package oracle.idm.provisioning.approval;

import java.util.ArrayList;
import java.util.Date;
import java.util.Hashtable;
import java.util.List;
import java.util.ListIterator;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.SearchControls;
import oracle.idm.policy.IPolicyTrustee;
import oracle.ldap.util.Group;
import oracle.ldap.util.PropertySetCollection;
import oracle.ldap.util.Util;
import oracle.ldap.util.UtilDebug;
import oracle.ldap.util.UtilException;
import oracle.ldap.util.provisioning.ProvisioningConstants;

/* loaded from: input_file:oracle/idm/provisioning/approval/ApprovalStrategy.class */
public abstract class ApprovalStrategy {
    public static String SYSTEM_APPROVER = "SYSTEM_APPROVER";
    public static String CONTEXT_KEY_DEBUG = "DEBUG";
    public static String CONTEXT_KEY_SESSION = "SESSION";
    public static String ORIGINATOR_ROLE = "requestor";
    public static String APPROVER_ROLE = "approver";
    public static String USER_ACTION_APPROVE = "approve";
    public static String USER_ACTION_REJECT = "reject";
    public static String USER_ACTION_CANCEL = "cancel";
    public static String DATA_FROM_APPROVED_REQ = "approved_req";
    protected static String requestBase = "cn=requests, cn=provisioning, cn=directory integration platform, cn=products, cn=oraclecontext";
    private static String policyBase = "cn=applications, cn=provisioning, cn=directory integration platform, cn=products, cn=oraclecontext";
    protected DirContext m_dirctx = null;
    protected boolean m_cache = false;
    protected Hashtable m_cachedPolicies = null;
    protected String m_source = null;
    private String MANAGER_ATTR = IPolicyTrustee.MANAGER_TRUSTEE;

    public abstract ApprovalCheckContext checkForApproval(RequestOperationData requestOperationData, Object obj) throws NamingException, InvalidRequestException, ApprovalProcessException;

    public abstract Object processRequest(Object obj, String str, String str2, Object obj2) throws IllegalArgumentException, NamingException, ApprovalProcessException;

    public abstract ModRequest approveForLevel(String str, String str2, String str3, int i, int i2) throws IllegalArgumentException, NamingException, ApprovalProcessException;

    public abstract void approveRequest(String str, String str2, String str3) throws IllegalArgumentException, NamingException, ApprovalProcessException;

    public abstract void rejectRequest(String str, String str2, String str3) throws IllegalArgumentException, NamingException, ApprovalProcessException;

    public abstract List getRequestsToNotify(String str, Object obj) throws IllegalArgumentException, NamingException, ApprovalProcessException;

    public abstract void updateNotifiedRequest(String str, String str2) throws NamingException, ApprovalProcessException;

    public abstract List getRequestsForUser(String str, RequestSearchCriteria requestSearchCriteria, String str2) throws NamingException, ApprovalProcessException;

    public abstract Request getRequest(String str, String str2, String str3) throws NamingException, ApprovalProcessException;

    public abstract Approvers getApproversForLevel(String str, String str2, String str3, int i) throws NamingException, ApprovalProcessException;

    public abstract List getAllApprovers(String str, String str2, String str3) throws NamingException, ApprovalProcessException;

    public abstract List getAllowedActions(String str, String str2, String str3) throws NamingException, ApprovalProcessException;

    public void setDirectoryCtx(DirContext dirContext) {
        this.m_dirctx = dirContext;
    }

    public void cachePolicies(boolean z) {
        this.m_cache = z;
        if (this.m_cache) {
            if (this.m_cachedPolicies == null) {
                this.m_cachedPolicies = new Hashtable(5);
            } else {
                this.m_cachedPolicies.clear();
            }
        } else if (this.m_cachedPolicies != null) {
            this.m_cachedPolicies.clear();
            this.m_cachedPolicies = null;
        }
        UtilDebug.log(UtilDebug.MODE_ALL, "ApprovalStrategy.cachePolicies:", new StringBuffer().append("Changed cache mode to ").append(z).toString());
    }

