package com.sun.identity.saml2.plugins;

import com.iplanet.sso.SSOToken;
import com.sun.identity.common.DataStoreProviderManager;
import com.sun.identity.saml2.assertion.AuthnContext;
import com.sun.identity.saml2.common.SAML2Constants;
import com.sun.identity.saml2.common.SAML2Exception;
import com.sun.identity.saml2.common.SAML2Utils;
import com.sun.identity.saml2.jaxb.entityconfig.SPSSOConfigElement;
import com.sun.identity.saml2.meta.SAML2MetaManager;
import com.sun.identity.saml2.meta.SAML2MetaUtils;
import com.sun.identity.saml2.profile.SPCache;
import com.sun.identity.saml2.protocol.ProtocolFactory;
import com.sun.identity.saml2.protocol.RequestedAuthnContext;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.StringTokenizer;

/* loaded from: input_file:122984-01/SUNWsaml2/reloc/SUNWam/saml2/lib/saml2.jar:com/sun/identity/saml2/plugins/DefaultSPAuthnContextMapper.class */
public class DefaultSPAuthnContextMapper implements SPAuthnContextMapper {
    static SAML2MetaManager sm = SAML2Utils.getSAML2MetaManager();
    static SSOToken adminSSOToken = null;

    @Override // com.sun.identity.saml2.plugins.SPAuthnContextMapper
    public RequestedAuthnContext getRequestedAuthnContext(String str, String str2, Map map) throws SAML2Exception {
        List<String> list = (List) map.get(SAML2Constants.AUTH_CONTEXT_CLASS_REF);
        List list2 = (List) map.get(SAML2Constants.AUTH_LEVEL);
        Integer num = null;
        if (list2 != null && !list2.isEmpty()) {
            try {
                num = new Integer((String) list2.iterator().next());
            } catch (NumberFormatException e) {
                if (SAML2Utils.debug.messageEnabled()) {
                    SAML2Utils.debug.message("not a valid integer ", e);
                }
            } catch (Exception e2) {
                if (SAML2Utils.debug.messageEnabled()) {
                    SAML2Utils.debug.message("error getting integer object", e2);
                }
            }
        }
        if (SAML2Utils.debug.messageEnabled()) {
            SAML2Utils.debug.message(new StringBuffer().append("authLevel in Query:").append(num).toString());
            SAML2Utils.debug.message(new StringBuffer().append("authContextClassRef in Query:").append(list).toString());
        }
        Map sPConfigAttrs = getSPConfigAttrs(str, str2);
        Map map2 = Collections.EMPTY_MAP;
        if (SPCache.authContextHash != null && !SPCache.authContextHash.isEmpty()) {
            map2 = (Map) SPCache.authContextHash.get(new StringBuffer().append(str2).append("|").append(str).toString());
        }
        if (map2 != null && map2.isEmpty()) {
            map2 = getAuthnCtxFromSPConfig(sPConfigAttrs);
            if (map2 != null && !map2.isEmpty()) {
                SPCache.authContextHash.put(new StringBuffer().append(str2).append("|").append(str).toString(), map2);
            }
        }
        ArrayList arrayList = new ArrayList();
        if (list != null && !list.isEmpty()) {
            for (String str3 : list) {
                if (str3.indexOf(SAML2Constants.AUTH_CTX_PREFIX) == -1) {
                    str3 = new StringBuffer().append(SAML2Constants.AUTH_CTX_PREFIX).append(str3).toString();
                }
                arrayList.add(str3);
            }
        }
        if (num != null) {
            for (String str4 : map2.keySet()) {
                try {
                    Integer num2 = new Integer((String) map2.get(str4));
                    if (num2 != null && num2.intValue() >= num.intValue()) {
                        arrayList.add(str4);
                    }
                } catch (NumberFormatException e3) {
                    if (SAML2Utils.debug.messageEnabled()) {
                        SAML2Utils.debug.message("not a valid integer ", e3);
                    }
                } catch (Exception e4) {
                    if (SAML2Utils.debug.messageEnabled()) {
                        SAML2Utils.debug.message("error getting integer value ", e4);
                    }
                }
            }
        }
        if ((arrayList == null || arrayList.isEmpty()) && map2 != null && !map2.isEmpty()) {
            for (String str5 : map2.keySet()) {
                if (str5 != null && !str5.equals(DataStoreProviderManager.DEFAULT)) {
                    arrayList.add(str5);
                }
            }
        }
        if (arrayList.isEmpty()) {
            arrayList.add(SAML2Constants.CLASSREF_PASSWORD_PROTECTED_TRANSPORT);
        }
        if (SAML2Utils.debug.messageEnabled()) {
            SAML2Utils.debug.message(new StringBuffer().append("SPCache.authContextHash is: ").append(SPCache.authContextHash).toString());
            SAML2Utils.debug.message(new StringBuffer().append("authCtxList is: ").append(arrayList).toString());
        }
        String attrValue = getAttrValue(map, SAML2Constants.SP_AUTHCONTEXT_COMPARISON);
        if (SAML2Utils.debug.messageEnabled()) {
            SAML2Utils.debug.message(new StringBuffer().append("AuthComparison in Query:").append(attrValue).toString());
        }
        if (attrValue == null || !isValidAuthComparison(attrValue)) {
            attrValue = getAttrValue(sPConfigAttrs, SAML2Constants.SP_AUTHCONTEXT_COMPARISON_TYPE);
        }
        RequestedAuthnContext createRequestedAuthnContext = ProtocolFactory.getInstance().createRequestedAuthnContext();
        createRequestedAuthnContext.setAuthnContextClassRef(arrayList);
        createRequestedAuthnContext.setComparison(attrValue);
        return createRequestedAuthnContext;
    }

