package com.sun.identity.entitlement.opensso;

import com.iplanet.sso.SSOException;
import com.iplanet.sso.SSOToken;
import com.sun.identity.entitlement.EntitlementException;
import com.sun.identity.entitlement.GroupSubject;
import com.sun.identity.entitlement.PrivilegeManager;
import com.sun.identity.entitlement.SubjectAttributesCollector;
import com.sun.identity.entitlement.SubjectAttributesManager;
import com.sun.identity.entitlement.SubjectDecision;
import com.sun.identity.idm.AMIdentity;
import com.sun.identity.idm.IdRepoException;
import com.sun.identity.idm.IdType;
import com.sun.identity.idm.IdUtils;
import com.sun.identity.security.AdminTokenAction;
import java.security.AccessController;
import java.security.Principal;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import javax.security.auth.Subject;

@Deprecated
/* loaded from: input_file:WEB-INF/lib/openam-clientsdk-15.0.3.jar:com/sun/identity/entitlement/opensso/OpenSSOGroupSubject.class */
public class OpenSSOGroupSubject extends GroupSubject {
    public OpenSSOGroupSubject() {
    }

    public OpenSSOGroupSubject(String str) {
        super(str);
    }

    public OpenSSOGroupSubject(String str, String str2) {
        super(str, str2);
    }

    @Override // com.sun.identity.entitlement.GroupSubject, com.sun.identity.entitlement.EntitlementSubject
    public SubjectDecision evaluate(String str, SubjectAttributesManager subjectAttributesManager, Subject subject, String str2, Map<String, Set<String>> map) throws EntitlementException {
        boolean z = false;
        if (subjectAttributesManager.isGroupMembershipSearchIndexEnabled()) {
            Set<Object> publicCredentials = subject.getPublicCredentials();
            if (publicCredentials != null && !publicCredentials.isEmpty()) {
                Set set = (Set) ((Map) publicCredentials.iterator().next()).get(SubjectAttributesCollector.NAMESPACE_IDENTITY + IdType.GROUP.getName());
                String id = getID();
                if (set != null) {
                    if (set.contains(id)) {
                        z = true;
                    } else {
                        try {
                            SSOToken sSOToken = (SSOToken) AccessController.doPrivileged(AdminTokenAction.getInstance());
                            AMIdentity identity = IdUtils.getIdentity(sSOToken, id);
                            Iterator it = set.iterator();
                            while (true) {
                                if (!it.hasNext()) {
                                    break;
                                }
                                if (identity.equals(IdUtils.getIdentity(sSOToken, (String) it.next()))) {
                                    z = true;
                                    break;
                                }
                            }
                        } catch (IdRepoException e) {
                            PrivilegeManager.debug.error("GroupSubject.evaluate", e);
                        }
                    }
                }
            }
        } else {
            try {
                AMIdentity identity2 = IdUtils.getIdentity((SSOToken) AccessController.doPrivileged(AdminTokenAction.getInstance()), getID());
                Iterator it2 = IdType.GROUP.canHaveMembers().iterator();
                while (true) {
                    if (!it2.hasNext()) {
                        break;
                    }
                    if (isMember(subject, (IdType) it2.next(), identity2)) {
                        z = true;
                        break;
                    }
                }
            } catch (SSOException e2) {
                PrivilegeManager.debug.error("GroupSubject.evaluate", e2);
            } catch (IdRepoException e3) {
                PrivilegeManager.debug.error("GroupSubject.evaluate", e3);
            }
        }
        return new SubjectDecision(z, Collections.EMPTY_MAP);
    }

    @Override // com.sun.identity.entitlement.GroupSubject, com.sun.identity.entitlement.EntitlementSubject
    public Map<String, Set<String>> getSearchIndexAttributes() {
        SubjectAttributesManager subjectAttributesManager = getSubjectAttributesManager();
        if (subjectAttributesManager == null) {
            return super.getSearchIndexAttributes();
        }
        HashMap hashMap = new HashMap(4);
        if (subjectAttributesManager.isGroupMembershipSearchIndexEnabled()) {
            HashSet hashSet = new HashSet();
            hashSet.add(getID());
            hashMap.put(SubjectAttributesCollector.NAMESPACE_IDENTITY, hashSet);
        } else {
            HashSet hashSet2 = new HashSet();
            hashSet2.add("all");
            hashMap.put(SubjectAttributesCollector.NAMESPACE_IDENTITY, hashSet2);
        }
        return hashMap;
    }

    @Override // com.sun.identity.entitlement.GroupSubject, com.sun.identity.entitlement.EntitlementSubject
    public Set<String> getRequiredAttributeNames() {
        SubjectAttributesManager subjectAttributesManager = getSubjectAttributesManager();
        if (subjectAttributesManager == null) {
            return super.getRequiredAttributeNames();
        }
        if (!subjectAttributesManager.isGroupMembershipSearchIndexEnabled()) {
            return Collections.EMPTY_SET;
        }
        HashSet hashSet = new HashSet(2);
        hashSet.add(SubjectAttributesCollector.NAMESPACE_IDENTITY + IdType.GROUP.getName());
        return hashSet;
    }

    private boolean isMember(Subject subject, IdType idType, AMIdentity aMIdentity) throws IdRepoException, SSOException {
        Set<Principal> principals = subject.getPrincipals();
        SSOToken sSOToken = (SSOToken) AccessController.doPrivileged(AdminTokenAction.getInstance());
        Iterator<Principal> it = principals.iterator();
        while (it.hasNext()) {
            Iterator it2 = IdUtils.getIdentity(sSOToken, it.next().getName()).getMemberships(IdType.GROUP).iterator();
            while (it2.hasNext()) {
                if (((AMIdentity) it2.next()).equals(aMIdentity)) {
                    return true;
                }
            }
        }
        return false;
    }

    private SubjectAttributesManager getSubjectAttributesManager() {
        String id = getID();
        if (id == null) {
            return null;
        }
        try {
            return SubjectAttributesManager.getInstance(SubjectUtils.createSubject((SSOToken) AccessController.doPrivileged(AdminTokenAction.getInstance())), new AMIdentity((SSOToken) null, id).getRealm());
        } catch (IdRepoException e) {
            if (!PrivilegeManager.debug.messageEnabled()) {
                return null;
            }
            PrivilegeManager.debug.message("OpenSSOGroupSubject.getSubjectAttributesManager:", e);
            return null;
        }
    }
}
