package org.forgerock.openam.entitlement.conditions.environment;

import com.iplanet.sso.SSOException;
import com.iplanet.sso.SSOToken;
import com.sun.identity.entitlement.ConditionDecision;
import com.sun.identity.entitlement.EntitlementConditionAdaptor;
import com.sun.identity.entitlement.EntitlementException;
import com.sun.identity.shared.debug.Debug;
import java.lang.Comparable;
import java.net.InetAddress;
import java.text.MessageFormat;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.StringTokenizer;
import javax.security.auth.Subject;
import org.forgerock.openam.sdk.org.json.JSONArray;
import org.forgerock.openam.sdk.org.json.JSONException;
import org.forgerock.openam.sdk.org.json.JSONObject;
import org.forgerock.openam.utils.CollectionUtils;
import org.forgerock.openam.utils.StringUtils;

/* loaded from: input_file:WEB-INF/lib/openam-clientsdk-15.0.2.jar:org/forgerock/openam/entitlement/conditions/environment/IPvXCondition.class */
abstract class IPvXCondition<T extends Comparable<T>> extends EntitlementConditionAdaptor {
    protected final Debug debug;
    private List<String> ipRange;
    private List<T> ipList;
    private List<String> dnsName;
    private String startIpString;
    private String endIpString;
    private final T initialStartIp;
    private final T initialEndIp;
    private T startIp;
    private T endIp;
    private final IPVersion version;

    /* JADX INFO: Access modifiers changed from: protected */
    public IPvXCondition(Debug debug, T t, T t2, IPVersion iPVersion) {
        this.ipRange = new ArrayList();
        this.ipList = new ArrayList();
        this.dnsName = new ArrayList();
        this.debug = debug;
        this.startIp = t;
        this.initialStartIp = t;
        this.initialEndIp = t2;
        this.endIp = t2;
        this.version = iPVersion;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public IPvXCondition(Debug debug, T t, T t2, IPVersion iPVersion, String str, String str2, List<String> list, List<String> list2) throws EntitlementException {
        this(debug, t, t2, iPVersion);
        if (str != null || str2 != null) {
            setStartIpAndEndIp(str, str2);
        }
        if (list != null) {
            setIpRange(list);
        }
        if (list2 != null) {
            setDnsName(list2);
        }
        validate();
    }

    protected abstract T stringToIp(String str) throws EntitlementException;

    @Override // com.sun.identity.entitlement.EntitlementCondition
    public void setState(String str) {
        try {
            JSONObject jSONObject = new JSONObject(str);
            setState(jSONObject);
            setIpRangesFromJson(jSONObject);
            setDnsNamesFromJson(jSONObject);
            setStartIpAndEndIpFromJson(jSONObject);
            validate();
        } catch (Exception e) {
            debugMessage(e, "Failed to set state", new Object[0]);
        }
    }

    private void setStartIpAndEndIpFromJson(JSONObject jSONObject) throws JSONException, EntitlementException {
        setStartIpAndEndIp(jSONObject.has(ConditionConstants.START_IP) ? jSONObject.getString(ConditionConstants.START_IP) : null, jSONObject.has(ConditionConstants.END_IP) ? jSONObject.getString(ConditionConstants.END_IP) : null);
    }

    private void setIpRangesFromJson(JSONObject jSONObject) throws JSONException, EntitlementException {
        ArrayList arrayList = new ArrayList();
        if (jSONObject.has(ConditionConstants.IP_RANGE)) {
            JSONArray jSONArray = jSONObject.getJSONArray(ConditionConstants.IP_RANGE);
            for (int i = 0; i < jSONArray.length(); i++) {
                arrayList.add(jSONArray.getString(i));
            }
        }
        setIpRange(arrayList);
    }

    private void setDnsNamesFromJson(JSONObject jSONObject) throws JSONException, EntitlementException {
        ArrayList arrayList = new ArrayList();
        if (jSONObject.has(ConditionConstants.DNS_NAME)) {
            JSONArray jSONArray = jSONObject.getJSONArray(ConditionConstants.DNS_NAME);
            for (int i = 0; i < jSONArray.length(); i++) {
                arrayList.add(jSONArray.getString(i).toLowerCase());
            }
        }
        setDnsName(arrayList);
    }