    @Override // com.sun.identity.saml2.plugins.SPAuthnContextMapper
    public int getAuthLevel(RequestedAuthnContext requestedAuthnContext, AuthnContext authnContext, String str, String str2, String str3) throws SAML2Exception {
        Map map = (Map) SPCache.authContextHash.get(new StringBuffer().append(str2).append("|").append(str).toString());
        if (map == null || map.isEmpty()) {
            map = getAuthRefMap(str, str2);
        }
        int i = 0;
        if (SAML2Utils.debug.messageEnabled()) {
            SAML2Utils.debug.message(new StringBuffer().append("DefaultSPAuthnContextMapper:hostEntityID:").append(str2).toString());
            SAML2Utils.debug.message(new StringBuffer().append("DefaultSPAuthnContextMapper:realm:").append(str).toString());
            SAML2Utils.debug.message(new StringBuffer().append("DefaultSPAuthnContextMapper:MAP:").append(map).toString());
            SAML2Utils.debug.message(new StringBuffer().append("DefaultSPAuthnContextMapper:HASH:").append(SPCache.authContextHash).toString());
        }
        String str4 = null;
        if (authnContext != null) {
            str4 = authnContext.getAuthnContextClassRef();
        }
        String str5 = null;
        if (str4 == null || str4.length() <= 0) {
            if (map != null && !map.isEmpty()) {
                str5 = (String) map.get(DataStoreProviderManager.DEFAULT);
            }
        } else if (map != null && !map.isEmpty()) {
            str5 = map.containsKey(str4) ? (String) map.get(str4) : (String) map.get(DataStoreProviderManager.DEFAULT);
        }
        if (SAML2Utils.debug.messageEnabled()) {
            SAML2Utils.debug.message(new StringBuffer().append("AuthLevel is :").append(0).toString());
        }
        if (str5 != null) {
            try {
                i = new Integer(str5).intValue();
            } catch (Exception e) {
                SAML2Utils.debug.message("Error getting authLevel using default");
            }
        }
        if (SAML2Utils.debug.messageEnabled()) {
            SAML2Utils.debug.message(new StringBuffer().append("DefaultSPAuthnContextMapper:authnClRef:").append(str4).toString());
            SAML2Utils.debug.message(new StringBuffer().append("DefaultSPAuthnContextMapper:authLevel :").append(i).toString());
        }
        return i;
    }

