package com.sun.identity.policy;

import com.iplanet.am.util.Cache;
import com.iplanet.am.util.Debug;
import com.iplanet.am.util.SystemProperties;
import com.iplanet.am.util.XMLUtils;
import com.iplanet.sso.SSOException;
import com.iplanet.sso.SSOToken;
import com.sun.identity.policy.interfaces.Condition;
import com.sun.identity.policy.interfaces.Referral;
import com.sun.identity.policy.interfaces.Subject;
import com.sun.identity.policy.plugins.OrgReferral;
import com.sun.identity.sm.AttributeSchema;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import java.util.StringTokenizer;
import org.w3c.dom.Node;
import securecomputing.swec.EasspMessage;

/* JADX WARN: Classes with same name are omitted:
  input_file:119465-01/SUNWamclnt/reloc/SUNWam/lib/amclientsdk.jar:com/sun/identity/policy/Policy.class
 */
/* loaded from: input_file:119465-01/SUNWamsdk/reloc/SUNWam/lib/am_services.jar:com/sun/identity/policy/Policy.class */
public class Policy implements Cloneable {
    static final String REFERRAL_POLICY = "referralPolicy";
    private static final int SUBJECTS_CONDITIONS_RULES = 1;
    private static final int CONDITIONS_SUBJECTS_RULES = 2;
    private static final int RULES_SUBJECTS_CONDITIONS = 3;
    private static final int RULES_CONDITIONS_SUBJECTS = 4;
    private static final int SUBJECTS_RULES_CONDITIONS = 5;
    private static final int CONDITIONS_RULES_SUBJECTS = 6;
    private static final String EVALUATION_WEIGHTS_KEY = "com.sun.identity.policy.Policy.policy_evaluation_weights";
    private int evaluationOrder;
    private static int ruleWeight;
    private static int conditionWeight;
    private static int subjectWeight;
    private int prWeight;
    private int pcWeight;
    private int psWeight;
    private String origPolicyName;
    private String policyName;
    private String description;
    private boolean referralPolicy;
    private int priority;
    private Map rules;
    private Subjects users;
    private Conditions conditions;
    private Referrals referrals;
    private String organizationName;
    private static final int MATCHED_RULE_RESULTS_CACHE_SIZE = 1000;
    private static final int MATCHED_REFERRAL_RULES_CACHE_SIZE = 100;
    private Cache matchRulesResultsCache;
    private Cache matchReferralRulesCache;
    private static String EVALUATION_WEIGHTS = null;
    private static String DEFAULT_EVALUATION_WEIGHTS = "10:10:10";
    private static final Debug DEBUG = PolicyManager.debug;

    private Policy() {
        this.evaluationOrder = 3;
        this.description = "";
        this.rules = new HashMap();
        this.users = new Subjects();
        this.conditions = new Conditions();
        this.referrals = new Referrals();
        this.matchRulesResultsCache = new Cache(1000);
        this.matchReferralRulesCache = new Cache(100);
    }

    public Policy(String str) throws InvalidNameException {
        this(str, (String) null);
    }

    private Policy(String str, int i) throws InvalidNameException {
        this.evaluationOrder = 3;
        this.description = "";
        this.rules = new HashMap();
        this.users = new Subjects();
        this.conditions = new Conditions();
        this.referrals = new Referrals();
        this.matchRulesResultsCache = new Cache(1000);
        this.matchReferralRulesCache = new Cache(100);
        validateName(str);
        this.policyName = str;
        this.priority = i;
    }

    public Policy(String str, String str2) throws InvalidNameException {
        this(str, str2, false);
    }

    public Policy(String str, String str2, boolean z) throws InvalidNameException {
        this.evaluationOrder = 3;
        this.description = "";
        this.rules = new HashMap();
        this.users = new Subjects();
        this.conditions = new Conditions();
        this.referrals = new Referrals();
        this.matchRulesResultsCache = new Cache(1000);
        this.matchReferralRulesCache = new Cache(100);
        validateName(str);
        this.policyName = str;
        if (str2 != null) {
            this.description = str2;
        }
        this.referralPolicy = z;
    }