    public boolean clearCache(String str) {
        boolean z = true;
        if (str == null) {
            this.m_cachedPolicies.clear();
        } else if (((ArrayList) this.m_cachedPolicies.remove(str)) == null) {
            z = false;
        }
        return z;
    }

    public void setApprovalStrategyContext(String str, Object obj) {
    }

    public String getRequestStatus(String str, String str2) throws NamingException, IllegalArgumentException, ApprovalProcessException {
        return RequestDAOFactory.getDAO(this.m_dirctx, requestBase).getRequestStatus(str, str2);
    }

    public void cancelRequest(String str, String str2, String str3) throws IllegalArgumentException, NamingException, ApprovalProcessException {
        boolean z;
        if (str3 == null || str == null || str2 == null) {
            String stringBuffer = new StringBuffer().append("Invalid arguments toApprovalStrategy.cancelRequest: processor: ").append(str3).append(", id: ").append(str).append(", app: ").append(str2).toString();
            UtilDebug.log(UtilDebug.MODE_ALL, "ApprovalStrategy.cancelRequest:", stringBuffer);
            throw new IllegalArgumentException(stringBuffer);
        }
        Request request = getRequest(str, str2, Request.REQUEST_ALL_DATA);
        if (request == null) {
            String stringBuffer2 = new StringBuffer().append("Can not find request to cancel, id: ").append(str).append(", app: ").append(str2).toString();
            UtilDebug.log(UtilDebug.MODE_ALL, "ApprovalStrategy.cancelRequest:", stringBuffer2);
            throw new ApprovalProcessException(stringBuffer2);
        }
        try {
            z = getAllActions(str3, request).contains(USER_ACTION_CANCEL);
        } catch (Exception e) {
            z = false;
        }
        if (!z) {
            String stringBuffer3 = new StringBuffer().append("Can not cancel request id: ").append(str).append(", app: ").append(str2).append(" because it is either not in a pending state or because the user does not have necessary privileges.").toString();
            UtilDebug.log(UtilDebug.MODE_ALL, "ApprovalStrategy.cancelRequest:", stringBuffer3);
            throw new ApprovalProcessException(stringBuffer3);
        }
        if (z) {
            try {
                ModRequest modRequest = new ModRequest(str, str2);
                modRequest.setStatus(Request.REQUEST_CANCELLED);
                modRequest.setDeleteProcessingStatus(true);
                new RequestProcessingHistory(str3, Request.REQUEST_CANCELLED, new Date());
                RequestDAOFactory.getDAO(this.m_dirctx, requestBase).modifyRequest(modRequest);
            } catch (IllegalArgumentException e2) {
                throw new ApprovalProcessException(e2.getMessage());
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Request getRequest(String str, String str2, int i) throws IllegalArgumentException, NamingException, ApprovalProcessException {
        return RequestDAOFactory.getDAO(this.m_dirctx, requestBase).getRequest(str, str2, i);
    }

