StringUtils;

/* loaded from: input_file:WEB-INF/lib/openam-clientsdk-15.0.1.jar:org/forgerock/openam/entitlement/rest/model/json/PolicyRequest.class */
public abstract class PolicyRequest {
    private static final ListToSetMapper LIST_TO_SET_MAPPER = new ListToSetMapper();
    private static final JwtReconstruction JWT_RECONSTRUCTION = new JwtReconstruction();
    private final Subject restSubject;
    private final Subject policySubject;
    private final String application;
    private final String realm;
    private final Map<String, Set<String>> environment;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/openam-clientsdk-15.0.1.jar:org/forgerock/openam/entitlement/rest/model/json/PolicyRequest$ListToSetMapper.class */
    public static final class ListToSetMapper implements Function<List<String>, Set<String>, NeverThrowsException> {
        private ListToSetMapper() {
        }

        @Override // org.forgerock.openam.sdk.org.forgerock.util.Function
        public Set<String> apply(List<String> list) {
            return new HashSet(list);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:WEB-INF/lib/openam-clientsdk-15.0.1.jar:org/forgerock/openam/entitlement/rest/model/json/PolicyRequest$PolicyRequestBuilder.class */
    public static abstract class PolicyRequestBuilder<T extends PolicyRequest> {
        private static final String ROOT_REALM = "/";
        private static final String APPLICATION = "application";
        private static final String ENVIRONMENT = "environment";
        private static final String SUBJECT = "subject";
        private final Subject restSubject;
        private final Subject policySubject;
        private final String application;
        private final String realm;
        private final Map<String, Set<String>> environment;
        private final SSOTokenManager tokenManager;

        /* JADX INFO: Access modifiers changed from: package-private */
        public PolicyRequestBuilder(Context context, ActionRequest actionRequest, SSOTokenManager sSOTokenManager) throws EntitlementException {
            Reject.ifNull(context, actionRequest);
            this.tokenManager = sSOTokenManager;
            Context context2 = (SubjectContext) context.asContext(SubjectContext.class);
            Context context3 = (RealmContext) context.asContext(RealmContext.class);
            Reject.ifNull((Object[]) new Context[]{context2, context3});
            this.restSubject = getRestSubject(context2);
            final JsonValue content = actionRequest.getContent();
            Reject.ifNull(content);
            try {
                this.policySubject = (Subject) RestrictedTokenContext.doUsing(context2.getCallerSSOToken(), new RestrictedTokenAction<Subject>() { // from class: org.forgerock.openam.entitlement.rest.model.json.PolicyRequest.PolicyRequestBuilder.1
                    /* JADX WARN: Can't rename method to resolve collision */
                    @Override // com.sun.identity.session.util.RestrictedTokenAction
                    public Subject run() throws EntitlementException {
                        return PolicyRequestBuilder.this.getPolicySubject(content, PolicyRequestBuilder.this.restSubject);
                    }
                });
                this.application = getApplication(content);
                this.realm = getRealm(context3);
                this.environment = getEnvironment(content);
            } catch (EntitlementException | RuntimeException e) {
                throw e;
            } catch (Exception e2) {
                throw new IllegalStateException("Shouldn't be able to get exception", e2);
            }
        }

        private Subject getRestSubject(SubjectContext subjectContext) throws EntitlementException {
            Subject callerSubject = subjectContext.getCallerSubject();
            if (callerSubject == null) {
                throw new EntitlementException(EntitlementException.PERMISSION_DENIED);
            }
            return callerSubject;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public Subject getPolicySubject(JsonValue jsonValue, Subject subject) throws EntitlementException {
            JsonValue jsonValue2 = jsonValue.get("subject");
            if (jsonValue2.isNull()) {
                return subject;
            }
            try {
                Subject subject2 = new Subject();
                if (jsonValue2.isDefined(AuthXMLTags.SSOTOKEN)) {
                    try {
                        SSOToken createSSOToken = this.tokenManager.createSSOToken(jsonValue2.get(AuthXMLTags.SSOTOKEN).asString());
                        if (this.tokenManager.isValidToken(createSSOToken)) {
                            subject2 = SubjectUtils.createSubject(createSSOToken);
                        }
                    } catch (SSOException e) {
                        subject2 = null;
                    }
                }
                if (jsonValue2.isDefined("jwt")) {
                    subject2.getPrincipals().add(new JwtPrincipal(JsonValueBuilder.toJsonValue(PolicyRequest.JWT_RECONSTRUCTION.reconstructJwt(jsonValue2.get("jwt").asString(), Jwt.class).getClaimsSet().build())));
                }
                if (jsonValue2.isDefined("claims")) {
                    subject2.getPrincipals().add(new JwtPrincipal(jsonValue2.get("claims")));
                }
                if (subject2 == null || subject2.getPrincipals().isEmpty()) {
                    throw new EntitlementException(401, "subject");
                }
                return subject2;
            } catch (JwtReconstructionException e2) {
                throw new EntitlementException(401, "subject");
            } catch (IllegalArgumentException e3) {
                throw new EntitlementException(401, "subject");
            } catch (NullPointerException e4) {
                throw new EntitlementException(401, "subject");
            }
        }

        private String getApplication(JsonValue jsonValue) {
            return jsonValue.get("application").defaultTo(ApplicationTypeManager.URL_APPLICATION_TYPE_NAME).asString();
        }

        private String getRealm(RealmContext realmContext) {
            return StringUtils.ifNullOrEmpty(realmContext.getRealm().asPath(), "/");
        }

        private Map<String, Set<String>> getEnvironment(JsonValue jsonValue) {
            Map asMapOfList = jsonValue.get(ENVIRONMENT).asMapOfList(String.class);
            return asMapOfList != null ? CollectionUtils.transformMap(asMapOfList, PolicyRequest.LIST_TO_SET_MAPPER) : new HashMap();
        }

        abstract T build();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public PolicyRequest(PolicyRequestBuilder<?> policyRequestBuilder) {
        this.restSubject = ((PolicyRequestBuilder) policyRequestBuilder).restSubject;
        this.policySubject = ((PolicyRequestBuilder) policyRequestBuilder).policySubject;
        this.application = ((PolicyRequestBuilder) policyRequestBuilder).application;
        this.realm = ((PolicyRequestBuilder) policyRequestBuilder).realm;
        this.environment = ((PolicyRequestBuilder) policyRequestBuilder).environment;
    }

    public Subject getRestSubject() {
        return this.restSubject;
    }

    public Subject getPolicySubject() {
        return this.policySubject;
    }

    public String getApplication() {
        return this.application;
    }

    public String getRealm() {
        return this.realm;
    }

    public Map<String, Set<String>> getEnvironment() {
        return this.environment;
    }

    public abstract List<Entitlement> dispatch(PolicyEvaluator policyEvaluator) throws EntitlementException;
}
