package com.sun.identity.liberty.ws.disco.plugins;

import com.iplanet.sso.SSOToken;
import com.sun.identity.liberty.ws.disco.common.DiscoConstants;
import com.sun.identity.liberty.ws.disco.common.DiscoUtils;
import com.sun.identity.liberty.ws.disco.jaxb.ResourceOfferingType;
import com.sun.identity.liberty.ws.disco.jaxb.ServiceInstanceType;
import com.sun.identity.liberty.ws.interfaces.Authorizer;
import com.sun.identity.policy.PolicyEvaluator;
import java.util.Map;

/* loaded from: input_file:120954-01/SUNWamsdk/reloc/SUNWam/lib/am_services.jar:com/sun/identity/liberty/ws/disco/plugins/DefaultDiscoAuthorizer.class */
public class DefaultDiscoAuthorizer implements Authorizer {
    public static final String RESOURCE_SEPERATOR = ";";
    PolicyEvaluator pe;

    public DefaultDiscoAuthorizer() {
        this.pe = null;
        DiscoUtils.debug.message("in DefaultDiscoAuthorizer.constructor");
        try {
            this.pe = new PolicyEvaluator("sunIdentityServerDiscoveryService");
        } catch (Exception e) {
            DiscoUtils.debug.error("DefaultDiscoAuthorizer.constructor: Exception obtaining PolicyEvaluator: ", e);
        }
    }

    @Override // com.sun.identity.liberty.ws.interfaces.Authorizer
    public boolean isAuthorized(Object obj, String str, Object obj2, Map map) {
        boolean z;
        DiscoUtils.debug.message("DefaultDiscoAuthorizer.isAuthorized.");
        if (this.pe == null) {
            DiscoUtils.debug.error("DefaultDiscoAuthorizer.isAuthorized: null Policy Evaluator.");
            return false;
        }
        if (!checkInput(obj, str, obj2, map)) {
            return false;
        }
        try {
            ServiceInstanceType serviceInstance = ((ResourceOfferingType) obj2).getServiceInstance();
            try {
                z = this.pe.isAllowed((SSOToken) obj, new StringBuffer().append(serviceInstance.getServiceType()).append(";").append(serviceInstance.getProviderID()).toString(), str, map);
            } catch (Exception e) {
                DiscoUtils.debug.error("DefaultDiscoAuthorizer.isAuthorized: Exception occured during policy evaluation: ", e);
                z = false;
            }
            return z;
        } catch (Exception e2) {
            DiscoUtils.debug.error("DefaultDiscoAuthorizer.isAuthorized: Exception occured when constucting policy resource:", e2);
            return false;
        }
    }

    private boolean checkInput(Object obj, String str, Object obj2, Map map) {
        if (obj == null || !(obj instanceof SSOToken)) {
            DiscoUtils.debug.error("DefaultDiscoAuthorizer.checkInput: null or wrong credential.");
            return false;
        }
        if (str == null || !(str.equals(DiscoConstants.ACTION_LOOKUP) || str.equals(DiscoConstants.ACTION_UPDATE))) {
            DiscoUtils.debug.error("DefaultDiscoAuthorizer.checkInput: null or wrong action.");
            return false;
        }
        if (obj2 == null || !(obj2 instanceof ResourceOfferingType)) {
            DiscoUtils.debug.error("DefaultDiscoAuthorizer.checkInput: null or wrong data.");
            return false;
        }
        if (map != null && map.containsKey(Authorizer.USER_ID) && map.containsKey(Authorizer.AUTH_TYPE) && map.containsKey("message")) {
            return true;
        }
        DiscoUtils.debug.error("DefaultDiscoAuthorizer.checkInput: null or missing env data.");
        return false;
    }

    @Override // com.sun.identity.liberty.ws.interfaces.Authorizer
    public Object getAuthorizationDecision(Object obj, String str, Object obj2, Map map) throws Exception {
        return null;
    }
}
