package com.sun.identity.policy.util;

import com.iplanet.am.util.SystemProperties;
import com.iplanet.sso.SSOException;
import com.iplanet.sso.SSOToken;
import com.sun.identity.authentication.AuthContext;
import com.sun.identity.authentication.util.AMAuthUtils;
import com.sun.identity.authentication.util.ISAuthConstants;
import com.sun.identity.federation.common.IFSConstants;
import com.sun.identity.policy.ActionDecision;
import com.sun.identity.policy.PolicyException;
import com.sun.identity.policy.ProxyPolicyEvaluator;
import com.sun.identity.policy.ProxyPolicyEvaluatorFactory;
import com.sun.identity.security.AdminTokenAction;
import com.sun.identity.shared.debug.Debug;
import com.sun.identity.sm.DNMapper;
import java.security.AccessController;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;

/* loaded from: input_file:WEB-INF/lib/openam-clientsdk-15.0.3.jar:com/sun/identity/policy/util/PolicyDecisionUtils.class */
public class PolicyDecisionUtils {
    private static final String GET = "GET";
    private static final String POST = "POST";
    private static final String ALLOW = "allow";
    private static final String WEB_AGENT_SERVICE_NAME = "iPlanetAMWebAgentService";
    public static final String AUTH_USER_ADVICE = "AuthUserConditionAdvice";
    public static final String AUTH_ROLE_ADVICE = "AuthRoleConditionAdvice";
    public static final String AUTH_REDIRECTION_ADVICE = "AuthRedirectionConditionAdvice";
    private static ProxyPolicyEvaluator pe;
    private static String errorMsg;
    private static Debug debug = Debug.getInstance("amPolicy");
    private static Set actionNames = new HashSet();

    public static List doResourceIPEnvAuth(String str, String str2, Map map) throws PolicyException {
        return str != null ? getPolicyAdvice(getActionDecision(str, map), str2) : Collections.EMPTY_LIST;
    }

    private static ActionDecision getActionDecision(String str, Map map) throws PolicyException {
        ActionDecision actionDecision = null;
        if (pe == null) {
            throw new PolicyException(errorMsg);
        }
        try {
            Map actionDecisions = pe.getPolicyDecisionIgnoreSubjects(str, actionNames, map).getActionDecisions();
            if (actionDecisions != null) {
                ActionDecision actionDecision2 = (ActionDecision) actionDecisions.get("GET");
                actionDecision = actionDecision2;
                if (actionDecision2 == null) {
                    actionDecision = (ActionDecision) actionDecisions.get("POST");
                }
            }
            return actionDecision;
        } catch (SSOException e) {
            debug.error("PolicyDecisionUtils.getActionDecision()", e);
            return null;
        } catch (PolicyException e2) {
            debug.error("PolicyDecisionUtils.getActionDecision()", e2);
            return null;
        }
    }

    private static List getPolicyAdvice(ActionDecision actionDecision, String str) {
        Map advices;
        if (actionDecision != null && !actionDecision.getValues().contains(ALLOW) && (advices = actionDecision.getAdvices()) != null) {
            ArrayList arrayList = new ArrayList();
            if (debug.messageEnabled()) {
                debug.message("PolicyDecisionUtils: processActionDecision : " + advices.values().toString() + ", realm=" + str);
            }
            if (str == null) {
                str = "/";
            }
            if (!str.startsWith("/")) {
                str = DNMapper.orgNameToRealmName(str);
            }
            StringBuffer stringBuffer = new StringBuffer();
            if (findAdviceValue(advices, AUTH_USER_ADVICE, str, stringBuffer)) {
                arrayList.add(AuthContext.IndexType.USER);
                arrayList.add(stringBuffer.toString());
            } else if (findAdviceValue(advices, AUTH_ROLE_ADVICE, str, stringBuffer)) {
                arrayList.add(AuthContext.IndexType.ROLE);
                arrayList.add(stringBuffer.toString());
            } else if (findAdviceValue(advices, "AuthenticateToServiceConditionAdvice", str, stringBuffer)) {
                arrayList.add(AuthContext.IndexType.SERVICE);
                arrayList.add(stringBuffer.toString());
            } else if (findAdviceValue(advices, "AuthSchemeConditionAdvice", str, stringBuffer)) {
                arrayList.add(AuthContext.IndexType.MODULE_INSTANCE);
                arrayList.add(stringBuffer.toString());
            } else if (findAdviceValue(advices, "AuthLevelConditionAdvice", str, stringBuffer)) {
                arrayList.add(AuthContext.IndexType.LEVEL);
                arrayList.add(stringBuffer.toString());
            } else if (findAdviceValue(advices, AUTH_REDIRECTION_ADVICE, str, stringBuffer)) {
                arrayList.add(stringBuffer.toString());
            } else {
                String oneAdviceAsRedirectURL = getOneAdviceAsRedirectURL(advices);
                if (oneAdviceAsRedirectURL != null) {
                    arrayList.add(oneAdviceAsRedirectURL);
                }
            }
            return arrayList;
        }
        return Collections.EMPTY_LIST;
    }

