package com.sun.identity.policy.plugins;

import com.iplanet.am.util.Debug;
import com.iplanet.sso.SSOException;
import com.iplanet.sso.SSOToken;
import com.sun.identity.federation.common.IFSConstants;
import com.sun.identity.policy.ConditionDecision;
import com.sun.identity.policy.PolicyException;
import com.sun.identity.policy.Syntax;
import com.sun.identity.policy.interfaces.Condition;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.Set;
import java.util.StringTokenizer;

/* loaded from: input_file:115766-08/SUNWamsdk/reloc/SUNWam/lib/am_services.jar:com/sun/identity/policy/plugins/AuthRoleCondition.class */
public class AuthRoleCondition implements Condition {
    public static final String ROLE_NAME = "authRoleName";
    private Map properties;
    private String authRoleName;
    private static final Debug DEBUG = Debug.getInstance("amPolicy");
    private static List propertyNames = new ArrayList(1);

    @Override // com.sun.identity.policy.interfaces.Condition
    public List getPropertyNames() {
        return new ArrayList(propertyNames);
    }

    @Override // com.sun.identity.policy.interfaces.Condition
    public Syntax getPropertySyntax(String str) {
        return Syntax.ANY;
    }

    @Override // com.sun.identity.policy.interfaces.Condition
    public String getDisplayName(String str, Locale locale) throws PolicyException {
        return str;
    }

    @Override // com.sun.identity.policy.interfaces.Condition
    public Set getValidValues(String str) throws PolicyException {
        return Collections.EMPTY_SET;
    }

    @Override // com.sun.identity.policy.interfaces.Condition
    public void setProperties(Map map) throws PolicyException {
        this.properties = (HashMap) map;
        if (map == null || map.keySet() == null) {
            throw new PolicyException("amPolicy", "properties_can_not_be_null_or_empty", null, null);
        }
        if (!ROLE_NAME.equals((String) map.keySet().iterator().next())) {
            throw new PolicyException("amPolicy", "attempt_to_set_invalid_property", new String[]{ROLE_NAME}, null);
        }
        Set set = (Set) map.get(ROLE_NAME);
        if (set == null || set.isEmpty() || set.size() > 1) {
            throw new PolicyException("amPolicy", "property_does_not_allow_empty_or_multiple_values", new String[]{ROLE_NAME}, null);
        }
        this.authRoleName = (String) set.iterator().next();
    }

    @Override // com.sun.identity.policy.interfaces.Condition
    public Map getProperties() {
        return this.properties;
    }

    @Override // com.sun.identity.policy.interfaces.Condition
    public ConditionDecision getConditionDecision(SSOToken sSOToken, Map map) throws SSOException, PolicyException {
        if (sSOToken != null) {
            String property = sSOToken.getProperty(IFSConstants.AC_ROLE);
            if (DEBUG.messageEnabled()) {
                DEBUG.message(new StringBuffer().append("At AuthRoleCondition.getConditionDecision(): userAuthRoleNames=").append(property).toString());
            }
            if (property == null) {
                return new ConditionDecision(false);
            }
            StringTokenizer stringTokenizer = new StringTokenizer(property, "|");
            while (stringTokenizer.hasMoreElements()) {
                if (((String) stringTokenizer.nextElement()).equals(this.authRoleName)) {
                    return new ConditionDecision(true);
                }
            }
        }
        return new ConditionDecision(false);
    }

    @Override // com.sun.identity.policy.interfaces.Condition
    public Object clone() {
        try {
            AuthRoleCondition authRoleCondition = (AuthRoleCondition) super.clone();
            if (this.properties != null) {
                authRoleCondition.properties = new HashMap();
                for (Object obj : this.properties.keySet()) {
                    HashSet hashSet = new HashSet();
                    hashSet.addAll((Set) this.properties.get(obj));
                    authRoleCondition.properties.put(obj, hashSet);
                }
            }
            return authRoleCondition;
        } catch (CloneNotSupportedException e) {
            throw new InternalError();
        }
    }

    static {
        propertyNames.add(ROLE_NAME);
    }
}
