package com.sun.identity.policy.remote;

import com.iplanet.am.sdk.AMStoreConnection;
import com.iplanet.am.util.Debug;
import com.iplanet.services.comm.server.RequestHandler;
import com.iplanet.services.comm.share.Request;
import com.iplanet.services.comm.share.Response;
import com.iplanet.services.comm.share.ResponseSet;
import com.iplanet.sso.SSOToken;
import com.sun.identity.policy.PolicyDecision;
import com.sun.identity.policy.PolicyEvaluator;
import com.sun.identity.policy.PolicyException;
import com.sun.identity.policy.ResBundleUtils;
import com.sun.identity.policy.ResourceResult;
import com.sun.identity.policy.ResourceResults;
import com.sun.identity.policy.interfaces.PolicyListener;
import com.sun.identity.session.util.RestrictedTokenHelper;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import java.util.TimeZone;
import java.util.Vector;
import javax.servlet.ServletContext;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/* loaded from: input_file:119465-03/SUNWamsdk/reloc/SUNWam/lib/am_services.jar:com/sun/identity/policy/remote/PolicyRequestHandler.class */
public class PolicyRequestHandler implements RequestHandler {
    static final String REQUEST_AUTH_LEVEL = "requestAuthLevel";
    static final String REQUEST_AUTH_SCHEMES = "requestAuthSchemes";
    static final String REQUEST_IP = "requestIp";
    static final String REQUEST_TIME = "requestTime";
    static final String REQUEST_TIME_ZONE = "requestTimeZone";
    static Debug debug = PolicyService.debug;
    static Map policyEvaluators = Collections.synchronizedMap(new HashMap());
    static Map listenerRegistry = Collections.synchronizedMap(new HashMap());

    @Override // com.iplanet.services.comm.server.RequestHandler
    public ResponseSet process(Vector vector, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, ServletContext servletContext) {
        Response response;
        ResponseSet responseSet = new ResponseSet(PolicyService.POLICY_SERVICE);
        int size = vector.size();
        for (int i = 0; i < size; i++) {
            try {
                response = processRequest((Request) vector.elementAt(i));
            } catch (PolicyEvaluationException e) {
                PolicyService policyService = new PolicyService();
                PolicyResponse policyResponse = new PolicyResponse();
                policyResponse.setMethodID(4);
                policyResponse.setRequestId(e.getRequestId());
                policyResponse.setExceptionMsg(e.getMessage());
                policyService.setMethodID(2);
                policyService.setPolicyResponse(policyResponse);
                response = new Response(policyService.toXMLString());
            }
            if (response != null) {
                responseSet.addResponse(response);
            }
        }
        return responseSet;
    }

    private Response processRequest(Request request) throws PolicyEvaluationException {
        String content = request.getContent();
        if (debug.messageEnabled()) {
            debug.message(new StringBuffer().append("PolicyRequestHandler.processRequest(): content is ").append(content).toString());
        }
        PolicyService parseXML = PolicyService.parseXML(content);
        if (debug.messageEnabled()) {
            debug.message(new StringBuffer().append("PolicyRequestHandler.processRequest(): policy service object:").append(parseXML.toXMLString()).toString());
        }
        PolicyService processPolicyServiceRequest = processPolicyServiceRequest(parseXML);
        if (debug.messageEnabled()) {
            debug.message(new StringBuffer().append("PolicyRequestHandler.processRequest(): get response from policy framework: \n").append(processPolicyServiceRequest.toXMLString()).toString());
        }
        return new Response(processPolicyServiceRequest.toXMLString());
    }

    private PolicyService processPolicyServiceRequest(PolicyService policyService) throws PolicyEvaluationException {
        if (policyService.getMethodID() != 1) {
            debug.error("PolicyRequestHandler.processPolicyServiceRequest(): invalid policy request type");
            throw new PolicyEvaluationException("amPolicy", "invalid_policy_request_type", null, null);
        }
        PolicyRequest policyRequest = policyService.getPolicyRequest();
        PolicyService policyService2 = new PolicyService();
        PolicyResponse processPolicyRequest = processPolicyRequest(policyRequest);
        policyService2.setMethodID(2);
        policyService2.setPolicyResponse(processPolicyRequest);
        return policyService2;
    }

