package com.sun.identity.policy;

import com.iplanet.am.util.Cache;
import com.iplanet.am.util.Debug;
import com.iplanet.am.util.XMLUtils;
import com.iplanet.sso.SSOException;
import com.iplanet.sso.SSOToken;
import com.iplanet.sso.SSOTokenManager;
import com.sun.identity.sm.DNMapper;
import com.sun.identity.sm.PluginSchema;
import com.sun.identity.sm.SMSEntry;
import com.sun.identity.sm.SMSException;
import com.sun.identity.sm.ServiceAlreadyExistsException;
import com.sun.identity.sm.ServiceConfig;
import com.sun.identity.sm.ServiceConfigManager;
import com.sun.identity.sm.ServiceManager;
import com.sun.identity.sm.ServiceNotFoundException;
import com.sun.identity.sm.ServiceSchemaManager;
import java.io.ByteArrayInputStream;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import javax.servlet.http.HttpServletResponse;
import netscape.ldap.util.DN;
import org.w3c.dom.Node;

/* JADX WARN: Classes with same name are omitted:
  input_file:120954-02/SUNWamclnt/reloc/SUNWam/lib/amclientsdk.jar:com/sun/identity/policy/PolicyManager.class
 */
/* loaded from: input_file:120954-02/SUNWamsdk/reloc/SUNWam/lib/am_services.jar:com/sun/identity/policy/PolicyManager.class */
public final class PolicyManager {
    public static final String POLICY_SERVICE_NAME = "iPlanetAMPolicyService";
    public static final String POLICY_DEBUG_NAME = "amPolicy";
    public static final String ORGANIZATION_NAME = "OrganizationName";
    static final String NAMED_POLICY = "Policies";
    static final String REALM_SUBJECTS = "RealmSubjects";
    static final String XML_REALM_SUBJECTS = "xmlRealmSubjects";
    private static final String NAMED_POLICY_ID = "NamedPolicy";
    static final String RESOURCES_POLICY = "Resources";
    static final String RESOURCES_POLICY_ID = "ServiceType";
    private static final String SUBJECTS_POLICY = "Subjects";
    private static final String SUBJECTS_POLICY_ID = "UserCollections";
    static final String SUBJECT_POLICY = "Subject";
    static final String REALM_SUBJECT_POLICY = "RealmSubject";
    static final String CONDITION_POLICY = "Condition";
    static final String RESP_PROVIDER_POLICY = "ResponseProvider";
    static final String REFERRAL_POLICY = "Referral";
    static final String REFERRALS_POLICY = "Referrals";
    private static final String POLICY_XML = "xmlpolicy";
    static final String POLICY_VERSION = "1.0";
    static final String POLICY_ROOT_NODE = "Policy";
    static final String POLICY_RULE_NODE = "Rule";
    static final String POLICY_SUBJECTS_NODE = "Subjects";
    static final String POLICY_CONDITIONS_NODE = "Conditions";
    static final String POLICY_RESP_PROVIDERS_NODE = "ResponseProviders";
    static final String POLICY_REFERRALS_NODE = "Referrals";
    static final String POLICY_RULE_SERVICE_NODE = "ServiceName";
    static final String POLICY_RULE_RESOURCE_NODE = "ResourceName";
    static final String ATTR_VALUE_PAIR_NODE = "AttributeValuePair";
    static final String ATTR_NODE = "Attribute";
    static final String ATTR_VALUE_NODE = "Value";
    static final String NAME_ATTRIBUTE = "name";
    static final String TYPE_ATTRIBUTE = "type";
    static final String DESCRIPTION_ATTRIBUTE = "description";
    static final String PRIORITY_ATTRIBUTE = "priority";
    static final String STATUS_ATTRIBUTE = "priority";
    static final String STATUS_ACTIVE = "active";
    static final String STATUS_INACTIVE = "inactive";
    static final String SERVICE_TYPE_NAME_ATTRIBUTE = "serviceName";
    static final String POLICY_INDEX_ROOT_NODE = "PolicyCrossReferences";
    static final String POLICY_INDEX_ROOT_NODE_NAME_ATTR = "name";
    static final String POLICY_INDEX_ROOT_NODE_TYPE_ATTR = "type";
    static final String POLICY_INDEX_ROOT_NODE_TYPE_ATTR_RESOURCES_VALUE = "Resources";
    static final String POLICY_INDEX_REFERENCE_NODE = "Reference";
    static final String POLICY_INDEX_REFERENCE_NODE_NAME_ATTR = "name";
    static final String POLICY_INDEX_POLICYNAME_NODE = "PolicyName";
    static final String POLICY_INDEX_POLICYNAME_NODE_NAME_ATTR = "name";
    static final long DEFAULT_SUBJECTS_RESULT_TTL = 600000;

