package com.sun.identity.policy.plugins;

import com.iplanet.sso.SSOException;
import com.iplanet.sso.SSOToken;
import com.sun.identity.authentication.util.AMAuthUtils;
import com.sun.identity.policy.ConditionDecision;
import com.sun.identity.policy.PolicyException;
import com.sun.identity.policy.Syntax;
import com.sun.identity.policy.interfaces.Condition;
import com.sun.identity.shared.debug.Debug;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.Set;

/* loaded from: input_file:com/sun/identity/policy/plugins/LEAuthLevelCondition.class */
public class LEAuthLevelCondition implements Condition {
    private Map properties;
    private String authLevel;
    private String authRealm;
    private int authLevelInt;
    private static final Debug DEBUG = Debug.getInstance("amPolicy");
    private static List propertyNames = new ArrayList(1);

    @Override // com.sun.identity.policy.interfaces.Condition
    public List getPropertyNames() {
        return new ArrayList(propertyNames);
    }

    @Override // com.sun.identity.policy.interfaces.Condition
    public Syntax getPropertySyntax(String str) {
        return Syntax.NONE;
    }

    @Override // com.sun.identity.policy.interfaces.Condition
    public String getDisplayName(String str, Locale locale) throws PolicyException {
        return "";
    }

    @Override // com.sun.identity.policy.interfaces.Condition
    public Set getValidValues(String str) throws PolicyException {
        return Collections.EMPTY_SET;
    }

    @Override // com.sun.identity.policy.interfaces.Condition
    public void setProperties(Map map) throws PolicyException {
        this.properties = (HashMap) map;
        validateProperties();
    }

    @Override // com.sun.identity.policy.interfaces.Condition
    public Map getProperties() {
        if (this.properties == null) {
            return null;
        }
        return Collections.unmodifiableMap(this.properties);
    }

    @Override // com.sun.identity.policy.interfaces.Condition
    public ConditionDecision getConditionDecision(SSOToken sSOToken, Map map) throws PolicyException, SSOException {
        boolean z = false;
        if (DEBUG.messageEnabled()) {
            DEBUG.message("LEAuthLevelCondition.getConditionDecision():entering");
        }
        int maxRequestAuthLevel = getMaxRequestAuthLevel(map);
        if (maxRequestAuthLevel == Integer.MIN_VALUE) {
            maxRequestAuthLevel = getMaxRequestAuthLevel(sSOToken);
        }
        if (maxRequestAuthLevel <= this.authLevelInt) {
            z = true;
        }
        if (DEBUG.messageEnabled()) {
            DEBUG.message(new StringBuffer().append("At AuthLevelCondition.getConditionDecision():authLevel=").append(this.authLevel).append(",maxRequestAuthLevel=").append(maxRequestAuthLevel).append(",allowed = ").append(z).toString());
        }
        return new ConditionDecision(z);
    }

    @Override // com.sun.identity.policy.interfaces.Condition
    public Object clone() {
        try {
            LEAuthLevelCondition lEAuthLevelCondition = (LEAuthLevelCondition) super.clone();
            if (this.properties != null) {
                lEAuthLevelCondition.properties = new HashMap();
                for (Object obj : this.properties.keySet()) {
                    HashSet hashSet = new HashSet();
                    hashSet.addAll((Set) this.properties.get(obj));
                    lEAuthLevelCondition.properties.put(obj, hashSet);
                }
            }
            return lEAuthLevelCondition;
        } catch (CloneNotSupportedException e) {
            throw new InternalError();
        }
    }

    private boolean validateProperties() throws PolicyException {
        if (this.properties == null || this.properties.keySet() == null) {
            throw new PolicyException("amPolicy", "properties_can_not_be_null_or_empty", null, null);
        }
        if (DEBUG.messageEnabled()) {
            DEBUG.message(new StringBuffer().append("LEAuthLevelCondition.setProperties(),properties=").append(this.properties).toString());
        }
        Set<String> keySet = this.properties.keySet();
        if (!keySet.contains("AuthLevel")) {
            throw new PolicyException("amPolicy", "property_value_not_defined", new String[]{"AuthLevel"}, null);
        }
        for (String str : keySet) {
            if (!"AuthLevel".equals(str)) {
                throw new PolicyException("amPolicy", "attempt_to_set_invalid_property ", new String[]{str}, null);
            }
        }
        Set set = (Set) this.properties.get("AuthLevel");
        if (set != null) {
            validateAuthLevels(set);
        }
        if (!DEBUG.messageEnabled()) {
            return true;
        }
        DEBUG.message(new StringBuffer().append("LEAuthLevelCondition.setProperties(),authLevel=").append(this.authLevel).append(",authRealm=").append(this.authRealm).append(",authLevelInt=").append(this.authLevelInt).toString());
        return true;
    }

    private boolean validateAuthLevels(Set set) throws PolicyException {
        if (set.isEmpty() || set.size() > 1) {
            throw new PolicyException("amPolicy", "property_does_not_allow_empty_or_multiple_values", new String[]{"AuthLevel"}, null);
        }
        this.authLevel = (String) set.iterator().next();
        try {
            this.authRealm = AMAuthUtils.getRealmFromRealmQualifiedData(this.authLevel);
            this.authLevelInt = Integer.parseInt(AMAuthUtils.getDataFromRealmQualifiedData(this.authLevel));
            return true;
        } catch (NumberFormatException e) {
            throw new PolicyException("amPolicy", "property_is_not_an_Integer", new String[]{"AuthLevel"}, null);
        }
    }

