package com.sun.identity.sm;

import com.iplanet.am.util.AdminUtils;
import com.iplanet.am.util.Cache;
import com.iplanet.am.util.SystemProperties;
import com.iplanet.sso.SSOException;
import com.iplanet.sso.SSOToken;
import com.iplanet.sso.SSOTokenManager;
import com.iplanet.ums.IUMSConstants;
import com.sun.identity.common.CaseInsensitiveHashMap;
import com.sun.identity.common.CaseInsensitiveHashSet;
import com.sun.identity.delegation.DelegationEvaluator;
import com.sun.identity.delegation.DelegationEvaluatorImpl;
import com.sun.identity.delegation.DelegationException;
import com.sun.identity.delegation.DelegationPermission;
import com.sun.identity.security.AdminTokenAction;
import com.sun.identity.shared.Constants;
import com.sun.identity.shared.datastruct.OrderedSet;
import com.sun.identity.shared.debug.Debug;
import com.sun.identity.shared.locale.AMResourceBundleCache;
import com.sun.identity.sm.jaxrpc.SMSJAXRPCObject;
import java.security.AccessController;
import java.security.Principal;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.LinkedList;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.ResourceBundle;
import java.util.Set;
import java.util.StringTokenizer;
import javax.naming.directory.BasicAttribute;
import javax.naming.directory.ModificationItem;
import org.forgerock.openam.ldap.LDAPUtils;
import org.forgerock.openam.sdk.org.forgerock.opendj.ldap.DN;
import org.forgerock.openam.sdk.org.forgerock.opendj.ldap.LdapException;
import org.forgerock.openam.sdk.org.forgerock.opendj.ldap.ResultCode;

/* loaded from: input_file:WEB-INF/lib/openam-clientsdk-15.0.0.jar:com/sun/identity/sm/SMSEntry.class */
public class SMSEntry implements Cloneable {
    public static final String ORGANIZATION_RDN = "o";
    public static final String EQUALS = "=";
    static final String ORG_PLACEHOLDER_RDN = "o=";
    public static final String SERVICES_NODE = "services";
    public static final String PLACEHOLDER_RDN = "ou";
    public static final String SERVICES_RDN = "ou=services";
    public static final String COMMA = ",";
    public static SSOTokenManager tm;
    static boolean cacheSMSEntries;
    public static ResourceBundle bundle;
    static String baseDN;
    static String servicesDN;
    static String dataStore;
    static String amsdkbaseDN;
    static int baseDNCount;
    static SMSException initializationException;
    static final String SMS_OBJECT_PROPERTY = "com.sun.identity.sm.sms_object_class_name";
    static final String DEFAULT_SMS_CLASS_NAME = "com.sun.identity.sm.ldap.SMSLdapObject";
    static final String JAXRPC_SMS_CLASS_NAME = "com.sun.identity.sm.jaxrpc.SMSJAXRPCObject";
    static final String FLATFILE_SMS_CLASS_NAME = "com.sun.identity.sm.flatfile.SMSEnhancedFlatFileObject";
    public static final String DB_PROXY_ENABLE = "com.sun.identity.sm.ldap.enableProxy";
    static SMSObject smsObject;
    static final String SLASH_STR = "/";
    static final String DOT_STR = ".";
    public static final String EXPORTEDARGS = "exportedTo";
    public static final String IMPORTEDARGS = "importedFrom";
    static final String AUTH_SUPER_USER = "com.sun.identity.authentication.super.user";
    static final String READ = "READ";
    static final String MODIFY = "MODIFY";
    static boolean SMSJAXRPCObjectFlg;
    static boolean backendProxyEnabled;
    static SSOToken adminSSOToken;
    static CaseInsensitiveHashSet mCaseSensitiveAttributes;
    private SSOToken ssoToken;
    protected String dn;
    protected String normalizedDN;
    private boolean newEntry;
    private boolean readOnly;
    private Map attrSet;
    private Set modSet;
    public static final String DC_RDN = "dc";
    public static final String DEFAULT_RDN = "ou=default";
    static final String DELEGATION_SERVICES_RDN = "ou=services,";
    static final String DELEGATION_SERVICES_RDN_WITH_COMMA = ",ou=services,";
    static final int DELEGATION_SERVICES_RDN_WITH_COMMA_LEN;
    static final int ORG_UNIT_OBJECT = 1;
    static final int SERVICE_OBJECT = 2;
    static final int SERVICE_COMP_OBJECT = 3;
    public static final String ATTR_SCHEMA = "sunServiceSchema";
    public static final String ATTR_PLUGIN_SCHEMA = "sunPluginSchema";
    public static final String ATTR_KEYVAL = "sunKeyValue";
    public static final String ATTR_XML_KEYVAL = "sunxmlKeyValue";
    public static final String ATTR_OBJECTCLASS = "objectclass";
    public static final String ATTR_PRIORITY = "sunsmspriority";
    public static final String ATTR_SERVICE_ID = "sunserviceID";
    public static final String ATTR_LABELED_URI = "labeledURI";
    public static final String ATTR_MODIFY_TIMESTAMP = "modifytimestamp";
    public static final String[] SMS_ATTRIBUTES;
    public static final String OC_TOP = "top";
    public static final String OC_ORG_UNIT = "organizationalunit";
    public static final String OC_SERVICE = "sunService";
    public static final String OC_REALM_SERVICE = "sunRealmService";
    public static final String OC_SERVICE_COMP = "sunServiceComponent";
    public static final String SMS_SERVER_GROUP = "sms";
    public static final String SUN_INTERNAL_REALM_NAME = "sunamhiddenrealm";
    public static final String SUN_INTERNAL_REALM_PREFIX = "o=sunamhiddenrealm";
    public static final String SUN_INTERNAL_REALM_PREFIX2 = "/sunamhiddenrealm";
    public static final String REALM_SERVICE = "sunAMRealmService";
    protected static final String FILTER_PATTERN_ALL = "(&(&(objectclass=top)(ou={0}))(&(objectclass=top)(sunserviceID={1})))";
    protected static final String FILTER_PATTERN = "(&(objectclass=top)(ou={0}))";
    protected static final String FILTER_PATTERN_SERVICE = "(&(objectclass=sunService)(ou={0})(ou={1}))";
    public static final String FILTER_SERVICE_COMPONENTS = "(|(objectclass=sunService)(objectclass=sunServiceComponent))";
    public static Debug debug = Debug.getInstance("amSMS");
    public static Debug eventDebug = Debug.getInstance("amSMSEvent");
    private static Cache cache = new Cache(500);
    public static String DATASTORE_FLAT_FILE = "flatfile";
    public static String DATASTORE_SUN_DIR = "dirServer";
    public static String DATASTORE_ACTIVE_DIR = "activeDir";
    static final Set<String> specialUserSet = new CaseInsensitiveHashSet(50);
    static Set readActionSet = new HashSet(2);
    static Set modifyActionSet = new HashSet(2);
    static Set changeListeners = new HashSet();
    static List localChanges = Collections.synchronizedList(new LinkedList());
    static int LOCAL_CHANGES_MAX_SIZE = 25;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:WEB-INF/lib/openam-clientsdk-15.0.0.jar:com/sun/identity/sm/SMSEntry$DelegationEvaluatorHolder.class */
    public static class DelegationEvaluatorHolder {
        static final DelegationEvaluator dlgEval = new DelegationEvaluatorImpl();

