package com.sun.identity.entitlement.opensso;

import com.iplanet.am.util.SystemProperties;
import com.iplanet.sso.SSOException;
import com.sun.identity.entitlement.ConditionDecision;
import com.sun.identity.entitlement.Entitlement;
import com.sun.identity.entitlement.EntitlementException;
import com.sun.identity.entitlement.Privilege;
import com.sun.identity.entitlement.PrivilegeType;
import com.sun.identity.entitlement.SubjectDecision;
import com.sun.identity.monitoring.MonitoringUtil;
import com.sun.identity.session.util.RestrictedTokenAction;
import com.sun.identity.session.util.RestrictedTokenContext;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.security.auth.Subject;
import org.forgerock.openam.entitlement.PolicyConstants;
import org.forgerock.openam.entitlement.monitoring.PolicyMonitor;
import org.forgerock.openam.sdk.org.forgerock.guice.core.InjectorHolder;
import org.forgerock.openam.sdk.org.json.JSONException;
import org.forgerock.openam.sdk.org.json.JSONObject;
import org.forgerock.openam.utils.Time;

/* loaded from: input_file:WEB-INF/lib/openam-clientsdk-15.0.3.jar:com/sun/identity/entitlement/opensso/OpenSSOPrivilege.class */
public class OpenSSOPrivilege extends Privilege {
    private String policyName;
    private final PolicyMonitor policyMonitor;

    public OpenSSOPrivilege() {
        if (SystemProperties.isServerMode()) {
            this.policyMonitor = (PolicyMonitor) InjectorHolder.getInstance(PolicyMonitor.class);
        } else {
            this.policyMonitor = null;
        }
    }

    @Override // com.sun.identity.entitlement.Privilege
    public PrivilegeType getType() {
        return PrivilegeType.OPENSSO;
    }

    @Override // com.sun.identity.entitlement.Privilege, com.sun.identity.entitlement.IPrivilege
    public List<Entitlement> evaluate(final Subject subject, final String str, final Subject subject2, final String str2, final String str3, String str4, final Set<String> set, final Map<String, Set<String>> map, final boolean z, Object obj) throws EntitlementException {
        try {
            return (List) RestrictedTokenContext.doUsing(obj, new RestrictedTokenAction<List<Entitlement>>() { // from class: com.sun.identity.entitlement.opensso.OpenSSOPrivilege.1
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // com.sun.identity.session.util.RestrictedTokenAction
                public List<Entitlement> run() throws Exception {
                    long currentTimeMillis = Time.currentTimeMillis();
                    List<Entitlement> internalEvaluate = OpenSSOPrivilege.this.internalEvaluate(subject, str, subject2, str2, str3, set, map, z);
                    if (MonitoringUtil.isRunning()) {
                        OpenSSOPrivilege.this.policyMonitor.addEvaluation(OpenSSOPrivilege.this.policyName, Time.currentTimeMillis() - currentTimeMillis, str, str2, str3, subject2);
                    }
                    return internalEvaluate;
                }
            });
        } catch (Exception e) {
            if ((e instanceof EntitlementException) && (((EntitlementException) e).getCause() instanceof SSOException)) {
                PolicyConstants.DEBUG.message("OpenSSOPrivilege.evaluate", e);
            } else {
                PolicyConstants.DEBUG.error("OpenSSOPrivilege.evaluate", e);
            }
            return Collections.emptyList();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public List<Entitlement> internalEvaluate(Subject subject, String str, Subject subject2, String str2, String str3, Set<String> set, Map<String, Set<String>> map, boolean z) throws EntitlementException {
        Entitlement entitlement = getEntitlement();
        if (!isActive()) {
            return Arrays.asList(new Entitlement(entitlement.getApplicationName(), entitlement.getResourceName(), (Set<String>) Collections.emptySet()));
        }
        SubjectDecision doesSubjectMatch = doesSubjectMatch(subject, str, subject2, str3, map);
        if (!doesSubjectMatch.isSatisfied()) {
            Entitlement entitlement2 = new Entitlement(entitlement.getApplicationName(), entitlement.getResourceName(), (Set<String>) Collections.emptySet());
            entitlement2.setAdvices(doesSubjectMatch.getAdvices());
            return Arrays.asList(entitlement2);
        }
        ConditionDecision doesConditionMatch = doesConditionMatch(str, subject2, str3, map);
        if (!doesConditionMatch.isSatisfied()) {
            Entitlement entitlement3 = new Entitlement(entitlement.getApplicationName(), entitlement.getResourceName(), (Set<String>) Collections.emptySet());
            entitlement3.setAdvices(doesConditionMatch.getAdvice());
            entitlement3.setTTL(doesConditionMatch.getTimeToLive());
            return Arrays.asList(entitlement3);
        }
        Set<String> evaluate = entitlement.evaluate(subject, str, subject2, str2, str3, set, map, z);
        if (PolicyConstants.DEBUG.messageEnabled()) {
            PolicyConstants.DEBUG.message("[PolicyEval] OpenSSOPrivilege.evaluate: resources=" + evaluate);
        }
        Map<String, Set<String>> attributes = getAttributes(subject, str, subject2, str3, map);
        squashMaps(attributes, doesConditionMatch.getResponseAttributes());
        ArrayList arrayList = new ArrayList();
        Iterator<String> it = evaluate.iterator();
        while (it.hasNext()) {
            Entitlement entitlement4 = new Entitlement(entitlement.getApplicationName(), it.next(), entitlement.getActionValues());
            entitlement4.setAdvices(doesConditionMatch.getAdvice());
            entitlement4.setAttributes(attributes);
            entitlement4.setTTL(doesConditionMatch.getTimeToLive());
            arrayList.add(entitlement4);
        }
        return arrayList;
    }

    private void squashMaps(Map<String, Set<String>> map, Map<String, Set<String>> map2) {
        if (map.isEmpty()) {
            map.putAll(map2);
            return;
        }
        for (Map.Entry<String, Set<String>> entry : map2.entrySet()) {
            if (map.containsKey(entry.getKey())) {
                map.get(entry.getKey()).addAll(entry.getValue());
            } else {
                map.put(entry.getKey(), entry.getValue());
            }
        }
    }

    @Override // com.sun.identity.entitlement.Privilege
    public JSONObject toJSONObject() throws JSONException {
        JSONObject jSONObject = super.toJSONObject();
        if (this.policyName != null) {
            jSONObject.put("policyName", this.policyName);
        }
        return jSONObject;
    }

    @Override // com.sun.identity.entitlement.Privilege
    protected void init(JSONObject jSONObject) {
        this.policyName = jSONObject.optString("policyName");
    }

    public void setPolicyName(String str) {
        this.policyName = str;
    }

    public String getPolicyName() {
        return this.policyName;
    }
}
