package com.sun.identity.policy.plugins;

import com.iplanet.am.util.Debug;
import com.iplanet.sso.SSOException;
import com.iplanet.sso.SSOToken;
import com.sun.identity.policy.ConditionDecision;
import com.sun.identity.policy.PolicyException;
import com.sun.identity.policy.Syntax;
import com.sun.identity.policy.interfaces.Condition;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.Set;
import java.util.StringTokenizer;

/* loaded from: input_file:115766-11/SUNWamsdk/reloc/SUNWam/lib/am_services.jar:com/sun/identity/policy/plugins/AuthSchemeCondition.class */
public class AuthSchemeCondition implements Condition {
    public static final String AUTH_SCHEME = "AuthScheme";
    public static final String REQUEST_AUTH_SCHEMES = "requestAuthSchemes";
    public static final String AUTH_SCHEME_CONDITION_ADVICE = "AuthSchemeConditionAdvice";
    private Map properties;
    private String authScheme;
    private static final Debug DEBUG = Debug.getInstance("amPolicy");
    private static List propertyNames = new ArrayList(1);

    @Override // com.sun.identity.policy.interfaces.Condition
    public List getPropertyNames() {
        return new ArrayList(propertyNames);
    }

    @Override // com.sun.identity.policy.interfaces.Condition
    public Syntax getPropertySyntax(String str) {
        return Syntax.NONE;
    }

    @Override // com.sun.identity.policy.interfaces.Condition
    public String getDisplayName(String str, Locale locale) throws PolicyException {
        return "";
    }

    @Override // com.sun.identity.policy.interfaces.Condition
    public Set getValidValues(String str) throws PolicyException {
        return Collections.EMPTY_SET;
    }

    @Override // com.sun.identity.policy.interfaces.Condition
    public void setProperties(Map map) throws PolicyException {
        this.properties = map;
        validateProperties();
    }

    @Override // com.sun.identity.policy.interfaces.Condition
    public Map getProperties() {
        if (this.properties == null) {
            return null;
        }
        return Collections.unmodifiableMap(this.properties);
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v36, types: [java.util.Set] */
    @Override // com.sun.identity.policy.interfaces.Condition
    public ConditionDecision getConditionDecision(SSOToken sSOToken, Map map) throws PolicyException, SSOException {
        String property;
        boolean z = false;
        HashSet hashSet = new HashSet();
        if (map != null && map.get(REQUEST_AUTH_SCHEMES) != null) {
            try {
                hashSet = (Set) map.get(REQUEST_AUTH_SCHEMES);
            } catch (ClassCastException e) {
                throw new PolicyException("amPolicy", "property_is_not_a_Set", new String[]{REQUEST_AUTH_SCHEMES}, e);
            }
        } else if (sSOToken != null && (property = sSOToken.getProperty("AuthType")) != null) {
            StringTokenizer stringTokenizer = new StringTokenizer(property, "|");
            while (stringTokenizer.hasMoreTokens()) {
                hashSet.add(stringTokenizer.nextToken());
            }
            if (DEBUG.messageEnabled()) {
                DEBUG.message(new StringBuffer().append("At AuthSchemeCondition.getConditionDecision(): requestAuthSchemes = ").append(hashSet).toString());
            }
        }
        if (hashSet.contains(this.authScheme)) {
            z = true;
        }
        if (DEBUG.messageEnabled()) {
            DEBUG.message(new StringBuffer().append("At AuthSchemeCondition.getConditionDecision():authScheme,  requestAuthScheme, allowed = ").append(this.authScheme).append(", ").append(hashSet).append(",").append(z).toString());
        }
        HashMap hashMap = new HashMap();
        if (!z) {
            HashSet hashSet2 = new HashSet(1);
            hashSet2.add(this.authScheme);
            hashMap.put(AUTH_SCHEME_CONDITION_ADVICE, hashSet2);
        }
        return new ConditionDecision(z, hashMap);
    }

    @Override // com.sun.identity.policy.interfaces.Condition
    public Object clone() {
        try {
            AuthSchemeCondition authSchemeCondition = (AuthSchemeCondition) super.clone();
            if (this.properties != null) {
                authSchemeCondition.properties = new HashMap();
                for (Object obj : this.properties.keySet()) {
                    HashSet hashSet = new HashSet();
                    hashSet.addAll((Set) this.properties.get(obj));
                    authSchemeCondition.properties.put(obj, hashSet);
                }
            }
            return authSchemeCondition;
        } catch (CloneNotSupportedException e) {
            throw new InternalError();
        }
    }

    private boolean validateProperties() throws PolicyException {
        if (this.properties == null || this.properties.keySet() == null) {
            throw new PolicyException("amPolicy", "properties_can_not_be_null_or_empty", null, null);
        }
        Set<String> keySet = this.properties.keySet();
        if (!keySet.contains(AUTH_SCHEME)) {
            throw new PolicyException("amPolicy", "property_value_not_defined", new String[]{AUTH_SCHEME}, null);
        }
        for (String str : keySet) {
            if (!AUTH_SCHEME.equals(str)) {
                throw new PolicyException("amPolicy", "attempt_to_set_invalid_property ", new String[]{str}, null);
            }
        }
        Set set = (Set) this.properties.get(AUTH_SCHEME);
        if (set == null) {
            return true;
        }
        validateAuthSchemes(set);
        return true;
    }

    private boolean validateAuthSchemes(Set set) throws PolicyException {
        if (set.isEmpty() || set.size() > 1) {
            throw new PolicyException("amPolicy", "property_does_not_allow_empty_or_multiple_values", new String[]{AUTH_SCHEME}, null);
        }
        try {
            this.authScheme = (String) set.iterator().next();
            return true;
        } catch (Exception e) {
            throw new PolicyException("amPolicy", "property_is_not_a_String", new String[]{AUTH_SCHEME}, null);
        }
    }

    private boolean isAllowed(SSOToken sSOToken, Map map) throws PolicyException, SSOException {
        return getConditionDecision(sSOToken, map).isAllowed();
    }

    static {
        propertyNames.add(AUTH_SCHEME);
    }
}