    public Policy(PolicyManager policyManager, Node node) throws InvalidFormatException, InvalidNameException, NameNotFoundException, PolicyException {
        this.evaluationOrder = 3;
        this.description = "";
        this.rules = new HashMap();
        this.users = new Subjects();
        this.conditions = new Conditions();
        this.referrals = new Referrals();
        this.matchRulesResultsCache = new Cache(1000);
        this.matchReferralRulesCache = new Cache(100);
        if (!node.getNodeName().equalsIgnoreCase("Policy")) {
            if (PolicyManager.debug.warningEnabled()) {
                PolicyManager.debug.warning("invalid policy xml blob given to construct policy");
            }
            throw new InvalidFormatException("amPolicy", "invalid_xml_policy_root_node", null, "", 1);
        }
        this.policyName = XMLUtils.getNodeAttributeValue(node, "name");
        validateName(this.policyName);
        this.description = XMLUtils.getNodeAttributeValue(node, "description");
        String nodeAttributeValue = XMLUtils.getNodeAttributeValue(node, REFERRAL_POLICY);
        if (nodeAttributeValue != null && nodeAttributeValue.equalsIgnoreCase("true")) {
            this.referralPolicy = true;
        }
        String nodeAttributeValue2 = XMLUtils.getNodeAttributeValue(node, "priority");
        if (nodeAttributeValue2 != null) {
            try {
                this.priority = Integer.parseInt(nodeAttributeValue2);
            } catch (NumberFormatException e) {
                PolicyManager.debug.error(new StringBuffer().append("Number format exception in determining policy's priority: ").append(nodeAttributeValue2).toString(), e);
            }
        }
        Set childNodes = XMLUtils.getChildNodes(node, "Rule");
        if (childNodes != null) {
            Iterator it = childNodes.iterator();
            while (it.hasNext()) {
                Rule rule = new Rule((Node) it.next());
                this.rules.put(rule.getName(), rule);
            }
        }
        if (this.referralPolicy) {
            Node childNode = XMLUtils.getChildNode(node, "Referrals");
            if (childNode != null) {
                this.referrals = new Referrals(policyManager, childNode);
                return;
            }
            return;
        }
        Node childNode2 = XMLUtils.getChildNode(node, "Subjects");
        if (childNode2 != null) {
            this.users = new Subjects(policyManager, childNode2);
        }
        Node childNode3 = XMLUtils.getChildNode(node, "Conditions");
        if (childNode3 != null) {
            this.conditions = new Conditions(policyManager.getConditionTypeManager(), childNode3);
        }
    }

    public String getName() {
        return this.policyName;
    }

    public void setName(String str) throws InvalidNameException {
        validateName(str);
        if (this.policyName.equals(str)) {
            return;
        }
        if (this.origPolicyName == null) {
            this.origPolicyName = this.policyName;
        }
        this.policyName = str;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getOriginalName() {
        return this.origPolicyName;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setOrganizationName(String str) {
        this.organizationName = str;
    }

    public String getOrganizationName() {
        return this.organizationName;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void resetOriginalName() {
        this.origPolicyName = null;
    }

    public String getDescription() {
        return this.description;
    }

    public void setDescription(String str) throws InvalidNameException {
        if (str != null) {
            this.description = str;
        }
    }

    public boolean isReferralPolicy() {
        return this.referralPolicy;
    }

    public int getPriority() {
        return this.priority;
    }

    public void setPriority(int i) {
        this.priority = i;
    }

    public Set getRuleNames() {
        return new HashSet(this.rules.keySet());
    }

    public Rule getRule(String str) throws NameNotFoundException {
        Rule rule = (Rule) this.rules.get(str);
        if (rule == null) {
            throw new NameNotFoundException("amPolicy", "rule_not_found", null, str, 2);
        }
        return rule;
    }

    public void addRule(Rule rule) throws NameAlreadyExistsException, InvalidNameException {
        if (rule.getName() == null) {
            rule.setName(new StringBuffer().append("rule").append(ServiceTypeManager.generateRandomName()).toString());
        }
        if (this.rules.containsKey(rule.getName())) {
            throw new NameAlreadyExistsException("amPolicy", "rule_name_already_present", null, rule.getName(), 2);
        }
        if (this.rules.containsValue(rule)) {
            throw new NameAlreadyExistsException("amPolicy", "rule_already_present", null, rule.getName(), 2);
        }
        this.rules.put(rule.getName(), rule);
    }

    public void replaceRule(Rule rule) throws InvalidNameException {
        if (rule.getName() == null) {
            rule.setName(new StringBuffer().append("rule").append(ServiceTypeManager.generateRandomName()).toString());
        }
        this.rules.put(rule.getName(), rule);
    }

    public Rule removeRule(String str) {
        return (Rule) this.rules.remove(str);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Subjects getSubjects() {
        return this.users;
    }

    public Set getSubjectNames() {
        return this.users.getSubjectNames();
    }

    public Subject getSubject(String str) throws NameNotFoundException {
        return this.users.getSubject(str);
    }

    public void addSubject(String str, Subject subject) throws NameAlreadyExistsException, InvalidNameException {
        this.users.addSubject(str, subject, false);
    }

    public void addSubject(String str, Subject subject, boolean z) throws NameAlreadyExistsException, InvalidNameException {
        this.users.addSubject(str, subject, z);
    }

    public void replaceSubject(String str, Subject subject) throws NameNotFoundException {
        this.users.replaceSubject(str, subject, false);
    }

