package com.sun.identity.entitlement.opensso;

import com.iplanet.sso.SSOException;
import com.iplanet.sso.SSOToken;
import com.sun.identity.entitlement.EntitlementException;
import com.sun.identity.entitlement.IPrivilege;
import com.sun.identity.entitlement.Privilege;
import com.sun.identity.entitlement.ReferralPrivilege;
import com.sun.identity.entitlement.ResourceSaveIndexes;
import com.sun.identity.entitlement.ResourceSearchIndexes;
import com.sun.identity.entitlement.SubjectAttributesManager;
import com.sun.identity.entitlement.util.NetworkMonitor;
import com.sun.identity.security.AdminTokenAction;
import com.sun.identity.shared.BufferedIterator;
import com.sun.identity.shared.stats.Stats;
import com.sun.identity.sm.DNMapper;
import com.sun.identity.sm.SMSDataEntry;
import com.sun.identity.sm.SMSEntry;
import com.sun.identity.sm.SMSException;
import com.sun.identity.sm.ServiceConfig;
import com.sun.identity.sm.ServiceConfigManager;
import java.security.AccessController;
import java.text.MessageFormat;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.locks.ReadWriteLock;
import java.util.concurrent.locks.ReentrantReadWriteLock;
import javax.naming.NamingException;
import javax.security.auth.Subject;
import org.apache.commons.configuration.tree.DefaultExpressionEngine;
import org.apache.xerces.dom3.as.ASDataType;
import org.forgerock.openam.entitlement.PolicyConstants;
import org.forgerock.openam.ldap.LDAPUtils;
import org.forgerock.openam.sdk.org.forgerock.opendj.ldap.DN;
import org.forgerock.openam.sdk.org.json.JSONException;
import org.forgerock.openam.sdk.org.json.JSONObject;
import org.forgerock.openam.utils.CollectionUtils;

/* loaded from: input_file:WEB-INF/lib/openam-clientsdk-15.0.0.jar:com/sun/identity/entitlement/opensso/DataStore.class */
public class DataStore {
    public static final String POLICY_STORE = "default";
    public static final String REFERRAL_STORE = "referrals";
    private static final String SERVICE_NAME = "sunEntitlementIndexes";
    private static final String INDEX_COUNT = "indexCount";
    private static final String REFERRAL_INDEX_COUNT = "referralIndexCount";
    private static final String REALM_DN_TEMPLATE = "ou={0},ou=default,ou=OrganizationConfig,ou=1.0,ou=sunEntitlementIndexes,ou=services,{1}";
    private static final String SUBJECT_INDEX_KEY = "subjectindex";
    private static final String HOST_INDEX_KEY = "hostindex";
    private static final String PATH_INDEX_KEY = "pathindex";
    private static final String PATH_PARENT_INDEX_KEY = "pathparentindex";
    private static final String SERIALIZABLE_INDEX_KEY = "serializable";
    public static final String REFERRAL_REALMS = "referralrealms";
    public static final String REFERRAL_APPLS = "referralappls";
    private static final String NO_FILTER = "(objectClass=*)";
    private static final int NO_LIMIT = 0;
    private static final boolean NOT_SORTED = false;
    private static final String SUBJECT_FILTER_TEMPLATE = "(sunxmlKeyValue=subjectindex={0})";
    private static final String HOST_FILTER_TEMPLATE = "(sunxmlKeyValue=hostindex={0})";
    private static final String PATH_FILTER_TEMPLATE = "(sunxmlKeyValue=pathindex={0})";
    private static final String PATH_PARENT_FILTER_TEMPLATE = "(sunxmlKeyValue=pathparentindex={0})";
    private static final String HIDDEN_REALM_DN = "o=sunamhiddenrealmdelegationservicepermissions,ou=services,";
    private static DataStore instance = new DataStore();
    private static final Set<String> NO_EXCLUSIONS = Collections.emptySet();
    private static final NetworkMonitor DB_MONITOR_PRIVILEGE = NetworkMonitor.getInstance("dbLookupPrivileges");
    private static final NetworkMonitor DB_MONITOR_REFERRAL = NetworkMonitor.getInstance("dbLookupReferrals");
    private static ReadWriteLock countRWLock = new ReentrantReadWriteLock();
    private static Map<String, Integer> policiesPerRealm = new HashMap();
    private static Map<String, Integer> referralsPerRealm = new HashMap();
    private static SSOToken adminToken = (SSOToken) AccessController.doPrivileged(AdminTokenAction.getInstance());

    private DataStore() {
    }

    public static DataStore getInstance() {
        return instance;
    }

    public static String getPrivilegeDistinguishedName(String str, String str2, String str3) {
        return "ou=" + str + "," + getSearchBaseDN(str2, str3);
    }

