package com.sun.identity.liberty.ws.idpp.plugin;

import com.iplanet.sso.SSOToken;
import com.sun.identity.liberty.ws.idpp.common.IDPPConstants;
import com.sun.identity.liberty.ws.idpp.common.IDPPUtils;
import com.sun.identity.liberty.ws.interfaces.Authorizer;
import com.sun.identity.policy.ActionDecision;
import com.sun.identity.policy.PolicyDecision;
import com.sun.identity.policy.PolicyEvaluator;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;

/* loaded from: input_file:119465-08/SUNWamsdk/reloc/SUNWam/lib/am_services.jar:com/sun/identity/liberty/ws/idpp/plugin/IDPPAuthorizer.class */
public class IDPPAuthorizer implements Authorizer {
    private static PolicyEvaluator evaluator;

    @Override // com.sun.identity.liberty.ws.interfaces.Authorizer
    public boolean isAuthorized(Object obj, String str, Object obj2, Map map) {
        return false;
    }

    @Override // com.sun.identity.liberty.ws.interfaces.Authorizer
    public Object getAuthorizationDecision(Object obj, String str, Object obj2, Map map) throws Exception {
        IDPPUtils.debug.message("IDPPAuthorizer.getAuthorizationDecision:Init");
        if (obj == null || str == null || obj2 == null) {
            IDPPUtils.debug.error("IDPPAuthorizer.isAuthorized:null input");
            throw new Exception(IDPPUtils.bundle.getString("nullInputParams"));
        }
        try {
            HashSet hashSet = new HashSet(1);
            hashSet.add(str);
            PolicyDecision policyDecision = evaluator.getPolicyDecision((SSOToken) obj, (String) obj2, hashSet);
            if (policyDecision == null) {
                if (!IDPPUtils.debug.messageEnabled()) {
                    return "deny";
                }
                IDPPUtils.debug.message("IDPPAuthorizer.getAuthorizationDecision:PolicyDecision is null");
                return "deny";
            }
            ActionDecision actionDecision = (ActionDecision) policyDecision.getActionDecisions().get(str);
            if (actionDecision == null) {
                if (!IDPPUtils.debug.messageEnabled()) {
                    return "deny";
                }
                IDPPUtils.debug.message("IDPPAuthorizer.getAuthorizationDecision:ActionDecision is null");
                return "deny";
            }
            Set values = actionDecision.getValues();
            if (values != null && !values.isEmpty()) {
                if (IDPPUtils.debug.messageEnabled()) {
                    IDPPUtils.debug.message(new StringBuffer().append("IDPPAuthorizer.getAuthorizationDecision: action values:").append(values).toString());
                }
                return values.contains("deny") ? "deny" : values.contains(IDPPConstants.INTERACT_FOR_VALUE) ? IDPPConstants.INTERACT_FOR_VALUE : values.contains(IDPPConstants.INTERACT_FOR_CONSENT) ? IDPPConstants.INTERACT_FOR_CONSENT : (String) values.iterator().next();
            }
            if (!IDPPUtils.debug.messageEnabled()) {
                return "deny";
            }
            IDPPUtils.debug.message("IDPPAuthorizer.getAuthorizationDecision:values are null");
            return "deny";
        } catch (Exception e) {
            IDPPUtils.debug.error("IDPPAuthorizer.getAuthorizationDecision:Exception during authorization.", e);
            throw e;
        }
    }

    static {
        evaluator = null;
        try {
            evaluator = new PolicyEvaluator(IDPPConstants.IDPP_SERVICE);
        } catch (Exception e) {
            IDPPUtils.debug.error("IDPPAuthorizer:Static Init failed", e);
        }
    }
}