    /* renamed from: org, reason: collision with root package name */
    private String f5org;
    private String givenOrgName;
    private ServiceConfigManager scm;
    private ResourceManager rm;
    private ServiceTypeManager svtm;
    private SubjectTypeManager stm;
    private ConditionTypeManager ctm;
    private ResponseProviderTypeManager rpm;
    private Cache cachedPolicies;
    private ReferralTypeManager rtm;
    private PolicyCache policyCache;
    private ResourceIndexManager rim;
    private static ServiceSchemaManager ssm;
    SSOToken token;
    static Debug debug = Debug.getInstance("amPolicy");
    public static final String DELEGATION_REALM = "/sunamhiddenrealmdelegationservicepermissions";
    static DN delegationRealm = new DN(DNMapper.orgNameToDN(DELEGATION_REALM));

    public PolicyManager(SSOToken sSOToken) throws SSOException, PolicyException {
        this(sSOToken, "");
        if (debug.messageEnabled()) {
            debug.message("Policy Manager constructed using SSO token");
        }
    }

    public PolicyManager(SSOToken sSOToken, String str) throws SSOException, NameNotFoundException, PolicyException {
        this.f5org = "/";
        this.givenOrgName = "";
        this.cachedPolicies = new Cache(HttpServletResponse.SC_OK);
        SSOTokenManager.getInstance().validateToken(sSOToken);
        this.token = sSOToken;
        try {
            this.scm = new ServiceConfigManager("iPlanetAMPolicyService", sSOToken);
            this.f5org = verifyOrgName(str);
            this.givenOrgName = str;
            this.rm = new ResourceManager(sSOToken, this.f5org, this.scm);
            if (debug.messageEnabled()) {
                debug.message(new StringBuffer().append("Policy Manager constructed with SSO token  for organization: ").append(this.f5org).toString());
            }
            this.policyCache = PolicyCache.getInstance();
            this.svtm = ServiceTypeManager.getServiceTypeManager();
            this.rim = new ResourceIndexManager(this.rm);
        } catch (SMSException e) {
            debug.error("In constructor for PolicyManager with orgNameUnable to get service config manager", e);
            throw new PolicyException(e);
        }
    }

    public String getOrganizationName() {
        return this.givenOrgName;
    }

    public Map getPolicyConfig() {
        Map map = null;
        try {
            map = PolicyConfig.getPolicyConfig(this.f5org);
        } catch (PolicyException e) {
            debug.error(new StringBuffer().append("PolicyManager:can not get policy config  for org : ").append(this.f5org).toString(), e);
        }
        if (map != null) {
            HashSet hashSet = new HashSet();
            hashSet.add(this.f5org);
            map.put("OrganizationName", hashSet);
        } else {
            debug.error(new StringBuffer().append("PolicyManager: policy config is null for org:").append(this.f5org).append(". Most likely it has been unregistered.").append(" It is not recommended to unregister the policy").append(" configuration serivce. If you do so, the result").append(" is undefined.").toString());
        }
        return map;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String getOrganizationDN() {
        return this.f5org;
    }

    public Set getPolicyNames() throws SSOException, NoPermissionException, PolicyException {
        return getPolicyNames("*");
    }

