package org.forgerock.openam.entitlement.conditions.environment;

import com.iplanet.sso.SSOException;
import com.iplanet.sso.SSOToken;
import com.sun.identity.entitlement.ConditionDecision;
import com.sun.identity.entitlement.EntitlementConditionAdaptor;
import com.sun.identity.entitlement.EntitlementException;
import com.sun.identity.entitlement.PrivilegeManager;
import com.sun.identity.saml2.common.SAML2Constants;
import com.sun.identity.shared.DateUtils;
import com.sun.identity.shared.debug.Debug;
import java.text.ParseException;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import javax.security.auth.Subject;
import org.forgerock.openam.core.CoreWrapper;
import org.forgerock.openam.sdk.org.forgerock.util.time.TimeService;
import org.forgerock.openam.sdk.org.json.JSONException;
import org.forgerock.openam.sdk.org.json.JSONObject;

/* loaded from: input_file:WEB-INF/lib/openam-clientsdk-15.0.1.jar:org/forgerock/openam/entitlement/conditions/environment/SessionCondition.class */
public class SessionCondition extends EntitlementConditionAdaptor {
    public static final String REQUEST_SESSION_CREATION_TIME = "requestSessionCreationTime";
    public static final String SESSION_CONDITION_ADVICE = "SessionConditionAdvice";
    public static final String ADVICE_TERMINATE_SESSION = "terminateSession";
    public static final String ADVICE_DENY = "deny";
    private static final String SSOTOKEN_PROPERTY_AUTHINSTANT = "authInstant";
    private final Debug debug;
    private final CoreWrapper coreWrapper;
    private final TimeService timeService;
    private long maxSessionTime;
    private boolean terminateSession;

    public SessionCondition() {
        this(PrivilegeManager.debug, new CoreWrapper(), TimeService.SYSTEM);
    }

    SessionCondition(Debug debug, CoreWrapper coreWrapper, TimeService timeService) {
        this.debug = debug;
        this.coreWrapper = coreWrapper;
        this.timeService = timeService;
    }

    @Override // com.sun.identity.entitlement.EntitlementCondition
    public void setState(String str) {
        try {
            JSONObject jSONObject = new JSONObject(str);
            setState(jSONObject);
            setMaxSessionTime(jSONObject.getLong(SAML2Constants.MAX_SESSION_TIME));
            setTerminateSession(jSONObject.getBoolean(ADVICE_TERMINATE_SESSION));
        } catch (JSONException e) {
            this.debug.message("SessionCondition: Failed to set state", e);
        }
    }

    @Override // com.sun.identity.entitlement.EntitlementCondition
    public String getState() {
        return toString();
    }

    @Override // com.sun.identity.entitlement.EntitlementCondition
    public ConditionDecision evaluate(String str, Subject subject, String str2, Map<String, Set<String>> map) throws EntitlementException {
        long time;
        SSOToken sSOToken = subject == null ? null : (SSOToken) getValue(subject.getPrivateCredentials());
        if (sSOToken == null) {
            return new ConditionDecision(true, Collections.emptyMap(), Long.MAX_VALUE);
        }
        String str3 = (String) getValue(map.get(REQUEST_SESSION_CREATION_TIME));
        if (str3 != null) {
            time = Long.parseLong(str3);
        } else {
            try {
                time = DateUtils.stringToDate(sSOToken.getProperty("authInstant")).getTime();
            } catch (SSOException e) {
                throw new EntitlementException(510, e);
            } catch (ParseException e2) {
                throw new EntitlementException(EntitlementException.UNABLE_TO_PARSE_SSOTOKEN_AUTHINSTANT, e2);
            }
        }
        long now = this.timeService.now();
        long j = time + this.maxSessionTime;
        if (this.debug.messageEnabled()) {
            this.debug.message("SessionCondition.getConditionDecision():\n  currentTime: " + now + "\n  expiredTime: " + j);
        }
        if (now < j) {
            return new ConditionDecision(true, Collections.emptyMap(), j);
        }
        HashMap hashMap = new HashMap(1);
        HashSet hashSet = new HashSet(2);
        hashSet.add(ADVICE_DENY);
        if (this.terminateSession) {
            hashSet.add(ADVICE_TERMINATE_SESSION);
            try {
                this.coreWrapper.destroyToken(sSOToken);
                this.debug.message("SessionCondition.getConditionDecision(): successfully terminated user session!");
            } catch (SSOException e3) {
                if (this.debug.warningEnabled()) {
                    this.debug.warning("SessionCondition.getConditionDecision(): failed to terminate user session!", e3);
                }
            }
        }
        hashMap.put(SESSION_CONDITION_ADVICE, hashSet);
        return new ConditionDecision(false, hashMap, Long.MAX_VALUE);
    }

    private <T> T getValue(Set<T> set) {
        if (set == null || !set.iterator().hasNext()) {
            return null;
        }
        return set.iterator().next();
    }

    private JSONObject toJSONObject() throws JSONException {
        JSONObject jSONObject = new JSONObject();
        toJSONObject(jSONObject);
        jSONObject.put(SAML2Constants.MAX_SESSION_TIME, getMaxSessionTime());
        jSONObject.put(ADVICE_TERMINATE_SESSION, isTerminateSession());
        return jSONObject;
    }

    public String toString() {
        String str = null;
        try {
            str = toJSONObject().toString(2);
        } catch (JSONException e) {
            PrivilegeManager.debug.error("SessionCondition.toString()", e);
        }
        return str;
    }

    public long getMaxSessionTime() {
        return this.maxSessionTime / org.apache.commons.lang.time.DateUtils.MILLIS_PER_MINUTE;
    }

    public void setMaxSessionTime(long j) {
        this.maxSessionTime = j * org.apache.commons.lang.time.DateUtils.MILLIS_PER_MINUTE;
    }

    public boolean isTerminateSession() {
        return this.terminateSession;
    }

    public void setTerminateSession(boolean z) {
        this.terminateSession = z;
    }

    @Override // com.sun.identity.entitlement.EntitlementCondition
    public void validate() throws EntitlementException {
        if (this.maxSessionTime < 0) {
            throw new EntitlementException(400, SAML2Constants.MAX_SESSION_TIME, Long.valueOf(this.maxSessionTime));
        }
    }

    @Override // com.sun.identity.entitlement.EntitlementConditionAdaptor
    public boolean equals(Object obj) {
        if (!super.equals(obj) || !getClass().equals(obj.getClass())) {
            return false;
        }
        SessionCondition sessionCondition = (SessionCondition) obj;
        return this.maxSessionTime == sessionCondition.maxSessionTime && this.terminateSession == sessionCondition.terminateSession;
    }

    @Override // com.sun.identity.entitlement.EntitlementConditionAdaptor
    public int hashCode() {
        return (31 * ((31 * super.hashCode()) + ((int) (this.maxSessionTime ^ (this.maxSessionTime >>> 32))))) + (this.terminateSession ? 1 : 0);
    }
}