    protected boolean isApprovalNeeded(RequestOperationData requestOperationData) throws NamingException, InvalidRequestException {
        if (requestOperationData == null) {
            UtilDebug.log(UtilDebug.MODE_ALL, "ApprovalStrategy.isApprovalNeeded:", "Null request passed to ApprovalStrategy:isApprovalNeeded.");
            throw new InvalidRequestException("Null request passed to ApprovalStrategy:isApprovalNeeded.");
        }
        try {
            String targetApp = requestOperationData.getTargetApp();
            String operation = requestOperationData.getOperation();
            UtilDebug.log(UtilDebug.MODE_ALL, "ApprovalStrategy.isApprovalNeeded:", new StringBuffer().append("Getting approval policies for app: ").append(targetApp).append(", operation: ").append(operation).toString());
            return isApprovalNeeded(requestOperationData, getApprovalPolicies(targetApp, operation));
        } catch (IllegalArgumentException e) {
            UtilDebug.log(UtilDebug.MODE_ALL, "ApprovalStrategy.isApprovalNeeded:", (Exception) e);
            throw new InvalidRequestException(e.getMessage());
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean checkUserAccess(String str, Request request) throws NamingException, InvalidRequestException {
        if (request == null || str == null) {
            UtilDebug.log(UtilDebug.MODE_ALL, "ApprovalStrategy.checkUserAccess:", new StringBuffer().append("Invalid request or user: ").append(str).toString());
            return false;
        }
        if (str.equalsIgnoreCase(SYSTEM_APPROVER)) {
            UtilDebug.log(UtilDebug.MODE_ALL, "ApprovalStrategy.checkUserAccess:", "SYSTEM_APPROVER is valid approver.");
            return true;
        }
        boolean z = false;
        String originator = request.getOriginator();
        if (originator != null && Util.normalizeDN(str).equalsIgnoreCase(Util.normalizeDN(originator))) {
            z = true;
        }
        if (!z) {
            z = isValidApprover(request, str);
        }
        return z;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean isValidApprover(Request request, String str) throws NamingException, InvalidRequestException {
        List approverGroups;
        List approverUids;
        if (request == null || str == null) {
            UtilDebug.log(UtilDebug.MODE_ALL, "ApprovalStrategy.isValidApprover:", new StringBuffer().append("Invalid request or approver: ").append(str).toString());
            return false;
        }
        if (str.equalsIgnoreCase(SYSTEM_APPROVER)) {
            UtilDebug.log(UtilDebug.MODE_ALL, "ApprovalStrategy.isValidApprover:", "SYSTEM_APPROVER is valid approver.");
            return true;
        }
        boolean isAdmin = isAdmin(str);
        if (!isAdmin && (approverUids = request.getApproverUids()) != null) {
            String normalizeDN = Util.normalizeDN(str);
            ListIterator listIterator = approverUids.listIterator();
            while (true) {
                if (!listIterator.hasNext()) {
                    break;
                }
                if (normalizeDN.equalsIgnoreCase(Util.normalizeDN((String) listIterator.next()))) {
                    isAdmin = true;
                    break;
                }
            }
        }
        if (!isAdmin && (approverGroups = request.getApproverGroups()) != null) {
            ListIterator listIterator2 = approverGroups.listIterator();
            while (listIterator2.hasNext()) {
                String str2 = (String) listIterator2.next();
                try {
                    isAdmin = new Group(Util.IDTYPE_DN, str2).isMember(this.m_dirctx, str, true);
                } catch (UtilException e) {
                    UtilDebug.log(UtilDebug.MODE_ALL, "ApprovalStrategy.isValidApprover:", new StringBuffer().append("Exception while resolveing group membership for ").append(str).append(", group: ").append(str2).append(", request: ").append(request.getID()).append(", exception: ").append(e.getMessage()).toString());
                }
                if (isAdmin) {
                    break;
                }
            }
        }
        if (isAdmin) {
            UtilDebug.log(UtilDebug.MODE_ALL, "ApprovalStrategy.isValidApprover:", new StringBuffer().append("Valid approver: ").append(str).append(", request: ").append(request.getID()).toString());
        }
        return isAdmin;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public List getCreatedRequests(String str, RequestSearchCriteria requestSearchCriteria, int i) throws NamingException, ApprovalProcessException {
        return RequestDAOFactory.getDAO(this.m_dirctx, requestBase).getCreatedRequests(str, requestSearchCriteria, i);
    }