    public void replaceSubject(String str, Subject subject, boolean z) throws NameNotFoundException {
        this.users.replaceSubject(str, subject, z);
    }

    public Subject removeSubject(String str) {
        return this.users.removeSubject(str);
    }

    public void removeSubject(Subject subject) {
        String subjectName = this.users.getSubjectName(subject);
        if (subjectName != null) {
            removeSubject(subjectName);
        }
    }

    public boolean isSubjectExclusive(String str) throws NameNotFoundException {
        return this.users.isSubjectExclusive(str);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Referrals getReferrals() {
        return this.referrals;
    }

    public Set getReferralNames() {
        return this.referrals.getReferralNames();
    }

    public Referral getReferral(String str) throws NameNotFoundException {
        return this.referrals.getReferral(str);
    }

    public void addReferral(String str, Referral referral) throws NameAlreadyExistsException, InvalidNameException {
        this.referrals.addReferral(str, referral);
    }

    public void replaceReferral(String str, Referral referral) throws NameNotFoundException {
        this.referrals.replaceReferral(str, referral);
    }

    public Referral removeReferral(String str) {
        return this.referrals.removeReferral(str);
    }

    public void removeReferral(Referral referral) {
        String referralName = this.referrals.getReferralName(referral);
        if (referralName != null) {
            removeReferral(referralName);
        }
    }

    Conditions getConditions() {
        return this.conditions;
    }

    public Set getConditionNames() {
        return this.conditions.getConditionNames();
    }

    public Condition getCondition(String str) throws NameNotFoundException {
        return this.conditions.getCondition(str);
    }

    public void addCondition(String str, Condition condition) throws NameAlreadyExistsException, InvalidNameException {
        this.conditions.addCondition(str, condition);
    }

    public void replaceCondition(String str, Condition condition) throws NameNotFoundException {
        this.conditions.replaceCondition(str, condition);
    }

    public Condition removeCondition(String str) {
        return this.conditions.removeCondition(str);
    }

    public void removeCondition(Condition condition) {
        String conditionName = this.conditions.getConditionName(condition);
        if (conditionName != null) {
            removeCondition(conditionName);
        }
    }

    public void store(SSOToken sSOToken, String str) throws SSOException, NoPermissionException, NameAlreadyExistsException, NameNotFoundException, PolicyException {
        new PolicyManager(sSOToken, str).addPolicy(this);
    }

    public boolean equals(Object obj) {
        if (!(obj instanceof Policy)) {
            return false;
        }
        Policy policy = (Policy) obj;
        return this.rules.equals(policy.rules) && this.users.equals(policy.users) && this.referrals.equals(policy.referrals) && this.conditions.equals(policy.conditions);
    }

    public Object clone() {
        Policy policy;
        try {
            policy = (Policy) super.clone();
        } catch (CloneNotSupportedException e) {
            policy = new Policy();
        }
        policy.origPolicyName = this.origPolicyName;
        policy.policyName = this.policyName;
        policy.description = this.description;
        policy.rules = new HashMap();
        for (Object obj : this.rules.keySet()) {
            policy.rules.put(obj, ((Rule) this.rules.get(obj)).clone());
        }
        policy.users = (Subjects) this.users.clone();
        policy.referrals = (Referrals) this.referrals.clone();
        policy.conditions = (Conditions) this.conditions.clone();
        return policy;
    }

    public String toXML() {
        StringBuffer stringBuffer = new StringBuffer(EasspMessage.EASSP_VERSION_200);
        stringBuffer.append("<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n");
        stringBuffer.append("<Policy name=\"");
        stringBuffer.append(XMLUtils.escapeSpecialCharacters(this.policyName));
        if (this.description != null && this.description.length() > 0) {
            stringBuffer.append("\" description=\"");
            stringBuffer.append(XMLUtils.escapeSpecialCharacters(this.description));
        }
        stringBuffer.append("\" referralPolicy=\"").append(this.referralPolicy);
        stringBuffer.append("\" >");
        Iterator it = getRuleNames().iterator();
        while (it.hasNext()) {
            try {
                stringBuffer.append(getRule((String) it.next()).toXML());
            } catch (Exception e) {
                DEBUG.error(new StringBuffer().append("Error in policy.toXML():").append(e.getMessage()).toString());
            }
        }
        if (!this.referralPolicy) {
            if (!this.users.getSubjectNames().isEmpty()) {
                stringBuffer.append(this.users.toXML());
            }
            if (!this.conditions.getConditionNames().isEmpty()) {
                stringBuffer.append(this.conditions.toXML());
            }
        } else if (!this.referrals.getReferralNames().isEmpty()) {
            stringBuffer.append(this.referrals.toXML());
        }
        stringBuffer.append("\n").append("</Policy>");
        return stringBuffer.toString();
    }

