package com.sun.identity.saml.plugins;

import com.iplanet.am.console.base.model.AMAdminConstants;
import com.iplanet.am.util.XMLUtils;
import com.iplanet.sso.SSOToken;
import com.sun.identity.policy.PolicyEvaluator;
import com.sun.identity.saml.AssertionManager;
import com.sun.identity.saml.AssertionManagerClient;
import com.sun.identity.saml.assertion.Action;
import com.sun.identity.saml.assertion.Assertion;
import com.sun.identity.saml.assertion.AssertionIDReference;
import com.sun.identity.saml.assertion.Evidence;
import com.sun.identity.saml.assertion.Subject;
import com.sun.identity.saml.assertion.SubjectConfirmation;
import com.sun.identity.saml.common.SAMLConstants;
import com.sun.identity.saml.common.SAMLException;
import com.sun.identity.saml.common.SAMLServiceManager;
import com.sun.identity.saml.common.SAMLUtils;
import com.sun.identity.saml.protocol.AuthorizationDecisionQuery;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;

/* loaded from: input_file:120091-12/SUNWamsdk/reloc/SUNWam/lib/am_services.jar:com/sun/identity/saml/plugins/DefaultActionMapper.class */
public class DefaultActionMapper implements ActionMapper {
    @Override // com.sun.identity.saml.plugins.ActionMapper
    public String getSSOTokenID(AuthorizationDecisionQuery authorizationDecisionQuery) {
        SubjectConfirmation subjectConfirmation;
        if (authorizationDecisionQuery == null || (subjectConfirmation = authorizationDecisionQuery.getSubject().getSubjectConfirmation()) == null || !SAMLUtils.isCorrectConfirmationMethod(subjectConfirmation)) {
            return null;
        }
        return XMLUtils.getElementString(subjectConfirmation.getSubjectConfirmationData());
    }

    @Override // com.sun.identity.saml.plugins.ActionMapper
    public Assertion getSSOAssertion(AuthorizationDecisionQuery authorizationDecisionQuery, String str) {
        Evidence evidence;
        Assertion assertion;
        if (authorizationDecisionQuery == null || (evidence = authorizationDecisionQuery.getEvidence()) == null) {
            return null;
        }
        Set<Assertion> assertion2 = evidence.getAssertion();
        if (assertion2 != null) {
            for (Assertion assertion3 : assertion2) {
                if (SAMLUtils.isAuthNAssertion(assertion3)) {
                    return assertion3;
                }
            }
        }
        Set<AssertionIDReference> assertionIDReference = evidence.getAssertionIDReference();
        if (assertionIDReference == null) {
            return null;
        }
        try {
            AssertionManager assertionManager = AssertionManager.getInstance();
            for (AssertionIDReference assertionIDReference2 : assertionIDReference) {
                try {
                    String serverURL = SAMLUtils.getServerURL(assertionIDReference2.getAssertionIDReference());
                    if (serverURL != null) {
                        if (SAMLUtils.debug.messageEnabled()) {
                            SAMLUtils.debug.message(new StringBuffer().append("DefaultActionMapper: calling another in lb site:").append(serverURL).toString());
                        }
                        assertion = new AssertionManagerClient(SAMLUtils.getFullServiceURL(serverURL)).getAssertion(assertionIDReference2, str);
                    } else {
                        assertion = assertionManager.getAssertion(assertionIDReference2, str);
                    }
                } catch (Exception e) {
                    if (SAMLUtils.debug.messageEnabled()) {
                        SAMLUtils.debug.message(new StringBuffer().append("DefaultActionMapper.getSSOAssertion: exception when retrieving Assertion from IDRef:").append(e).toString());
                    }
                }
                if (SAMLUtils.isAuthNAssertion(assertion)) {
                    return assertion;
                }
            }
            return null;
        } catch (Exception e2) {
            if (!SAMLUtils.debug.messageEnabled()) {
                return null;
            }
            SAMLUtils.debug.message(new StringBuffer().append("DefaultActionMapper: Couldn't obtain AssertionManager instance:").append(e2).toString());
            return null;
        }
    }