        DelegationEvaluatorHolder() {
        }
    }

    public static void initializeClass() {
        initializeProperties();
        initSMSObject();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void initializeProperties() {
        String adminDN;
        String str;
        String str2 = SystemProperties.get(DB_PROXY_ENABLE);
        backendProxyEnabled = str2 != null && str2.equalsIgnoreCase("true");
        if (debug.messageEnabled()) {
            debug.message("SMSEntry: backend proxy enabled: " + backendProxyEnabled);
        }
        if (SystemProperties.get("com.iplanet.am.sdk.caching.enabled", "true").equalsIgnoreCase("true")) {
            cacheSMSEntries = true;
        } else {
            String str3 = SystemProperties.get(Constants.SMS_CACHE_PROPERTY);
            cacheSMSEntries = str3 != null && str3.equalsIgnoreCase("true");
        }
        CachedSMSEntry.initializeProperties();
        if (debug.messageEnabled()) {
            debug.message("SMSEntry: cache enabled: " + cacheSMSEntries);
        }
        try {
            tm = SSOTokenManager.getInstance();
        } catch (SSOException e) {
        }
        if (smsObject != null && (str = SystemProperties.get("com.sun.identity.authentication.super.user", "")) != null && str.length() != 0) {
            specialUserSet.add(DN.valueOf(str).toString());
        }
        if (SystemProperties.isServerMode() && (adminDN = AdminUtils.getAdminDN()) != null && adminDN.length() != 0) {
            specialUserSet.add(DN.valueOf(adminDN).toString());
        }
        debug.message("SMSEntry: Special User Set: {}", specialUserSet);
    }