    public Set getPolicyNames(String str) throws SSOException, NoPermissionException, PolicyException {
        try {
            ServiceConfig organizationConfig = this.scm.getOrganizationConfig(this.f5org, null);
            ServiceConfig subConfig = organizationConfig == null ? null : organizationConfig.getSubConfig(NAMED_POLICY);
            return subConfig == null ? Collections.EMPTY_SET : str.equals("*") ? subConfig.getSubConfigNames() : subConfig.getSubConfigNames(str);
        } catch (SMSException e) {
            debug.error(new StringBuffer().append("Unable to get named policies for organization: ").append(this.f5org).toString());
            String[] strArr = {this.f5org};
            if (e.getExceptionCode() == SMSException.STATUS_NO_PERMISSION) {
                throw new NoPermissionException("amPolicy", "insufficient_access_rights", null);
            }
            throw new PolicyException("amPolicy", "unable_to_get_policies_for_organization", strArr, e);
        }
    }

    public String getPolicyDN(String str) throws SSOException, NoPermissionException, NameNotFoundException, PolicyException {
        getPolicy(str);
        StringBuffer stringBuffer = new StringBuffer(100);
        stringBuffer.append("ou=");
        stringBuffer.append(str);
        stringBuffer.append(",ou=");
        stringBuffer.append(NAMED_POLICY);
        stringBuffer.append(",ou=default,ou=organizationConfig,ou=");
        stringBuffer.append("1.0");
        stringBuffer.append(",ou=");
        stringBuffer.append("iPlanetAMPolicyService");
        stringBuffer.append(",ou=services,");
        stringBuffer.append(this.f5org);
        return stringBuffer.toString();
    }

    public Policy getPolicy(String str) throws SSOException, NoPermissionException, InvalidFormatException, NameNotFoundException, InvalidNameException, PolicyException {
        ServiceConfig subConfig;
        Map attributes;
        Set set;
        if (str == null) {
            throw new InvalidNameException("amPolicy", "null_name", null, "null", 1);
        }
        if (debug.messageEnabled()) {
            debug.message(new StringBuffer().append("searching for named policy: ").append(str).append(" in organization: ").append(this.f5org).toString());
        }
        try {
            ServiceConfig organizationConfig = this.scm.getOrganizationConfig(this.f5org, null);
            ServiceConfig subConfig2 = organizationConfig == null ? null : organizationConfig.getSubConfig(NAMED_POLICY);
            if (subConfig2 == null || (subConfig = subConfig2.getSubConfig(str)) == null || (attributes = subConfig.getAttributes()) == null || (set = (Set) attributes.get(POLICY_XML)) == null || set.size() <= 0) {
                if (debug.warningEnabled()) {
                    debug.warning(new StringBuffer().append("Unable to find named policy: ").append(str).append(" in organization: ").append(this.f5org).toString());
                }
                throw new NameNotFoundException("amPolicy", "policy_not_found_in_organization", new String[]{str, this.f5org}, str, 1);
            }
            try {
                Node rootNode = XMLUtils.getRootNode(XMLUtils.getXMLDocument(new ByteArrayInputStream(((String) set.iterator().next()).getBytes("UTF8"))), "Policy");
                if (rootNode == null) {
                    debug.error(new StringBuffer().append("invalid xml policy blob for named policy: ").append(str).append(" in organization: ").append(this.f5org).toString());
                    throw new InvalidFormatException("amPolicy", "invalid_xml_policy_root_node", null, str, 1);
                }
                if (debug.messageEnabled()) {
                    debug.message(new StringBuffer().append("returning named policy: ").append(str).append(" for organization: ").append(this.f5org).toString());
                }
                Policy policy = new Policy(this, rootNode);
                Map policyConfig = getPolicyConfig();
                if (policyConfig != null) {
                    policy.setSubjectsResultTtl(PolicyConfig.getSubjectsResultTtl(policyConfig));
                }
                return policy;
            } catch (Exception e) {
                debug.error(new StringBuffer().append("XML parsing error for policy: ").append(str).append(" in organization: ").append(this.f5org).toString());
                throw new PolicyException(e);
            }
        } catch (SMSException e2) {
            debug.error(new StringBuffer().append("SMS error in finding named policy: ").append(str).append(" in organization: ").append(this.f5org).toString());
            String[] strArr = {str, this.f5org};
            if (e2.getExceptionCode() == SMSException.STATUS_NO_PERMISSION) {
                throw new NoPermissionException("amPolicy", "insufficient_access_rights", null);
            }
            throw new PolicyException("amPolicy", "unable_to_get_policy", strArr, e2);
        }
    }