    private PolicyResponse processPolicyRequest(PolicyRequest policyRequest) throws PolicyEvaluationException {
        ResourceResults resourceResults;
        if (debug.messageEnabled()) {
            debug.message(new StringBuffer().append("PolicyRequestHandler.processPolicyRequest(): req received:\n").append(policyRequest.toXMLString()).toString());
        }
        PolicyResponse policyResponse = new PolicyResponse();
        String requestId = policyRequest.getRequestId();
        policyResponse.setRequestId(requestId);
        String appSSOToken = policyRequest.getAppSSOToken();
        try {
            SSOToken sSOToken = getSSOToken(appSSOToken, null);
            if (policyRequest.getMethodID() == 2) {
                PolicyListenerRequest policyListenerRequest = policyRequest.getPolicyListenerRequest();
                if (addPolicyListener(policyListenerRequest)) {
                    policyResponse.setMethodID(2);
                } else {
                    policyResponse.setExceptionMsg(ResBundleUtils.getString("failed.add.policy.listener", new String[]{policyListenerRequest.getNotificationURL()}));
                    policyResponse.setMethodID(4);
                }
                return policyResponse;
            }
            if (policyRequest.getMethodID() == 3) {
                RemoveListenerRequest removeListenerRequest = policyRequest.getRemoveListenerRequest();
                if (removePolicyListener(removeListenerRequest)) {
                    policyResponse.setMethodID(3);
                } else {
                    policyResponse.setExceptionMsg(ResBundleUtils.getString("failed.remove.policy.listener", new String[]{removeListenerRequest.getNotificationURL()}));
                    policyResponse.setMethodID(4);
                }
                return policyResponse;
            }
            if (policyRequest.getMethodID() != 1) {
                debug.error("PolicyRequestHandler: Invalid policy request format");
                throw new PolicyEvaluationException("amPolicy", "invalid_policy_request_format", null, null);
            }
            ResourceResultRequest resourceResultRequest = policyRequest.getResourceResultRequest();
            String userSSOToken = resourceResultRequest.getUserSSOToken();
            SSOToken sSOToken2 = null;
            if (userSSOToken != null && !userSSOToken.equals("") && !userSSOToken.equals("null")) {
                try {
                    sSOToken2 = getSSOToken(userSSOToken, sSOToken);
                } catch (PolicyException e) {
                    if (debug.warningEnabled()) {
                        debug.warning(new StringBuffer().append("PolicyRequestHandler: Invalid user sso token, ").append(userSSOToken).toString());
                    }
                    throw new PolicyEvaluationException("amPolicy", "user_sso_token_invalid", null, null, requestId);
                }
            }
            HashSet hashSet = new HashSet();
            Set responseAttributes = resourceResultRequest.getResponseAttributes();
            if (debug.messageEnabled()) {
                debug.message(new StringBuffer().append("PolicyRequestHandler.processPolicyRequest(): respAttrs=\n").append(responseAttributes).toString());
            }
            Map map = null;
            if (responseAttributes != null && sSOToken2 != null) {
                map = getResponseDecisions(sSOToken2, responseAttributes);
            }
            String serviceName = resourceResultRequest.getServiceName();
            String resourceName = resourceResultRequest.getResourceName();
            String resourceScope = resourceResultRequest.getResourceScope();
            if (resourceScope == null || !resourceScope.equals("response-attributes-only")) {
                Map envParms = resourceResultRequest.getEnvParms();
                try {
                    convertEnvParams(envParms);
                    try {
                        resourceResults = new ResourceResults(getPolicyEvaluator(serviceName).getResourceResults(sSOToken2, resourceName, resourceScope, envParms));
                        if (debug.messageEnabled()) {
                            debug.message(new StringBuffer().append("PolicyRequestHandler.processPolicyRequest(): resource result:\n").append(resourceResults.toXML()).toString());
                        }
                    } catch (Exception e2) {
                        debug.error("PolicyRequestHandler: Evaluation error", e2);
                        throw new PolicyEvaluationException("amPolicy", "evaluation_error", null, e2, requestId);
                    }
                } catch (PolicyException e3) {
                    debug.error("PolicyRequestHandler: Invalid env parameters", e3);
                    throw new PolicyEvaluationException("amPolicy", "invalid_env_parameters", null, e3, requestId);
                }
            } else {
                ResourceResult resourceResult = new ResourceResult(resourceName, new PolicyDecision());
                HashSet hashSet2 = new HashSet();
                hashSet2.add(resourceResult);
                resourceResults = new ResourceResults(hashSet2);
            }
            resourceResults.setResponseDecisions(map);
            hashSet.addAll(resourceResults.getResourceResults());
            policyResponse.setResourceResults(hashSet);
            policyResponse.setMethodID(1);
            return policyResponse;
        } catch (PolicyException e4) {
            if (debug.warningEnabled()) {
                debug.warning(new StringBuffer().append("PolicyRequestHandler: Invalid app sso token, ").append(appSSOToken).toString());
            }
            throw new PolicyEvaluationException("amPolicy", "app_sso_token_invalid", null, null, requestId);
        }
    }

