package com.sun.identity.liberty.ws.idpp.plugin;

import com.iplanet.sso.SSOToken;
import com.sun.identity.liberty.ws.interfaces.Authorizer;
import com.sun.identity.policy.ActionDecision;
import com.sun.identity.policy.PolicyDecision;
import com.sun.identity.policy.PolicyEvaluator;
import com.sun.identity.shared.debug.Debug;
import com.sun.identity.shared.locale.Locale;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.ResourceBundle;
import java.util.Set;

/* loaded from: input_file:com/sun/identity/liberty/ws/idpp/plugin/IDPPAuthorizer.class */
public class IDPPAuthorizer implements Authorizer {
    private static ResourceBundle bundle = Locale.getInstallResourceBundle("fmPersonalProfile");
    private static Debug debug = Debug.getInstance("libIDWSF");
    private static PolicyEvaluator evaluator;

    public boolean isAuthorized(Object obj, String str, Object obj2, Map map) {
        return false;
    }

    public Object getAuthorizationDecision(Object obj, String str, Object obj2, Map map) throws Exception {
        debug.message("IDPPAuthorizer.getAuthorizationDecision:Init");
        if (obj == null || str == null || obj2 == null) {
            debug.error("IDPPAuthorizer.isAuthorized:null input");
            throw new Exception(bundle.getString("nullInputParams"));
        }
        try {
            SSOToken sSOToken = (SSOToken) obj;
            String str2 = (String) obj2;
            HashSet hashSet = new HashSet(1);
            hashSet.add(str);
            HashMap hashMap = null;
            String str3 = (String) map.get("userID");
            if (debug.messageEnabled()) {
                debug.message("IDPPAuthorizer.getAuthorizationDecision: uid=" + str3);
            }
            if (str3 != null && str3.length() != 0) {
                HashSet hashSet2 = new HashSet();
                hashSet2.add(str3);
                hashMap = new HashMap();
                hashMap.put("invocatorPrincipalUuid", hashSet2);
            }
            PolicyDecision policyDecision = evaluator.getPolicyDecision(sSOToken, str2, hashSet, hashMap);
            if (policyDecision == null) {
                if (!debug.messageEnabled()) {
                    return "deny";
                }
                debug.message("IDPPAuthorizer.getAuthorizationDecision:PolicyDecision is null");
                return "deny";
            }
            ActionDecision actionDecision = (ActionDecision) policyDecision.getActionDecisions().get(str);
            if (actionDecision == null) {
                if (!debug.messageEnabled()) {
                    return "deny";
                }
                debug.message("IDPPAuthorizer.getAuthorizationDecision:ActionDecision is null");
                return "deny";
            }
            Set values = actionDecision.getValues();
            if (values != null && !values.isEmpty()) {
                if (debug.messageEnabled()) {
                    debug.message("IDPPAuthorizer.getAuthorizationDecision: action values:" + values);
                }
                return values.contains("deny") ? "deny" : values.contains("interactForValue") ? "interactForValue" : values.contains("interactForConsent") ? "interactForConsent" : (String) values.iterator().next();
            }
            if (!debug.messageEnabled()) {
                return "deny";
            }
            debug.message("IDPPAuthorizer.getAuthorizationDecision:values are null");
            return "deny";
        } catch (Exception e) {
            debug.error("IDPPAuthorizer.getAuthorizationDecision:Exception during authorization.", e);
            throw e;
        }
    }

    static {
        evaluator = null;
        try {
            evaluator = new PolicyEvaluator("sunIdentityServerLibertyPPService");
        } catch (Exception e) {
            debug.error("IDPPAuthorizer:Static Init failed", e);
        }
    }
}