    public String toString() {
        return toXML();
    }

    static void checkForCharacter(String str, char c) throws InvalidNameException {
        if (str.indexOf(c) != -1) {
            throw new InvalidNameException("amPolicy", "invalid_char_in_name", new Character[]{new Character(c)}, str, 1);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public PolicyDecision getPolicyDecision(SSOToken sSOToken, String str, String str2, Set set, Map map) throws SSOException, NameNotFoundException, PolicyException {
        PolicyDecision policyDecision = new PolicyDecision();
        ServiceType serviceType = ServiceTypeManager.getServiceTypeManager().getServiceType(str);
        if (sSOToken != null) {
            this.evaluationOrder = getEvaluationOrder(sSOToken);
        } else {
            this.evaluationOrder = 5;
        }
        if (DEBUG.messageEnabled()) {
            DEBUG.message(new StringBuffer().append("Policy ").append(getName()).append(" is Using Policy evaluation order :").append(this.evaluationOrder).toString());
        }
        if (isReferralPolicy() && !this.referrals.isEmpty()) {
            PolicyDecision policyDecision2 = this.referrals.getPolicyDecision(sSOToken, str, str2, set, map);
            if (policyDecision2 != null) {
                PolicyEvaluator.mergePolicyDecisions(serviceType, policyDecision2, policyDecision);
            }
            if (DEBUG.messageEnabled()) {
                DEBUG.message(new StringBuffer("at Policy.getPolicyDecision()").append(" after processing referrals only:").append(" principal, resource name, action names,").append(" policyName, referralResults = ").append(sSOToken != null ? sSOToken.getPrincipal().getName() : "").append(",  ").append(str2).append(",  ").append(set).append(",  ").append(getName()).append(",  ").append(policyDecision2).toString());
            }
        } else if (this.evaluationOrder == 1) {
            if (DEBUG.messageEnabled()) {
                DEBUG.message("Using policy evaluation order:SUBJECTS_CONDITIONS_RULES");
            }
            getPolicyDecisionSCR(sSOToken, serviceType, str2, set, map, policyDecision);
        } else if (this.evaluationOrder == 2) {
            if (DEBUG.messageEnabled()) {
                DEBUG.message("Using policy evaluation order:CONDITIONS_SUBJECTS_RULES");
            }
            getPolicyDecisionCSR(sSOToken, serviceType, str2, set, map, policyDecision);
        } else if (this.evaluationOrder == 3) {
            if (DEBUG.messageEnabled()) {
                DEBUG.message("Using policy evaluation order:RULES_SUBJECTS_CONDITIONS");
            }
            getPolicyDecisionRSC(sSOToken, serviceType, str2, set, map, policyDecision);
        } else if (this.evaluationOrder == 4) {
            if (DEBUG.messageEnabled()) {
                DEBUG.message("Using policy evaluation order:RULES_CONDITIONS_SUBJECTS");
            }
            getPolicyDecisionRCS(sSOToken, serviceType, str2, set, map, policyDecision);
        } else if (this.evaluationOrder == 5) {
            if (DEBUG.messageEnabled()) {
                DEBUG.message("Using policy evaluation order:SUBJECTS_RULES_CONDITIONS");
            }
            getPolicyDecisionSRC(sSOToken, serviceType, str2, set, map, policyDecision);
        } else if (this.evaluationOrder == 6) {
            if (DEBUG.messageEnabled()) {
                DEBUG.message("Using policy evaluation order:CONDITIONS_RULES_SUBJECTS");
            }
            getPolicyDecisionCRS(sSOToken, serviceType, str2, set, map, policyDecision);
        } else {
            if (DEBUG.messageEnabled()) {
                DEBUG.message("Using default policy evaluation order:RULES_CONDITIONS_SUBJECTS");
            }
            getPolicyDecisionRCS(sSOToken, serviceType, str2, set, map, policyDecision);
        }
        if (DEBUG.messageEnabled()) {
            DEBUG.message(new StringBuffer("at Policy.getPolicyDecision()").append(" principal, resource name, action names,").append(" policyName, policyDecision = ").append(sSOToken != null ? sSOToken.getPrincipal().getName() : "").append(",  ").append(str2).append(",  ").append(set).append(",  ").append(getName()).append(",  ").append(policyDecision).toString());
        }
        return policyDecision;
    }

