package com.sun.identity.xacml.plugins;

import com.iplanet.sso.SSOException;
import com.iplanet.sso.SSOToken;
import com.sun.identity.policy.PolicyEvaluator;
import com.sun.identity.policy.PolicyException;
import com.sun.identity.saml2.assertion.Assertion;
import com.sun.identity.saml2.assertion.AssertionFactory;
import com.sun.identity.saml2.assertion.Issuer;
import com.sun.identity.saml2.common.SAML2Exception;
import com.sun.identity.saml2.protocol.ProtocolFactory;
import com.sun.identity.saml2.protocol.RequestAbstract;
import com.sun.identity.saml2.protocol.Response;
import com.sun.identity.saml2.soapbinding.RequestHandler;
import com.sun.identity.shared.xml.XMLUtils;
import com.sun.identity.xacml.common.XACMLException;
import com.sun.identity.xacml.common.XACMLSDKUtils;
import com.sun.identity.xacml.context.Attribute;
import com.sun.identity.xacml.context.ContextFactory;
import com.sun.identity.xacml.context.Decision;
import com.sun.identity.xacml.context.Request;
import com.sun.identity.xacml.context.Resource;
import com.sun.identity.xacml.context.Result;
import com.sun.identity.xacml.context.Status;
import com.sun.identity.xacml.context.StatusCode;
import com.sun.identity.xacml.context.StatusDetail;
import com.sun.identity.xacml.context.StatusMessage;
import com.sun.identity.xacml.saml2.XACMLAuthzDecisionQuery;
import com.sun.identity.xacml.saml2.XACMLAuthzDecisionStatement;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import javax.xml.soap.SOAPMessage;
import org.forgerock.openam.utils.Time;
import org.w3c.dom.Element;