    private Map getResponseDecisions(SSOToken sSOToken, Set set) throws PolicyEvaluationException {
        if (set == null || set.size() == 0) {
            return null;
        }
        try {
            return new AMStoreConnection(sSOToken).getUser(sSOToken.getPrincipal().getName()).getAttributes(set);
        } catch (Exception e) {
            throw new PolicyEvaluationException(e);
        }
    }

    private boolean addPolicyListener(PolicyListenerRequest policyListenerRequest) {
        if (policyListenerRequest == null) {
            debug.error("PolicyRequestHandler: invalid policy listener request received");
            return false;
        }
        String serviceTypeName = policyListenerRequest.getServiceTypeName();
        String notificationURL = policyListenerRequest.getNotificationURL();
        if (listenerRegistry.containsKey(notificationURL)) {
            if (!debug.messageEnabled()) {
                return true;
            }
            debug.message(new StringBuffer().append("PolicyRequestHandler: policy listener for service ").append(serviceTypeName).append(" has already been registered; the notification URL is ").append(notificationURL).toString());
            return true;
        }
        try {
            PolicyEvaluator policyEvaluator = getPolicyEvaluator(serviceTypeName);
            if (policyEvaluator != null) {
                policyEvaluator.addPolicyListener(policyListenerRequest);
                listenerRegistry.put(notificationURL, policyListenerRequest);
                if (debug.messageEnabled()) {
                    debug.message(new StringBuffer().append("PolicyRequestHandler: policy listener for service ").append(serviceTypeName).append(" added").toString());
                }
            }
            return true;
        } catch (Exception e) {
            debug.error("PolicyRequestHandler: failed to add policy change listener", e);
            return false;
        }
    }

    private boolean removePolicyListener(RemoveListenerRequest removeListenerRequest) {
        if (removeListenerRequest == null) {
            debug.error("PolicyRequestHandler: invalid remove policy listener request received");
            return false;
        }
        String serviceName = removeListenerRequest.getServiceName();
        String notificationURL = removeListenerRequest.getNotificationURL();
        if (!listenerRegistry.containsKey(notificationURL)) {
            if (!debug.messageEnabled()) {
                return true;
            }
            debug.message(new StringBuffer().append("PolicyRequestHandler: policy listener to be removed for service ").append(serviceName).append(" has not been registered yet; the notification URL is ").append(notificationURL).toString());
            return true;
        }
        PolicyListener policyListener = (PolicyListener) listenerRegistry.get(notificationURL);
        if (policyListener == null) {
            listenerRegistry.remove(notificationURL);
            return true;
        }
        try {
            PolicyEvaluator policyEvaluator = getPolicyEvaluator(serviceName);
            if (policyEvaluator != null) {
                policyEvaluator.removePolicyListener(policyListener);
                listenerRegistry.remove(notificationURL);
                if (debug.messageEnabled()) {
                    debug.message(new StringBuffer().append("PolicyRequestHandler: policy listener for service ").append(serviceName).append(" removed").toString());
                }
            }
            return true;
        } catch (Exception e) {
            debug.error("PolicyRequestHandler: failed to remove policy change listener", e);
            return false;
        }
    }