    private Map getMatchedRuleResults(ServiceType serviceType, String str, Set set) throws NameNotFoundException {
        String name = serviceType.getName();
        String stringBuffer = new StringBuffer(100).append(name).append(str).append(set).toString();
        Map map = (Map) this.matchRulesResultsCache.get(stringBuffer);
        if (map == null) {
            map = new HashMap();
            Iterator it = this.rules.values().iterator();
            while (it.hasNext()) {
                PolicyUtils.appendMapToMap(((Rule) it.next()).getActionValues(name, str, set), map);
            }
            for (String str2 : map.keySet()) {
                Set set2 = (Set) map.get(str2);
                if (set2.size() == 2) {
                    ActionSchema actionSchema = null;
                    AttributeSchema.Syntax syntax = null;
                    try {
                        actionSchema = serviceType.getActionSchema(str2);
                        syntax = actionSchema.getSyntax();
                    } catch (InvalidNameException e) {
                        PolicyManager.debug.error(new StringBuffer().append("can not find action schmea for action = ").append(str2).toString(), e);
                    }
                    if (AttributeSchema.Syntax.BOOLEAN.equals(syntax)) {
                        set2.remove(actionSchema.getTrueValue());
                    }
                }
            }
            this.matchRulesResultsCache.put(stringBuffer, map);
        }
        return cloneRuleResults(map);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Set getResourceNames(SSOToken sSOToken, String str, String str2, boolean z) throws PolicyException, SSOException {
        HashSet hashSet = new HashSet();
        ServiceType serviceType = ServiceTypeManager.getServiceTypeManager().getServiceType(str);
        for (Rule rule : this.rules.values()) {
            if (rule.getServiceType().getName().equals(str)) {
                String resourceName = rule.getResourceName();
                ResourceMatch compare = serviceType.compare(str2, resourceName, true);
                if (compare.equals(ResourceMatch.SUB_RESOURCE_MATCH) || compare.equals(ResourceMatch.EXACT_MATCH) || compare.equals(ResourceMatch.WILDCARD_MATCH)) {
                    hashSet.add(resourceName);
                }
                if (DEBUG.messageEnabled()) {
                    StringBuffer stringBuffer = new StringBuffer(EasspMessage.EASSP_VERSION_200);
                    stringBuffer.append("at Policy.getResourceNames : ");
                    stringBuffer.append(" for policyName, serviceType, resourceName, ");
                    stringBuffer.append(" ruleResource, resourceMatch :");
                    stringBuffer.append(getName()).append(",").append(str);
                    stringBuffer.append(",").append(str2).append(",");
                    stringBuffer.append(resourceName).append(",").append(compare);
                    DEBUG.message(stringBuffer.toString());
                }
            }
        }
        if (!hashSet.isEmpty() && z) {
            hashSet.addAll(this.referrals.getResourceNames(sSOToken, str, str2));
        }
        if (DEBUG.messageEnabled()) {
            StringBuffer stringBuffer2 = new StringBuffer(EasspMessage.EASSP_VERSION_200);
            stringBuffer2.append("at Policy.getResourceNames : ");
            stringBuffer2.append(" for policyName, serviceType, resourceName, ");
            stringBuffer2.append(" followReferral, resourceNames :");
            stringBuffer2.append(getName()).append(",").append(str);
            stringBuffer2.append(",").append(str2).append(",");
            stringBuffer2.append(z).append(",").append(hashSet);
            DEBUG.message(stringBuffer2.toString());
        }
        return hashSet;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Set getResourceNames(String str) throws SSOException, NameNotFoundException {
        HashSet hashSet = new HashSet();
        ServiceTypeManager.getServiceTypeManager().getServiceType(str);
        for (Rule rule : this.rules.values()) {
            if (rule.getServiceType().getName().equals(str)) {
                hashSet.add(rule.getResourceName());
            }
        }
        return hashSet;
    }

    public String getServiceTypeName() {
        return null;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Set getReferredToOrganizations() throws PolicyException {
        Set values;
        HashSet hashSet = new HashSet();
        Iterator it = this.referrals.getReferralNames().iterator();
        while (it.hasNext()) {
            Referral referral = this.referrals.getReferral((String) it.next());
            if ((referral instanceof OrgReferral) && (values = referral.getValues()) != null && values.size() != 0) {
                hashSet.add(((String) values.iterator().next()).toLowerCase());
            }
        }
        return hashSet;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setSubjectsResultTtl(long j) {
        this.users.setResultTtl(j);
    }

    private void validateName(String str) throws InvalidNameException {
        if (str == null || str.length() == 0) {
            DEBUG.message(new StringBuffer().append("Invalid policy name:").append(str).toString());
            throw new InvalidNameException("amPolicy", "null_name", null, "", 1);
        }
        if (str.indexOf(47) != -1) {
            DEBUG.message(new StringBuffer().append("Invalid policy name:").append(str).toString());
            DEBUG.message(new StringBuffer().append("Index Of /:").append(str.indexOf(47)).toString());
            throw new InvalidNameException("amPolicy", "illegal_character_/_in_name", null, "", 1);
        }
    }

