package com.sun.identity.entitlement;

import com.sun.identity.authentication.share.AuthXMLTags;
import com.sun.identity.entitlement.util.SearchAttribute;
import com.sun.identity.shared.JSONUtils;
import com.sun.identity.shared.configuration.SystemPropertiesManager;
import com.sun.identity.sm.SMSEntry;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.security.auth.Subject;
import org.forgerock.openam.entitlement.CachingEntitlementCondition;
import org.forgerock.openam.entitlement.PolicyConstants;
import org.forgerock.openam.entitlement.utils.EntitlementUtils;
import org.forgerock.openam.sdk.org.json.JSONArray;
import org.forgerock.openam.sdk.org.json.JSONException;
import org.forgerock.openam.sdk.org.json.JSONObject;

/* loaded from: input_file:WEB-INF/lib/openam-clientsdk-15.0.3.jar:com/sun/identity/entitlement/Privilege.class */
public abstract class Privilege implements IPrivilege {
    public static final String PRIVILEGE_CLASS_PROPERTY = "com.sun.identity.entitlement.default.privilege.class";
    private static final String DEFAULT_PRIVILEGE_CLASS = "com.sun.identity.entitlement.opensso.OpenSSOPrivilege";
    public static final String APPLICATION_ATTRIBUTE = "application";
    public static final String CREATED_BY_ATTRIBUTE = "createdby";
    public static final String LAST_MODIFIED_BY_ATTRIBUTE = "lastmodifiedby";
    public static final String CREATION_DATE_ATTRIBUTE = "creationdate";
    public static final String LAST_MODIFIED_DATE_ATTRIBUTE = "lastmodifieddate";
    public static final String NAME_ATTRIBUTE = "name";
    public static final String RESOURCE_MACRO_SELF = "$SELF";
    public static final String RESOURCE_MACRO_ATTRIBUTE = "$ATTR";
    public static final String DESCRIPTION_ATTRIBUTE = "description";
    private static Class<? extends Privilege> privilegeClass;
    private boolean active = true;
    private String name;
    private String description;
    private Entitlement entitlement;
    private EntitlementSubject eSubject;
    private EntitlementCondition eCondition;
    private Set<ResourceAttribute> eResourceAttributes;
    private String resourceTypeUuid;
    private String createdBy;
    private String lastModifiedBy;
    private long creationDate;
    private long lastModifiedDate;
    private Set<String> applicationIndexes;
    public static final SearchAttribute APPLICATION_SEARCH_ATTRIBUTE = new SearchAttribute("application", SMSEntry.PLACEHOLDER_RDN);
    public static final SearchAttribute CREATED_BY_SEARCH_ATTRIBUTE = new SearchAttribute("createdby", SMSEntry.PLACEHOLDER_RDN);
    public static final SearchAttribute LAST_MODIFIED_BY_SEARCH_ATTRIBUTE = new SearchAttribute("lastmodifiedby", SMSEntry.PLACEHOLDER_RDN);
    public static final SearchAttribute CREATION_DATE_SEARCH_ATTRIBUTE = new SearchAttribute("creationdate", SMSEntry.PLACEHOLDER_RDN);
    public static final SearchAttribute LAST_MODIFIED_DATE_SEARCH_ATTRIBUTE = new SearchAttribute("lastmodifieddate", SMSEntry.PLACEHOLDER_RDN);
    public static final SearchAttribute NAME_SEARCH_ATTRIBUTE = new SearchAttribute("name", SMSEntry.PLACEHOLDER_RDN);
    public static final String RESOURCE_TYPE_UUID_ATTRIBUTE = "resourceTypeUuid";
    public static final SearchAttribute RESOURCE_TYPE_UUID_SEARCH_ATTRIBUTE = new SearchAttribute(RESOURCE_TYPE_UUID_ATTRIBUTE, SMSEntry.ATTR_XML_KEYVAL);
    public static final SearchAttribute DESCRIPTION_SEARCH_ATTRIBUTE = new SearchAttribute("description", SMSEntry.PLACEHOLDER_RDN);
    public static final NoSubject NOT_SUBJECT = new NoSubject();

    public static Privilege getNewInstance() throws EntitlementException {
        if (privilegeClass == null) {
            throw new EntitlementException(2);
        }
        try {
            return privilegeClass.newInstance();
        } catch (IllegalAccessException e) {
            throw new EntitlementException(1, e);
        } catch (InstantiationException e2) {
            throw new EntitlementException(1, e2);
        }
    }

    public void setSubject(EntitlementSubject entitlementSubject) throws EntitlementException {
        validateSubject(entitlementSubject);
        this.eSubject = entitlementSubject;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void validateSubject(EntitlementSubject entitlementSubject) throws EntitlementException {
        if (entitlementSubject == null) {
            NoSubject noSubject = NOT_SUBJECT;
        } else if (!entitlementSubject.isIdentity()) {
            throw new EntitlementException(EntitlementException.INVALID_ENTITLEMENT_SUBJECT_CLASS, this.name);
        }
    }