    public static String getSearchBaseDN(String str, String str2) {
        if (str2 == null) {
            str2 = "default";
        }
        return MessageFormat.format(REALM_DN_TEMPLATE, str2, LDAPUtils.isDN(str) ? str : DNMapper.orgNameToDN(str));
    }

    private String createDefaultSubConfig(SSOToken sSOToken, String str, String str2) throws SMSException, SSOException {
        if (str2 == null) {
            str2 = "default";
        }
        ServiceConfig orgConfig = getOrgConfig(sSOToken, str);
        if (!orgConfig.getSubConfigNames().contains(str2)) {
            orgConfig.addSubConfig(str2, "type", 0, Collections.EMPTY_MAP);
        }
        return orgConfig.getSubConfig(str2).getDN();
    }

    private ServiceConfig getOrgConfig(SSOToken sSOToken, String str) throws SMSException, SSOException {
        ServiceConfigManager serviceConfigManager = new ServiceConfigManager("sunEntitlementIndexes", sSOToken);
        ServiceConfig organizationConfig = serviceConfigManager.getOrganizationConfig(str, null);
        if (organizationConfig == null) {
            serviceConfigManager.createOrganizationConfig(str, null);
        }
        return organizationConfig;
    }

    void clearIndexCount(String str, boolean z) {
        countRWLock.writeLock().lock();
        try {
            if (z) {
                referralsPerRealm.remove(DNMapper.orgNameToDN(str));
            } else {
                policiesPerRealm.remove(DNMapper.orgNameToDN(str));
            }
            countRWLock.writeLock().unlock();
        } catch (Throwable th) {
            countRWLock.writeLock().unlock();
            throw th;
        }
    }

    private void updateIndexCount(String str, int i, boolean z) {
        countRWLock.writeLock().lock();
        try {
            try {
                try {
                    String str2 = z ? REFERRAL_INDEX_COUNT : INDEX_COUNT;
                    ServiceConfig orgConfig = getOrgConfig(adminToken, str);
                    Map<String, Set<String>> attributes = orgConfig.getAttributes();
                    Set<String> set = attributes.get(str2);
                    int i2 = i;
                    if (set == null || set.isEmpty()) {
                        set = new HashSet();
                        attributes.put(str2, set);
                    } else {
                        i2 += Integer.parseInt(set.iterator().next());
                        set.clear();
                    }
                    set.add(Integer.toString(i2));
                    orgConfig.setAttributes(attributes);
                    if (z) {
                        referralsPerRealm.put(DNMapper.orgNameToDN(str), Integer.valueOf(i2));
                    } else {
                        policiesPerRealm.put(DNMapper.orgNameToDN(str), Integer.valueOf(i2));
                    }
                    countRWLock.writeLock().unlock();
                } catch (SMSException e) {
                    PolicyConstants.DEBUG.error("DataStore.updateIndexCount", e);
                    countRWLock.writeLock().unlock();
                }
            } catch (SSOException e2) {
                PolicyConstants.DEBUG.error("DataStore.updateIndexCount", e2);
                countRWLock.writeLock().unlock();
            } catch (NumberFormatException e3) {
                PolicyConstants.DEBUG.error("DataStore.updateIndexCount", e3);
                countRWLock.writeLock().unlock();
            }
        } catch (Throwable th) {
            countRWLock.writeLock().unlock();
            throw th;
        }
    }

    private static int getIndexCount(String str, boolean z) {
        int i = 0;
        if (adminToken != null) {
            try {
                ServiceConfig organizationConfig = new ServiceConfigManager("sunEntitlementIndexes", adminToken).getOrganizationConfig(str, null);
                if (organizationConfig != null) {
                    Map<String, Set<String>> attributes = organizationConfig.getAttributes();
                    Set<String> set = z ? attributes.get(REFERRAL_INDEX_COUNT) : attributes.get(INDEX_COUNT);
                    if (set != null && !set.isEmpty()) {
                        i = Integer.parseInt(set.iterator().next());
                    }
                }
            } catch (SSOException e) {
                PolicyConstants.DEBUG.error("DataStore.getIndexCount", e);
            } catch (SMSException e2) {
                PolicyConstants.DEBUG.error("DataStore.getIndexCount", e2);
            } catch (NumberFormatException e3) {
                PolicyConstants.DEBUG.error("DataStore.getIndexCount", e3);
            }
        }
        return i;
    }

    public static int getNumberOfPolicies() {
        return getCountInMap(policiesPerRealm);
    }

    public static int getNumberOfReferrals() {
        return getCountInMap(referralsPerRealm);
    }