    private PolicyDecision getPolicyDecisionSCR(SSOToken sSOToken, ServiceType serviceType, String str, Set set, Map map, PolicyDecision policyDecision) throws SSOException, NameNotFoundException, PolicyException {
        boolean z;
        long j;
        if (sSOToken != null) {
            z = this.users.isMember(sSOToken);
            j = this.users.getResultTtl(sSOToken);
        } else {
            z = true;
            j = Long.MAX_VALUE;
        }
        if (z) {
            ConditionDecision conditionDecision = this.conditions.getConditionDecision(sSOToken, map);
            boolean isAllowed = conditionDecision.isAllowed();
            Map advices = conditionDecision.getAdvices();
            long timeToLive = conditionDecision.getTimeToLive();
            if (timeToLive < j) {
                j = timeToLive;
            }
            if (isAllowed) {
                Map matchedRuleResults = getMatchedRuleResults(serviceType, str, set);
                if (!matchedRuleResults.isEmpty()) {
                    for (String str2 : matchedRuleResults.keySet()) {
                        policyDecision.addActionDecision(new ActionDecision(str2, (Set) matchedRuleResults.get(str2), advices, j), serviceType);
                    }
                } else {
                    policyDecision.setTimeToLive(Long.MAX_VALUE);
                }
            } else if (advices.isEmpty()) {
                policyDecision.setTimeToLive(j);
            } else {
                Iterator it = getMatchedRuleResults(serviceType, str, set).keySet().iterator();
                while (it.hasNext()) {
                    policyDecision.addActionDecision(new ActionDecision((String) it.next(), Collections.EMPTY_SET, advices, j), serviceType);
                }
            }
        } else {
            policyDecision.setTimeToLive(j);
        }
        return policyDecision;
    }

    private PolicyDecision getPolicyDecisionSRC(SSOToken sSOToken, ServiceType serviceType, String str, Set set, Map map, PolicyDecision policyDecision) throws SSOException, NameNotFoundException, PolicyException {
        boolean z;
        long j;
        if (sSOToken != null) {
            z = this.users.isMember(sSOToken);
            j = this.users.getResultTtl(sSOToken);
        } else {
            z = true;
            j = Long.MAX_VALUE;
        }
        if (z) {
            Map matchedRuleResults = getMatchedRuleResults(serviceType, str, set);
            if (!matchedRuleResults.isEmpty()) {
                ConditionDecision conditionDecision = this.conditions.getConditionDecision(sSOToken, map);
                boolean isAllowed = conditionDecision.isAllowed();
                Map advices = conditionDecision.getAdvices();
                long timeToLive = conditionDecision.getTimeToLive();
                if (timeToLive < j) {
                    j = timeToLive;
                }
                if (isAllowed) {
                    for (String str2 : matchedRuleResults.keySet()) {
                        policyDecision.addActionDecision(new ActionDecision(str2, (Set) matchedRuleResults.get(str2), advices, j), serviceType);
                    }
                } else if (advices.isEmpty()) {
                    policyDecision.setTimeToLive(j);
                } else {
                    Iterator it = matchedRuleResults.keySet().iterator();
                    while (it.hasNext()) {
                        policyDecision.addActionDecision(new ActionDecision((String) it.next(), Collections.EMPTY_SET, advices, j), serviceType);
                    }
                }
            } else {
                policyDecision.setTimeToLive(Long.MAX_VALUE);
            }
        } else {
            policyDecision.setTimeToLive(j);
        }
        return policyDecision;
    }

    private PolicyDecision getPolicyDecisionCSR(SSOToken sSOToken, ServiceType serviceType, String str, Set set, Map map, PolicyDecision policyDecision) throws SSOException, NameNotFoundException, PolicyException {
        ConditionDecision conditionDecision = this.conditions.getConditionDecision(sSOToken, map);
        boolean isAllowed = conditionDecision.isAllowed();
        Map advices = conditionDecision.getAdvices();
        long timeToLive = conditionDecision.getTimeToLive();
        if (isAllowed) {
            boolean isMember = this.users.isMember(sSOToken);
            long resultTtl = this.users.getResultTtl(sSOToken);
            if (resultTtl < timeToLive) {
                timeToLive = resultTtl;
            }
            if (isMember) {
                Map matchedRuleResults = getMatchedRuleResults(serviceType, str, set);
                if (!matchedRuleResults.isEmpty()) {
                    for (String str2 : matchedRuleResults.keySet()) {
                        policyDecision.addActionDecision(new ActionDecision(str2, (Set) matchedRuleResults.get(str2), advices, timeToLive), serviceType);
                    }
                } else {
                    policyDecision.setTimeToLive(Long.MAX_VALUE);
                }
            } else {
                policyDecision.setTimeToLive(timeToLive);
            }
        } else {
            boolean z = false;
            if (!advices.isEmpty()) {
                z = this.users.isMember(sSOToken);
                long resultTtl2 = this.users.getResultTtl(sSOToken);
                if (resultTtl2 < timeToLive) {
                    timeToLive = resultTtl2;
                }
            }
            if (z) {
                Iterator it = getMatchedRuleResults(serviceType, str, set).keySet().iterator();
                while (it.hasNext()) {
                    policyDecision.addActionDecision(new ActionDecision((String) it.next(), Collections.EMPTY_SET, advices, timeToLive), serviceType);
                }
            } else {
                policyDecision.setTimeToLive(timeToLive);
            }
        }
        return policyDecision;
    }