    private int getMaxRequestAuthLevel(Map map) throws PolicyException {
        int i = Integer.MIN_VALUE;
        if (DEBUG.messageEnabled()) {
            DEBUG.message(new StringBuffer().append("LEAuthLevelCondition.getMaxRequestAuthLevel(envMap,realm): entering: envMap= ").append(map).append(", authRealm= ").append(this.authRealm).append(", conditionAuthLevel= ").append(this.authLevel).toString());
        }
        Object obj = map.get(Condition.REQUEST_AUTH_LEVEL);
        if (obj != null) {
            if (!(obj instanceof Integer)) {
                if (!(obj instanceof Set)) {
                    if (DEBUG.warningEnabled()) {
                        DEBUG.warning("LEAuthLevelCondition.getMaxRequestAuthLevel():requestAuthLevel in env neither Integer nor Set");
                    }
                    throw new PolicyException("amPolicy", "request_authlevel_in_env_not_Integer_or_set", null, null);
                }
                Set set = (Set) obj;
                if (!set.isEmpty()) {
                    for (Object obj2 : set) {
                        if (!(obj2 instanceof String)) {
                            if (DEBUG.warningEnabled()) {
                                DEBUG.warning("LEAuthLevelCondition.getMaxRequestAuthLevel():requestAuthLevel Set element not String");
                            }
                            throw new PolicyException("amPolicy", "request_authlevel_in_env_set_element_not_string", null, null);
                        }
                        String str = (String) obj2;
                        int authLevel = getAuthLevel(str);
                        if (this.authRealm != null && this.authRealm.length() != 0) {
                            if (this.authRealm.equals(AMAuthUtils.getRealmFromRealmQualifiedData(str)) && authLevel > i) {
                                i = authLevel;
                            }
                        } else if (authLevel > i) {
                            i = authLevel;
                        }
                    }
                }
            } else if (this.authRealm == null || this.authRealm.length() == 0) {
                i = ((Integer) obj).intValue();
                if (DEBUG.messageEnabled()) {
                    DEBUG.message(new StringBuffer().append("AuthLevelCondition.getMaxRequestAuthLevel():Integer level in env= ").append(i).toString());
                }
            }
        }
        if (DEBUG.messageEnabled()) {
            DEBUG.message(new StringBuffer().append("LEAuthLevelCondition.getMaxRequestAuthLevel(): returning: maxAuthLevel=").append(i).toString());
        }
        return i;
    }

    private int getMaxRequestAuthLevel(SSOToken sSOToken) throws PolicyException, SSOException {
        int i = Integer.MIN_VALUE;
        if (DEBUG.messageEnabled()) {
            DEBUG.message(new StringBuffer().append("LEAuthLevelCondition.getMaxRequestAuthLevel(token,realm): entering: authRealm = ").append(this.authRealm).append(", conditionAuthLevel= ").append(this.authLevel).toString());
        }
        if (this.authRealm == null || this.authRealm.length() == 0) {
            Set authenticatedLevels = AMAuthUtils.getAuthenticatedLevels(sSOToken);
            if (DEBUG.messageEnabled()) {
                DEBUG.message(new StringBuffer().append("LEAuthLevelCondition.getMaxRequestAuthLevel(): levels from token= ").append(authenticatedLevels).toString());
            }
            if (authenticatedLevels != null && !authenticatedLevels.isEmpty()) {
                Iterator it = authenticatedLevels.iterator();
                while (it.hasNext()) {
                    int authLevel = getAuthLevel((String) it.next());
                    i = authLevel > i ? authLevel : i;
                }
            }
        } else {
            Set<String> realmQualifiedAuthenticatedLevels = AMAuthUtils.getRealmQualifiedAuthenticatedLevels(sSOToken);
            if (DEBUG.messageEnabled()) {
                DEBUG.message(new StringBuffer().append("LEAuthLevelCondition.getMaxRequestAuthLevel(): qualifiedLeves from token= ").append(realmQualifiedAuthenticatedLevels).toString());
            }
            if (realmQualifiedAuthenticatedLevels != null && !realmQualifiedAuthenticatedLevels.isEmpty()) {
                for (String str : realmQualifiedAuthenticatedLevels) {
                    if (this.authLevel.equals(str)) {
                        int authLevel2 = getAuthLevel(str);
                        i = authLevel2 > i ? authLevel2 : i;
                    }
                }
            }
        }
        if (DEBUG.messageEnabled()) {
            DEBUG.message(new StringBuffer().append("LEAuthLevelCondition.getMaxRequestAuthLevel(): returning: maxAuthLevel= ").append(i).toString());
        }
        return i;
    }

    private int getAuthLevel(String str) throws PolicyException {
        String dataFromRealmQualifiedData = AMAuthUtils.getDataFromRealmQualifiedData(str);
        try {
            return Integer.parseInt(dataFromRealmQualifiedData);
        } catch (NumberFormatException e) {
            if (DEBUG.warningEnabled()) {
                DEBUG.warning(new StringBuffer().append("LEAuthLevelCondition.getAuthLevel(qualifiedLevel):got NumberFormatException:qualifiedLevel=").append(str).append(", levelString = ").append(dataFromRealmQualifiedData).toString());
            }
            throw new PolicyException("amPolicy", "auth_level_not_integer", new Object[]{dataFromRealmQualifiedData}, e);
        }
    }

    static {
        propertyNames.add("AuthLevel");
    }
}