    public void addPolicy(Policy policy) throws SSOException, NameAlreadyExistsException, NoPermissionException, InvalidFormatException, PolicyException {
        String lowerCase = new DN(getOrganizationDN()).toRFCString().toLowerCase();
        String subjectRealm = policy.getSubjectRealm();
        String[] strArr = {lowerCase, subjectRealm};
        if (subjectRealm != null && !subjectRealm.equals(lowerCase)) {
            if (debug.messageEnabled()) {
                debug.message(new StringBuffer().append("Can not add policy in realm :").append(lowerCase).append(", policy has realm subjects ").append(" from realm : ").append(subjectRealm).toString());
            }
            throw new InvalidFormatException("amPolicy", "policy_realm_does_not_match", strArr, null, lowerCase, 1);
        }
        validateForResourcePrefix(policy);
        validateReferrals(policy);
        String xml = policy.toXML();
        HashMap hashMap = new HashMap();
        HashSet hashSet = new HashSet();
        hashSet.add(xml);
        hashMap.put(POLICY_XML, hashSet);
        try {
            createOrGetPolicyConfig(NAMED_POLICY, NAMED_POLICY, this.scm, this.f5org).addSubConfig(policy.getName(), NAMED_POLICY_ID, 0, hashMap);
            this.rim.addPolicyToResourceTree(this.svtm, this.token, policy);
            if (PolicyUtils.logStatus) {
                PolicyUtils.logAccessMessage("POLICY_CREATE_SUCCESS", new String[]{policy.getName(), this.f5org}, this.token);
            }
        } catch (ServiceAlreadyExistsException e) {
            String[] strArr2 = {policy.getName(), this.f5org};
            if (PolicyUtils.logStatus) {
                PolicyUtils.logErrorMessage("POLICY_ALREADY_EXISTS_IN_REALM", strArr2, this.token);
            }
            throw new NameAlreadyExistsException("amPolicy", "policy_already_exists_in_org", strArr2, policy.getName(), 1);
        } catch (SMSException e2) {
            String[] strArr3 = {policy.getName(), this.f5org};
            if (PolicyUtils.logStatus) {
                PolicyUtils.logErrorMessage("UNABLE_TO_ADD_POLICY", strArr3, this.token);
            }
            debug.error(new StringBuffer().append("SMS error in add policy: ").append(policy.getName()).append(" for org: ").append(this.f5org).toString(), e2);
            if (e2.getExceptionCode() != SMSException.STATUS_NO_PERMISSION) {
                throw new PolicyException("amPolicy", "unable_to_add_policy", strArr3, e2);
            }
            throw new NoPermissionException("amPolicy", "insufficient_access_rights", null);
        }
    }