    private PolicyDecision getPolicyDecisionCRS(SSOToken sSOToken, ServiceType serviceType, String str, Set set, Map map, PolicyDecision policyDecision) throws SSOException, NameNotFoundException, PolicyException {
        ConditionDecision conditionDecision = this.conditions.getConditionDecision(sSOToken, map);
        boolean isAllowed = conditionDecision.isAllowed();
        Map advices = conditionDecision.getAdvices();
        long timeToLive = conditionDecision.getTimeToLive();
        Map matchedRuleResults = getMatchedRuleResults(serviceType, str, set);
        if (!isAllowed) {
            boolean z = false;
            if (!advices.isEmpty()) {
                z = this.users.isMember(sSOToken);
                long resultTtl = this.users.getResultTtl(sSOToken);
                if (resultTtl < timeToLive) {
                    timeToLive = resultTtl;
                }
            }
            if (z) {
                Iterator it = getMatchedRuleResults(serviceType, str, set).keySet().iterator();
                while (it.hasNext()) {
                    policyDecision.addActionDecision(new ActionDecision((String) it.next(), Collections.EMPTY_SET, advices, timeToLive), serviceType);
                }
            } else {
                policyDecision.setTimeToLive(timeToLive);
            }
        } else if (!matchedRuleResults.isEmpty()) {
            boolean isMember = this.users.isMember(sSOToken);
            long resultTtl2 = this.users.getResultTtl(sSOToken);
            if (resultTtl2 < timeToLive) {
                timeToLive = resultTtl2;
            }
            if (isMember) {
                for (String str2 : matchedRuleResults.keySet()) {
                    policyDecision.addActionDecision(new ActionDecision(str2, (Set) matchedRuleResults.get(str2), advices, timeToLive), serviceType);
                }
            } else {
                policyDecision.setTimeToLive(timeToLive);
            }
        } else {
            policyDecision.setTimeToLive(Long.MAX_VALUE);
        }
        return policyDecision;
    }

    private PolicyDecision getPolicyDecisionRSC(SSOToken sSOToken, ServiceType serviceType, String str, Set set, Map map, PolicyDecision policyDecision) throws SSOException, NameNotFoundException, PolicyException {
        Map matchedRuleResults = getMatchedRuleResults(serviceType, str, set);
        if (!matchedRuleResults.isEmpty()) {
            boolean isMember = this.users.isMember(sSOToken);
            long resultTtl = this.users.getResultTtl(sSOToken);
            if (isMember) {
                ConditionDecision conditionDecision = this.conditions.getConditionDecision(sSOToken, map);
                boolean isAllowed = conditionDecision.isAllowed();
                Map advices = conditionDecision.getAdvices();
                long timeToLive = conditionDecision.getTimeToLive();
                if (timeToLive < resultTtl) {
                    resultTtl = timeToLive;
                }
                if (isAllowed) {
                    for (String str2 : matchedRuleResults.keySet()) {
                        policyDecision.addActionDecision(new ActionDecision(str2, (Set) matchedRuleResults.get(str2), advices, resultTtl), serviceType);
                    }
                } else {
                    Iterator it = matchedRuleResults.keySet().iterator();
                    if (advices.isEmpty()) {
                        policyDecision.setTimeToLive(resultTtl);
                    } else {
                        while (it.hasNext()) {
                            policyDecision.addActionDecision(new ActionDecision((String) it.next(), Collections.EMPTY_SET, advices, resultTtl), serviceType);
                        }
                    }
                }
            } else {
                policyDecision.setTimeToLive(resultTtl);
            }
        } else {
            policyDecision.setTimeToLive(Long.MAX_VALUE);
        }
        return policyDecision;
    }

