package weblogic.entitlement.rules;

import java.security.Principal;
import javax.security.auth.Subject;
import weblogic.entitlement.util.IdentityDomainUtil;
import weblogic.security.principal.IDCSScope;
import weblogic.security.principal.IdentityDomainPrincipal;
import weblogic.security.principal.WLSPrincipal;
import weblogic.security.service.ContextHandler;
import weblogic.security.spi.Resource;

/* loaded from: input_file:weblogic/entitlement/rules/Scope.class */
public final class Scope extends ScopePredicate {
    public Scope() {
        super("ScopePredicateName", "ScopePredicateDescription");
    }

    @Override // weblogic.security.providers.authorization.Predicate
    public boolean evaluate(Subject subject, Resource resource, ContextHandler contextHandler) {
        return isScope(subject, getScope(), getIdd(), contextHandler);
    }

    public boolean isScope(Subject subject, String str, String str2, ContextHandler contextHandler) {
        for (Principal principal : subject.getPrincipals()) {
            if ((principal instanceof WLSPrincipal) && (principal instanceof IDCSScope) && principal.getName().equals(str)) {
                String identityDomain = ((IdentityDomainPrincipal) principal).getIdentityDomain();
                String fetchOwnerIDD = IdentityDomainUtil.fetchOwnerIDD(contextHandler);
                if (log.isDebugEnabled()) {
                    log.debug("Looking for scope in the subject: " + str + " idd_arg: " + str2 + " res_idd: " + fetchOwnerIDD);
                }
                if (str2 == null || str2.isEmpty()) {
                    if (IdentityDomainUtil.isMatch(identityDomain, fetchOwnerIDD)) {
                        return true;
                    }
                } else if (IdentityDomainUtil.isMatch(identityDomain, str2)) {
                    return true;
                }
            }
        }
        if (!log.isDebugEnabled()) {
            return false;
        }
        log.debug("Scope not found in the subject: " + str);
        return false;
    }
}