    protected List getRequestsWCriteria(RequestSearchCriteria requestSearchCriteria, int i) throws NamingException, ApprovalProcessException {
        return RequestDAOFactory.getDAO(this.m_dirctx, requestBase).getRequestsWCriteria(requestSearchCriteria, i);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public List getPendingRequestsToApprove(String str, int i) throws NamingException, ApprovalProcessException {
        ArrayList arrayList = null;
        try {
            PropertySetCollection groupMembership = Util.getGroupMembership(this.m_dirctx, str, new String[]{ProvisioningConstants.NEWDN_VALUE}, true);
            int size = groupMembership.size();
            if (size > 0) {
                arrayList = new ArrayList();
                for (int i2 = 0; i2 < size; i2++) {
                    arrayList.add(groupMembership.getPropertySet(i2).getDN());
                }
            }
            return RequestDAOFactory.getDAO(this.m_dirctx, requestBase).getPendingRequestsToApprove(str, arrayList, i);
        } catch (UtilException e) {
            UtilDebug.log(UtilDebug.MODE_ALL, "ApprovalStrategy.isValidApprover:", new StringBuffer().append("Exception while getting group membership for user: ").append(str).append(", exception: ").append(e.getMessage()).toString());
            throw new ApprovalProcessException(e.getMessage());
        }
    }

    protected List getRequestsWProcStatus(String str, String str2) throws NamingException, ApprovalProcessException {
        return RequestDAOFactory.getDAO(this.m_dirctx, requestBase).getRequestsWProcStatus(str, str2);
    }

    protected boolean isApprovalNeeded(RequestOperationData requestOperationData, List list) throws NamingException {
        boolean z = false;
        if (requestOperationData == null) {
            return false;
        }
        if (list != null) {
            ListIterator listIterator = list.listIterator();
            while (listIterator.hasNext()) {
                ApprovalPolicy approvalPolicy = (ApprovalPolicy) listIterator.next();
                UtilDebug.log(UtilDebug.MODE_ALL, "ApprovalStrategy.isApprovalNeeded:", new StringBuffer().append("Evaluating policy for match with request: , policy: ").append(approvalPolicy.getName()).toString());
                z = isMatch(approvalPolicy, requestOperationData);
                if (z) {
                    break;
                }
            }
        }
        return z;
    }

    protected boolean isComplete(String str) {
        boolean z = false;
        if (Request.REQUEST_APPROVED.equalsIgnoreCase(str) || Request.REQUEST_REJECTED.equalsIgnoreCase(str) || Request.REQUEST_CANCELLED.equalsIgnoreCase(str)) {
            z = true;
        }
        return z;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Approvers getApproversForLevel(String str, int i) throws NamingException, IllegalArgumentException {
        return ApproversDAOFactory.getDAO(this.m_dirctx).getApproversForLevel(str, i);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public List getApprovers(String str) throws NamingException, IllegalArgumentException {
        return ApproversDAOFactory.getDAO(this.m_dirctx).getApprovers(str);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public List getApprovalPolicies(String str, String str2) throws NamingException, IllegalArgumentException {
        List list = null;
        if (str == null) {
            UtilDebug.log(UtilDebug.MODE_ALL, "ApprovalStrategy:getApprovalPolicies", "Null application name. Can not proceed.");
            return null;
        }
        if (this.m_cache) {
            UtilDebug.log(UtilDebug.MODE_ALL, "ApprovalStrategy:getApprovalPolicies", new StringBuffer().append("Cache on, looking up policies in cache for app: ").append(str).toString());
            List list2 = (List) this.m_cachedPolicies.get(str);
            boolean z = false;
            if (list2 == null) {
                UtilDebug.log(UtilDebug.MODE_ALL, "ApprovalStrategy:getApprovalPolicies", new StringBuffer().append("Cache miss, fetching policies from the directory for app: ").append(str).toString());
                list2 = ApprovalPolicyDAOFactory.getDAO(this.m_dirctx, policyBase).getApprovalPolicies(str, null);
                if (list2 == null) {
                    list2 = new ArrayList();
                }
                z = true;
            }
            if (str2 != null) {
                ListIterator listIterator = list2.listIterator();
                while (listIterator.hasNext()) {
                    ApprovalPolicy approvalPolicy = (ApprovalPolicy) listIterator.next();
                    if (approvalPolicy.getOperations().contains(str2)) {
                        if (list == null) {
                            list = new ArrayList();
                        }
                        list.add(approvalPolicy);
                    }
                }
            } else if (list2.size() > 0) {
                list = new ArrayList(list2);
            }
            if (z) {
                this.m_cachedPolicies.put(str, list2);
            }
        } else {
            UtilDebug.log(UtilDebug.MODE_ALL, "ApprovalStrategy:getApprovalPolicies", new StringBuffer().append("Fetching policies from the directory for app: ").append(str).toString());
            list = ApprovalPolicyDAOFactory.getDAO(this.m_dirctx, policyBase).getApprovalPolicies(str, str2);
        }
        return list;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String storeRequest(Request request) throws InvalidRequestException, NamingException, ApprovalProcessException {
        return RequestDAOFactory.getDAO(this.m_dirctx, requestBase).createRequest(request);
    }

