package com.sun.identity.policy.plugins;

import com.iplanet.am.util.Debug;
import com.iplanet.sso.SSOException;
import com.iplanet.sso.SSOToken;
import com.sun.identity.policy.ConditionDecision;
import com.sun.identity.policy.PolicyException;
import com.sun.identity.policy.Syntax;
import com.sun.identity.policy.interfaces.Condition;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.Set;
import java.util.StringTokenizer;

/* loaded from: input_file:120091-08/SUNWamsdk/reloc/SUNWam/lib/am_services.jar:com/sun/identity/policy/plugins/IPCondition.class */
public class IPCondition implements Condition {
    public static final String START_IP = "StartIp";
    public static final String END_IP = "EndIp";
    public static final String IP_RANGE = "IpRange";
    public static final String DNS_NAME = "DnsName";
    public static final String REQUEST_IP = "requestIp";
    public static final String REQUEST_DNS_NAME = "requestDnsName";
    private Map properties;
    private ArrayList ipList = new ArrayList();
    private ArrayList dnsList = new ArrayList();
    private long startIp = Long.MAX_VALUE;
    private long endIp = Long.MIN_VALUE;
    private static final Debug DEBUG = Debug.getInstance("amPolicy");
    private static List propertyNames = new ArrayList(3);

    @Override // com.sun.identity.policy.interfaces.Condition
    public List getPropertyNames() {
        return new ArrayList(propertyNames);
    }

    @Override // com.sun.identity.policy.interfaces.Condition
    public Syntax getPropertySyntax(String str) {
        return Syntax.NONE;
    }

    @Override // com.sun.identity.policy.interfaces.Condition
    public String getDisplayName(String str, Locale locale) throws PolicyException {
        return "";
    }

    @Override // com.sun.identity.policy.interfaces.Condition
    public Set getValidValues(String str) throws PolicyException {
        return Collections.EMPTY_SET;
    }

    @Override // com.sun.identity.policy.interfaces.Condition
    public void setProperties(Map map) throws PolicyException {
        this.properties = map;
        this.ipList.clear();
        this.dnsList.clear();
        validateProperties();
    }

    @Override // com.sun.identity.policy.interfaces.Condition
    public Map getProperties() {
        if (this.properties == null) {
            return null;
        }
        return Collections.unmodifiableMap(this.properties);
    }

    @Override // com.sun.identity.policy.interfaces.Condition
    public ConditionDecision getConditionDecision(SSOToken sSOToken, Map map) throws PolicyException, SSOException {
        boolean z = false;
        String str = (String) map.get(REQUEST_IP);
        if (str == null && sSOToken != null) {
            str = sSOToken.getIPAddress().getHostAddress();
        }
        Set set = (Set) map.get(REQUEST_DNS_NAME);
        if (str != null && isAllowedByIp(str)) {
            z = true;
        } else if (set != null && set.size() != 0) {
            Iterator it = set.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                if (isAllowedByDns((String) it.next())) {
                    z = true;
                    break;
                }
            }
        }
        if (DEBUG.messageEnabled()) {
            DEBUG.message(new StringBuffer().append("At IPCondition.getConditionDecision():requestIp,  requestDnsName, allowed = ").append(str).append(", ").append(set).append(",").append(z).toString());
        }
        return new ConditionDecision(z);
    }

    @Override // com.sun.identity.policy.interfaces.Condition
    public Object clone() {
        try {
            IPCondition iPCondition = (IPCondition) super.clone();
            iPCondition.dnsList = (ArrayList) this.dnsList.clone();
            iPCondition.ipList = (ArrayList) this.ipList.clone();
            if (this.properties != null) {
                iPCondition.properties = new HashMap();
                for (Object obj : this.properties.keySet()) {
                    HashSet hashSet = new HashSet();
                    hashSet.addAll((Set) this.properties.get(obj));
                    iPCondition.properties.put(obj, hashSet);
                }
            }
            return iPCondition;
        } catch (CloneNotSupportedException e) {
            throw new InternalError();
        }
    }

    private boolean validateProperties() throws PolicyException {
        if (this.properties == null || this.properties.keySet() == null) {
            throw new PolicyException("amPolicy", "properties_can_not_be_null_or_empty", null, null);
        }
        Set<String> keySet = this.properties.keySet();
        if (!keySet.contains(IP_RANGE) && !keySet.contains(DNS_NAME) && !keySet.contains(START_IP)) {
            throw new PolicyException("amPolicy", "at_least_one_of_the_properties_should_be_defined", new String[]{"DnsName,StartIp"}, null);
        }
        for (String str : keySet) {
            if (!IP_RANGE.equals(str) && !DNS_NAME.equals(str) && !START_IP.equals(str) && !END_IP.equals(str)) {
                throw new PolicyException("amPolicy", "attempt_to_set_invalid_property ", new String[]{str}, null);
            }
        }
        Set set = (Set) this.properties.get(IP_RANGE);
        if (set != null) {
            validateIpRangeSet(set);
        }
        Set set2 = (Set) this.properties.get(DNS_NAME);
        if (set2 != null) {
            validateDnsNames(set2);
        }
        Set set3 = (Set) this.properties.get(START_IP);
        Set set4 = (Set) this.properties.get(END_IP);
        if (set3 != null) {
            if (set4 == null) {
                throw new PolicyException("amPolicy", "pair_property_not_defined", new String[]{START_IP, END_IP}, null);
            }
            validateStartIp(set3);
        }
        if (set4 == null) {
            return true;
        }
        validateEndIp(set4);
        return true;
    }