    private static boolean findAdviceValue(Map map, String str, String str2, StringBuffer stringBuffer) {
        String str3 = "";
        Set set = (Set) map.get(str);
        if (set != null) {
            Iterator it = set.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                String str4 = (String) it.next();
                if (debug.messageEnabled()) {
                    debug.message("PolicyDecisionUtils.findAdviceValue: advice=" + str4 + ", realm=" + str2 + ", type=" + str);
                }
                if (!str4.startsWith("/")) {
                    str3 = str4;
                    break;
                }
                int indexOf = str4.indexOf(":");
                if (indexOf == -1) {
                    str3 = str4;
                    break;
                }
                if (str4.substring(0, indexOf).equals(str2) && indexOf != str4.length() - 1) {
                    str3 = str4.substring(indexOf + 1);
                    break;
                }
            }
        }
        if (debug.messageEnabled()) {
            debug.message("PolicyUtils:findAdviceValue, return value=" + str3);
        }
        if (str3.length() == 0) {
            return false;
        }
        stringBuffer.append(str3);
        return true;
    }

    private static String getOneAdviceAsRedirectURL(Map map) {
        Set set;
        if (map == null || map.isEmpty()) {
            return null;
        }
        boolean z = false;
        String str = null;
        String str2 = null;
        Iterator it = map.keySet().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            str = (String) it.next();
            if ("AuthenticateToRealmConditionAdvice".equals(str)) {
                z = true;
                break;
            }
            if (AUTH_USER_ADVICE.equals(str)) {
                str2 = "user";
                z = true;
                break;
            }
            if (AUTH_ROLE_ADVICE.equals(str)) {
                str2 = "role";
                z = true;
                break;
            }
            if ("AuthenticateToServiceConditionAdvice".equals(str)) {
                str2 = "service";
                z = true;
                break;
            }
            if ("AuthSchemeConditionAdvice".equals(str)) {
                str2 = ISAuthConstants.MODULE_PARAM;
                z = true;
                break;
            }
            if ("AuthLevelConditionAdvice".equals(str)) {
                str2 = "authlevel";
                z = true;
                break;
            }
        }
        if (!z || (set = (Set) map.get(str)) == null) {
            return null;
        }
        String str3 = (String) set.iterator().next();
        String realmFromRealmQualifiedData = AMAuthUtils.getRealmFromRealmQualifiedData(str3);
        String dataFromRealmQualifiedData = AMAuthUtils.getDataFromRealmQualifiedData(str3);
        if (debug.messageEnabled()) {
            debug.message("PolicyDecisionUtils.getOneAdvice: advice=" + str3 + ", type=" + str + ", realm=" + realmFromRealmQualifiedData + ", indexName=" + dataFromRealmQualifiedData);
        }
        if (dataFromRealmQualifiedData == null || dataFromRealmQualifiedData.length() == 0) {
            return null;
        }
        StringBuilder sb = new StringBuilder(SystemProperties.get("com.iplanet.am.services.deploymentDescriptor"));
        sb.append(IFSConstants.LOGIN_PAGE);
        if ("AuthenticateToRealmConditionAdvice".equals(str)) {
            sb.append("?realm=").append(dataFromRealmQualifiedData);
        } else {
            sb.append("?realm=").append(realmFromRealmQualifiedData).append("&").append(str2).append("=").append(dataFromRealmQualifiedData);
        }
        return sb.toString();
    }

    static {
        try {
            SSOToken sSOToken = (SSOToken) AccessController.doPrivileged(AdminTokenAction.getInstance());
            actionNames.add("GET");
            actionNames.add("POST");
            pe = ProxyPolicyEvaluatorFactory.getInstance().getProxyPolicyEvaluator(sSOToken, "iPlanetAMWebAgentService");
        } catch (SSOException e) {
            debug.error("PolicyDecisionUtils: Unable to get PolicyEvaluator", e);
            errorMsg = e.getMessage();
        } catch (PolicyException e2) {
            debug.error("PolicyDecisionUtils: Unable to get PolicyEvaluator", e2);
            errorMsg = e2.getMessage();
        }
    }
}