    public void replacePolicy(Policy policy) throws SSOException, NameNotFoundException, NoPermissionException, InvalidFormatException, PolicyException {
        String name;
        String organizationDN = getOrganizationDN();
        String subjectRealm = policy.getSubjectRealm();
        String[] strArr = {organizationDN, subjectRealm};
        if (subjectRealm != null && !subjectRealm.equals(organizationDN)) {
            if (debug.messageEnabled()) {
                debug.message(new StringBuffer().append("Can not replace policy in realm :").append(organizationDN).append(", policy has realm subjects ").append(" from realm : ").append(subjectRealm).toString());
            }
            throw new InvalidFormatException("amPolicy", "policy_realm_does_not_match", strArr, null, organizationDN, 1);
        }
        String xml = policy.toXML();
        HashMap hashMap = new HashMap();
        HashSet hashSet = new HashSet();
        hashSet.add(xml);
        hashMap.put(POLICY_XML, hashSet);
        ServiceConfig createOrGetPolicyConfig = createOrGetPolicyConfig(NAMED_POLICY, NAMED_POLICY, this.scm, this.f5org);
        try {
            String name2 = policy.getName();
            String originalName = policy.getOriginalName();
            ServiceConfig subConfig = createOrGetPolicyConfig.getSubConfig(name2);
            ServiceConfig serviceConfig = null;
            if (originalName != null) {
                serviceConfig = createOrGetPolicyConfig.getSubConfig(originalName);
                name = originalName;
            } else {
                name = policy.getName();
            }
            if (subConfig != null) {
                String[] strArr2 = {policy.getName(), this.f5org};
                if (originalName != null && !policy.getName().equalsIgnoreCase(originalName)) {
                    if (PolicyUtils.logStatus) {
                        PolicyUtils.logErrorMessage("DID_NOT_REPLACE_POLICY", strArr2, this.token);
                    }
                    throw new NameAlreadyExistsException("amPolicy", "policy_already_exists_in_org", strArr2, policy.getName(), 1);
                }
                Policy policy2 = getPolicy(policy.getName());
                validateForResourcePrefix(policy);
                validateReferrals(policy);
                subConfig.setAttributes(hashMap);
                if (policy2 != null) {
                    this.rim.replacePolicyInResourceTree(this.svtm, this.token, policy2, policy);
                }
            } else {
                if (serviceConfig == null) {
                    throw new NameNotFoundException("amPolicy", "policy_not_found_in_organization", new String[]{policy.getName(), this.f5org}, policy.getName(), 1);
                }
                removePolicy(originalName);
                addPolicy(policy);
                policy.resetOriginalName();
            }
            if (PolicyUtils.logStatus) {
                PolicyUtils.logAccessMessage("POLICY_MODIFY_SUCCESS", new String[]{name, this.f5org}, this.token);
            }
        } catch (SMSException e) {
            String[] strArr3 = {null, this.f5org};
            if (PolicyUtils.logStatus) {
                PolicyUtils.logErrorMessage("UNABLE_TO_REPLACE_POLICY", strArr3, this.token);
            }
            debug.error(new StringBuffer().append("SMS error in replacing policy: ").append(policy.getOriginalName()).append(" for org: ").append(this.f5org).toString(), e);
            if (e.getExceptionCode() != SMSException.STATUS_NO_PERMISSION) {
                throw new PolicyException("amPolicy", "unable_to_replace_policy", strArr3, e);
            }
            throw new NoPermissionException("amPolicy", "insufficient_access_rights", null);
        }
    }

    public void removePolicy(String str) throws SSOException, NoPermissionException, PolicyException {
        getOrganizationDN();
        if (str == null) {
            if (debug.warningEnabled()) {
                debug.warning("In PolicyManager::removePolicy(), name is null");
            }
            throw new InvalidNameException("amPolicy", "null_name", null, "null", 1);
        }
        try {
            ServiceConfig organizationConfig = this.scm.getOrganizationConfig(this.f5org, null);
            ServiceConfig subConfig = organizationConfig == null ? null : organizationConfig.getSubConfig(NAMED_POLICY);
            if (subConfig != null) {
                subConfig.getSubConfig(str);
                Policy policy = getPolicy(str);
                subConfig.removeSubConfig(str);
                if (policy != null) {
                    this.rim.removePolicyFromResourceTree(this.svtm, this.token, policy);
                }
            }
        } catch (ServiceNotFoundException e) {
            debug.error(new StringBuffer().append("Error while removing policy : ").append(e.getMessage()).toString());
        } catch (SMSException e2) {
            String[] strArr = {str, this.f5org};
            if (PolicyUtils.logStatus) {
                PolicyUtils.logErrorMessage("UNABLE_TO_REMOVE_POLICY", strArr, this.token);
            }
            debug.error(new StringBuffer().append("SMS error in deleting policy: ").append(str).append(" for org: ").append(this.f5org).toString(), e2);
            if (e2.getExceptionCode() != SMSException.STATUS_NO_PERMISSION) {
                throw new PolicyException("amPolicy", "unable_to_remove_policy", strArr, e2);
            }
            throw new NoPermissionException("amPolicy", "insufficient_access_rights", null);
        }
        String[] strArr2 = {str, this.f5org};
        if (PolicyUtils.logStatus) {
            PolicyUtils.logAccessMessage("POLICY_REMOVE_SUCCESS", strArr2, this.token);
        }
    }