    private static void initSMSObject() {
        String aMSdkBaseDN;
        if (smsObject != null) {
            SMSNotificationManager.getInstance().deregisterListener(smsObject);
            smsObject.shutdown();
            smsObject = null;
        }
        String str = SystemProperties.get(SMS_OBJECT_PROPERTY, DEFAULT_SMS_CLASS_NAME);
        try {
            smsObject = (SMSObject) Class.forName(str).newInstance();
            if (str.equals(JAXRPC_SMS_CLASS_NAME)) {
                SMSJAXRPCObjectFlg = true;
            }
            if (debug.messageEnabled()) {
                debug.message("Using SMS object class " + str);
            }
        } catch (ClassNotFoundException e) {
            if (debug.warningEnabled()) {
                debug.warning("SMSObject class not found: " + str);
            }
            initializationException = new SMSException(e, "sms-init-no-class-found");
        } catch (Exception e2) {
            if (debug.warningEnabled()) {
                debug.warning("SMSEntry: error in instantiation of: " + str + " Message: " + e2.getMessage());
            }
            initializationException = new SMSException(e2, "sms-instantiation-failed");
        }
        if (smsObject == null) {
            try {
                if (str.equals(DEFAULT_SMS_CLASS_NAME)) {
                    if (debug.messageEnabled()) {
                        debug.message("SMSEntry: Using default JAXRPC implementation");
                    }
                    smsObject = (SMSObject) Class.forName(JAXRPC_SMS_CLASS_NAME).newInstance();
                    SMSJAXRPCObjectFlg = true;
                } else if (str.equals(JAXRPC_SMS_CLASS_NAME)) {
                    if (debug.messageEnabled()) {
                        debug.message("SMSEntry: Using default JAXRPC implementation");
                    }
                    smsObject = (SMSObject) Class.forName(JAXRPC_SMS_CLASS_NAME).newInstance();
                    SMSJAXRPCObjectFlg = true;
                } else if (!str.equals(FLATFILE_SMS_CLASS_NAME)) {
                    if (debug.messageEnabled()) {
                        debug.message("SMSEntry: Using default LDAP implementation");
                    }
                    smsObject = (SMSObject) Class.forName(DEFAULT_SMS_CLASS_NAME).newInstance();
                } else if (debug.messageEnabled()) {
                    debug.message("SMSEntry: Using default FlatFile implementation");
                }
                initializationException = null;
            } catch (Exception e3) {
                debug.error("SMSEntry: Error in getting configured/default SMSObject", initializationException);
                debug.error("SMSEntry: Error in getting backupSMSObject", e3);
            }
        }
        String rootSuffix = smsObject.getRootSuffix();
        if (rootSuffix != null) {
            baseDN = DN.valueOf(rootSuffix).toString().toLowerCase();
        } else {
            baseDN = "o=unknown-suffix";
        }
        servicesDN = DELEGATION_SERVICES_RDN + baseDN;
        if (baseDN == null) {
            initializationException = new SMSException(bundle.getString("sms-invalid-dn"), "sms-invalid-dn");
        } else {
            baseDNCount = new StringTokenizer(baseDN, ",").countTokens();
        }
        if (SMSJAXRPCObjectFlg) {
            boolean z = false;
            try {
                Map<String, Set<String>> read = smsObject.read((SSOToken) AccessController.doPrivileged(AdminTokenAction.getInstance()), "o=AM_JAXRPC_VERSION");
                if (read == null) {
                    z = true;
                } else {
                    String str2 = (String) read.get(SMSJAXRPCObject.AMJAXRPCVERSIONSTR);
                    if (str2 != null && str2.length() > 0) {
                        z = Integer.valueOf(str2).intValue() > 10;
                    }
                }
            } catch (SSOException e4) {
                debug.warning("SMSEntry:<init>.", e4);
            } catch (SMSException e5) {
                debug.warning("SMSEntry:<init>.", e5);
            } catch (NumberFormatException e6) {
                debug.warning("SMSEntry:<init>.", e6);
            }
            aMSdkBaseDN = z ? smsObject.getAMSdkBaseDN() : baseDN;
        } else {
            aMSdkBaseDN = smsObject.getAMSdkBaseDN();
        }
        if (aMSdkBaseDN != null) {
            amsdkbaseDN = DN.valueOf(aMSdkBaseDN).toString().toLowerCase();
        } else {
            amsdkbaseDN = "o=unknown-suffix";
        }
        if (amsdkbaseDN == null) {
            initializationException = new SMSException(bundle.getString("sms-invalid-dn"), "sms-invalid-dn");
        }
        if (SMSJAXRPCObjectFlg) {
            return;
        }
        try {
            specialUserSet.add(DN.valueOf(((SSOToken) AccessController.doPrivileged(AdminTokenAction.getInstance())).getPrincipal().getName()).toString());
        } catch (SSOException e7) {
            debug.error("SMSEntry.initializeClass", e7);
        }
        String str3 = SystemProperties.get("com.sun.identity.authentication.super.user", "");
        if (str3 == null || str3.length() == 0) {
            return;
        }
        specialUserSet.add(DN.valueOf(str3).toString());
    }

    public SMSEntry(SSOToken sSOToken, String str) throws SSOException, SMSException {
        if (initializationException != null) {
            throw initializationException;
        }
        this.ssoToken = sSOToken;
        this.dn = str;
        this.normalizedDN = DN.valueOf(str).toString().toLowerCase();
        read();
    }

    public Map getAttributes() {
        return this.attrSet;
    }

    public String[] getAttributeValues(String str) {
        return getAttributeValues(str, false);
    }

    public String[] getAttributeValues(String str, boolean z) {
        if (z || !cacheSMSEntries) {
            try {
                read();
            } catch (SSOException e) {
                debug.error("SMSLdapEntry: SSOToken problem in reading attrs: " + e);
            } catch (SMSException e2) {
                debug.error("SMSLdapEntry: Error in reading attrs: " + e2);
            }
        }
        Set set = this.attrSet == null ? null : (Set) this.attrSet.get(str);
        if (set == null) {
            return null;
        }
        return (String[]) set.toArray(new String[set.size()]);
    }

    public void addAttribute(String str, String str2) throws SMSException {
        Set set = null;
        if (this.attrSet == null) {
            this.attrSet = new CaseInsensitiveHashMap();
        } else if (this.attrSet.containsKey(str)) {
            set = (Set) this.attrSet.get(str);
            if (set.contains(str2)) {
                if (debug.messageEnabled()) {
                    debug.message("SMSEntry: Duplicate value for addition");
                }
                throw new SMSException(LdapException.newLdapException(ResultCode.ATTRIBUTE_OR_VALUE_EXISTS, getBundleString(IUMSConstants.SMS_ATTR_OR_VAL_EXISTS)), IUMSConstants.SMS_ATTR_OR_VAL_EXISTS);
            }
        }
        if (set == null) {
            set = new HashSet();
        }
        set.add(str2);
        this.attrSet.put(str, set);
        if (this.modSet == null) {
            this.modSet = new HashSet();
        }
        this.modSet.add(new ModificationItem(1, new BasicAttribute(str, str2)));
    }

    public void setAttribute(String str, String[] strArr) {
        HashSet hashSet = new HashSet();
        BasicAttribute basicAttribute = new BasicAttribute(str);
        for (int i = 0; strArr != null && i < strArr.length; i++) {
            hashSet.add(strArr[i]);
            basicAttribute.add(strArr[i]);
        }
        this.attrSet = this.attrSet == null ? new CaseInsensitiveHashMap() : this.attrSet;
        this.modSet = this.modSet == null ? new HashSet() : this.modSet;
        if (this.attrSet.containsKey(str)) {
            this.modSet.add(new ModificationItem(2, basicAttribute));
        } else {
            this.modSet.add(new ModificationItem(1, basicAttribute));
        }
        this.attrSet.put(str, hashSet);
    }