    private PolicyDecision getPolicyDecisionRCS(SSOToken sSOToken, ServiceType serviceType, String str, Set set, Map map, PolicyDecision policyDecision) throws SSOException, NameNotFoundException, PolicyException {
        Map matchedRuleResults = getMatchedRuleResults(serviceType, str, set);
        if (!matchedRuleResults.isEmpty()) {
            ConditionDecision conditionDecision = this.conditions.getConditionDecision(sSOToken, map);
            boolean isAllowed = conditionDecision.isAllowed();
            Map advices = conditionDecision.getAdvices();
            long timeToLive = conditionDecision.getTimeToLive();
            if (isAllowed) {
                boolean isMember = this.users.isMember(sSOToken);
                long resultTtl = this.users.getResultTtl(sSOToken);
                if (resultTtl < timeToLive) {
                    timeToLive = resultTtl;
                }
                if (isMember) {
                    for (String str2 : matchedRuleResults.keySet()) {
                        policyDecision.addActionDecision(new ActionDecision(str2, (Set) matchedRuleResults.get(str2), advices, timeToLive), serviceType);
                    }
                } else {
                    policyDecision.setTimeToLive(timeToLive);
                }
            } else {
                boolean z = false;
                if (!advices.isEmpty()) {
                    z = this.users.isMember(sSOToken);
                    long resultTtl2 = this.users.getResultTtl(sSOToken);
                    if (resultTtl2 < timeToLive) {
                        timeToLive = resultTtl2;
                    }
                }
                if (z) {
                    Iterator it = matchedRuleResults.keySet().iterator();
                    while (it.hasNext()) {
                        policyDecision.addActionDecision(new ActionDecision((String) it.next(), Collections.EMPTY_SET, advices, timeToLive), serviceType);
                    }
                } else {
                    policyDecision.setTimeToLive(timeToLive);
                }
            }
        } else {
            policyDecision.setTimeToLive(Long.MAX_VALUE);
        }
        return policyDecision;
    }

    private int getEvaluationOrder(SSOToken sSOToken) throws SSOException {
        int i = 4;
        int i2 = this.users.isSubjectResultCached(sSOToken) ? 0 : this.psWeight;
        if (i2 <= this.pcWeight && this.pcWeight <= this.prWeight) {
            i = 1;
        } else if (this.pcWeight <= i2 && i2 <= this.prWeight) {
            i = 2;
        } else if (this.prWeight <= this.pcWeight && this.pcWeight <= i2) {
            i = 4;
        } else if (this.prWeight <= i2 && i2 <= this.pcWeight) {
            i = 3;
        } else if (i2 <= this.prWeight && this.prWeight <= this.pcWeight) {
            i = 5;
        } else if (this.pcWeight <= this.prWeight && this.prWeight <= i2) {
            i = 6;
        }
        return i;
    }

    private static void initializeStaticEvaluationWeights() {
        EVALUATION_WEIGHTS = SystemProperties.get(EVALUATION_WEIGHTS_KEY, DEFAULT_EVALUATION_WEIGHTS);
        StringTokenizer stringTokenizer = new StringTokenizer(EVALUATION_WEIGHTS, ":");
        if (stringTokenizer.countTokens() != 3) {
            if (PolicyManager.debug.warningEnabled()) {
                PolicyManager.debug.warning(new StringBuffer().append("Policy.initializeStaticEvaluationWeights: invalid evaulationWeights defined,  defaulting to ").append(DEFAULT_EVALUATION_WEIGHTS).toString());
            }
            EVALUATION_WEIGHTS = DEFAULT_EVALUATION_WEIGHTS;
            return;
        }
        try {
            subjectWeight = Integer.parseInt(stringTokenizer.nextToken());
        } catch (NumberFormatException e) {
            if (PolicyManager.debug.warningEnabled()) {
                PolicyManager.debug.warning("Policy.initializeStaticEvaluationWeights: invalid subjectWeight defined, defaulting to 0");
            }
            subjectWeight = 0;
        }
        try {
            ruleWeight = Integer.parseInt(stringTokenizer.nextToken());
        } catch (NumberFormatException e2) {
            if (PolicyManager.debug.warningEnabled()) {
                PolicyManager.debug.warning("Policy.initializeStaticEvaluationWeights: invalid ruleWeight defined, defaulting to 0");
            }
            ruleWeight = 0;
        }
        try {
            conditionWeight = Integer.parseInt(stringTokenizer.nextToken());
        } catch (NumberFormatException e3) {
            if (PolicyManager.debug.warningEnabled()) {
                PolicyManager.debug.warning("Policy.initializeStaticEvaluationWeights: invalid conditionWeight defined, defaulting to 0");
            }
            conditionWeight = 0;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void initializeEvaluationWeights() {
        this.psWeight = this.users.size() * subjectWeight;
        this.prWeight = this.rules.size() * ruleWeight;
        this.pcWeight = this.conditions.size() * conditionWeight;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isApplicableToUser(SSOToken sSOToken) throws PolicyException, SSOException {
        return this.users.isMember(sSOToken);
    }

    static Map cloneRuleResults(Map map) {
        HashMap hashMap = new HashMap();
        if (map != null && !map.isEmpty()) {
            for (String str : map.keySet()) {
                Set set = (Set) map.get(str);
                HashSet hashSet = new HashSet();
                hashSet.addAll(set);
                hashMap.put(str, hashSet);
            }
        }
        return hashMap;
    }

    static {
        initializeStaticEvaluationWeights();
    }
}