    @Override // com.sun.identity.entitlement.IPrivilege
    public String getName() {
        return this.name;
    }

    public String getDescription() {
        return this.description;
    }

    public void setDescription(String str) {
        this.description = str;
    }

    public EntitlementSubject getSubject() {
        return this.eSubject;
    }

    public EntitlementCondition getCondition() {
        return this.eCondition;
    }

    public Set<ResourceAttribute> getResourceAttributes() {
        return this.eResourceAttributes;
    }

    public Entitlement getEntitlement() {
        return this.entitlement;
    }

    public void setResourceTypeUuid(String str) {
        this.resourceTypeUuid = str;
    }

    public String getResourceTypeUuid() {
        return this.resourceTypeUuid;
    }

    public PrivilegeType getType() {
        return PrivilegeType.UNKNOWN;
    }

    @Override // com.sun.identity.entitlement.IPrivilege
    public abstract List<Entitlement> evaluate(Subject subject, String str, Subject subject2, String str2, String str3, String str4, Set<String> set, Map<String, Set<String>> map, boolean z, Object obj) throws EntitlementException;

    public String toString() {
        String str = null;
        try {
            JSONObject jSONObject = toJSONObject();
            str = jSONObject == null ? super.toString() : jSONObject.toString(2);
        } catch (JSONException e) {
            PolicyConstants.DEBUG.error("Entitlement.toString()", e);
        }
        return str;
    }

    public JSONObject toMinimalJSONObject() throws JSONException {
        JSONObject jSONObject = new JSONObject();
        jSONObject.put("name", this.name);
        if (this.description != null) {
            jSONObject.put("description", this.description);
        }
        if (this.entitlement != null) {
            jSONObject.put("entitlement", this.entitlement.toJSONObject());
        }
        if (this.eSubject != null) {
            JSONObject jSONObject2 = new JSONObject();
            jSONObject2.put(AuthXMLTags.ATTRIBUTE_CLASS_NAME, this.eSubject.getClass().getName());
            jSONObject2.put("state", this.eSubject.getState());
            jSONObject.put("eSubject", jSONObject2);
        }
        if (this.eCondition != null) {
            JSONObject jSONObject3 = new JSONObject();
            jSONObject3.put(AuthXMLTags.ATTRIBUTE_CLASS_NAME, this.eCondition.getClass().getName());
            jSONObject3.put("state", this.eCondition.getState());
            jSONObject.put("eCondition", jSONObject3);
        }
        if (this.eResourceAttributes != null && !this.eResourceAttributes.isEmpty()) {
            for (ResourceAttribute resourceAttribute : this.eResourceAttributes) {
                JSONObject jSONObject4 = new JSONObject();
                jSONObject4.put(AuthXMLTags.ATTRIBUTE_CLASS_NAME, resourceAttribute.getClass().getName());
                jSONObject4.put("state", resourceAttribute.getState());
                jSONObject.append("eResourceAttributes", jSONObject4);
            }
        }
        return jSONObject;
    }

    public JSONObject toJSONObject() throws JSONException {
        JSONObject minimalJSONObject = toMinimalJSONObject();
        minimalJSONObject.put(AuthXMLTags.ATTRIBUTE_CLASS_NAME, getClass().getName());
        minimalJSONObject.put("active", Boolean.toString(this.active));
        minimalJSONObject.put(RESOURCE_TYPE_UUID_ATTRIBUTE, this.resourceTypeUuid);
        if (this.description != null) {
            minimalJSONObject.put("description", this.description);
        }
        if (this.createdBy != null) {
            minimalJSONObject.put(EntitlementUtils.CONFIG_CREATED_BY, this.createdBy);
        }
        if (this.lastModifiedBy != null) {
            minimalJSONObject.put(EntitlementUtils.CONFIG_LAST_MODIFIED_BY, this.lastModifiedBy);
        }
        minimalJSONObject.put(EntitlementUtils.CONFIG_LAST_MODIFIED_DATE, this.lastModifiedDate);
        minimalJSONObject.put(EntitlementUtils.CONFIG_CREATION_DATE, this.creationDate);
        return minimalJSONObject;
    }