    public String getStartIp() {
        return this.startIpString;
    }

    public String getEndIp() {
        return this.endIpString;
    }

    public void setStartIpAndEndIp(String str, String str2) throws EntitlementException {
        T stringToIp = str == null ? this.initialStartIp : stringToIp(str);
        T stringToIp2 = str2 == null ? this.initialEndIp : stringToIp(str2);
        if (isDefinedStartIp(stringToIp) && isDefinedEndIp(stringToIp2)) {
            if (stringToIp.compareTo(stringToIp2) > 0) {
                debugWarning("Validation: {0} is before {1}", ConditionConstants.END_IP, ConditionConstants.START_IP);
                throw new EntitlementException(EntitlementException.END_IP_BEFORE_START_IP);
            }
        } else {
            if (isDefinedStartIp(stringToIp)) {
                debugWarning("Validation: Should define value for {1}, as value is defined for {0}", ConditionConstants.START_IP, ConditionConstants.END_IP);
                throw new EntitlementException(EntitlementException.PAIR_PROPERTY_NOT_DEFINED, ConditionConstants.START_IP, ConditionConstants.END_IP);
            }
            if (isDefinedEndIp(stringToIp2)) {
                debugWarning("Validation: Should define value for {1}, as value is defined for {0}", ConditionConstants.END_IP, ConditionConstants.START_IP);
                throw new EntitlementException(EntitlementException.PAIR_PROPERTY_NOT_DEFINED, ConditionConstants.END_IP, ConditionConstants.START_IP);
            }
        }
        this.startIpString = str;
        this.startIp = stringToIp;
        this.endIpString = str2;
        this.endIp = stringToIp2;
    }

    public List<String> getDnsName() {
        return this.dnsName;
    }

    public void setDnsName(List<String> list) throws EntitlementException {
        if (list != null) {
            for (String str : list) {
                if (!isValidDnsName(str)) {
                    throw new EntitlementException(400, ConditionConstants.DNS_NAME, str);
                }
            }
        }
        this.dnsName = list;
    }

    @Deprecated
    public List<String> getIpRange() {
        return this.ipRange;
    }

    @Deprecated
    public void setIpRange(List<String> list) throws EntitlementException {
        String next;
        StringTokenizer stringTokenizer;
        int countTokens;
        this.ipRange.clear();
        this.ipList.clear();
        if (list != null) {
            Iterator<String> it = list.iterator();
            while (it.hasNext() && (countTokens = (stringTokenizer = new StringTokenizer((next = it.next()), "-")).countTokens()) != 0) {
                if (countTokens > 2) {
                    throw new EntitlementException(400, ConditionConstants.IP_RANGE, next);
                }
                String nextToken = stringTokenizer.nextToken();
                this.ipRange.add(nextToken);
                this.ipList.add(stringToIp(nextToken));
                if (countTokens == 2) {
                    String nextToken2 = stringTokenizer.nextToken();
                    this.ipRange.add(nextToken2);
                    this.ipList.add(stringToIp(nextToken2));
                }
            }
        }
    }

    @Override // com.sun.identity.entitlement.EntitlementCondition
    public String getState() {
        return toString();
    }

    @Override // com.sun.identity.entitlement.EntitlementCondition
    public void validate() throws EntitlementException {
        if (this.ipList.isEmpty() && this.dnsName.isEmpty()) {
            if (isDefinedStartIp(this.startIp) && isDefinedEndIp(this.endIp)) {
                return;
            }
            debugWarning("Validation: ipRange, dnsName, or startIp-endIp pair MUST be defined", new Object[0]);
            throw new EntitlementException(406, ConditionConstants.IP_RANGE, ConditionConstants.DNS_NAME, ConditionConstants.START_IP, ConditionConstants.END_IP);
        }
    }

    private boolean isDefinedStartIp(T t) {
        if (t == null) {
            return false;
        }
        return this.initialStartIp == null || !this.initialStartIp.equals(t);
    }

    private boolean isDefinedEndIp(T t) {
        if (t == null) {
            return false;
        }
        return this.initialEndIp == null || !this.initialEndIp.equals(t);
    }