    @Override // com.sun.identity.saml.plugins.ActionMapper
    public Map getAuthorizationDecisions(AuthorizationDecisionQuery authorizationDecisionQuery, SSOToken sSOToken, String str) throws SAMLException {
        if (authorizationDecisionQuery == null || sSOToken == null) {
            SAMLUtils.debug.message("DefaultActionMapper: null input.");
            throw new SAMLException(SAMLUtils.bundle.getString("nullInput"));
        }
        Map convertEvidence = convertEvidence(authorizationDecisionQuery.getEvidence(), authorizationDecisionQuery.getSubject(), str);
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        List<Action> action = authorizationDecisionQuery.getAction();
        PolicyEvaluator policyEvaluator = null;
        String resource = authorizationDecisionQuery.getResource();
        for (Action action2 : action) {
            String nameSpace = action2.getNameSpace();
            if (nameSpace != null && nameSpace.equals("urn:oasis:names:tc:SAML:1.0:ghpp")) {
                if (policyEvaluator == null) {
                    try {
                        policyEvaluator = new PolicyEvaluator(AMAdminConstants.WEB_SERVICE_NAME);
                    } catch (Exception e) {
                        if (SAMLUtils.debug.messageEnabled()) {
                            SAMLUtils.debug.message(new StringBuffer().append("DefaultActionMapper: Exception from policy:").append(e).toString());
                        }
                    }
                }
                if (policyEvaluator.isAllowed(sSOToken, resource, action2.getAction(), convertEvidence)) {
                    arrayList.add(action2);
                } else {
                    arrayList2.add(action2);
                }
            }
        }
        HashMap hashMap = new HashMap();
        if (!arrayList.isEmpty()) {
            hashMap.put(ActionMapper.PERMIT, arrayList);
        } else if (arrayList2.isEmpty()) {
            hashMap.put(ActionMapper.INDETERMINATE, action);
        } else {
            hashMap.put(ActionMapper.DENY, arrayList2);
        }
        return hashMap;
    }

    private Map convertEvidence(Evidence evidence, Subject subject, String str) {
        Assertion assertion;
        HashMap hashMap = new HashMap();
        if (evidence == null) {
            return hashMap;
        }
        String str2 = (String) SAMLServiceManager.getAttribute(SAMLConstants.ISSUER_NAME);
        Set<AssertionIDReference> assertionIDReference = evidence.getAssertionIDReference();
        if (assertionIDReference != null) {
            try {
                AssertionManager assertionManager = AssertionManager.getInstance();
                for (AssertionIDReference assertionIDReference2 : assertionIDReference) {
                    try {
                        String serverURL = SAMLUtils.getServerURL(assertionIDReference2.getAssertionIDReference());
                        if (serverURL != null) {
                            if (SAMLUtils.debug.messageEnabled()) {
                                SAMLUtils.debug.message(new StringBuffer().append("DefaultActionMapper:calling another server in lb site:").append(serverURL).toString());
                            }
                            assertion = new AssertionManagerClient(SAMLUtils.getFullServiceURL(serverURL)).getAssertion(assertionIDReference2, str);
                        } else {
                            assertion = assertionManager.getAssertion(assertionIDReference2, str);
                        }
                        SAMLUtils.addEnvParamsFromAssertion(hashMap, assertion, subject);
                    } catch (Exception e) {
                        if (SAMLUtils.debug.messageEnabled()) {
                            SAMLUtils.debug.message(new StringBuffer().append("DefaultActionMapper: couldn't retrieve assertion from idRef:").append(e).toString());
                        }
                    }
                }
            } catch (Exception e2) {
                if (SAMLUtils.debug.messageEnabled()) {
                    SAMLUtils.debug.message(new StringBuffer().append("DefaultActionMapper: Couldn't obtain AssertionManager instance:").append(e2).toString());
                }
            }
        }
        Set<Assertion> assertion2 = evidence.getAssertion();
        if (assertion2 != null) {
            for (Assertion assertion3 : assertion2) {
                if (assertion3.isSignatureValid() && assertion3.isTimeValid()) {
                    String issuer = assertion3.getIssuer();
                    if ((str2 != null && str2.equals(issuer)) || SAMLUtils.getSourceSite(issuer) != null) {
                        SAMLUtils.addEnvParamsFromAssertion(hashMap, assertion3, subject);
                    }
                }
            }
        }
        return hashMap;
    }
}