    protected abstract void init(JSONObject jSONObject);

    public static Privilege getInstance(JSONObject jSONObject) throws EntitlementException {
        try {
            Privilege privilege = (Privilege) Class.forName(jSONObject.optString(AuthXMLTags.ATTRIBUTE_CLASS_NAME)).newInstance();
            privilege.name = jSONObject.optString("name");
            privilege.active = Boolean.parseBoolean(jSONObject.optString("active"));
            privilege.resourceTypeUuid = jSONObject.optString(RESOURCE_TYPE_UUID_ATTRIBUTE);
            privilege.description = jSONObject.optString("description");
            privilege.createdBy = jSONObject.optString(EntitlementUtils.CONFIG_CREATED_BY);
            privilege.lastModifiedBy = jSONObject.optString(EntitlementUtils.CONFIG_LAST_MODIFIED_BY);
            privilege.creationDate = JSONUtils.getLong(jSONObject, EntitlementUtils.CONFIG_CREATION_DATE);
            privilege.lastModifiedDate = JSONUtils.getLong(jSONObject, EntitlementUtils.CONFIG_LAST_MODIFIED_DATE);
            if (jSONObject.has("entitlement")) {
                privilege.entitlement = new Entitlement(jSONObject.getJSONObject("entitlement"));
            }
            privilege.eSubject = getESubject(jSONObject);
            privilege.eCondition = getECondition(jSONObject);
            privilege.eResourceAttributes = getResourceAttributes(jSONObject);
            privilege.init(jSONObject);
            return privilege;
        } catch (ClassNotFoundException e) {
            PolicyConstants.DEBUG.error("Privilege.getInstance", e);
            return null;
        } catch (IllegalAccessException e2) {
            PolicyConstants.DEBUG.error("Privilege.getInstance", e2);
            return null;
        } catch (InstantiationException e3) {
            PolicyConstants.DEBUG.error("Privilege.getInstance", e3);
            return null;
        } catch (JSONException e4) {
            PolicyConstants.DEBUG.error("Privilege.getInstance", e4);
            return null;
        }
    }

    private static Set<ResourceAttribute> getResourceAttributes(JSONObject jSONObject) throws JSONException {
        if (!jSONObject.has("eResourceAttributes")) {
            return null;
        }
        JSONArray jSONArray = jSONObject.getJSONArray("eResourceAttributes");
        HashSet hashSet = new HashSet();
        for (int i = 0; i < jSONArray.length(); i++) {
            JSONObject jSONObject2 = (JSONObject) jSONArray.get(i);
            try {
                ResourceAttribute resourceAttribute = (ResourceAttribute) Class.forName(jSONObject2.getString(AuthXMLTags.ATTRIBUTE_CLASS_NAME)).newInstance();
                resourceAttribute.setState(jSONObject2.getString("state"));
                hashSet.add(resourceAttribute);
            } catch (ClassNotFoundException e) {
                PolicyConstants.DEBUG.error("Privilege.getResourceAttributes", e);
            } catch (IllegalAccessException e2) {
                PolicyConstants.DEBUG.error("Privilege.getResourceAttributes", e2);
            } catch (InstantiationException e3) {
                PolicyConstants.DEBUG.error("Privilege.getResourceAttributes", e3);
            }
        }
        return hashSet;
    }

    private static EntitlementSubject getESubject(JSONObject jSONObject) throws JSONException {
        if (!jSONObject.has("eSubject")) {
            return new NoSubject();
        }
        JSONObject jSONObject2 = jSONObject.getJSONObject("eSubject");
        try {
            EntitlementSubject entitlementSubject = (EntitlementSubject) Class.forName(jSONObject2.getString(AuthXMLTags.ATTRIBUTE_CLASS_NAME)).newInstance();
            entitlementSubject.setState(jSONObject2.getString("state"));
            return entitlementSubject;
        } catch (ClassNotFoundException e) {
            PolicyConstants.DEBUG.error("Privilege.getESubject", e);
            return null;
        } catch (IllegalAccessException e2) {
            PolicyConstants.DEBUG.error("Privilege.getESubject", e2);
            return null;
        } catch (InstantiationException e3) {
            PolicyConstants.DEBUG.error("Privilege.getESubject", e3);
            return null;
        }
    }