    @Override // com.sun.identity.entitlement.EntitlementCondition
    public ConditionDecision evaluate(String str, Subject subject, String str2, Map<String, Set<String>> map) throws EntitlementException {
        boolean z = false;
        Set<String> set = map.get("requestDnsName");
        if (set != null) {
            Iterator<String> it = set.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                if (isAllowedByDns(it.next())) {
                    z = true;
                    break;
                }
            }
        }
        String str3 = null;
        if (!z) {
            str3 = getRequestIp(map);
            if (str3 == null && subject != null) {
                debugMessage("ConditionDecision: IP not provided in request, using session IP", new Object[0]);
                str3 = getSessionIp(subject);
            }
            if (str3 != null && isAllowedByIp(str3)) {
                z = true;
            }
        }
        debugMessage("ConditionDecision: requestIp={0}, requestDnsName={1}, allowed={2}", str3 != null ? str3 : "not checked", set, Boolean.valueOf(z));
        return new ConditionDecision(z, (Map<String, Set<String>>) Collections.emptyMap());
    }

    public String getRequestIp(Map map) {
        String str = null;
        Object obj = map.get("requestIp");
        if (obj instanceof Set) {
            Set set = (Set) obj;
            if (!set.isEmpty()) {
                if (set.size() > 1) {
                    debugWarning("Environment map {0} cardinality > 1. Using first from: {1}", "requestIp", set);
                }
                str = (String) set.iterator().next();
            }
        } else if (obj instanceof String) {
            str = (String) obj;
        }
        if (StringUtils.isBlank(str)) {
            debugWarning("Environment map {0} is null or empty", "requestIp");
        }
        return str;
    }

    public String getSessionIp(Subject subject) throws EntitlementException {
        SSOToken sSOToken = (SSOToken) CollectionUtils.getFirstItem(subject.getPrivateCredentials(), null);
        if (sSOToken == null) {
            return null;
        }
        try {
            InetAddress iPAddress = sSOToken.getIPAddress();
            if (iPAddress != null) {
                return iPAddress.getHostAddress();
            }
            return null;
        } catch (SSOException e) {
            throw new EntitlementException(510, e);
        }
    }

    private boolean isAllowedByIp(String str) throws EntitlementException {
        try {
            T stringToIp = stringToIp(str);
            Iterator<T> it = this.ipList.iterator();
            while (it.hasNext()) {
                T next = it.next();
                if (it.hasNext()) {
                    T next2 = it.next();
                    if (stringToIp.compareTo(next) >= 0 && stringToIp.compareTo(next2) <= 0) {
                        return true;
                    }
                }
            }
            return isDefinedStartIp(this.startIp) && isDefinedEndIp(this.endIp) && stringToIp.compareTo(this.startIp) >= 0 && stringToIp.compareTo(this.endIp) <= 0;
        } catch (EntitlementException e) {
            return false;
        }
    }

    private boolean isAllowedByDns(String str) {
        boolean z = false;
        String lowerCase = str.toLowerCase();
        Iterator<String> it = this.dnsName.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            String next = it.next();
            if (next.equals("*")) {
                z = true;
                break;
            }
            if (next.indexOf("*") != -1) {
                if (lowerCase.endsWith(next.substring(1))) {
                    z = true;
                    break;
                }
            } else if (next.equalsIgnoreCase(lowerCase)) {
                z = true;
                break;
            }
        }
        return z;
    }

    private JSONObject toJSONObject() throws JSONException {
        JSONObject jSONObject = new JSONObject();
        toJSONObject(jSONObject);
        JSONArray jSONArray = new JSONArray();
        Iterator<String> it = this.ipRange.iterator();
        while (it.hasNext()) {
            jSONArray.put(it.next());
        }
        jSONObject.put(ConditionConstants.IP_RANGE, jSONArray);
        JSONArray jSONArray2 = new JSONArray();
        Iterator<String> it2 = this.dnsName.iterator();
        while (it2.hasNext()) {
            jSONArray2.put(it2.next());
        }
        jSONObject.put(ConditionConstants.DNS_NAME, jSONArray2);
        jSONObject.put(ConditionConstants.START_IP, this.startIpString);
        jSONObject.put(ConditionConstants.END_IP, this.endIpString);
        return jSONObject;
    }