    protected void changeRequestStatus(String str, String str2, String str3, String str4) throws InvalidRequestException, NamingException, ApprovalProcessException {
        try {
            ModRequest modRequest = new ModRequest(str, str2);
            modRequest.setStatus(str3);
            new RequestProcessingHistory(str4, str3, new Date());
            RequestDAOFactory.getDAO(this.m_dirctx, requestBase).modifyRequest(modRequest);
        } catch (IllegalArgumentException e) {
            throw new InvalidRequestException(e.getMessage());
        }
    }

    protected void changeRequestProcessingStatus(String str, String str2, String str3) throws InvalidRequestException, NamingException, ApprovalProcessException {
        try {
            ModRequest modRequest = new ModRequest(str, str2);
            if (str3 != null) {
                modRequest.setProcessingStatus(str3);
            } else {
                modRequest.setDeleteProcessingStatus(true);
            }
            RequestDAOFactory.getDAO(this.m_dirctx, requestBase).modifyRequest(modRequest);
        } catch (IllegalArgumentException e) {
            throw new InvalidRequestException(e.getMessage());
        }
    }

    protected void changeRequestStatuses(String str, String str2, String str3, String str4, String str5) throws InvalidRequestException, NamingException, ApprovalProcessException {
        try {
            ModRequest modRequest = new ModRequest(str, str2);
            modRequest.setStatus(str3);
            if (str5 != null) {
                modRequest.setProcessingStatus(str5);
            } else {
                modRequest.setDeleteProcessingStatus(true);
            }
            new RequestProcessingHistory(str4, str3, new Date());
            RequestDAOFactory.getDAO(this.m_dirctx, requestBase).modifyRequest(modRequest);
        } catch (IllegalArgumentException e) {
            throw new InvalidRequestException(e.getMessage());
        }
    }