    public ResourceManager getResourceManager() {
        return this.rm;
    }

    public SubjectTypeManager getSubjectTypeManager() {
        if (this.stm == null) {
            this.stm = new SubjectTypeManager(this);
        }
        return this.stm;
    }

    public ConditionTypeManager getConditionTypeManager() {
        if (this.ctm == null) {
            this.ctm = new ConditionTypeManager(this);
        }
        return this.ctm;
    }

    public ResponseProviderTypeManager getResponseProviderTypeManager() {
        if (this.rpm == null) {
            this.rpm = new ResponseProviderTypeManager(this);
        }
        return this.rpm;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Code restructure failed: missing block: B:17:0x006e, code lost:
    
        if (r0 == null) goto L19;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static com.sun.identity.sm.ServiceConfig createOrGetPolicyConfig(java.lang.String r7, java.lang.String r8, com.sun.identity.sm.ServiceConfigManager r9, java.lang.String r10) throws com.sun.identity.policy.NoPermissionException, com.sun.identity.policy.PolicyException, com.iplanet.sso.SSOException {
        /*
            Method dump skipped, instructions count: 243
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.sun.identity.policy.PolicyManager.createOrGetPolicyConfig(java.lang.String, java.lang.String, com.sun.identity.sm.ServiceConfigManager, java.lang.String):com.sun.identity.sm.ServiceConfig");
    }

    static void createPolicyTree(String str, String str2, ServiceConfigManager serviceConfigManager, String str3) throws NoPermissionException, PolicyException, SSOException {
        try {
            ServiceConfig organizationConfig = serviceConfigManager.getOrganizationConfig(str3, null);
            if (organizationConfig == null) {
                serviceConfigManager.createOrganizationConfig(str3, null);
                organizationConfig = serviceConfigManager.getOrganizationConfig(str3, null);
            }
            organizationConfig.addSubConfig(str, str2, 0, null);
        } catch (ServiceAlreadyExistsException e) {
            if (debug.messageEnabled()) {
                debug.message(new StringBuffer().append("PolicyManager->createPolicyTree: Name: ").append(str).append(" ID: ").append(str2).append(" Policy service already exists under org->").append(str3).toString());
            }
        } catch (SMSException e2) {
            String[] strArr = {str3};
            if (e2.getExceptionCode() != SMSException.STATUS_NO_PERMISSION) {
                throw new PolicyException("amPolicy", "unable_to_create_policy_for_org", strArr, e2);
            }
            throw new NoPermissionException("amPolicy", "insufficient_access_rights", null);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String verifyOrgName(String str) throws InvalidNameException, NameNotFoundException, SSOException {
        if (str == null) {
            throw new InvalidNameException("amPolicy", "null_name", null, "null", 4);
        }
        String orgNameToDN = DNMapper.orgNameToDN(str);
        if (SMSEntry.checkIfEntryExists(orgNameToDN, this.token)) {
            return orgNameToDN;
        }
        if (debug.warningEnabled()) {
            debug.warning(new StringBuffer().append("Checking for organization name: ").append(orgNameToDN).append(" failed since entry does not exist").toString());
        }
        throw new NameNotFoundException("amPolicy", "org_not_found", new String[]{str}, orgNameToDN, 4);
    }

    Set getSubOrganizationNames() throws SSOException, NoPermissionException, PolicyException {
        throw new UnsupportedOperationException();
    }