    public void modifyAttributes(ModificationItem[] modificationItemArr) {
        if (this.modSet == null) {
            this.modSet = new HashSet();
        }
        for (int i = 0; modificationItemArr != null && i < modificationItemArr.length; i++) {
            this.modSet.add(modificationItemArr[i]);
        }
    }

    public void setAttributes(Map map) {
        if (map == null || map.isEmpty()) {
            return;
        }
        for (String str : map.keySet()) {
            Set set = (Set) map.get(str);
            String[] strArr = null;
            if (set != null && !set.isEmpty()) {
                strArr = (String[]) set.toArray(new String[set.size()]);
            }
            setAttribute(str, strArr);
        }
    }

    public void removeAttribute(String str, String str2) throws SMSException {
        Set set;
        if (this.attrSet == null || (set = (Set) this.attrSet.get(str)) == null || !set.contains(str2)) {
            throw new SMSException(LdapException.newLdapException(ResultCode.ATTRIBUTE_OR_VALUE_EXISTS, getBundleString(IUMSConstants.SMS_ATTR_OR_VAL_EXISTS)), IUMSConstants.SMS_ATTR_OR_VAL_EXISTS);
        }
        set.remove(str2);
        this.attrSet.put(str, set);
        if (this.modSet == null) {
            this.modSet = new HashSet();
        }
        this.modSet.add(new ModificationItem(3, new BasicAttribute(str, str2)));
    }

    public void removeAttribute(String str) throws SMSException {
        Set set = (Set) this.attrSet.get(str);
        if (set == null) {
            throw new SMSException(LdapException.newLdapException(ResultCode.ATTRIBUTE_OR_VALUE_EXISTS, getBundleString(IUMSConstants.SMS_ATTR_OR_VAL_EXISTS)), IUMSConstants.SMS_ATTR_OR_VAL_EXISTS);
        }
        this.attrSet.remove(str);
        if (this.modSet == null) {
            this.modSet = new HashSet();
        }
        BasicAttribute basicAttribute = new BasicAttribute(str, set);
        Iterator it = set.iterator();
        while (it.hasNext()) {
            basicAttribute.add(it.next());
        }
        this.modSet.add(new ModificationItem(3, basicAttribute));
    }

    private CharSequence getBundleString(String str) {
        return bundle.getString(str);
    }

    public boolean containsAttrValue(String str, String str2) {
        Set set;
        if (this.attrSet == null || (set = (Set) this.attrSet.get(str)) == null) {
            return false;
        }
        return set.contains(str2);
    }

    void read() throws SSOException, SMSException {
        read(this.ssoToken);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void read(SSOToken sSOToken) throws SSOException, SMSException {
        if (!backendProxyEnabled) {
            getDelegationPermission(sSOToken, this.normalizedDN, readActionSet);
        } else if (isAllowed(sSOToken, this.normalizedDN, readActionSet)) {
            if (adminSSOToken == null) {
                adminSSOToken = (SSOToken) AccessController.doPrivileged(AdminTokenAction.getInstance());
            }
            sSOToken = adminSSOToken;
        }
        this.attrSet = smsObject.read(sSOToken, this.dn);
        if (this.attrSet == null) {
            this.newEntry = true;
        } else {
            this.newEntry = false;
        }
    }

    public void save() throws SSOException, SMSException {
        if (!this.readOnly) {
            save(this.ssoToken);
        } else {
            if (debug.warningEnabled()) {
                debug.warning("SMSEntry: Attempted to save an entry that is marked as read-only: " + this.dn);
            }
            throw new SMSException(8, IUMSConstants.SMS_INSUFFICIENT_ACCESS_RIGHTS);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void save(SSOToken sSOToken) throws SSOException, SMSException {
        if (!backendProxyEnabled) {
            getDelegationPermission(sSOToken, this.normalizedDN, modifyActionSet);
        } else if (isAllowed(sSOToken, this.normalizedDN, modifyActionSet)) {
            if (adminSSOToken == null) {
                adminSSOToken = (SSOToken) AccessController.doPrivileged(AdminTokenAction.getInstance());
            }
            sSOToken = adminSSOToken;
        }
        if (this.newEntry && this.attrSet != null) {
            smsObject.create(sSOToken, this.dn, this.attrSet);
            SMSNotificationManager.getInstance().localObjectChanged(this.dn, 0);
        } else if (this.modSet != null) {
            smsObject.modify(sSOToken, this.dn, (ModificationItem[]) this.modSet.toArray(new ModificationItem[this.modSet.size()]));
            SMSNotificationManager.getInstance().localObjectChanged(this.dn, 3);
        }
        this.newEntry = false;
    }

    public void delete() throws SMSException, SSOException {
        if (!this.readOnly) {
            delete(this.ssoToken);
        } else {
            if (debug.warningEnabled()) {
                debug.warning("SMSEntry: Attempted to delete an entry that is marked as read-only: " + this.dn);
            }
            throw new SMSException(8, IUMSConstants.SMS_INSUFFICIENT_ACCESS_RIGHTS);
        }
    }

