package com.sun.identity.policy.client;

import com.iplanet.am.util.Debug;
import com.iplanet.services.comm.client.PLLClient;
import com.iplanet.services.comm.client.SendRequestException;
import com.iplanet.services.comm.share.Request;
import com.iplanet.services.comm.share.RequestSet;
import com.iplanet.services.comm.share.Response;
import com.iplanet.sso.SSOException;
import com.iplanet.sso.SSOToken;
import com.sun.identity.log.LogRecord;
import com.sun.identity.log.Logger;
import com.sun.identity.policy.ActionDecision;
import com.sun.identity.policy.PolicyDecision;
import com.sun.identity.policy.PolicyException;
import com.sun.identity.policy.ResBundleUtils;
import com.sun.identity.policy.ResourceMatch;
import com.sun.identity.policy.ResourceResult;
import com.sun.identity.policy.interfaces.ResourceName;
import com.sun.identity.policy.remote.PolicyEvaluationException;
import com.sun.identity.policy.remote.PolicyRequest;
import com.sun.identity.policy.remote.PolicyResponse;
import com.sun.identity.policy.remote.PolicyService;
import com.sun.identity.policy.remote.ResourceResultRequest;
import java.net.URL;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import java.util.logging.Level;

/* loaded from: input_file:117586-14/SUNWamsdk/reloc/$PRODUCT_DIR/lib/am_services.jar:com/sun/identity/policy/client/PolicyEvaluator.class */
public class PolicyEvaluator {
    private static final String RESOURCE_SCOPE = "subtree";
    private static final String NAMING_POLICY = "policy";
    private PolicyProperties policyProp = null;
    private String serviceName = null;
    private ResourceName resourceComparator = null;
    private ResourceResultCache cache = null;
    AppSSOTokenProvider appSSOTokenProvider = null;
    static Debug debug = Debug.getInstance("amRemotePolicy");
    static Logger accessLogger = null;
    static Logger errorLogger = null;

    public PolicyEvaluator(String str) throws PolicyException, SSOException {
        init(str, null);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public PolicyEvaluator(String str, AppSSOTokenProvider appSSOTokenProvider) throws PolicyException, SSOException {
        init(str, appSSOTokenProvider);
    }

    private void init(String str, AppSSOTokenProvider appSSOTokenProvider) throws PolicyException, SSOException {
        this.serviceName = str;
        this.appSSOTokenProvider = appSSOTokenProvider;
        this.policyProp = new PolicyProperties();
        getResourceComparator();
        this.cache = ResourceResultCache.getInstance(this.policyProp, getAppSSOToken(), str, this.resourceComparator);
        debug.message("PolicyEvaluator is created");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public AppSSOTokenProvider getAppSSOTokenProvider() {
        return this.appSSOTokenProvider;
    }

    public boolean isAllowed(SSOToken sSOToken, String str, String str2) throws PolicyException, SSOException {
        return isAllowed(sSOToken, str, str2, null);
    }

    public boolean isAllowed(SSOToken sSOToken, String str, String str2, Map map) throws PolicyException, SSOException {
        Set values;
        boolean z = false;
        String str3 = this.policyProp.trueValue;
        if (str3 == null) {
            debug.error("PolicyEvaluator.isAllowed, true value is not set");
        } else {
            HashSet hashSet = new HashSet(1);
            hashSet.add(str2);
            ActionDecision actionDecision = (ActionDecision) getPolicyDecision(sSOToken, str, hashSet, map).getActionDecisions().get(str2);
            if (actionDecision != null && (values = actionDecision.getValues()) != null && !values.isEmpty()) {
                Iterator it = values.iterator();
                boolean z2 = true;
                while (true) {
                    z = z2;
                    if (!it.hasNext() || !z) {
                        break;
                    }
                    z2 = ((String) it.next()).equals(str3);
                }
            }
        }
        String valueOf = String.valueOf(z);
        String[] strArr = {str, str2, valueOf != null ? valueOf.equalsIgnoreCase("true") ? "ALLOW" : "DENY" : "DENY"};
        switch (PolicyProperties.getPolicyLogging().getIntValue()) {
            case 0:
                if (z) {
                    logAccessMessage(Level.INFO, ResBundleUtils.getString("policy_eval_allow", strArr), sSOToken);
                    break;
                }
                break;
            case 1:
                if (!z) {
                    logAccessMessage(Level.INFO, ResBundleUtils.getString("policy_eval_deny", strArr), sSOToken);
                    break;
                }
                break;
            case 2:
                logAccessMessage(Level.INFO, ResBundleUtils.getString("policy_eval_result", strArr), sSOToken);
                break;
        }
        return z;
    }