    private static EntitlementCondition getECondition(JSONObject jSONObject) throws JSONException {
        if (!jSONObject.has("eCondition")) {
            return null;
        }
        JSONObject jSONObject2 = jSONObject.getJSONObject("eCondition");
        try {
            EntitlementCondition entitlementCondition = (EntitlementCondition) Class.forName(jSONObject2.getString(AuthXMLTags.ATTRIBUTE_CLASS_NAME)).newInstance();
            entitlementCondition.setState(jSONObject2.getString("state"));
            return entitlementCondition;
        } catch (ClassNotFoundException e) {
            PolicyConstants.DEBUG.error("Privilege.getECondition", e);
            return null;
        } catch (IllegalAccessException e2) {
            PolicyConstants.DEBUG.error("Privilege.getECondition", e2);
            return null;
        } catch (InstantiationException e3) {
            PolicyConstants.DEBUG.error("Privilege.getECondition", e3);
            return null;
        }
    }

    public boolean equals(Object obj) {
        if (obj == null || !getClass().equals(obj.getClass())) {
            return false;
        }
        Privilege privilege = (Privilege) obj;
        if (this.name == null) {
            if (privilege.getName() != null) {
                return false;
            }
        } else if (privilege.getName() == null || !this.name.equals(privilege.getName())) {
            return false;
        }
        if (this.active != privilege.active) {
            return false;
        }
        if (this.entitlement == null) {
            if (privilege.getEntitlement() != null) {
                return false;
            }
        } else if (privilege.getEntitlement() == null || !this.entitlement.equals(privilege.getEntitlement())) {
            return false;
        }
        if (this.eSubject == null) {
            if (privilege.getSubject() != null) {
                return false;
            }
        } else if (privilege.getSubject() == null || !this.eSubject.equals(privilege.getSubject())) {
            return false;
        }
        if (this.eResourceAttributes == null) {
            if (privilege.getResourceAttributes() != null) {
                return false;
            }
        } else if (privilege.getResourceAttributes() == null || !this.eResourceAttributes.equals(privilege.getResourceAttributes())) {
            return false;
        }
        if (this.eCondition == null) {
            if (privilege.getCondition() != null) {
                return false;
            }
        } else if (privilege.getCondition() == null || !this.eCondition.equals(privilege.getCondition())) {
            return false;
        }
        return true;
    }

    public int hashCode() {
        int i = 0;
        if (this.name != null) {
            i = 0 + this.name.hashCode();
        }
        if (this.entitlement != null) {
            i += this.entitlement.hashCode();
        }
        if (this.eSubject != null) {
            i += this.eSubject.hashCode();
        }
        if (this.eCondition != null) {
            i += this.eCondition.hashCode();
        }
        if (this.eResourceAttributes != null) {
            i += this.eResourceAttributes.hashCode();
        }
        return i;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public SubjectDecision doesSubjectMatch(Subject subject, String str, Subject subject2, String str2, Map<String, Set<String>> map) throws EntitlementException {
        SubjectDecision subjectDecision;
        if (getSubject() != null) {
            subjectDecision = getSubject().evaluate(str, SubjectAttributesManager.getInstance(subject, str), subject2, str2, map);
        } else {
            subjectDecision = new SubjectDecision(true, Collections.emptyMap());
        }
        if (PolicyConstants.DEBUG.messageEnabled()) {
            if (subjectDecision.isSatisfied()) {
                PolicyConstants.DEBUG.message("[PolicyEval] Privilege.doesSubjectMatch: true");
            } else {
                PolicyConstants.DEBUG.message("[PolicyEval] Privilege.doesSubjectMatch: false");
                PolicyConstants.DEBUG.message("[PolicyEval] Advices: " + subjectDecision.getAdvices());
            }
        }
        return subjectDecision;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public ConditionDecision doesConditionMatch(String str, Subject subject, String str2, Map<String, Set<String>> map) throws EntitlementException {
        ConditionDecision evaluate = this.eCondition != null ? new CachingEntitlementCondition(this.eCondition).evaluate(str, subject, str2, map) : ConditionDecision.newSuccessBuilder().build();
        if (PolicyConstants.DEBUG.messageEnabled()) {
            if (evaluate.isSatisfied()) {
                PolicyConstants.DEBUG.message("[PolicyEval] Privilege.doesConditionMatch: true");
            } else {
                PolicyConstants.DEBUG.message("[PolicyEval] Privilege.doesConditionMatch: false");
                PolicyConstants.DEBUG.message("[PolicyEval] Advices: " + evaluate.getAdvice());
            }
        }
        return evaluate;
    }

    public long getCreationDate() {
        return this.creationDate;
    }

    public void setCreationDate(long j) {
        this.creationDate = j;
    }

    @Override // com.sun.identity.entitlement.IPrivilege
    public long getLastModifiedDate() {
        return this.lastModifiedDate;
    }

    public void setLastModifiedDate(long j) {
        this.lastModifiedDate = j;
    }

    public String getLastModifiedBy() {
        return this.lastModifiedBy;
    }

    public void setLastModifiedBy(String str) {
        this.lastModifiedBy = str;
    }

    public String getCreatedBy() {
        return this.createdBy;
    }

    public void setCreatedBy(String str) {
        this.createdBy = str;
    }

    public void canonicalizeResources(Subject subject, String str) throws EntitlementException {
        this.entitlement.canonicalizeResources(subject, str);
    }