    protected boolean isAdmin(String str) {
        return false;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean isMatch(ApprovalPolicy approvalPolicy, RequestOperationData requestOperationData) throws NamingException {
        if (approvalPolicy == null || requestOperationData == null) {
            UtilDebug.log(UtilDebug.MODE_ALL, "ApprovalStrategy:isMatch", "Invalid input, will not match policy to request.");
            return false;
        }
        List operations = approvalPolicy.getOperations();
        List opAttrs = approvalPolicy.getOpAttrs();
        if (operations != null && !operations.contains(requestOperationData.getOperation())) {
            return false;
        }
        if (opAttrs != null && opAttrs.size() > 0) {
            List uniqueRequestAttrs = requestOperationData.getUniqueRequestAttrs();
            boolean z = false;
            if (uniqueRequestAttrs != null) {
                ListIterator listIterator = opAttrs.listIterator();
                while (true) {
                    if (!listIterator.hasNext()) {
                        break;
                    }
                    if (uniqueRequestAttrs.contains((String) listIterator.next())) {
                        z = true;
                        break;
                    }
                }
            }
            if (!z) {
                return false;
            }
        }
        String objectFilter = approvalPolicy.getObjectFilter();
        if (objectFilter != null) {
            String objectKey = requestOperationData.getObjectKey();
            if (objectKey == null) {
                return false;
            }
            SearchControls searchControls = new SearchControls();
            searchControls.setSearchScope(0);
            if (this.m_dirctx.search(objectKey, objectFilter, searchControls) == null) {
                return false;
            }
        }
        UtilDebug.log(UtilDebug.MODE_ALL, "ApprovalStrategy:isMatch", new StringBuffer().append("Policy matches request, policy: ").append(approvalPolicy.getName()).toString());
        return true;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String resolveApproverRole(String str, String str2, List list) throws NamingException, ApprovalProcessException {
        if (str == null) {
            throw new ApprovalProcessException("Null role to ApprovalStrategy:resolveApproverRole.");
        }
        String str3 = null;
        if (str2 != null) {
            try {
                int roleLevel = Approvers.getRoleLevel(str);
                String str4 = null;
                String str5 = str2;
                for (int i = 0; i < roleLevel; i++) {
                    str4 = getManager(str5);
                    if (str4 == null) {
                        throw new ApprovalProcessException(new StringBuffer().append("Manager not found for user: ").append(str2).append(" for level: ").append(i + 1).toString());
                    }
                    str5 = str4;
                }
                str3 = str4;
            } catch (NumberFormatException e) {
                throw new ApprovalProcessException(e.getMessage());
            } catch (IllegalArgumentException e2) {
                throw new ApprovalProcessException(e2.getMessage());
            }
        }
        return str3;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public List getAllActions(String str, Request request) throws NamingException, ApprovalProcessException {
        if (str == null) {
            String stringBuffer = new StringBuffer().append("Invalid user toApprovalStrategy.getAllActions: user: ").append(str).toString();
            UtilDebug.log(UtilDebug.MODE_ALL, "ApprovalStrategy.getAllowedActions:", stringBuffer);
            throw new IllegalArgumentException(stringBuffer);
        }
        if (request == null) {
            UtilDebug.log(UtilDebug.MODE_ALL, "ApprovalStrategy.getAllActions:", "Null request.");
            throw new ApprovalProcessException("Null request.");
        }
        ArrayList arrayList = new ArrayList();
        if (!request.getStatus().equalsIgnoreCase(Request.REQUEST_PENDING_APPROVAL)) {
            return arrayList;
        }
        if (isAdmin(str)) {
            arrayList.add(USER_ACTION_APPROVE);
            arrayList.add(USER_ACTION_REJECT);
            arrayList.add(USER_ACTION_CANCEL);
        } else {
            String originator = request.getOriginator();
            if (originator != null && Util.normalizeDN(str).equalsIgnoreCase(Util.normalizeDN(originator))) {
                arrayList.add(USER_ACTION_CANCEL);
            }
            if (isValidApprover(request, str)) {
                arrayList.add(USER_ACTION_APPROVE);
                arrayList.add(USER_ACTION_REJECT);
            }
        }
        return arrayList;
    }

    private String getManager(String str) throws NamingException, ApprovalProcessException {
        Attributes attributes;
        Attribute attribute;
        String str2 = null;
        if (str != null && (attributes = this.m_dirctx.getAttributes(str, new String[]{this.MANAGER_ATTR})) != null && (attribute = attributes.get(this.MANAGER_ATTR)) != null) {
            if (attribute.size() > 1) {
                throw new ApprovalProcessException(new StringBuffer().append("Multiple managers detected for user: ").append(str).append(". Don't know how to proceed.").toString());
            }
            str2 = (String) attribute.get(0);
        }
        return str2;
    }
}