    public void forceDelete(SSOToken sSOToken) throws SMSException, SSOException {
        delete(sSOToken);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void delete(SSOToken sSOToken) throws SMSException, SSOException {
        if (this.newEntry) {
            if (debug.warningEnabled()) {
                debug.warning("SMSEntry: Attempted to delete an entry that does not exist: " + this.dn);
                return;
            }
            return;
        }
        if (!backendProxyEnabled) {
            getDelegationPermission(sSOToken, this.normalizedDN, modifyActionSet);
        } else if (isAllowed(sSOToken, this.normalizedDN, modifyActionSet)) {
            if (adminSSOToken == null) {
                adminSSOToken = (SSOToken) AccessController.doPrivileged(AdminTokenAction.getInstance());
            }
            sSOToken = adminSSOToken;
        }
        smsObject.delete(sSOToken, this.dn);
        this.newEntry = true;
        this.attrSet = null;
        this.modSet = null;
        SMSNotificationManager.getInstance().localObjectChanged(this.dn, 1);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Set searchSubOrgNames(SSOToken sSOToken, String str, int i, boolean z, boolean z2, boolean z3) throws SMSException, SSOException {
        if (!backendProxyEnabled || SMSJAXRPCObjectFlg) {
            if (!SMSJAXRPCObjectFlg) {
                getDelegationPermission(sSOToken, this.normalizedDN, readActionSet);
            }
        } else if (isAllowed(sSOToken, this.normalizedDN, readActionSet)) {
            if (adminSSOToken == null) {
                adminSSOToken = (SSOToken) AccessController.doPrivileged(AdminTokenAction.getInstance());
            }
            sSOToken = adminSSOToken;
        }
        Set<String> searchSubOrgNames = smsObject.searchSubOrgNames(sSOToken, this.dn, str, i, z, z2, z3);
        if (SMSJAXRPCObjectFlg) {
            return searchSubOrgNames;
        }
        OrderedSet orderedSet = new OrderedSet();
        for (String str2 : searchSubOrgNames) {
            if (hasReadPermission(sSOToken, str2)) {
                orderedSet.add(str2);
            }
        }
        Set parseResult = parseResult(orderedSet, this.normalizedDN);
        if (debug.messageEnabled()) {
            debug.message("SMSEntry: Successfully obtained suborganization names for : " + this.dn);
        }
        return parseResult;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Set<String> subEntries(SSOToken sSOToken, String str, int i, boolean z, boolean z2) throws SMSException, SSOException {
        if (!backendProxyEnabled || SMSJAXRPCObjectFlg) {
            if (!SMSJAXRPCObjectFlg) {
                getDelegationPermission(sSOToken, this.normalizedDN, readActionSet);
            }
        } else if (isAllowed(sSOToken, this.normalizedDN, readActionSet)) {
            if (adminSSOToken == null) {
                adminSSOToken = (SSOToken) AccessController.doPrivileged(AdminTokenAction.getInstance());
            }
            sSOToken = adminSSOToken;
        }
        Set<String> subEntries = smsObject.subEntries(sSOToken, this.dn, str, i, z, z2);
        if (SMSJAXRPCObjectFlg) {
            return subEntries;
        }
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        for (String str2 : subEntries) {
            if (hasReadPermission(sSOToken, "ou=" + str2 + "," + this.dn)) {
                linkedHashSet.add(str2);
            }
        }
        return linkedHashSet;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Set schemaSubEntries(SSOToken sSOToken, String str, String str2, int i, boolean z, boolean z2) throws SMSException, SSOException {
        if (!backendProxyEnabled || SMSJAXRPCObjectFlg) {
            if (!SMSJAXRPCObjectFlg) {
                getDelegationPermission(sSOToken, this.normalizedDN, readActionSet);
            }
        } else if (isAllowed(sSOToken, this.normalizedDN, readActionSet)) {
            if (adminSSOToken == null) {
                adminSSOToken = (SSOToken) AccessController.doPrivileged(AdminTokenAction.getInstance());
            }
            sSOToken = adminSSOToken;
        }
        Set<String> schemaSubEntries = smsObject.schemaSubEntries(sSOToken, this.dn, str, str2, i, z, z2);
        if (SMSJAXRPCObjectFlg) {
            return schemaSubEntries;
        }
        OrderedSet orderedSet = new OrderedSet();
        for (String str3 : schemaSubEntries) {
            if (hasReadPermission(sSOToken, "ou=" + str3 + "," + this.dn)) {
                orderedSet.add(str3);
            }
        }
        return orderedSet;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Set searchOrganizationNames(SSOToken sSOToken, int i, boolean z, boolean z2, String str, String str2, Set set) throws SMSException, SSOException {
        if (!backendProxyEnabled || SMSJAXRPCObjectFlg) {
            if (!SMSJAXRPCObjectFlg) {
                getDelegationPermission(sSOToken, this.normalizedDN, readActionSet);
            }
        } else if (isAllowed(sSOToken, this.normalizedDN, readActionSet)) {
            if (adminSSOToken == null) {
                adminSSOToken = (SSOToken) AccessController.doPrivileged(AdminTokenAction.getInstance());
            }
            sSOToken = adminSSOToken;
        }
        Set<String> searchOrganizationNames = smsObject.searchOrganizationNames(sSOToken, this.dn, i, z, z2, str, str2, set);
        if (SMSJAXRPCObjectFlg) {
            return searchOrganizationNames;
        }
        OrderedSet orderedSet = new OrderedSet();
        for (String str3 : searchOrganizationNames) {
            if (hasReadPermission(sSOToken, str3)) {
                orderedSet.add(str3);
            }
        }
        if (str2.equalsIgnoreCase(EXPORTEDARGS)) {
            return orderedSet;
        }
        Set parseResult = parseResult(orderedSet, this.normalizedDN, true);
        if (debug.messageEnabled()) {
            debug.message("SMSEntry: Successfully obtained organization names for : " + this.dn);
        }
        return parseResult;
    }

    public static Set<String> search(SSOToken sSOToken, String str, String str2, int i, int i2, boolean z, boolean z2) throws SMSException {
        try {
            return smsObject.search(sSOToken, str, str2, i, i2, z, z2);
        } catch (SSOException e) {
            debug.error("SMSEntry: Search ERROR: " + str2, e);
            throw new SMSException(bundle.getString("sms-error-in-searching"), e, "sms-error-in-searching");
        }
    }