    Set getSubOrganizationNames(String str) throws SSOException, PolicyException {
        throw new UnsupportedOperationException();
    }

    PolicyManager getSubOrganizationPolicyManager(String str) throws SSOException, PolicyException {
        return new PolicyManager(this.token, new StringBuffer().append(this.f5org).append("/").append(str).toString());
    }

    ServiceTypeManager getServiceTypeManager() {
        return this.svtm;
    }

    public ReferralTypeManager getReferralTypeManager() {
        if (this.rtm == null) {
            this.rtm = new ReferralTypeManager(this);
        }
        return this.rtm;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Set getPluginSchemaNames(String str) {
        if (ssm == null) {
            try {
                ssm = new ServiceSchemaManager("iPlanetAMPolicyService", ServiceTypeManager.getSSOToken());
            } catch (Exception e) {
                debug.error("Cannot create service schema manager for policy", e);
                return Collections.EMPTY_SET;
            }
        }
        try {
            Set pluginSchemaNames = ssm.getPluginSchemaNames(str, null);
            return pluginSchemaNames == null ? Collections.EMPTY_SET : pluginSchemaNames;
        } catch (Exception e2) {
            debug.error(new StringBuffer().append("Cannot get plugin schemas: ").append(str).append(" for policy").toString(), e2);
            return Collections.EMPTY_SET;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static PluginSchema getPluginSchema(String str, String str2) {
        if (!getPluginSchemaNames(str).contains(str2)) {
            return null;
        }
        try {
            return ssm.getPluginSchema(str2, str, null);
        } catch (Exception e) {
            debug.error(new StringBuffer().append("Cannot get plugin schemas: ").append(str).append(" for policy").toString(), e);
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String getViewBeanURL(String str, String str2) {
        String str3 = null;
        if (str != null) {
            Iterator it = getPluginSchemaNames(str).iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                PluginSchema pluginSchema = getPluginSchema(str, (String) it.next());
                if (str2.equals(pluginSchema.getClassName())) {
                    str3 = pluginSchema.getPropertiesViewBeanURL();
                    break;
                }
            }
        }
        return str3;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Policy getPolicy(String str, boolean z) throws SSOException, NoPermissionException, InvalidFormatException, NameNotFoundException, InvalidFormatException, PolicyException {
        return z ? this.policyCache.getPolicy(this.f5org, str) : getPolicy(str);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ResourceIndexManager getResourceIndexManager() {
        return this.rim;
    }

    private boolean validateResourceForPrefix(ServiceType serviceType, String str) throws PolicyException {
        boolean z = false;
        Iterator it = this.rm.getManagedResourceNames(serviceType.getName()).iterator();
        while (it.hasNext()) {
            ResourceMatch compare = serviceType.compare(str, (String) it.next(), true);
            if (compare.equals(ResourceMatch.SUPER_RESOURCE_MATCH) || compare.equals(ResourceMatch.WILDCARD_MATCH) || compare.equals(ResourceMatch.EXACT_MATCH)) {
                z = true;
                break;
            }
        }
        return z;
    }

    private void validateForResourcePrefix(Policy policy) throws SSOException, PolicyException {
        DN dn = new DN(this.f5org);
        DN dn2 = new DN(ServiceManager.getBaseDN());
        Set managedResourceNames = this.rm.getManagedResourceNames();
        if (!dn.equals(dn2) && !dn.equals(delegationRealm) && (managedResourceNames == null || managedResourceNames.isEmpty())) {
            throw new PolicyException("amPolicy", "no_referral_can_not_create_policy", new String[]{this.f5org}, null);
        }
        Iterator it = policy.getRuleNames().iterator();
        while (it.hasNext()) {
            Rule rule = policy.getRule((String) it.next());
            ServiceType serviceType = getServiceTypeManager().getServiceType(rule.getServiceTypeName());
            String resourceName = rule.getResourceName();
            boolean z = true;
            if (!dn.equals(dn2) && !dn.equals(delegationRealm)) {
                z = validateResourceForPrefix(serviceType, resourceName);
            }
            if (!z) {
                throw new PolicyException("amPolicy", "resource_name_not_permitted_by_prefix_names", new String[]{resourceName, serviceType.getName()}, null);
            }
        }
    }

