package ru.org.openam.servlets;

import com.iplanet.am.util.SystemProperties;
import com.iplanet.sso.SSOToken;
import com.sun.identity.policy.ActionDecision;
import com.sun.identity.policy.PolicyDecision;
import com.sun.identity.policy.PolicyEvaluator;
import com.sun.identity.policy.client.PolicyEvaluatorFactory;
import com.sun.xml.ws.transport.tcp.util.TCPConstants;
import java.io.IOException;
import java.text.MessageFormat;
import java.util.Arrays;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Set;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/web-14.8.1.0.jar:ru/org/openam/servlets/Authorize.class */
public class Authorize extends Authentificate {
    private static final long serialVersionUID = 2100035671607821018L;
    static final Logger logger = LoggerFactory.getLogger(Authorize.class.getName());

    public static HashMap<String, Set<Object>> getEnvParamaters(HttpServletRequest httpServletRequest) {
        HashMap<String, Set<Object>> hashMap = new HashMap<>();
        hashMap.put(TCPConstants.TRANSPORT_SOAP_ACTION_PROPERTY, new HashSet(Arrays.asList(httpServletRequest.getHeader(TCPConstants.TRANSPORT_SOAP_ACTION_PROPERTY))));
        return hashMap;
    }

    public static boolean allow(SSOToken sSOToken, String str, String str2, HashMap<String, Set<Object>> hashMap) {
        PolicyDecision policyDecision;
        try {
            try {
                policyDecision = new PolicyEvaluator("/", "iPlanetAMWebAgentService").getPolicyDecision(sSOToken, str, new HashSet(Arrays.asList(str2)), hashMap == null ? new HashMap<>(0) : hashMap);
            } catch (NoClassDefFoundError e) {
                policyDecision = PolicyEvaluatorFactory.getInstance().getPolicyEvaluator("iPlanetAMWebAgentService").getPolicyDecision(sSOToken, str, new HashSet(Arrays.asList(str2)), hashMap == null ? new HashMap<>(0) : hashMap);
            }
            if (logger.isDebugEnabled()) {
                logger.debug("decision: ({})", policyDecision.toString().replace("\n", ""));
            }
            ActionDecision actionDecision = (ActionDecision) policyDecision.getActionDecisions().get(str2);
            if (actionDecision != null && actionDecision.getValues().contains("allow")) {
                return true;
            }
            logger.warn("deny ({}) to {} {}", sSOToken.getPrincipal(), str2, str);
            return false;
        } catch (Throwable th) {
            logger.error("policy error", th);
            return false;
        }
    }

    public boolean authorize(ServletRequest servletRequest, ServletResponse servletResponse) throws IOException {
        return authentificate(servletRequest, servletResponse) && allow(getToken(servletRequest), getRequestURL(servletRequest), ((HttpServletRequest) servletRequest).getMethod(), getEnvParamaters((HttpServletRequest) servletRequest));
    }

    public void On403(ServletRequest servletRequest, ServletResponse servletResponse) throws ServletException, IOException {
        clearCache(servletResponse);
        ((HttpServletResponse) servletResponse).sendError(403, MessageFormat.format("policy denied {0} {1} {2}", getUserPrincipal(servletRequest), ((HttpServletRequest) servletRequest).getMethod(), getRequestURL(servletRequest)));
    }

    @Override // ru.org.openam.servlets.Authentificate
    public void service(ServletRequest servletRequest, ServletResponse servletResponse) throws ServletException, IOException {
        if (authorize(servletRequest, servletResponse)) {
            super.service(servletRequest, servletResponse);
        } else {
            if (servletResponse.isCommitted()) {
                return;
            }
            On403(servletRequest, servletResponse);
        }
    }

    static {
        SystemProperties.initializeProperties("com.sun.identity.agents.polling.interval", SystemProperties.get("com.sun.identity.agents.polling.interval", "1"));
        SystemProperties.initializeProperties("com.sun.identity.policy.client.cacheMode", SystemProperties.get("com.sun.identity.policy.client.cacheMode", "self"));
    }
}
