package org.forgerock.openam.entitlement.conditions.environment;

import com.iplanet.sso.SSOToken;
import com.sun.identity.common.CaseInsensitiveHashSet;
import com.sun.identity.entitlement.ConditionDecision;
import com.sun.identity.entitlement.EntitlementConditionAdaptor;
import com.sun.identity.entitlement.EntitlementException;
import com.sun.identity.entitlement.PrivilegeManager;
import com.sun.identity.shared.debug.Debug;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import javax.security.auth.Subject;
import org.forgerock.openam.utils.StringUtils;
import org.json.JSONException;
import org.json.JSONObject;

/* loaded from: input_file:org/forgerock/openam/entitlement/conditions/environment/AuthenticateToRealmCondition.class */
public class AuthenticateToRealmCondition extends EntitlementConditionAdaptor {
    private static final String AUTHENTICATE_TO_REALM_ATTR = "authenticateToRealm";
    private final Debug debug;
    private final EntitlementCoreWrapper entitlementCoreWrapper;
    private String authenticateToRealm;

    public AuthenticateToRealmCondition() {
        this(PrivilegeManager.debug, new EntitlementCoreWrapper());
    }

    AuthenticateToRealmCondition(Debug debug, EntitlementCoreWrapper entitlementCoreWrapper) {
        this.debug = debug;
        this.entitlementCoreWrapper = entitlementCoreWrapper;
    }

    public void setState(String str) {
        try {
            JSONObject jSONObject = new JSONObject(str);
            setState(jSONObject);
            this.authenticateToRealm = jSONObject.getString(AUTHENTICATE_TO_REALM_ATTR);
        } catch (JSONException e) {
            this.debug.message("AuthenticateToRealmCondition: Failed to set state", e);
        }
    }

    public String getState() {
        return toString();
    }

    public ConditionDecision evaluate(String str, Subject subject, String str2, Map<String, Set<String>> map) throws EntitlementException {
        CaseInsensitiveHashSet caseInsensitiveHashSet = new CaseInsensitiveHashSet();
        if (map.get(ConditionConstants.REQUEST_AUTHENTICATED_TO_REALMS) != null) {
            caseInsensitiveHashSet.addAll(map.get(ConditionConstants.REQUEST_AUTHENTICATED_TO_REALMS));
            if (this.debug.messageEnabled()) {
                this.debug.message("At AuthenticateToRealmCondition.getConditionDecision(): requestAuthnRealms, from request = " + caseInsensitiveHashSet);
            }
        } else {
            Set<String> set = null;
            SSOToken sSOToken = subject == null ? null : (SSOToken) subject.getPrivateCredentials().iterator().next();
            if (sSOToken != null) {
                set = this.entitlementCoreWrapper.getAuthenticatedRealms(sSOToken);
            }
            if (set != null) {
                caseInsensitiveHashSet.addAll(set);
            }
            if (this.debug.messageEnabled()) {
                this.debug.message("At AuthenticateToRealmCondition.getConditionDecision(): requestAuthnRealms, from ssoToken = " + caseInsensitiveHashSet);
            }
        }
        boolean z = true;
        HashMap hashMap = new HashMap();
        HashSet hashSet = new HashSet(1);
        if (!caseInsensitiveHashSet.contains(this.authenticateToRealm)) {
            z = false;
            hashSet.add(this.authenticateToRealm);
            hashMap.put(ConditionConstants.AUTHENTICATE_TO_REALM_CONDITION_ADVICE, hashSet);
            if (this.debug.messageEnabled()) {
                this.debug.message("At AuthenticateToRealmCondition.getConditionDecision():authenticateToRealm not satisfied = " + this.authenticateToRealm);
            }
        }
        if (this.debug.messageEnabled()) {
            this.debug.message("At AuthenticateToRealmCondition.getConditionDecision():authenticateToRealm = " + this.authenticateToRealm + ",requestAuthnRealms = " + caseInsensitiveHashSet + ",  allowed = " + z);
        }
        return new ConditionDecision(z, hashMap);
    }

    private JSONObject toJSONObject() throws JSONException {
        JSONObject jSONObject = new JSONObject();
        toJSONObject(jSONObject);
        jSONObject.put(AUTHENTICATE_TO_REALM_ATTR, this.authenticateToRealm);
        return jSONObject;
    }

    public String toString() {
        String str = null;
        try {
            str = toJSONObject().toString(2);
        } catch (JSONException e) {
            PrivilegeManager.debug.error("AuthenticateToRealmCondition.toString()", e);
        }
        return str;
    }

    public String getAuthenticateToRealm() {
        return this.authenticateToRealm;
    }

    public void setAuthenticateToRealm(String str) {
        this.authenticateToRealm = str;
    }

    public void validate() throws EntitlementException {
        if (StringUtils.isBlank(this.authenticateToRealm)) {
            throw new EntitlementException(711, new Object[]{ConditionConstants.AUTHENTICATE_TO_REALM});
        }
    }

    public boolean equals(Object obj) {
        if (super.equals(obj) && getClass().equals(obj.getClass())) {
            return StringUtils.compareCaseInsensitiveString(this.authenticateToRealm, ((AuthenticateToRealmCondition) obj).authenticateToRealm);
        }
        return false;
    }

    public int hashCode() {
        int hashCode = super.hashCode();
        if (this.authenticateToRealm != null) {
            hashCode = (31 * hashCode) + this.authenticateToRealm.toLowerCase().hashCode();
        }
        return hashCode;
    }
}