    private void validateReferrals(Policy policy) throws SSOException, PolicyException {
        Set referredToOrganizations = policy.getReferredToOrganizations();
        if (referredToOrganizations.contains(this.f5org.toLowerCase())) {
            throw new PolicyException("amPolicy", "invalid_referral_pointing_to_self", new String[]{this.f5org}, null);
        }
        Iterator it = referredToOrganizations.iterator();
        while (it.hasNext()) {
            verifyOrgName((String) it.next());
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void saveRealmSubjects(Subjects subjects) throws PolicyException, SSOException {
        ServiceConfig createOrGetPolicyConfig = createOrGetPolicyConfig(REALM_SUBJECTS, REALM_SUBJECTS, this.scm, this.f5org);
        HashMap hashMap = new HashMap(1);
        HashSet hashSet = new HashSet(1);
        String xml = subjects.toXML();
        hashSet.add(xml);
        hashMap.put(XML_REALM_SUBJECTS, hashSet);
        try {
            createOrGetPolicyConfig.setAttributes(hashMap);
            if (debug.messageEnabled()) {
                debug.message(new StringBuffer().append("saved realm subjects:").append(xml).toString());
            }
        } catch (SMSException e) {
            debug.error(new StringBuffer().append("SMS error in saving realm subjects  in organization: ").append(this.f5org).toString());
            String[] strArr = {this.f5org};
            if (e.getExceptionCode() != SMSException.STATUS_NO_PERMISSION) {
                throw new PolicyException("amPolicy", "unable_to_save_realm_subjects", strArr, e);
            }
            throw new PolicyException("amPolicy", "insufficient_access_rights", null, e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Subjects readRealmSubjects() throws PolicyException, SSOException {
        Subjects subjects;
        Set set = (Set) createOrGetPolicyConfig(REALM_SUBJECTS, REALM_SUBJECTS, this.scm, this.f5org).getAttributes().get(XML_REALM_SUBJECTS);
        if (set == null || set.isEmpty()) {
            subjects = new Subjects();
        } else {
            try {
                Node rootNode = XMLUtils.getRootNode(XMLUtils.getXMLDocument(new ByteArrayInputStream(((String) set.iterator().next()).getBytes("UTF8"))), "Subjects");
                if (rootNode == null) {
                    debug.error(new StringBuffer().append("invalid xmlRealmSubjects blob  in organization: ").append(this.f5org).toString());
                    throw new InvalidFormatException("amPolicy", "invalid_xml_realmsubjects_root_node", null, this.f5org, 1);
                }
                subjects = new Subjects(this, rootNode);
            } catch (Exception e) {
                debug.error(new StringBuffer().append("XML parsing error for realmSubjects:  in organization: ").append(this.f5org).toString());
                throw new PolicyException(e);
            }
        }
        if (debug.messageEnabled()) {
            debug.message(new StringBuffer().append("read realm subjects:").append(subjects.toXML()).toString());
        }
        subjects.setPolicyConfig(getPolicyConfig());
        return subjects;
    }

    public Set getPoliciesUsingRealmSubject(String str) throws PolicyException, SSOException {
        HashSet hashSet = new HashSet();
        Iterator it = getPolicyNames().iterator();
        while (it.hasNext()) {
            Policy policy = getPolicy((String) it.next());
            if (policy.getSubjectNames().contains(str) && (policy.getSubject(str) instanceof SharedSubject)) {
                hashSet.add(policy);
            }
        }
        return hashSet;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Policy getPolicyUsingRealmSubject(String str) throws PolicyException, SSOException {
        Policy policy = null;
        Iterator it = getPolicyNames().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            Policy policy2 = getPolicy((String) it.next());
            if (policy2.getSubjectNames().contains(str) && (policy2.getSubject(str) instanceof SharedSubject)) {
                policy = policy2;
                break;
            }
        }
        return policy;
    }
}
