package org.forgerock.openam.entitlement.rest;

import com.sun.identity.entitlement.EntitlementException;
import com.sun.identity.entitlement.Privilege;
import com.sun.identity.entitlement.PrivilegeManager;
import com.sun.identity.entitlement.util.SearchFilter;
import com.sun.identity.entitlement.xacml3.SearchFilterFactory;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.forgerock.json.JsonPointer;
import org.forgerock.json.resource.QueryRequest;
import org.forgerock.openam.entitlement.rest.query.QueryAttribute;
import org.forgerock.openam.entitlement.rest.query.QueryFilterVisitorAdapter;
import org.forgerock.openam.utils.StringUtils;
import org.forgerock.util.query.QueryFilter;

/* loaded from: input_file:org/forgerock/openam/entitlement/rest/PrivilegePolicyStore.class */
final class PrivilegePolicyStore implements PolicyStore {
    private static final int DEFAULT_QUERY_TIME_LIMIT_SECONDS = 0;
    private final Map<String, QueryAttribute> queryAttributes;
    private final PrivilegeManager privilegeManager;

    /* loaded from: input_file:org/forgerock/openam/entitlement/rest/PrivilegePolicyStore$PrivilegeQueryBuilder.class */
    private static final class PrivilegeQueryBuilder extends QueryFilterVisitorAdapter {
        PrivilegeQueryBuilder(Map<String, QueryAttribute> map) {
            super("policy", map);
        }

        @Override // org.forgerock.openam.entitlement.rest.query.QueryFilterVisitorAdapter
        public Set<SearchFilter> visitEqualsFilter(Set<SearchFilter> set, JsonPointer jsonPointer, Object obj) {
            set.add(comparison(jsonPointer.leaf(), SearchFilter.Operator.EQUALS_OPERATOR, obj));
            return set;
        }

        @Override // org.forgerock.openam.entitlement.rest.query.QueryFilterVisitorAdapter
        public Set<SearchFilter> visitGreaterThanFilter(Set<SearchFilter> set, JsonPointer jsonPointer, Object obj) {
            set.add(comparison(jsonPointer.leaf(), SearchFilter.Operator.GREATER_THAN_OPERATOR, obj));
            return set;
        }

        @Override // org.forgerock.openam.entitlement.rest.query.QueryFilterVisitorAdapter
        public Set<SearchFilter> visitGreaterThanOrEqualToFilter(Set<SearchFilter> set, JsonPointer jsonPointer, Object obj) {
            set.add(comparison(jsonPointer.leaf(), SearchFilter.Operator.GREATER_THAN_OR_EQUAL_OPERATOR, obj));
            return set;
        }

        @Override // org.forgerock.openam.entitlement.rest.query.QueryFilterVisitorAdapter
        public Set<SearchFilter> visitLessThanFilter(Set<SearchFilter> set, JsonPointer jsonPointer, Object obj) {
            set.add(comparison(jsonPointer.leaf(), SearchFilter.Operator.LESS_THAN_OPERATOR, obj));
            return set;
        }

        @Override // org.forgerock.openam.entitlement.rest.query.QueryFilterVisitorAdapter
        public Set<SearchFilter> visitLessThanOrEqualToFilter(Set<SearchFilter> set, JsonPointer jsonPointer, Object obj) {
            set.add(comparison(jsonPointer.leaf(), SearchFilter.Operator.LESS_THAN_OR_EQUAL_OPERATOR, obj));
            return set;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public PrivilegePolicyStore(PrivilegeManager privilegeManager, Map<String, QueryAttribute> map) {
        this.privilegeManager = privilegeManager;
        this.queryAttributes = map;
    }

    @Override // org.forgerock.openam.entitlement.rest.PolicyStore
    public Privilege read(String str) throws EntitlementException {
        Privilege findByName = this.privilegeManager.findByName(str);
        if (findByName == null) {
            throw new EntitlementException(203, new Object[]{str});
        }
        return findByName;
    }

    @Override // org.forgerock.openam.entitlement.rest.PolicyStore
    public Privilege create(Privilege privilege) throws EntitlementException {
        this.privilegeManager.add(privilege);
        return privilege;
    }

    @Override // org.forgerock.openam.entitlement.rest.PolicyStore
    public Privilege update(String str, Privilege privilege) throws EntitlementException {
        this.privilegeManager.modify(str, privilege);
        return privilege;
    }

    @Override // org.forgerock.openam.entitlement.rest.PolicyStore
    public void delete(String str) throws EntitlementException {
        this.privilegeManager.remove(str);
    }

    @Override // org.forgerock.openam.entitlement.rest.PolicyStore
    public List<Privilege> query(QueryRequest queryRequest) throws EntitlementException {
        String queryId = queryRequest.getQueryId();
        if (StringUtils.isNotBlank(queryId)) {
            if (!queryId.equals("queryByIdentityUid")) {
                throw new EntitlementException(454, new Object[]{queryId});
            }
            String additionalParameter = queryRequest.getAdditionalParameter("uid");
            if (StringUtils.isBlank(additionalParameter)) {
                throw new EntitlementException(456);
            }
            return this.privilegeManager.findAllPoliciesByIdentityUid(additionalParameter);
        }
        QueryFilter queryFilter = queryRequest.getQueryFilter();
        if (queryFilter == null) {
            queryFilter = QueryFilter.alwaysTrue();
        }
        try {
            return this.privilegeManager.search((Set) queryFilter.accept(new PrivilegeQueryBuilder(this.queryAttributes), new HashSet()));
        } catch (IllegalArgumentException e) {
            throw new EntitlementException(ApplicationsResource.UNAUTHORIZED, new Object[]{e.getMessage()});
        } catch (UnsupportedOperationException e2) {
            throw new EntitlementException(SearchFilterFactory.INVALID_SEARCH_FILTER, new Object[]{e2.getMessage()});
        }
    }
}