    public static Iterator search(SSOToken sSOToken, String str, String str2, int i, int i2, boolean z, boolean z2, Set set) throws SMSException {
        try {
            return smsObject.search(sSOToken, str, str2, i, i2, z, z2, set);
        } catch (SSOException e) {
            debug.error("SMSEntry: Search ERROR: " + str2, e);
            throw new SMSException(bundle.getString("sms-error-in-searching"), e, "sms-error-in-searching");
        }
    }

    static Set search(String str) throws SMSException {
        try {
            return smsObject.search(null, baseDN, str, 0, 0, false, false);
        } catch (SSOException e) {
            debug.error("SMSEntry: Search ERROR: " + str, e);
            throw new SMSException(bundle.getString("sms-error-in-searching"), e, "sms-error-in-searching");
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void refresh(SMSEntry sMSEntry) {
        if (sMSEntry.attrSet != null) {
            this.attrSet = SMSUtils.copyAttributes(sMSEntry.attrSet);
        } else {
            this.attrSet = null;
        }
        this.newEntry = sMSEntry.newEntry;
        this.modSet = null;
    }

    public static boolean checkIfEntryExists(String str, SSOToken sSOToken) {
        try {
            return smsObject.entryExists(sSOToken, str);
        } catch (Exception e) {
            debug.error("SMSEntry: Error in checking if entry exists: " + str, e);
            return false;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String getDN() {
        return this.dn;
    }

    Principal getPrincipal() {
        try {
            return this.ssoToken.getPrincipal();
        } catch (SSOException e) {
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SSOToken getSSOToken() {
        return this.ssoToken;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setReadOnly() {
        this.readOnly = true;
    }

    public boolean isNewEntry() {
        return this.newEntry;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static SMSObject getSMSObject() {
        return smsObject;
    }

    public static void validateToken(SSOToken sSOToken) throws SMSException {
        try {
            tm.validateToken(sSOToken);
        } catch (SSOException e) {
            throw new SMSException(e, "sms-INVALID_SSO_TOKEN");
        }
    }

    public Object clone() throws CloneNotSupportedException {
        SMSEntry sMSEntry = (SMSEntry) super.clone();
        sMSEntry.ssoToken = this.ssoToken;
        sMSEntry.dn = this.dn;
        sMSEntry.newEntry = this.newEntry;
        sMSEntry.modSet = null;
        if (this.attrSet != null) {
            sMSEntry.attrSet = SMSUtils.copyAttributes(this.attrSet);
        } else {
            sMSEntry.attrSet = null;
        }
        if (debug.messageEnabled()) {
            debug.message("SMSEntry being cloned: " + this.dn);
        }
        return sMSEntry;
    }

    public String toString() {
        StringBuilder sb = new StringBuilder();
        sb.append("DN\t\t: ").append(this.dn).append("\n");
        if (this.newEntry) {
            sb.append("\t(NEW Entry)");
        }
        sb.append("Attribute Set\t: ").append(this.attrSet).append("\n");
        sb.append("Modifcation Set\t: ").append(this.modSet).append("\n");
        return sb.toString();
    }

    public static String getRootSuffix() {
        return baseDN;
    }

    public static String getAMSdkBaseDN() {
        return amsdkbaseDN;
    }

    public static String getDataStore(SSOToken sSOToken) {
        if (dataStore == null) {
            String name = smsObject.getClass().getName();
            if (name.equals(DEFAULT_SMS_CLASS_NAME) || name.equals(JAXRPC_SMS_CLASS_NAME)) {
                dataStore = GetBackendDataStore.getDataStore(sSOToken);
            } else {
                dataStore = "flatfile";
            }
            if (debug.messageEnabled()) {
                debug.message("SMSEntry:getDataStore.dataStore " + dataStore);
            }
        }
        return dataStore;
    }

    public static boolean isAttributeCaseSensitive(String str) {
        return mCaseSensitiveAttributes.contains(str);
    }

