package com.sun.identity.policy.plugins;

import com.iplanet.am.sdk.AMException;
import com.iplanet.am.sdk.AMOrganization;
import com.iplanet.am.sdk.AMSearchControl;
import com.iplanet.am.sdk.AMSearchResults;
import com.iplanet.am.sdk.AMStoreConnection;
import com.iplanet.am.util.Debug;
import com.iplanet.sso.SSOException;
import com.iplanet.sso.SSOToken;
import com.sun.identity.policy.InvalidNameException;
import com.sun.identity.policy.NameNotFoundException;
import com.sun.identity.policy.PolicyConfig;
import com.sun.identity.policy.PolicyEvaluator;
import com.sun.identity.policy.PolicyException;
import com.sun.identity.policy.PolicyUtils;
import com.sun.identity.policy.SubjectEvaluationCache;
import com.sun.identity.policy.Syntax;
import com.sun.identity.policy.ValidValues;
import com.sun.identity.policy.interfaces.Subject;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Locale;
import java.util.Map;
import java.util.Set;
import netscape.ldap.LDAPException;
import netscape.ldap.util.DN;

/* JADX WARN: Classes with same name are omitted:
  input_file:119465-06/SUNWamclnt/reloc/SUNWam/lib/amclientsdk.jar:com/sun/identity/policy/plugins/DSAMERole.class
 */
/* loaded from: input_file:119465-06/SUNWamsdk/reloc/SUNWam/lib/am_services.jar:com/sun/identity/policy/plugins/DSAMERole.class */
public class DSAMERole implements Subject {
    private boolean initialized;
    private String organizationDN;
    private Set subjectRoles = Collections.EMPTY_SET;
    private int timeLimit;
    private int maxResults;
    private int roleSearchScope;
    private String ldapServer;
    private static final String LDAP_SCOPE_BASE = "SCOPE_BASE";
    private static final String LDAP_SCOPE_ONE = "SCOPE_ONE";
    private static final String LDAP_SCOPE_SUB = "SCOPE_SUB";
    static Debug debug = Debug.getInstance("amPolicy");

    @Override // com.sun.identity.policy.interfaces.Subject
    public void initialize(Map map) throws PolicyException {
        this.organizationDN = (String) map.get(PolicyConfig.IS_ROLES_BASE_DN);
        String str = (String) map.get(PolicyConfig.IS_ROLES_SEARCH_SCOPE);
        if (str.equalsIgnoreCase(LDAP_SCOPE_BASE)) {
            this.roleSearchScope = 0;
        } else if (str.equalsIgnoreCase(LDAP_SCOPE_ONE)) {
            this.roleSearchScope = 1;
        } else {
            this.roleSearchScope = 2;
        }
        this.ldapServer = PolicyUtils.getISDSHostName().toLowerCase();
        try {
            this.timeLimit = Integer.parseInt((String) map.get(PolicyConfig.LDAP_SEARCH_TIME_OUT));
            this.maxResults = Integer.parseInt((String) map.get(PolicyConfig.LDAP_SEARCH_LIMIT));
        } catch (NumberFormatException e) {
            debug.error("Can not parse search parameters in DSAMERole", e);
            this.timeLimit = 5;
            this.maxResults = 100;
        }
        this.initialized = true;
    }

    @Override // com.sun.identity.policy.interfaces.Subject
    public Syntax getValueSyntax(SSOToken sSOToken) throws SSOException {
        return Syntax.MULTIPLE_CHOICE;
    }

    @Override // com.sun.identity.policy.interfaces.Subject
    public ValidValues getValidValues(SSOToken sSOToken) throws SSOException, PolicyException {
        return getValidValues(sSOToken, "*");
    }

    @Override // com.sun.identity.policy.interfaces.Subject
    public ValidValues getValidValues(SSOToken sSOToken, String str) throws SSOException, PolicyException {
        int i;
        if (!this.initialized) {
            throw new PolicyException("amPolicy", "role_subject_not_yet_initialized", null, null);
        }
        try {
            AMOrganization organization = new AMStoreConnection(sSOToken).getOrganization(this.organizationDN);
            AMSearchControl aMSearchControl = new AMSearchControl();
            aMSearchControl.setMaxResults(this.maxResults);
            aMSearchControl.setTimeOut(this.timeLimit);
            aMSearchControl.setSearchScope(this.roleSearchScope);
            AMSearchResults searchAllRoles = organization.searchAllRoles(str, aMSearchControl);
            switch (searchAllRoles.getErrorCode()) {
                case 0:
                    i = 0;
                    break;
                case 1:
                    i = 1;
                    break;
                case 2:
                    i = 2;
                    break;
                default:
                    i = 0;
                    break;
            }
            return new ValidValues(i, searchAllRoles.getSearchResults());
        } catch (AMException e) {
            LDAPException lDAPException = e.getLDAPException();
            if (lDAPException == null) {
                throw new PolicyException(e);
            }
            int lDAPResultCode = lDAPException.getLDAPResultCode();
            if (lDAPResultCode == 49) {
                throw new PolicyException("amPolicy", "ldap_invalid_password", null, null);
            }
            if (lDAPResultCode == 32) {
                throw new PolicyException("amPolicy", "no_such_am_roles_base_dn", new String[]{this.organizationDN}, null);
            }
            String lDAPErrorMessage = lDAPException.getLDAPErrorMessage();
            String errorCodeToString = lDAPException.errorCodeToString();
            if (errorCodeToString != null) {
                throw new PolicyException(new StringBuffer().append(lDAPErrorMessage).append(": ").append(errorCodeToString).toString());
            }
            throw new PolicyException(lDAPErrorMessage);
        }
    }

