package com.sun.identity.policy.plugins;

import com.iplanet.am.util.AMResourceBundleCache;
import com.iplanet.am.util.Debug;
import com.iplanet.am.util.OrderedSet;
import com.iplanet.sso.SSOException;
import com.iplanet.sso.SSOToken;
import com.iplanet.sso.SSOTokenManager;
import com.sun.identity.federation.common.IFSConstants;
import com.sun.identity.policy.ConditionDecision;
import com.sun.identity.policy.PolicyException;
import com.sun.identity.policy.PolicyUtils;
import com.sun.identity.policy.Syntax;
import com.sun.identity.policy.interfaces.Condition;
import java.text.ParseException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.Set;

/* loaded from: input_file:117586-13/SUNWamsdk/reloc/$PRODUCT_DIR/lib/am_services.jar:com/sun/identity/policy/plugins/SessionCondition.class */
public class SessionCondition implements Condition {
    public static final String REQUEST_SESSION_CREATION_TIME = "requestSessionCreationTime";
    public static final String MAX_SESSION_TIME = "MaxSessionTime";
    public static final String TERMINATE_SESSION = "TerminateSession";
    public static final String SESSION_CONDITION_ADVICE = "SessionConditionAdvice";
    public static final String ADVICE_TERMINATE_SESSION = "terminateSession";
    public static final String ADVICE_DENY = "deny";
    private static final String SSOTOKEN_PROPERTY_AUTHINSTANT = "authInstant";
    private static final String SESSION_CONDITION_TRUE_VALUE = "session_condition_true_value";
    private static final String SESSION_CONDITION_FALSE_VALUE = "session_condition_false_value";
    private Map properties;
    private long maxSessionTime;
    private boolean terminateSession;
    private static Debug debug = Debug.getInstance("amPolicy");
    private static List propertyNames = new ArrayList(2);
    private static AMResourceBundleCache amCache = AMResourceBundleCache.getInstance();

    @Override // com.sun.identity.policy.interfaces.Condition
    public List getPropertyNames() {
        return new ArrayList(propertyNames);
    }

    @Override // com.sun.identity.policy.interfaces.Condition
    public Syntax getPropertySyntax(String str) {
        return str.equals(TERMINATE_SESSION) ? Syntax.SINGLE_CHOICE : Syntax.ANY;
    }

    @Override // com.sun.identity.policy.interfaces.Condition
    public String getDisplayName(String str, Locale locale) throws PolicyException {
        return com.iplanet.am.util.Locale.getString(amCache.getResBundle("amPolicy", locale), str);
    }

    @Override // com.sun.identity.policy.interfaces.Condition
    public Set getValidValues(String str) throws PolicyException {
        if (!str.equals(TERMINATE_SESSION)) {
            return Collections.EMPTY_SET;
        }
        OrderedSet orderedSet = new OrderedSet();
        orderedSet.add(SESSION_CONDITION_FALSE_VALUE);
        orderedSet.add(SESSION_CONDITION_TRUE_VALUE);
        return orderedSet;
    }

    @Override // com.sun.identity.policy.interfaces.Condition
    public void setProperties(Map map) throws PolicyException {
        this.properties = map;
        validateProperties();
    }

    @Override // com.sun.identity.policy.interfaces.Condition
    public Map getProperties() {
        if (this.properties == null) {
            return null;
        }
        return Collections.unmodifiableMap(this.properties);
    }