    public static String getFilterPatternService() {
        return FILTER_PATTERN_SERVICE;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static Set parseResult(Set set, String str) {
        return parseResult(set, str, false);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static Set parseResult(Set set, String str, boolean z) {
        OrderedSet orderedSet = new OrderedSet();
        if (set != null) {
            Iterator it = set.iterator();
            while (it.hasNext()) {
                DN valueOf = DN.valueOf((String) it.next());
                String dn = valueOf.toString();
                String lowerCase = valueOf.toString().toLowerCase();
                if (!lowerCase.equals(baseDN) && !lowerCase.startsWith(SUN_INTERNAL_REALM_PREFIX)) {
                    if (!lowerCase.equals(str)) {
                        String str2 = ServiceManager.isRealmEnabled() ? ORG_PLACEHOLDER_RDN : OrgConfigViaAMSDK.getNamingAttrForOrg() + "=";
                        if (debug.messageEnabled()) {
                            debug.message("SMSEntry:parseResult:orgAttr " + str2);
                        }
                        int indexOf = lowerCase.indexOf(str2.toLowerCase());
                        if (indexOf > 0) {
                            dn = dn.substring(indexOf);
                        }
                        if (debug.messageEnabled()) {
                            debug.message("SMSEntry:parseResult:DNName " + str);
                            debug.message("SMSEntry:parseResult:RFCDN " + dn);
                        }
                        int indexOf2 = lowerCase.indexOf(str);
                        if (indexOf2 < 0) {
                            indexOf2 = lowerCase.lastIndexOf(baseDN);
                        }
                        String substring = dn.substring(0, indexOf2 - 1);
                        if (!ServiceManager.isRealmEnabled()) {
                            ArrayList arrayList = new ArrayList();
                            StringTokenizer stringTokenizer = new StringTokenizer(substring, ",");
                            while (stringTokenizer.hasMoreElements()) {
                                String trim = stringTokenizer.nextToken().trim();
                                if (debug.messageEnabled()) {
                                    debug.message("SMSEntry:parseResult().token  " + trim);
                                }
                                if (trim != null && trim.length() != 0) {
                                    arrayList.add(trim);
                                }
                            }
                            int size = arrayList.size();
                            HashSet hashSet = new HashSet();
                            for (int i = 0; i < size; i++) {
                                hashSet.add(DNMapper.splitString((String) arrayList.get(i))[0]);
                            }
                            if (hashSet.contains(OrgConfigViaAMSDK.getNamingAttrForOrgUnit())) {
                                if (debug.messageEnabled()) {
                                    debug.message("SMSEntry.parseResult(): Container node: " + substring);
                                }
                            }
                        }
                        String replaceString = DNMapper.replaceString(substring, str2, "/");
                        if (debug.messageEnabled()) {
                            debug.message("SMSEntry:parseResult:origStr1 " + replaceString);
                        }
                        String replaceString2 = DNMapper.replaceString(replaceString, ",", "");
                        if (debug.messageEnabled()) {
                            debug.message("SMSEntry:parseResult:origStr2 " + replaceString2);
                        }
                        StringBuilder sb = new StringBuilder();
                        while (replaceString2.length() != 0) {
                            int lastIndexOf = replaceString2.lastIndexOf("/");
                            if (lastIndexOf >= 0) {
                                sb.append(replaceString2.substring(lastIndexOf + 1)).append("/");
                                replaceString2 = replaceString2.substring(0, lastIndexOf);
                            }
                        }
                        String sb2 = sb.toString();
                        if (sb2 != null && sb2.length() > 0) {
                            orderedSet.add(sb2.substring(0, sb2.length() - 1));
                        }
                    } else if (z) {
                        orderedSet.add("/");
                    }
                }
            }
        }
        return orderedSet;
    }

    static String[] parseOrgDN(String str) {
        String str2;
        String[] strArr = (String[]) cache.get(str);
        if (strArr != null) {
            return strArr;
        }
        debug.message("SMSEntry:parseOrgDN:DNName {}", str);
        String[] strArr2 = new String[5];
        if (str == null || str.length() == 0) {
            strArr2[0] = baseDN;
            strArr2[1] = "*";
            strArr2[2] = "*";
            strArr2[3] = "*";
            strArr2[4] = "*";
            return strArr2;
        }
        String lowerCase = DN.valueOf(str).toString().toLowerCase();
        int indexOf = lowerCase.indexOf(DELEGATION_SERVICES_RDN_WITH_COMMA);
        if (indexOf == -1 || lowerCase.equals(servicesDN)) {
            strArr2[0] = lowerCase;
            str2 = "";
        } else if (ServiceManager.isRealmEnabled()) {
            int indexOf2 = lowerCase.indexOf(servicesDN);
            if (indexOf2 == -1 || indexOf2 == 0) {
                strArr2[0] = baseDN;
                str2 = "";
            } else {
                String substring = lowerCase.substring(0, indexOf2 - 1);
                if (substring.indexOf(DELEGATION_SERVICES_RDN) == -1 && !substring.startsWith(ORG_PLACEHOLDER_RDN)) {
                    strArr2[0] = baseDN;
                    str2 = substring;
                } else if (substring.startsWith(DELEGATION_SERVICES_RDN)) {
                    strArr2[0] = lowerCase.substring(DELEGATION_SERVICES_RDN.length());
                    str2 = "";
                } else if (substring.startsWith(ORG_PLACEHOLDER_RDN)) {
                    strArr2[0] = lowerCase;
                    str2 = "";
                } else {
                    strArr2[0] = lowerCase.substring(indexOf + DELEGATION_SERVICES_RDN_WITH_COMMA_LEN);
                    str2 = lowerCase.substring(0, indexOf);
                }
            }
        } else {
            strArr2[0] = lowerCase.substring(indexOf + DELEGATION_SERVICES_RDN_WITH_COMMA_LEN);
            str2 = lowerCase.substring(0, indexOf);
        }
        debug.message("SMSEntry:parseOrgDN: orgDN: {} restOfDN: {}", strArr2[0], str2);
        DN valueOf = DN.valueOf(str2);
        int size = valueOf.size();
        strArr2[4] = size < 1 ? REALM_SERVICE : LDAPUtils.rdnValueFromDn(valueOf.parent(size - 1));
        strArr2[3] = size < 2 ? "*" : LDAPUtils.rdnValueFromDn(valueOf.parent(size - 2));
        strArr2[2] = size < 3 ? "*" : LDAPUtils.rdnValueFromDn(valueOf.parent(size - 3));
        if (size >= 4) {
            StringBuilder sb = new StringBuilder();
            for (int i = size - 4; i >= 0; i--) {
                sb.append('/').append(LDAPUtils.rdnValueFromDn(valueOf.parent(i)));
            }
            strArr2[1] = sb.toString();
        } else {
            strArr2[1] = "*";
        }
        cache.put(str, strArr2);
        return strArr2;
    }