    @Override // com.sun.identity.entitlement.IPrivilege
    public ResourceSaveIndexes getResourceSaveIndexes(Subject subject, String str) throws EntitlementException {
        if (this.entitlement != null) {
            return this.entitlement.getResourceSaveIndexes(subject, str);
        }
        return null;
    }

    public void setName(String str) throws EntitlementException {
        if (str == null || str.trim().length() == 0) {
            throw new EntitlementException(3);
        }
        this.name = str;
    }

    public void setEntitlement(Entitlement entitlement) throws EntitlementException {
        if (entitlement == null) {
            throw new EntitlementException(4);
        }
        this.entitlement = entitlement;
    }

    public void setCondition(EntitlementCondition entitlementCondition) {
        this.eCondition = entitlementCondition;
    }

    public void setResourceAttributes(Set<ResourceAttribute> set) {
        if (set == null) {
            this.eResourceAttributes = null;
        } else {
            this.eResourceAttributes = new LinkedHashSet(set);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Map<String, Set<String>> getAttributes(Subject subject, String str, Subject subject2, String str2, Map<String, Set<String>> map) throws EntitlementException {
        HashMap hashMap = new HashMap();
        if (this.eResourceAttributes != null && !this.eResourceAttributes.isEmpty()) {
            Iterator<ResourceAttribute> it = this.eResourceAttributes.iterator();
            while (it.hasNext()) {
                Map<String, Set<String>> evaluate = it.next().evaluate(subject, str, subject2, str2, map);
                for (String str3 : evaluate.keySet()) {
                    Set set = (Set) hashMap.get(str3);
                    if (set == null) {
                        set = new HashSet();
                        hashMap.put(str3, set);
                    }
                    set.addAll(evaluate.get(str3));
                }
            }
        }
        return hashMap;
    }

    public boolean isActive() {
        return this.active;
    }

    public void setActive(boolean z) {
        this.active = z;
    }

    public static Privilege getNewInstance(String str) throws EntitlementException {
        if (str == null || str.trim().length() == 0) {
            throw new EntitlementException(9);
        }
        try {
            return getNewInstance(new JSONObject(str));
        } catch (JSONException e) {
            throw new EntitlementException(11);
        }
    }

    public static Privilege getNewInstance(JSONObject jSONObject) throws EntitlementException {
        if (privilegeClass == null) {
            throw new EntitlementException(2);
        }
        try {
            Privilege newInstance = privilegeClass.newInstance();
            if (!jSONObject.has("name")) {
                throw new EntitlementException(3);
            }
            newInstance.name = jSONObject.optString("name");
            newInstance.description = jSONObject.optString("description");
            if (jSONObject.has("entitlement")) {
                newInstance.entitlement = new Entitlement(jSONObject.getJSONObject("entitlement"));
            }
            newInstance.eSubject = getESubject(jSONObject);
            newInstance.eCondition = getECondition(jSONObject);
            if (newInstance.eCondition != null) {
                newInstance.eCondition.validate();
            }
            newInstance.eResourceAttributes = getResourceAttributes(jSONObject);
            newInstance.init(jSONObject);
            return newInstance;
        } catch (IllegalAccessException e) {
            throw new EntitlementException(1, e);
        } catch (InstantiationException e2) {
            throw new EntitlementException(1, e2);
        } catch (JSONException e3) {
            throw new EntitlementException(1, e3);
        }
    }

    public void setApplicationIndexes(Set<String> set) {
        this.applicationIndexes = set;
    }

    public Set<String> getApplicationIndexes() {
        return this.applicationIndexes == null ? Collections.EMPTY_SET : this.applicationIndexes;
    }

    static {
        try {
            privilegeClass = Class.forName(SystemPropertiesManager.get(PRIVILEGE_CLASS_PROPERTY, DEFAULT_PRIVILEGE_CLASS)).asSubclass(Privilege.class);
        } catch (ClassNotFoundException e) {
            PolicyConstants.DEBUG.error("Privilege.<init>", e);
        }
    }
}