/* loaded from: input_file:com/sun/identity/xacml/plugins/XACMLAuthzDecisionQueryHandler.class */
public class XACMLAuthzDecisionQueryHandler implements RequestHandler {
    public Response handleQuery(String str, String str2, RequestAbstract requestAbstract, SOAPMessage sOAPMessage) throws SAML2Exception {
        Resource resource;
        List attributes;
        String[] mapToNativeResource;
        FMSubjectMapper fMSubjectMapper = new FMSubjectMapper();
        fMSubjectMapper.initialize(str, str2, (Map) null);
        FMResourceMapper fMResourceMapper = new FMResourceMapper();
        fMResourceMapper.initialize(str, str2, (Map) null);
        FMActionMapper fMActionMapper = new FMActionMapper();
        fMActionMapper.initialize(str, str2, (Map) null);
        new FMEnvironmentMapper().initialize(str, str2, (Map) null);
        new FMResultMapper().initialize(str, str2, (Map) null);
        boolean z = false;
        String str3 = null;
        if (XACMLSDKUtils.debug.messageEnabled()) {
            XACMLSDKUtils.debug.message("XACMLAuthzDecisionQueryHandler.handleQuery(), entering:pdpEntityId=" + str + ":pepEntityId=" + str2 + ":samlpRequest=\n" + requestAbstract.toXMLString(true, true) + ":soapMessage=\n" + sOAPMessage);
        }
        Request request = ((XACMLAuthzDecisionQuery) requestAbstract).getRequest();
        boolean returnContext = ((XACMLAuthzDecisionQuery) requestAbstract).getReturnContext();
        SSOToken sSOToken = null;
        String str4 = null;
        String str5 = null;
        String str6 = null;
        boolean z2 = false;
        try {
            sSOToken = (SSOToken) fMSubjectMapper.mapToNativeSubject(request.getSubjects());
            if (sSOToken == null) {
                str3 = "urn:oasis:names:tc:xacml:1.0:status:missing-attribute";
                z = true;
            } else if (XACMLSDKUtils.debug.messageEnabled()) {
                XACMLSDKUtils.debug.message("XACMLAuthzDecisionQueryHandler.handleQuery(),created ssoToken");
            }
            if (sSOToken != null) {
                List resources = request.getResources();
                Resource resource2 = null;
                if (!resources.isEmpty()) {
                    resource2 = (Resource) resources.get(0);
                }
                if (resource2 != null && (mapToNativeResource = fMResourceMapper.mapToNativeResource(resource2)) != null) {
                    if (mapToNativeResource.length > 0) {
                        str4 = mapToNativeResource[0];
                    }
                    if (mapToNativeResource.length > 1) {
                        str5 = mapToNativeResource[1];
                    }
                }
                if (str4 == null) {
                    str3 = "urn:oasis:names:tc:xacml:1.0:status:missing-attribute";
                    z = true;
                }
                if (str5 == null) {
                    throw new SAML2Exception(XACMLSDKUtils.xacmlResourceBundle.getString("missing_attribute"));
                }
            }
            if (str5 != null) {
                if (str5 != null) {
                    str6 = fMActionMapper.mapToNativeAction(request.getAction(), str5);
                }
                if (str6 == null) {
                    str3 = "urn:oasis:names:tc:xacml:1.0:status:missing-attribute";
                    z = true;
                }
            }
        } catch (XACMLException e) {
            str3 = "urn:oasis:names:tc:xacml:1.0:status:missing-attribute";
            z = true;
            if (XACMLSDKUtils.debug.warningEnabled()) {
                XACMLSDKUtils.debug.warning("XACMLAuthzDecisionQueryHandler.handleQuery(),caught exception", e);
            }
        }
        if (!z) {
            try {
                z2 = new PolicyEvaluator(str5).isAllowed(sSOToken, str4, str6, (Map) null);
            } catch (PolicyException e2) {
                if (XACMLSDKUtils.debug.warningEnabled()) {
                    XACMLSDKUtils.debug.warning("XACMLAuthzDecisionQueryHandler.handleQuery(),caught exception", e2);
                }
                z = true;
            } catch (SSOException e3) {
                if (XACMLSDKUtils.debug.warningEnabled()) {
                    XACMLSDKUtils.debug.warning("XACMLAuthzDecisionQueryHandler.handleQuery(),caught exception", e3);
                }
                z = true;
            }
        }
        Decision createDecision = ContextFactory.getInstance().createDecision();
        Status createStatus = ContextFactory.getInstance().createStatus();
        StatusCode createStatusCode = ContextFactory.getInstance().createStatusCode();
        StatusMessage createStatusMessage = ContextFactory.getInstance().createStatusMessage();
        StatusDetail createStatusDetail = ContextFactory.getInstance().createStatusDetail();
        createStatusDetail.getElement().insertBefore(createStatusDetail.getElement().cloneNode(true), null);
        if (z) {
            createDecision.setValue("Indeterminate");
            if (str3 == null) {
                str3 = "urn:oasis:names:tc:xacml:1.0:status:processing-error";
            }
            createStatusCode.setValue(str3);
            createStatusMessage.setValue("processing_error");
        } else if (z2) {
            createDecision.setValue("Permit");
            createStatusCode.setValue("urn:oasis:names:tc:xacml:1.0:status:ok");
            createStatusMessage.setValue("ok");
        } else {
            createDecision.setValue("Deny");
            createStatusCode.setValue("urn:oasis:names:tc:xacml:1.0:status:ok");
            createStatusMessage.setValue("ok");
        }
        Result createResult = ContextFactory.getInstance().createResult();
        String str7 = str4;
        List resources2 = request.getResources();
        if (!resources2.isEmpty() && (resource = (Resource) resources2.get(0)) != null && (attributes = resource.getAttributes()) != null) {
            int i = 0;
            while (true) {
                if (i < attributes.size()) {
                    Attribute attribute = (Attribute) attributes.get(i);
                    if (attribute != null && attribute.getAttributeId().toString().equals("ResourceId")) {
                        str7 = XMLUtils.getElementValue((Element) attribute.getAttributeValues().get(0));
                        break;
                    }
                    i++;
                } else {
                    break;
                }
            }
        }
        createResult.setResourceId(str7);
        createResult.setDecision(createDecision);
        createStatus.setStatusCode(createStatusCode);
        createStatus.setStatusMessage(createStatusMessage);
        createStatus.setStatusDetail(createStatusDetail);
        createResult.setStatus(createStatus);
        com.sun.identity.xacml.context.Response createResponse = ContextFactory.getInstance().createResponse();
        createResponse.addResult(createResult);
        XACMLAuthzDecisionStatement createXACMLAuthzDecisionStatement = ContextFactory.getInstance().createXACMLAuthzDecisionStatement();
        createXACMLAuthzDecisionStatement.setResponse(createResponse);
        if (returnContext) {
            createXACMLAuthzDecisionStatement.setRequest(request);
        }
        Response createSamlpResponse = createSamlpResponse(createXACMLAuthzDecisionStatement, createStatus.getStatusCode().getValue());
        if (XACMLSDKUtils.debug.messageEnabled()) {
            XACMLSDKUtils.debug.message("XACMLAuthzDecisionQueryHandler.handleQuery(), returning:samlResponse=\n" + createSamlpResponse.toXMLString(true, true));
        }
        return createSamlpResponse;
    }

    private Response createSamlpResponse(XACMLAuthzDecisionStatement xACMLAuthzDecisionStatement, String str) throws XACMLException, SAML2Exception {
        Response createResponse = ProtocolFactory.getInstance().createResponse();
        createResponse.setID("response-id:1");
        createResponse.setVersion("2.0");
        createResponse.setIssueInstant(Time.newDate());
        com.sun.identity.saml2.protocol.StatusCode createStatusCode = ProtocolFactory.getInstance().createStatusCode();
        createStatusCode.setValue(str);
        com.sun.identity.saml2.protocol.Status createStatus = ProtocolFactory.getInstance().createStatus();
        createStatus.setStatusCode(createStatusCode);
        createResponse.setStatus(createStatus);
        Assertion createAssertion = AssertionFactory.getInstance().createAssertion();
        createAssertion.setVersion("2.0");
        createAssertion.setID("response-id:1");
        createAssertion.setIssueInstant(Time.newDate());
        Issuer createIssuer = AssertionFactory.getInstance().createIssuer();
        createIssuer.setValue("issuer-1");
        createAssertion.setIssuer(createIssuer);
        ArrayList arrayList = new ArrayList();
        arrayList.add(xACMLAuthzDecisionStatement.toXMLString(true, true));
        createAssertion.setStatements(arrayList);
        ArrayList arrayList2 = new ArrayList();
        arrayList2.add(createAssertion);
        createResponse.setAssertion(arrayList2);
        return createResponse;
    }
}
