package com.sun.identity.policy.plugins;

import com.iplanet.security.x509.CertUtils;
import com.iplanet.sso.SSOException;
import com.iplanet.sso.SSOToken;
import com.sun.identity.common.SystemConfigurationUtil;
import com.sun.identity.policy.InvalidNameException;
import com.sun.identity.policy.PolicyException;
import com.sun.identity.policy.Syntax;
import com.sun.identity.policy.ValidValues;
import com.sun.identity.policy.interfaces.Subject;
import com.sun.identity.saml.xmlsig.KeyProvider;
import com.sun.identity.shared.debug.Debug;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Locale;
import java.util.Map;
import java.util.Set;
import java.util.StringTokenizer;

/* loaded from: input_file:com/sun/identity/policy/plugins/WebServicesClients.class */
public class WebServicesClients implements Subject {
    private Set selectedWebServicesClients = Collections.EMPTY_SET;
    private static final String RESOURCE_BUNDLE = "fmWebServicesClients";
    private static Debug debug = Debug.getInstance(RESOURCE_BUNDLE);

    public void WebServicesClients() {
    }

    public void initialize(Map map) {
    }

    public Syntax getValueSyntax(SSOToken sSOToken) {
        return Syntax.MULTIPLE_CHOICE;
    }

    public ValidValues getValidValues(SSOToken sSOToken) throws SSOException, PolicyException {
        return getValidValues(sSOToken, "*");
    }

    public ValidValues getValidValues(SSOToken sSOToken, String str) throws SSOException, PolicyException {
        KeyProvider keyProvider;
        KeyStore keyStore;
        HashSet hashSet = new HashSet();
        try {
            try {
                keyProvider = (KeyProvider) Class.forName(SystemConfigurationUtil.getProperty("com.sun.identity.saml.xmlsig.keyprovider.class", "com.sun.identity.saml.xmlsig.JKSKeyProvider")).newInstance();
            } catch (ClassNotFoundException e) {
                debug.error("WebServicesClients.getValidValues():  Couldn't find the class.", e);
                keyProvider = null;
            } catch (IllegalAccessException e2) {
                debug.error("WebServicesClients.getValidValues():  Couldn't access the default constructor.", e2);
                keyProvider = null;
            } catch (InstantiationException e3) {
                debug.error("WebServicesClients.getValidValues():  Couldn't instantiate the key provider instance.", e3);
                keyProvider = null;
            }
            if (keyProvider != null && (keyStore = keyProvider.getKeyStore()) != null) {
                Enumeration<String> aliases = keyStore.aliases();
                while (aliases.hasMoreElements()) {
                    String nextElement = aliases.nextElement();
                    if (debug.messageEnabled()) {
                        debug.message("WSClient.getValidValues: alias=" + nextElement);
                    }
                    if (keyStore.isCertificateEntry(nextElement)) {
                        debug.message("WSClient.getValidValues: alias is trusted.");
                        X509Certificate x509Certificate = (X509Certificate) keyStore.getCertificate(nextElement);
                        if (x509Certificate != null) {
                            debug.message("WSClient.getValidValues:cert not null");
                            String subjectName = CertUtils.getSubjectName(x509Certificate);
                            if (subjectName != null && subjectName.length() != 0) {
                                hashSet.add(subjectName);
                            }
                        } else {
                            debug.message("WSClient.getValidValues: cert is null");
                        }
                    } else {
                        debug.message("WSClient.getValidValues:alias not trusted.");
                    }
                }
            }
            return new ValidValues(0, hashSet);
        } catch (KeyStoreException e4) {
            if (debug.warningEnabled()) {
                debug.warning("WebServicesClients: couldn't get subjects", e4);
            }
            throw new PolicyException("amPolicy", "can_not_get_subject_values", new String[]{e4.getMessage()}, e4);
        }
    }

    public String getDisplayNameForValue(String str, Locale locale) {
        return str;
    }

    public Set getValues() {
        return this.selectedWebServicesClients;
    }

    public void setValues(Set set) throws InvalidNameException {
        if (set == null) {
            debug.error("WebServicesClients.setValues(): Invalid names");
            throw new InvalidNameException(RESOURCE_BUNDLE, "webservicesclients_subject_invalid_user_names", (Object[]) null, "null", 5);
        }
        this.selectedWebServicesClients = new HashSet();
        this.selectedWebServicesClients.addAll(set);
        if (debug.messageEnabled()) {
            debug.message("WebServicesClients.setValues(): selected web service clients names=" + this.selectedWebServicesClients);
        }
    }

    public boolean isMember(SSOToken sSOToken) throws SSOException, PolicyException {
        if (this.selectedWebServicesClients.contains(sSOToken.getPrincipal().getName())) {
            debug.message("WebServicesClients.isMemeber():principal is member");
            return true;
        }
        String property = sSOToken.getProperty("Principals");
        new HashSet();
        if (property == null || property.length() == 0) {
            return false;
        }
        StringTokenizer stringTokenizer = new StringTokenizer(property, "|");
        while (stringTokenizer.hasMoreTokens()) {
            if (this.selectedWebServicesClients.contains(stringTokenizer.nextToken())) {
                if (!debug.messageEnabled()) {
                    return true;
                }
                debug.message("WebServicesClients.isMemeber(): principals is member.");
                return true;
            }
        }
        return false;
    }

    public boolean equals(Object obj) {
        if (!(obj instanceof WebServicesClients)) {
            return false;
        }
        WebServicesClients webServicesClients = (WebServicesClients) obj;
        return (this.selectedWebServicesClients == null || webServicesClients.selectedWebServicesClients == null || !this.selectedWebServicesClients.equals(webServicesClients.selectedWebServicesClients)) ? false : true;
    }

    public Object clone() {
        try {
            WebServicesClients webServicesClients = (WebServicesClients) super.clone();
            if (this.selectedWebServicesClients != null) {
                webServicesClients.selectedWebServicesClients = new HashSet();
                webServicesClients.selectedWebServicesClients.addAll(this.selectedWebServicesClients);
            }
            return webServicesClients;
        } catch (CloneNotSupportedException e) {
            throw new InternalError();
        }
    }

    public int hashCode() {
        return super.hashCode();
    }
}