    private boolean validateIpRangeSet(Set set) throws PolicyException {
        Iterator it = set.iterator();
        while (it.hasNext()) {
            String str = (String) it.next();
            StringTokenizer stringTokenizer = new StringTokenizer(str, "-");
            int countTokens = stringTokenizer.countTokens();
            if (countTokens > 2) {
                throw new PolicyException("amPolicy", "invalid_property_value", new String[]{IP_RANGE, str}, null);
            }
            String nextToken = stringTokenizer.nextToken();
            String str2 = nextToken;
            if (countTokens == 2) {
                str2 = stringTokenizer.nextToken();
            }
            this.ipList.add(new Long(stringToIp(nextToken)));
            this.ipList.add(new Long(stringToIp(str2)));
        }
        return true;
    }

    private boolean validateEndIp(Set set) throws PolicyException {
        if (this.startIp == Long.MAX_VALUE) {
            throw new PolicyException("amPolicy", "pair_property_not_defined", new String[]{END_IP, START_IP}, null);
        }
        if (set.size() != 1) {
            throw new PolicyException("amPolicy", "multiple_values_not_allowed_for", new String[]{END_IP}, null);
        }
        try {
            this.endIp = stringToIp((String) set.iterator().next());
            if (this.endIp < this.startIp) {
                throw new PolicyException("amPolicy", "start_ip_can_not_be_greater_than_end_ip", null, null);
            }
            return true;
        } catch (ClassCastException e) {
            throw new PolicyException("amPolicy", "property_is_not_a_String", new String[]{END_IP}, e);
        }
    }

    private boolean validateStartIp(Set set) throws PolicyException {
        if (set.size() != 1) {
            throw new PolicyException("amPolicy", "multiple_values_not_allowed_for_property", new String[]{START_IP}, null);
        }
        try {
            this.startIp = stringToIp((String) set.iterator().next());
            return true;
        } catch (ClassCastException e) {
            throw new PolicyException("amPolicy", "property_is_not_a_String", new String[]{START_IP}, e);
        }
    }

    private void validateDnsNames(Set set) throws PolicyException {
        Iterator it = set.iterator();
        while (it.hasNext()) {
            String str = (String) it.next();
            validateDnsName(str);
            this.dnsList.add(str.toLowerCase());
        }
    }

    private long stringToIp(String str) throws PolicyException {
        StringTokenizer stringTokenizer = new StringTokenizer(str, ".");
        if (stringTokenizer.countTokens() != 4) {
            throw new PolicyException("amPolicy", "invalid_property_value", new String[]{"ip", str}, null);
        }
        long j = 0;
        while (stringTokenizer.hasMoreElements()) {
            String nextToken = stringTokenizer.nextToken();
            try {
                short parseShort = Short.parseShort(nextToken);
                if (parseShort < 0 || parseShort > 255) {
                    throw new PolicyException("amPolicy", "invalid_property_value", new String[]{"ipElement", nextToken}, null);
                }
                j = (j * 256) + parseShort;
            } catch (Exception e) {
                throw new PolicyException("amPolicy", "invalid_property_value", new String[]{"ip", str}, null);
            }
        }
        return j;
    }

    private void validateDnsName(String str) throws PolicyException {
        int indexOf = str.indexOf("*");
        if (indexOf < 0 || str.equals("*")) {
            return;
        }
        if (indexOf <= 0) {
            if (indexOf != 0) {
                return;
            }
            if (str.indexOf("*", 1) == -1 && str.charAt(1) == '.') {
                return;
            }
        }
        throw new PolicyException("amPolicy", "invalid_property_value", new String[]{DNS_NAME, str}, null);
    }

    private boolean isAllowedByIp(String str) throws PolicyException {
        boolean z = false;
        long stringToIp = stringToIp(str);
        Iterator it = this.ipList.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            long longValue = ((Long) it.next()).longValue();
            if (it.hasNext()) {
                long longValue2 = ((Long) it.next()).longValue();
                if (stringToIp >= longValue && stringToIp <= longValue2) {
                    z = true;
                    break;
                }
            }
        }
        if (stringToIp >= this.startIp && stringToIp <= this.endIp) {
            z = true;
        }
        return z;
    }

    private boolean isAllowedByDns(String str) throws PolicyException {
        boolean z = false;
        String lowerCase = str.toLowerCase();
        Iterator it = this.dnsList.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            String str2 = (String) it.next();
            if (str2.equals("*")) {
                z = true;
                break;
            }
            if (str2.indexOf("*") != -1) {
                if (lowerCase.endsWith(str2.substring(1))) {
                    z = true;
                    break;
                }
            } else if (str2.equalsIgnoreCase(lowerCase)) {
                z = true;
                break;
            }
        }
        return z;
    }

    private boolean isAllowed(SSOToken sSOToken, Map map) throws PolicyException, SSOException {
        return getConditionDecision(sSOToken, map).isAllowed();
    }

    static {
        propertyNames.add(START_IP);
        propertyNames.add(END_IP);
        propertyNames.add(DNS_NAME);
    }
}
