package com.sun.identity.console.base.model;

import com.iplanet.sso.SSOException;
import com.iplanet.sso.SSOToken;
import com.sun.identity.delegation.DelegationEvaluator;
import com.sun.identity.delegation.DelegationException;
import com.sun.identity.delegation.DelegationPermission;
import com.sun.identity.security.AdminTokenAction;
import com.sun.identity.sm.SMSException;
import com.sun.identity.sm.ServiceManager;
import java.security.AccessController;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import javax.servlet.http.HttpServletRequest;

/* loaded from: input_file:120955-03/SUNWamcon/reloc/SUNWam/console.war:WEB-INF/lib/console.jar:com/sun/identity/console/base/model/AccessControlModelImpl.class */
public class AccessControlModelImpl implements AccessControlModel {
    private static SSOToken adminSSOToken = (SSOToken) AccessController.doPrivileged(new AdminTokenAction());
    private SSOToken ssoToken;
    private Set serviceNames;

    public AccessControlModelImpl(SSOToken sSOToken) {
        this.ssoToken = null;
        this.ssoToken = sSOToken;
    }

    public AccessControlModelImpl(HttpServletRequest httpServletRequest) {
        this.ssoToken = null;
        try {
            this.ssoToken = AMAuthUtils.checkAuthentication(httpServletRequest);
        } catch (SSOException e) {
            Debugger.warning("AccessControlModelImpl.<init>", e);
        }
    }

    @Override // com.sun.identity.console.base.model.AccessControlModel
    public boolean canView(Set set, String str, String str2, boolean z) {
        boolean z2 = false;
        if (this.ssoToken != null) {
            if (set.isEmpty()) {
                z2 = true;
            } else {
                try {
                    DelegationEvaluator delegationEvaluator = new DelegationEvaluator();
                    DelegationPermission delegationPermission = new DelegationPermission();
                    delegationPermission.setVersion("*");
                    delegationPermission.setSubConfigName("default");
                    if (str == null || str.trim().length() <= 0) {
                        delegationPermission.setOrganizationName(str2);
                    } else {
                        delegationPermission.setConfigType(str);
                        delegationPermission.setOrganizationName("/");
                    }
                    if (z) {
                        HashSet hashSet = new HashSet();
                        hashSet.add(AMAdminConstants.PERMISSION_DELEGATE);
                        delegationPermission.setActions(hashSet);
                        z2 = delegationEvaluator.isAllowed(this.ssoToken, delegationPermission, Collections.EMPTY_MAP);
                    }
                    if (!z || z2) {
                        Iterator it = set.iterator();
                        while (it.hasNext() && !z2) {
                            z2 = hasPermission(delegationEvaluator, delegationPermission, (String) it.next(), "READ");
                        }
                    }
                } catch (SSOException e) {
                    Debugger.error("AccessControlModelImpl.canView", e);
                } catch (DelegationException e2) {
                    Debugger.error("AccessControlModelImpl.canView", e2);
                }
            }
        }
        return z2;
    }

    private boolean hasPermission(DelegationEvaluator delegationEvaluator, DelegationPermission delegationPermission, String str, String str2) throws DelegationException, SSOException {
        boolean z = false;
        HashSet hashSet = new HashSet();
        hashSet.add(str2);
        delegationPermission.setActions(hashSet);
        if (str.equals(AccessControlModel.ANY_SERVICE)) {
            Iterator it = getServiceNames().iterator();
            while (it.hasNext() && !z) {
                delegationPermission.setServiceName((String) it.next());
                z = delegationEvaluator.isAllowed(this.ssoToken, delegationPermission, Collections.EMPTY_MAP);
            }
        } else {
            delegationPermission.setServiceName(str);
            z = delegationEvaluator.isAllowed(this.ssoToken, delegationPermission, Collections.EMPTY_MAP);
        }
        return z;
    }

    private Set getServiceNames() {
        if (this.serviceNames == null) {
            try {
                this.serviceNames = new ServiceManager(adminSSOToken).getServiceNames();
            } catch (SSOException e) {
                Debugger.error("AccessControlModelImpl.getServiceNames", e);
            } catch (SMSException e2) {
                Debugger.error("AccessControlModelImpl.getServiceNames", e2);
            }
        }
        return this.serviceNames;
    }
}