    public String toString() {
        String str = null;
        try {
            str = toJSONObject().toString(2);
        } catch (JSONException e) {
            debugError(e, "toString()", new Object[0]);
        }
        return str;
    }

    private boolean isValidDnsName(String str) {
        int indexOf = str.indexOf("*");
        if (indexOf < 0 || str.equals("*")) {
            return true;
        }
        return indexOf <= 0 && str.indexOf("*", 1) == -1 && str.charAt(1) == '.';
    }

    private void debugMessage(String str, Object... objArr) {
        debugMessage(null, str, objArr);
    }

    private void debugMessage(Exception exc, String str, Object... objArr) {
        if (this.debug.messageEnabled()) {
            this.debug.message(formattedWithHeader(str, objArr), exc);
        }
    }

    private void debugWarning(String str, Object... objArr) {
        if (this.debug.warningEnabled()) {
            this.debug.warning(formattedWithHeader(str, objArr));
        }
    }

    private void debugError(String str, Object... objArr) {
        debugError(null, str, objArr);
    }

    private void debugError(Exception exc, String str, Object... objArr) {
        if (this.debug.errorEnabled()) {
            this.debug.error(formattedWithHeader(str, objArr), exc);
        }
    }

    private String formattedWithHeader(String str, Object... objArr) {
        return getClass().getSimpleName() + ": " + MessageFormat.format(str, objArr);
    }

    @Override // com.sun.identity.entitlement.EntitlementConditionAdaptor
    public boolean equals(Object obj) {
        if (!super.equals(obj) || !getClass().equals(obj.getClass())) {
            return false;
        }
        IPvXCondition iPvXCondition = (IPvXCondition) obj;
        if (CollectionUtils.genericCompare(this.version.toString(), iPvXCondition.version.toString()) && CollectionUtils.genericCompare(this.ipRange, iPvXCondition.ipRange) && CollectionUtils.genericCompare(this.ipList, iPvXCondition.ipList) && CollectionUtils.genericCompare(this.dnsName, iPvXCondition.dnsName) && CollectionUtils.genericCompare(this.startIpString, iPvXCondition.startIpString) && CollectionUtils.genericCompare(this.endIpString, iPvXCondition.endIpString) && CollectionUtils.genericCompare(this.initialStartIp, iPvXCondition.initialStartIp) && CollectionUtils.genericCompare(this.initialEndIp, iPvXCondition.initialEndIp) && CollectionUtils.genericCompare(this.startIp, iPvXCondition.startIp)) {
            return CollectionUtils.genericCompare(this.endIp, iPvXCondition.endIp);
        }
        return false;
    }

    @Override // com.sun.identity.entitlement.EntitlementConditionAdaptor
    public int hashCode() {
        int hashCode = super.hashCode();
        if (this.version.toString() != null) {
            hashCode = (31 * hashCode) + this.version.toString().hashCode();
        }
        if (this.ipRange != null) {
            hashCode = (31 * hashCode) + this.ipRange.hashCode();
        }
        if (this.ipList != null) {
            hashCode = (31 * hashCode) + this.ipList.hashCode();
        }
        if (this.dnsName != null) {
            hashCode = (31 * hashCode) + this.dnsName.hashCode();
        }
        if (this.startIpString != null) {
            hashCode = (31 * hashCode) + this.startIpString.hashCode();
        }
        if (this.endIpString != null) {
            hashCode = (31 * hashCode) + this.endIpString.hashCode();
        }
        if (this.initialStartIp != null) {
            hashCode = (31 * hashCode) + this.initialStartIp.hashCode();
        }
        if (this.initialEndIp != null) {
            hashCode = (31 * hashCode) + this.initialEndIp.hashCode();
        }
        if (this.startIp != null) {
            hashCode = (31 * hashCode) + this.startIp.hashCode();
        }
        if (this.endIp != null) {
            hashCode = (31 * hashCode) + this.endIp.hashCode();
        }
        return hashCode;
    }
}