    private static Map getAuthnCtxFromSPConfig(Map map) {
        List<String> list = (List) map.get(SAML2Constants.SP_AUTH_CONTEXT_CLASS_REF_ATTR);
        if (SAML2Utils.debug.messageEnabled()) {
            SAML2Utils.debug.message(new StringBuffer().append("DefaultSPAuthnContextMapper: List:").append(list).toString());
        }
        HashMap hashMap = new HashMap();
        String str = null;
        if (list != null && list.size() != 0) {
            for (String str2 : list) {
                boolean z = false;
                int indexOf = str2.indexOf(DataStoreProviderManager.DEFAULT);
                String str3 = str2;
                if (indexOf != -1) {
                    str3 = str2.substring(0, indexOf);
                    z = true;
                }
                StringTokenizer stringTokenizer = new StringTokenizer(str3, "|");
                String str4 = null;
                try {
                    str4 = stringTokenizer.nextToken();
                } catch (Exception e) {
                    if (SAML2Utils.debug.messageEnabled()) {
                        SAML2Utils.debug.message("AuthnContextClassRef not found");
                    }
                }
                try {
                    str = stringTokenizer.nextToken();
                } catch (Exception e2) {
                    if (SAML2Utils.debug.messageEnabled()) {
                        SAML2Utils.debug.message("AuthnContextClassRef  not found");
                    }
                }
                if (SAML2Utils.debug.messageEnabled()) {
                    SAML2Utils.debug.message(new StringBuffer().append("AuthLevel is :").append(str).toString());
                }
                if (str3 != null) {
                    if (z && !hashMap.containsKey(DataStoreProviderManager.DEFAULT)) {
                        hashMap.put(DataStoreProviderManager.DEFAULT, str);
                    }
                    if (str4 == null || str4.indexOf(SAML2Constants.AUTH_CTX_PREFIX) != -1) {
                        hashMap.put(str4, str);
                    } else {
                        hashMap.put(new StringBuffer().append(SAML2Constants.AUTH_CTX_PREFIX).append(str4).toString(), str);
                    }
                }
            }
        }
        return hashMap;
    }

    private static boolean isValidAuthComparison(String str) {
        return str.equals(SAML2Constants.SP_AUTHCONTEXT_COMPARISON_TYPE_VALUE) || str.equals("maximum") || str.equals("minimum") || str.equals("better");
    }

    private static Map getSPConfigAttrs(String str, String str2) {
        SPSSOConfigElement sPSSOConfig;
        Map map = Collections.EMPTY_MAP;
        try {
            if (sm != null && (sPSSOConfig = sm.getSPSSOConfig(str, str2)) != null) {
                map = SAML2MetaUtils.getAttributes(sPSSOConfig);
            }
        } catch (Exception e) {
            SAML2Utils.debug.message("Error retrieving config", e);
        }
        return map;
    }

    private static String getAttrValue(Map map, String str) {
        String str2 = SAML2Constants.SP_AUTHCONTEXT_COMPARISON_TYPE_VALUE;
        List list = (List) map.get(str);
        if (list != null && list.size() != 0) {
            str2 = ((String) list.iterator().next()).trim();
        }
        return str2;
    }

    private static Map getAuthRefMap(String str, String str2) {
        Map map = Collections.EMPTY_MAP;
        try {
            SPSSOConfigElement sPSSOConfig = sm.getSPSSOConfig(str, str2);
            if (sPSSOConfig != null) {
                map = getAuthnCtxFromSPConfig(SAML2MetaUtils.getAttributes(sPSSOConfig));
                if (map != null && !map.isEmpty()) {
                    SPCache.authContextHash.put(new StringBuffer().append(str2).append("|").append(str).toString(), map);
                }
            }
        } catch (Exception e) {
            if (SAML2Utils.debug.messageEnabled()) {
                SAML2Utils.debug.message("Error getting SP config : ", e);
            }
        }
        return map;
    }
}