    public PolicyDecision getPolicyDecision(SSOToken sSOToken, String str, Set set) throws PolicyException, SSOException {
        return getPolicyDecision(sSOToken, str, set, null);
    }

    public PolicyDecision getPolicyDecision(SSOToken sSOToken, String str, Set set, Map map) throws PolicyException, SSOException {
        PolicyDecision evaluatePolicy = evaluatePolicy(sSOToken, str, set, map);
        if (evaluatePolicy != null && set != null && !set.isEmpty()) {
            Map actionDecisions = evaluatePolicy.getActionDecisions();
            HashSet hashSet = new HashSet(actionDecisions.size());
            for (String str2 : actionDecisions.keySet()) {
                if (!set.contains(str2)) {
                    hashSet.add(str2);
                }
            }
            Iterator it = hashSet.iterator();
            while (it.hasNext()) {
                actionDecisions.remove(it.next());
            }
        }
        return evaluatePolicy;
    }

    private PolicyDecision evaluatePolicy(SSOToken sSOToken, String str, Set set, Map map) throws PolicyException, SSOException {
        ResourceResult resourceResult;
        PolicyDecision policyDecision = null;
        if (sSOToken == null) {
            debug.error("PolicyEvaluator.evaluatePolicy user SSO token is null");
            return null;
        }
        SSOToken appSSOToken = getAppSSOToken();
        if (appSSOToken == null) {
            return null;
        }
        new ArrayList(3);
        SSOEntry entry = this.cache.getEntry(this.serviceName, sSOToken);
        if (entry != null && !entry.validate(str)) {
            entry = null;
        }
        if (entry != null && entry.hasSameEnvironment(map) && (resourceResult = entry.getResourceResult(getRootResourceName(str))) != null) {
            if (debug.messageEnabled()) {
                debug.message("PolicyEvaluator.evaluatePolicy, got res. root from cache");
            }
            policyDecision = getPolicyDecision(resourceResult, str);
        }
        if (policyDecision == null) {
            if (debug.messageEnabled()) {
                debug.message("PolicyEvaluator.evaluatePolicy, get results from server");
            }
            ResourceResult evalPolicy = evalPolicy(sSOToken, appSSOToken, str, map);
            if (evalPolicy != null) {
                if (entry == null) {
                    entry = new SSOEntry(this.serviceName, sSOToken, map, this.policyProp.pollInterval, evalPolicy, this.cache);
                    this.cache.addEntry(this.serviceName, entry);
                }
                entry.addResourceResult(evalPolicy);
                if (debug.messageEnabled()) {
                    debug.message("PolicyEvaluator:evaluatePolicy, cache is updated");
                }
                policyDecision = getPolicyDecision(evalPolicy, str);
            }
        } else if (debug.messageEnabled()) {
            debug.message("PolicyEvaluator:evaluatePolicy, result is from cache");
        }
        return policyDecision;
    }

    private SSOToken getAppSSOToken() {
        SSOToken appSSOToken = this.appSSOTokenProvider != null ? this.appSSOTokenProvider.getAppSSOToken() : AuthService.getApplicationSSOToken(this.policyProp.appUserName, this.policyProp.appPassword);
        if (appSSOToken == null) {
            debug.error("PolicyEvaluator.getAppSSOToken, cannot obtain application SSO token");
        }
        return appSSOToken;
    }

    private void resetDefaultAppSSOToken() {
        AuthService.resetAppSSOToken();
    }

    private ResourceResult evalPolicy(SSOToken sSOToken, SSOToken sSOToken2, String str, Map map) throws PolicyException {
        PolicyService evaluatePolicy;
        ResourceResult resourceResult = null;
        URL serviceURL = this.policyProp.getServiceURL("policy");
        if (serviceURL != null && (evaluatePolicy = evaluatePolicy(getPolicyEvalRequestXML(sSOToken, sSOToken2, map, getRootResourceName(str)), serviceURL)) != null) {
            PolicyResponse policyResponse = evaluatePolicy.getPolicyResponse();
            String exceptionMsg = policyResponse.getExceptionMsg();
            if (exceptionMsg != null) {
                if (exceptionMsg.indexOf(ResBundleUtils.getString("app_sso_token_invalid")) < 0) {
                    debug.error(new StringBuffer().append("PolicyEvaluator.evalPolicy : policy response exception ").append(exceptionMsg).toString());
                    throw new PolicyException(exceptionMsg);
                }
                if (debug.warningEnabled()) {
                    debug.warning(new StringBuffer().append("PolicyEvaluator.evalPolicy : policy response exception ").append(policyResponse.getExceptionMsg()).toString());
                    debug.warning("PolicyEvaluator.evalPolicy : Default Application SSO token is invalid");
                    debug.warning("PolicyEvaluator.evalPolicy :  Resetting Default Application SSO token");
                }
                resetDefaultAppSSOToken();
                SSOToken appSSOToken = getAppSSOToken();
                if (debug.warningEnabled()) {
                    debug.warning("PolicyEvaluator.evalPolicy : Making Second attempt to fetch policy");
                }
                return evalPolicyInternal(sSOToken, appSSOToken, str, map);
            }
            Set resourceResults = policyResponse.getResourceResults();
            if (resourceResults != null) {
                resourceResult = (ResourceResult) resourceResults.iterator().next();
            }
        }
        return resourceResult;
    }