    @Override // com.sun.identity.policy.interfaces.Condition
    public ConditionDecision getConditionDecision(SSOToken sSOToken, Map map) throws PolicyException, SSOException {
        long time;
        HashSet hashSet;
        ConditionDecision conditionDecision;
        Long l = null;
        if (sSOToken == null) {
            return new ConditionDecision(true, Long.MAX_VALUE);
        }
        if (map != null) {
            try {
                l = (Long) map.get(REQUEST_SESSION_CREATION_TIME);
            } catch (ClassCastException e) {
                throw new PolicyException("amPolicy", "property_is_not_a_Long", new String[]{REQUEST_SESSION_CREATION_TIME}, null);
            }
        }
        if (l != null) {
            time = l.longValue();
        } else {
            try {
                time = PolicyUtils.stringToDate(sSOToken.getProperty(SSOTOKEN_PROPERTY_AUTHINSTANT)).getTime();
            } catch (ParseException e2) {
                throw new PolicyException("amPolicy", "unable_to_parse_ssotoken_authinstant", null, e2);
            }
        }
        long currentTimeMillis = System.currentTimeMillis();
        long j = time + this.maxSessionTime;
        if (debug.messageEnabled()) {
            debug.message(new StringBuffer("SessionCondition.getConditionDecision():").append("\n  currentTime: ").append(currentTimeMillis).append("\n  expiredTime: ").append(j).toString());
        }
        if (currentTimeMillis < j) {
            conditionDecision = new ConditionDecision(true, j);
        } else {
            HashMap hashMap = new HashMap(1);
            if (this.terminateSession) {
                hashSet = new HashSet(2);
                hashSet.add(ADVICE_DENY);
                hashSet.add(ADVICE_TERMINATE_SESSION);
                try {
                    SSOTokenManager.getInstance().destroyToken(sSOToken);
                    if (debug.messageEnabled()) {
                        debug.message("SessionCondition.getConditionDecision(): successfully terminated user session!");
                    }
                } catch (SSOException e3) {
                    if (debug.warningEnabled()) {
                        debug.warning("SessionCondition.getConditionDecision(): failed to terminate user session!", e3);
                    }
                }
            } else {
                hashSet = new HashSet(1);
                hashSet.add(ADVICE_DENY);
            }
            hashMap.put(SESSION_CONDITION_ADVICE, hashSet);
            conditionDecision = new ConditionDecision(false, Long.MAX_VALUE, hashMap);
        }
        return conditionDecision;
    }

    @Override // com.sun.identity.policy.interfaces.Condition
    public Object clone() {
        try {
            SessionCondition sessionCondition = (SessionCondition) super.clone();
            if (this.properties != null) {
                sessionCondition.properties = new HashMap();
                for (Object obj : this.properties.keySet()) {
                    HashSet hashSet = new HashSet();
                    hashSet.addAll((Set) this.properties.get(obj));
                    sessionCondition.properties.put(obj, hashSet);
                }
            }
            return sessionCondition;
        } catch (CloneNotSupportedException e) {
            throw new InternalError();
        }
    }

    private boolean validateProperties() throws PolicyException {
        if (this.properties == null || this.properties.keySet() == null) {
            throw new PolicyException("amPolicy", "properties_can_not_be_null_or_empty", null, null);
        }
        if (debug.messageEnabled()) {
            debug.message(new StringBuffer().append("SessionCondition.validateProperties(): properties: ").append(this.properties).toString());
        }
        String propertyStringValue = getPropertyStringValue(MAX_SESSION_TIME, true);
        try {
            if (Integer.parseInt(propertyStringValue) <= 0) {
                throw new PolicyException("amPolicy", "invalid_property_value", new String[]{MAX_SESSION_TIME, propertyStringValue}, null);
            }
            this.maxSessionTime = r0 * IFSConstants.ASSERTION_TIMEOUT_ALLOWED_DIFFERENCE;
            String propertyStringValue2 = getPropertyStringValue(TERMINATE_SESSION, false);
            if (propertyStringValue2 == null || !propertyStringValue2.equals(SESSION_CONDITION_TRUE_VALUE)) {
                return true;
            }
            this.terminateSession = true;
            return true;
        } catch (NumberFormatException e) {
            throw new PolicyException("amPolicy", "property_is_not_an_Integer", new String[]{MAX_SESSION_TIME}, null);
        }
    }

    private String getPropertyStringValue(String str, boolean z) throws PolicyException {
        Set set = (Set) this.properties.get(str);
        if (set != null && !set.isEmpty()) {
            return (String) set.iterator().next();
        }
        if (z) {
            throw new PolicyException("amPolicy", "property_value_not_defined", new String[]{str}, null);
        }
        return null;
    }

    static {
        propertyNames.add(MAX_SESSION_TIME);
        propertyNames.add(TERMINATE_SESSION);
    }
}