    static boolean hasReadPermission(SSOToken sSOToken, String str) {
        try {
            getDelegationPermission(sSOToken, str, readActionSet);
            if (!debug.messageEnabled()) {
                return true;
            }
            try {
                debug.message("SMSEntry::hasReadPermission Allowed user: " + sSOToken.getPrincipal().getName() + " for dn: " + str);
                return true;
            } catch (SSOException e) {
                debug.message("SMSEntry::hasReadPermission Allowed access for dn: " + str + " Got SSOException", e);
                return true;
            }
        } catch (SMSException e2) {
            if (!debug.messageEnabled()) {
                return false;
            }
            try {
                debug.message("SMSEntry::hasReadPermission Denied user: " + sSOToken.getPrincipal().getName() + " for dn: " + str);
                return false;
            } catch (SSOException e3) {
                debug.message("SMSEntry::hasReadPermission Denied access for dn: " + str + " Got SSOException", e3);
                return false;
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean getDelegationPermission(SSOToken sSOToken, String str, Set set) throws SMSException {
        if (SMSJAXRPCObjectFlg || backendProxyEnabled || str.equals(baseDN) || (str.equals(servicesDN) && !set.contains("MODIFY"))) {
            return true;
        }
        try {
            String name = sSOToken.getPrincipal().getName();
            if (LDAPUtils.isDN(name)) {
                if (specialUserSet.contains(DN.valueOf(name).toString())) {
                    return true;
                }
            }
            if (!ServiceManager.isConfigMigratedTo70()) {
                if (backendProxyEnabled) {
                    return true;
                }
                debug.error("SMSEntry::getDelegationPermission Must enable LDAP proxy support if configuration (DIT) is not migrated to AM 7.0");
                throw new SMSException(8, IUMSConstants.SMS_INSUFFICIENT_ACCESS_RIGHTS);
            }
            if (debug.messageEnabled()) {
                debug.message("SMSEntry:getDelegationPermission :Calling delegation service for dnName: " + str + " for permissions: " + set);
            }
            if (isAllowedByDelegation(sSOToken, str, set)) {
                return true;
            }
            throw new SMSException(8, IUMSConstants.SMS_INSUFFICIENT_ACCESS_RIGHTS);
        } catch (SSOException e) {
            debug.error("SMSEntry.isAllowed : Invalid Token: ", e);
            throw new SMSException(bundle.getString("sms-INVALID_SSO_TOKEN"), "sms-INVALID_SSO_TOKEN");
        }
    }

    private static boolean isAllowed(SSOToken sSOToken, String str, Set set) throws SMSException {
        if (SMSJAXRPCObjectFlg) {
            return false;
        }
        if (str.equals(baseDN) || str.equals(servicesDN)) {
            return true;
        }
        try {
            String name = sSOToken.getPrincipal().getName();
            if (LDAPUtils.isDN(name)) {
                if (specialUserSet.contains(DN.valueOf(name).toString())) {
                    return true;
                }
            }
            if (ServiceManager.isConfigMigratedTo70()) {
                return isAllowedByDelegation(sSOToken, str, set);
            }
            return false;
        } catch (SSOException e) {
            debug.error("SMSEntry.isAllowed : Invalid Token: ", e);
            throw new SMSException(bundle.getString("sms-INVALID_SSO_TOKEN"), "sms-INVALID_SSO_TOKEN");
        }
    }

    private static boolean isAllowedByDelegation(SSOToken sSOToken, String str, Set set) throws SMSException {
        String[] parseOrgDN = parseOrgDN(str);
        String str2 = parseOrgDN[0];
        String str3 = parseOrgDN[1];
        String str4 = parseOrgDN[2];
        String str5 = parseOrgDN[3];
        String str6 = parseOrgDN[4];
        if (!str6.equals(REALM_SERVICE) && ((str4.equalsIgnoreCase("*") || str3.equalsIgnoreCase("*")) && set.size() == 1 && set.contains("READ"))) {
            return true;
        }
        try {
            boolean isAllowed = DelegationEvaluatorHolder.dlgEval.isAllowed(sSOToken, new DelegationPermission(str2, str6, str5, str4, str3, set, Collections.EMPTY_MAP), Collections.EMPTY_MAP);
            if (!isAllowed && debug.warningEnabled()) {
                try {
                    debug.warning("SMSEntry: Attempt by:  " + sSOToken.getPrincipal().getName() + " to read/modify entry: " + str + " has no permissions");
                } catch (SSOException e) {
                    debug.warning("SMSEntry: Attempted to:  read/modify an entry that has invalid delegation privilege: " + str, e);
                }
            }
            return isAllowed;
        } catch (SSOException e2) {
            debug.error("SMSEntry.isAllowed : Invalid Token: ", e2);
            throw new SMSException(bundle.getString("sms-INVALID_SSO_TOKEN"), "sms-INVALID_SSO_TOKEN");
        } catch (DelegationException e3) {
            debug.error("SMSEntry.isAllowed : Invalid DelegationPermission: ", e3);
            throw new SMSException(bundle.getString("sms-invalid_delegation_privilege"), "sms-invalid_delegation_privilege");
        }
    }

    static {
        readActionSet.add("READ");
        modifyActionSet.add("MODIFY");
        mCaseSensitiveAttributes = new CaseInsensitiveHashSet(3);
        mCaseSensitiveAttributes.add(ATTR_SCHEMA);
        mCaseSensitiveAttributes.add(ATTR_PLUGIN_SCHEMA);
        mCaseSensitiveAttributes.add(ATTR_KEYVAL);
        bundle = AMResourceBundleCache.getInstance().getResBundle("amSDK", Locale.ENGLISH);
        initializeClass();
        DELEGATION_SERVICES_RDN_WITH_COMMA_LEN = DELEGATION_SERVICES_RDN_WITH_COMMA.length();
        SMS_ATTRIBUTES = new String[]{PLACEHOLDER_RDN, ATTR_SCHEMA, ATTR_PLUGIN_SCHEMA, ATTR_KEYVAL, ATTR_XML_KEYVAL, "objectclass", ATTR_PRIORITY, ATTR_SERVICE_ID, ATTR_LABELED_URI, ATTR_MODIFY_TIMESTAMP};
    }
}