    private ResourceResult evalPolicyInternal(SSOToken sSOToken, SSOToken sSOToken2, String str, Map map) throws PolicyException {
        PolicyService evaluatePolicy;
        ResourceResult resourceResult = null;
        URL serviceURL = this.policyProp.getServiceURL("policy");
        if (serviceURL != null && (evaluatePolicy = evaluatePolicy(getPolicyEvalRequestXML(sSOToken, sSOToken2, map, getRootResourceName(str)), serviceURL)) != null) {
            PolicyResponse policyResponse = evaluatePolicy.getPolicyResponse();
            String exceptionMsg = policyResponse.getExceptionMsg();
            if (exceptionMsg != null) {
                debug.error(new StringBuffer().append("PolicyEvaluator.evalPolicy : policy response exception ").append(exceptionMsg).toString());
                throw new PolicyException(exceptionMsg);
            }
            Set resourceResults = policyResponse.getResourceResults();
            if (resourceResults != null) {
                resourceResult = (ResourceResult) resourceResults.iterator().next();
            }
        }
        return resourceResult;
    }

    private PolicyService evaluatePolicy(String str, URL url) {
        if (debug.messageEnabled()) {
            debug.message(new StringBuffer().append("sending policy request to ").append(url).toString());
        }
        PolicyService policyService = null;
        Request request = new Request(str);
        RequestSet requestSet = new RequestSet("policy");
        requestSet.addRequest(request);
        try {
            policyService = PolicyService.parseXML(((Response) PLLClient.send(url, requestSet).elementAt(0)).getContent());
        } catch (SendRequestException e) {
            debug.warning("PolicyEvaluator.evaluatePolicy", e);
        } catch (PolicyEvaluationException e2) {
            debug.warning("PolicyEvaluator.evaluatePolicy", e2);
        }
        return policyService;
    }

    private String getPolicyEvalRequestXML(SSOToken sSOToken, SSOToken sSOToken2, Map map, String str) {
        ResourceResultRequest resourceResultRequest = new ResourceResultRequest();
        if (map != null) {
            resourceResultRequest.setEnvParms(map);
        }
        resourceResultRequest.setResponseAttributes(this.policyProp.responseAttrs);
        resourceResultRequest.setResourceScope("subtree");
        resourceResultRequest.setResourceName(str);
        resourceResultRequest.setServiceName(this.serviceName);
        resourceResultRequest.setUserSSOToken(sSOToken.getTokenID().toString());
        PolicyRequest policyRequest = new PolicyRequest();
        policyRequest.setMethodID(1);
        policyRequest.setAppSSOToken(sSOToken2.getTokenID().toString());
        policyRequest.setResourceResultRequest(resourceResultRequest);
        PolicyService policyService = new PolicyService();
        policyService.setMethodID(1);
        policyService.setPolicyRequest(policyRequest);
        if (debug.messageEnabled()) {
            debug.message(policyService.toXMLString());
        }
        return policyService.toXMLString();
    }

    private void getResourceComparator() throws PolicyEvaluationException {
        Map map = this.policyProp.resourceConfig;
        try {
            this.resourceComparator = (ResourceName) Class.forName(this.policyProp.resComparatorClassName).newInstance();
            this.resourceComparator.initialize(map);
        } catch (ClassNotFoundException e) {
            throw new PolicyEvaluationException(e);
        } catch (IllegalAccessException e2) {
            throw new PolicyEvaluationException(e2);
        } catch (InstantiationException e3) {
            throw new PolicyEvaluationException(e3);
        }
    }

    private String getRootResourceName(String str) {
        return (str == null || str.equals("")) ? "" : this.resourceComparator.split(str)[0];
    }