    @Override // com.sun.identity.policy.interfaces.Subject
    public String getDisplayNameForValue(String str, Locale locale) throws NameNotFoundException {
        return str;
    }

    @Override // com.sun.identity.policy.interfaces.Subject
    public Set getValues() {
        return this.subjectRoles == null ? Collections.EMPTY_SET : this.subjectRoles;
    }

    @Override // com.sun.identity.policy.interfaces.Subject
    public void setValues(Set set) throws InvalidNameException {
        if (set == null) {
            throw new InvalidNameException("amPolicy", "role_subject_invalid_role_names", null, null, 5);
        }
        if (set.isEmpty()) {
            this.subjectRoles = set;
        } else {
            this.subjectRoles = new HashSet();
            Iterator it = set.iterator();
            while (it.hasNext()) {
                String str = (String) it.next();
                if (str != null) {
                    this.subjectRoles.add(new DN(str).toRFCString().toLowerCase());
                }
            }
        }
        if (debug.messageEnabled()) {
            debug.message(new StringBuffer().append("Set subjectRoles to: ").append(this.subjectRoles).toString());
        }
    }

    @Override // com.sun.identity.policy.interfaces.Subject
    public boolean isMember(SSOToken sSOToken) throws SSOException, PolicyException {
        String sSOTokenID = sSOToken.getTokenID().toString();
        String name = sSOToken.getPrincipal().getName();
        boolean z = false;
        boolean z2 = false;
        Set set = null;
        if (this.subjectRoles.size() > 0) {
            for (String str : this.subjectRoles) {
                Boolean isMember = SubjectEvaluationCache.isMember(sSOTokenID, this.ldapServer, str);
                if (isMember == null) {
                    if (!z && !PolicyEvaluator.ssoListenerRegistry.containsKey(sSOTokenID)) {
                        sSOToken.addSSOTokenListener(PolicyEvaluator.ssoListener);
                        PolicyEvaluator.ssoListenerRegistry.put(sSOTokenID, PolicyEvaluator.ssoListener);
                        if (debug.messageEnabled()) {
                            debug.message("DSAMERole.isMember(): sso listener added .\n");
                        }
                        z = true;
                    }
                    if (debug.messageEnabled()) {
                        debug.message(new StringBuffer().append("DSAMERole:isMember():entry for ").append(str).append(" not in subject evaluation cache, fetching ").append("from NS User Cache.").toString());
                    }
                    if (set == null) {
                        set = PolicyEvaluator.getUserNSRoleValues(sSOToken);
                    }
                    if (set != null && !set.isEmpty()) {
                        if (debug.messageEnabled()) {
                            debug.message(new StringBuffer().append("DSAMERole.isMember():\n  user roles: ").append(set).append("\n  subject roles: ").append(this.subjectRoles).toString());
                        }
                        if (set.contains(str)) {
                            z2 = true;
                        }
                    }
                    if (debug.messageEnabled()) {
                        debug.message(new StringBuffer().append("DSAMERole.isMember:adding entry ").append(sSOTokenID).append(" ").append(this.ldapServer).append(" ").append(str).append(" ").append(z2).append(" in subject evaluation cache.").toString());
                    }
                    SubjectEvaluationCache.addEntry(sSOTokenID, this.ldapServer, str, z2);
                    if (z2) {
                        break;
                    }
                } else {
                    if (debug.messageEnabled()) {
                        debug.message(new StringBuffer().append("DSAMERole.isMember():Got membership from cache of ").append(sSOToken.getPrincipal().getName()).append(" in DSAME role ").append(str).append(" :").append(isMember.booleanValue()).toString());
                    }
                    boolean booleanValue = isMember.booleanValue();
                    if (booleanValue) {
                        return booleanValue;
                    }
                }
            }
        }
        if (debug.messageEnabled()) {
            if (z2) {
                debug.message(new StringBuffer().append("DSAMERole.isMember(): User ").append(name).append(" is a member of this DSAMERole object").toString());
            } else {
                debug.message(new StringBuffer().append("DSAMERole.isMember(): User ").append(name).append(" is not a member of this DSAMERole object").toString());
            }
        }
        return z2;
    }

    @Override // com.sun.identity.policy.interfaces.Subject
    public int hashCode() {
        return this.subjectRoles.hashCode();
    }

    @Override // com.sun.identity.policy.interfaces.Subject
    public boolean equals(Object obj) {
        if (obj instanceof DSAMERole) {
            return this.subjectRoles.equals(((DSAMERole) obj).subjectRoles);
        }
        return false;
    }

    @Override // com.sun.identity.policy.interfaces.Subject
    public Object clone() {
        try {
            DSAMERole dSAMERole = (DSAMERole) super.clone();
            if (this.subjectRoles != null) {
                dSAMERole.subjectRoles = new HashSet();
                dSAMERole.subjectRoles.addAll(this.subjectRoles);
            }
            return dSAMERole;
        } catch (CloneNotSupportedException e) {
            throw new InternalError();
        }
    }
}
