package com.sun.identity.entitlement.opensso;

import com.iplanet.sso.SSOException;
import com.iplanet.sso.SSOToken;
import com.sun.identity.authentication.share.AuthXMLTags;
import com.sun.identity.entitlement.EntitlementException;
import com.sun.identity.entitlement.EntitlementSubject;
import com.sun.identity.entitlement.SubjectAttributesCollector;
import com.sun.identity.entitlement.SubjectAttributesManager;
import com.sun.identity.entitlement.SubjectDecision;
import com.sun.identity.policy.PolicyException;
import com.sun.identity.policy.PolicyManager;
import com.sun.identity.security.AdminTokenAction;
import java.security.AccessController;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import javax.security.auth.Subject;
import org.apache.hc.core5.http.HttpStatus;
import org.forgerock.openam.entitlement.PolicyConstants;
import org.forgerock.openam.sdk.com.fasterxml.jackson.annotation.JsonIgnore;
import org.forgerock.openam.sdk.org.json.JSONArray;
import org.forgerock.openam.sdk.org.json.JSONException;
import org.forgerock.openam.sdk.org.json.JSONObject;

/* loaded from: input_file:WEB-INF/lib/openam-clientsdk-15.0.3.jar:com/sun/identity/entitlement/opensso/PolicySubject.class */
public class PolicySubject implements EntitlementSubject {
    private String name;
    private String className;
    private Set<String> values;
    private boolean exclusive;

    public PolicySubject() {
    }

    public PolicySubject(String str, String str2, Set<String> set, boolean z) {
        this.name = str;
        this.className = str2;
        this.values = set;
        this.exclusive = z;
    }

    public String getName() {
        return this.name;
    }

    public String getClassName() {
        return this.className;
    }

    public Set<String> getValues() {
        return this.values;
    }

    public boolean isExclusive() {
        return this.exclusive;
    }

    @Override // com.sun.identity.entitlement.EntitlementSubject
    public void setState(String str) {
        try {
            JSONObject jSONObject = new JSONObject(str);
            this.name = jSONObject.optString("name");
            this.className = jSONObject.optString(AuthXMLTags.ATTRIBUTE_CLASS_NAME);
            this.exclusive = jSONObject.optBoolean("exclusive");
            this.values = getValues((JSONArray) jSONObject.opt("values"));
        } catch (JSONException e) {
            PolicyConstants.DEBUG.error("PolicySubject.setState", e);
        }
    }

    private Set<String> getValues(JSONArray jSONArray) throws JSONException {
        HashSet hashSet = new HashSet();
        for (int i = 0; i < jSONArray.length(); i++) {
            hashSet.add(jSONArray.getString(i));
        }
        return hashSet;
    }

    @Override // com.sun.identity.entitlement.EntitlementSubject
    public String getState() {
        JSONObject jSONObject = new JSONObject();
        try {
            jSONObject.put("name", this.name);
            jSONObject.put(AuthXMLTags.ATTRIBUTE_CLASS_NAME, this.className);
            jSONObject.put("exclusive", this.exclusive);
            jSONObject.put("values", (Collection<?>) this.values);
            return jSONObject.toString(2);
        } catch (JSONException e) {
            PolicyConstants.DEBUG.error("PolicySubject.getState", e);
            return "";
        }
    }

    @Override // com.sun.identity.entitlement.EntitlementSubject
    public Map<String, Set<String>> getSearchIndexAttributes() {
        HashMap hashMap = new HashMap(4);
        HashSet hashSet = new HashSet();
        hashSet.add("all");
        hashMap.put(SubjectAttributesCollector.NAMESPACE_IDENTITY, hashSet);
        return hashMap;
    }

    @Override // com.sun.identity.entitlement.EntitlementSubject
    public Set<String> getRequiredAttributeNames() {
        return Collections.EMPTY_SET;
    }

    @Override // com.sun.identity.entitlement.EntitlementSubject
    public SubjectDecision evaluate(String str, SubjectAttributesManager subjectAttributesManager, Subject subject, String str2, Map<String, Set<String>> map) throws EntitlementException {
        try {
            PolicyManager policyManager = new PolicyManager((SSOToken) AccessController.doPrivileged(AdminTokenAction.getInstance()), str);
            com.sun.identity.policy.interfaces.Subject policySubject = getPolicySubject();
            policySubject.initialize(policyManager.getPolicyConfig());
            SSOToken sSOToken = getSSOToken(subject);
            return new SubjectDecision(sSOToken == null ? true : policySubject.isMember(sSOToken) ^ this.exclusive, Collections.EMPTY_MAP);
        } catch (SSOException e) {
            throw new EntitlementException(HttpStatus.SC_LOOP_DETECTED, e);
        } catch (PolicyException e2) {
            throw new EntitlementException(HttpStatus.SC_LOOP_DETECTED, e2);
        }
    }

    private static SSOToken getSSOToken(Subject subject) {
        if (subject == null) {
            return null;
        }
        for (Object obj : subject.getPrivateCredentials()) {
            if (obj instanceof SSOToken) {
                return (SSOToken) obj;
            }
        }
        return null;
    }

    @Override // com.sun.identity.entitlement.EntitlementSubject
    public boolean isIdentity() {
        return true;
    }

    @JsonIgnore
    public com.sun.identity.policy.interfaces.Subject getPolicySubject() throws EntitlementException {
        try {
            com.sun.identity.policy.interfaces.Subject subject = (com.sun.identity.policy.interfaces.Subject) Class.forName(this.className).asSubclass(com.sun.identity.policy.interfaces.Subject.class).newInstance();
            subject.setValues(this.values);
            return subject;
        } catch (Exception e) {
            throw new EntitlementException(HttpStatus.SC_LOOP_DETECTED, e);
        }
    }
}