    private void convertEnvParams(Map map) throws PolicyException {
        if (map == null || map.size() == 0) {
            return;
        }
        try {
            Set set = (Set) map.get("requestAuthLevel");
            Integer num = null;
            if (set != null) {
                if (set.size() != 0) {
                    num = new Integer((String) set.iterator().next());
                    map.put("requestAuthLevel", num);
                } else {
                    map.put("requestAuthLevel", null);
                }
            }
            if (debug.messageEnabled()) {
                debug.message(new StringBuffer().append("PolicyRequestHandler.convertEnvParams(): requestAuthLevel is ").append(num).toString());
            }
            try {
                Set set2 = (Set) map.get("requestIp");
                String str = null;
                if (set2 != null) {
                    if (set2.size() != 0) {
                        str = (String) set2.iterator().next();
                        map.put("requestIp", str);
                    } else {
                        map.put("requestIp", null);
                    }
                }
                if (debug.messageEnabled()) {
                    debug.message(new StringBuffer().append("PolicyRequestHandler.convertEnvParams(): requestIp is ").append(str).toString());
                }
                try {
                    Set set3 = (Set) map.get("requestTime");
                    Long l = null;
                    if (set3 != null) {
                        if (set3.size() != 0) {
                            l = new Long((String) set3.iterator().next());
                            map.put("requestTime", l);
                        } else {
                            map.put("requestTime", null);
                        }
                    }
                    if (debug.messageEnabled()) {
                        debug.message(new StringBuffer().append("PolicyRequestHandler.convertEnvParams(): requestTime is ").append(l).toString());
                    }
                    try {
                        Set set4 = (Set) map.get("requestTimeZone");
                        TimeZone timeZone = null;
                        if (set4 != null) {
                            if (set4.size() != 0) {
                                timeZone = TimeZone.getTimeZone((String) set4.iterator().next());
                                map.put("requestTimeZone", timeZone);
                            } else {
                                map.put("requestTimeZone", null);
                            }
                        }
                        if (debug.messageEnabled()) {
                            debug.message(new StringBuffer().append("PolicyRequestHandler.convertEnvParams(): requestTimeZone is ").append(timeZone).toString());
                        }
                    } catch (Exception e) {
                        throw new PolicyException("amPolicy", "invalid_request_time_zone_in_request", null, e);
                    }
                } catch (Exception e2) {
                    throw new PolicyException("amPolicy", "invalid_request_time_in_request", null, e2);
                }
            } catch (Exception e3) {
                throw new PolicyException("amPolicy", "invalid_ip_in_request", null, e3);
            }
        } catch (Exception e4) {
            throw new PolicyException("amPolicy", "invalid_auth_level_in_request", null, e4);
        }
    }

    private PolicyEvaluator getPolicyEvaluator(String str) throws PolicyException {
        PolicyEvaluator policyEvaluator = (PolicyEvaluator) policyEvaluators.get(str);
        if (policyEvaluator == null) {
            try {
                policyEvaluator = new PolicyEvaluator(str);
                policyEvaluators.put(str, policyEvaluator);
            } catch (Exception e) {
                debug.error(new StringBuffer().append("PolicyRequestHandler: failed to get a policy evaluator for service ").append(str).toString(), e);
                throw new PolicyException("amPolicy", "unable_to_get_an_evaluator", null, e);
            }
        }
        return policyEvaluator;
    }

    private SSOToken getSSOToken(String str, SSOToken sSOToken) throws PolicyException {
        try {
            return RestrictedTokenHelper.resolveRestrictedToken(str, sSOToken);
        } catch (Exception e) {
            throw new PolicyException("amPolicy", "invalid_sso_token", null, null);
        }
    }
}