    private PolicyDecision getPolicyDecision(ResourceResult resourceResult, String str) {
        long currentTimeMillis = System.currentTimeMillis();
        HashSet hashSet = new HashSet();
        ArrayList arrayList = new ArrayList();
        boolean z = false;
        arrayList.add(resourceResult);
        while (!arrayList.isEmpty() && !z) {
            ResourceResult resourceResult2 = (ResourceResult) arrayList.remove(0);
            ResourceMatch compare = this.resourceComparator.compare(str, resourceResult2.getResourceName(), this.policyProp.useWildcard);
            if (compare.equals(ResourceMatch.EXACT_MATCH)) {
                hashSet.clear();
                PolicyDecision policyDecision = resourceResult2.getPolicyDecision();
                z = resourceResult2.isStale() || isDecisionExpired(policyDecision, currentTimeMillis);
                if (!z) {
                    hashSet.add(policyDecision);
                    arrayList.clear();
                }
            } else if (compare.equals(ResourceMatch.WILDCARD_MATCH)) {
                PolicyDecision policyDecision2 = resourceResult2.getPolicyDecision();
                z = resourceResult2.isStale() || isDecisionExpired(policyDecision2, currentTimeMillis);
                if (!z) {
                    hashSet.add(policyDecision2);
                    arrayList.addAll(resourceResult2.getResourceResults());
                }
            } else {
                arrayList.addAll(resourceResult2.getResourceResults());
            }
        }
        if (z) {
            return null;
        }
        return hashSet.isEmpty() ? getEmptyPolicyDecision(resourceResult) : mergePolicyDecisions(resourceResult, hashSet);
    }

    private PolicyDecision getEmptyPolicyDecision(ResourceResult resourceResult) {
        PolicyDecision policyDecision = (PolicyDecision) resourceResult.getPolicyDecision().clone();
        policyDecision.getActionDecisions().clear();
        return policyDecision;
    }

    private PolicyDecision mergePolicyDecisions(ResourceResult resourceResult, Set set) {
        Iterator it = set.iterator();
        PolicyDecision policyDecision = (PolicyDecision) ((PolicyDecision) it.next()).clone();
        while (it.hasNext()) {
            mergePolicyDecisions((PolicyDecision) it.next(), policyDecision);
        }
        policyDecision.setResponseDecisions(resourceResult.getPolicyDecision().getResponseDecisions());
        return policyDecision;
    }

    private boolean isDecisionExpired(PolicyDecision policyDecision, long j) {
        boolean z = false;
        Map actionDecisions = policyDecision.getActionDecisions();
        Iterator it = actionDecisions.keySet().iterator();
        while (it.hasNext() && !z) {
            long timeToLive = ((ActionDecision) actionDecisions.get(it.next())).getTimeToLive();
            z = timeToLive != Long.MAX_VALUE && timeToLive < j;
        }
        return z;
    }

    static void mergePolicyDecisions(PolicyDecision policyDecision, PolicyDecision policyDecision2) {
        Map actionDecisions = policyDecision.getActionDecisions();
        Map actionDecisions2 = policyDecision2.getActionDecisions();
        for (String str : actionDecisions.keySet()) {
            ((ActionDecision) actionDecisions2.get(str)).getValues().addAll(((ActionDecision) actionDecisions.get(str)).getValues());
        }
    }

    private void logAccessMessage(Level level, String str, SSOToken sSOToken) {
        try {
            if (accessLogger == null) {
                accessLogger = (Logger) Logger.getLogger("amRemotePolicy.access");
                if (accessLogger == null) {
                    if (debug.warningEnabled()) {
                        debug.warning("PolicyEvaluator.logAccessMessage : Failed to create Logger");
                        return;
                    }
                    return;
                }
            }
            accessLogger.log(new LogRecord(level, str, sSOToken), getAppSSOToken());
        } catch (Throwable th) {
            if (debug.warningEnabled()) {
                debug.warning("PolicyEvaluator.logAccessMessage : Error writing access logs");
            }
        }
    }

    private void logErrorMessage(Level level, String str, SSOToken sSOToken) {
        try {
            if (errorLogger == null) {
                errorLogger = (Logger) Logger.getLogger("amRemotePolicy.error");
                if (errorLogger == null) {
                    if (debug.warningEnabled()) {
                        debug.warning("PolicyEvaluator.logAccessMessage : Failed to create Logger");
                        return;
                    }
                    return;
                }
            }
            errorLogger.log(new LogRecord(level, str, sSOToken), getAppSSOToken());
        } catch (Throwable th) {
            if (debug.warningEnabled()) {
                debug.warning("PolicyEvaluator.logAccessMessage : Error writing error logs");
            }
        }
    }
}