    private static int getCountInMap(Map<String, Integer> map) {
        countRWLock.readLock().lock();
        try {
            int i = 0;
            Iterator<Integer> it = map.values().iterator();
            while (it.hasNext()) {
                i += it.next().intValue();
            }
            int i2 = i;
            countRWLock.readLock().unlock();
            return i2;
        } catch (Throwable th) {
            countRWLock.readLock().unlock();
            throw th;
        }
    }

    public static int getNumberOfPolicies(String str) {
        int intValue;
        countRWLock.readLock().lock();
        try {
            String orgNameToDN = DNMapper.orgNameToDN(str);
            Integer num = policiesPerRealm.get(orgNameToDN);
            if (num == null) {
                intValue = getIndexCount(str, false);
                policiesPerRealm.put(orgNameToDN, Integer.valueOf(intValue));
            } else {
                intValue = num.intValue();
            }
            int i = intValue;
            countRWLock.readLock().unlock();
            return i;
        } catch (Throwable th) {
            countRWLock.readLock().unlock();
            throw th;
        }
    }

    public static int getNumberOfReferrals(String str) {
        int intValue;
        countRWLock.readLock().lock();
        try {
            String orgNameToDN = DNMapper.orgNameToDN(str);
            Integer num = referralsPerRealm.get(orgNameToDN);
            if (num == null) {
                intValue = getIndexCount(str, true);
                referralsPerRealm.put(orgNameToDN, Integer.valueOf(intValue));
            } else {
                intValue = num.intValue();
            }
            int i = intValue;
            countRWLock.readLock().unlock();
            return i;
        } catch (Throwable th) {
            countRWLock.readLock().unlock();
            throw th;
        }
    }

    public String add(Subject subject, String str, Privilege privilege) throws EntitlementException {
        ResourceSaveIndexes resourceSaveIndexes = privilege.getEntitlement().getResourceSaveIndexes(subject, str);
        Set<String> subjectSearchIndexes = SubjectAttributesManager.getSubjectSearchIndexes(privilege);
        try {
            createDefaultSubConfig(adminToken, str, null);
            String privilegeDistinguishedName = getPrivilegeDistinguishedName(privilege.getName(), str, null);
            if (SMSEntry.checkIfEntryExists(privilegeDistinguishedName, adminToken)) {
                throw new EntitlementException(217);
            }
            SMSEntry sMSEntry = new SMSEntry(adminToken, privilegeDistinguishedName);
            HashMap hashMap = new HashMap();
            HashSet hashSet = new HashSet();
            hashMap.put(SMSEntry.ATTR_XML_KEYVAL, hashSet);
            hashSet.add("resourceTypeUuid=" + privilege.getResourceTypeUuid());
            if (resourceSaveIndexes != null) {
                Iterator<String> it = resourceSaveIndexes.getHostIndexes().iterator();
                while (it.hasNext()) {
                    hashSet.add("hostindex=" + it.next());
                }
                Iterator<String> it2 = resourceSaveIndexes.getPathIndexes().iterator();
                while (it2.hasNext()) {
                    hashSet.add("pathindex=" + it2.next());
                }
                Iterator<String> it3 = resourceSaveIndexes.getParentPathIndexes().iterator();
                while (it3.hasNext()) {
                    hashSet.add("pathparentindex=" + it3.next());
                }
                Iterator<String> it4 = subjectSearchIndexes.iterator();
                while (it4.hasNext()) {
                    hashSet.add("subjectindex=" + it4.next());
                }
            }
            HashSet hashSet2 = new HashSet(2);
            hashMap.put(SMSEntry.ATTR_SERVICE_ID, hashSet2);
            hashSet2.add("indexes");
            HashSet hashSet3 = new HashSet(2);
            hashMap.put(SMSEntry.ATTR_KEYVAL, hashSet3);
            hashSet3.add("serializable=" + privilege.toJSONObject().toString());
            HashSet hashSet4 = new HashSet(4);
            hashMap.put("objectclass", hashSet4);
            hashSet4.add("top");
            hashSet4.add(SMSEntry.OC_SERVICE_COMP);
            HashSet hashSet5 = new HashSet(8);
            String name = privilege.getName();
            if (name != null) {
                hashSet5.add("name=" + name);
            }
            String description = privilege.getDescription();
            if (description != null) {
                hashSet5.add("description=" + description);
            }
            String createdBy = privilege.getCreatedBy();
            if (createdBy != null) {
                hashSet5.add("createdby=" + createdBy);
            }
            String lastModifiedBy = privilege.getLastModifiedBy();
            if (lastModifiedBy != null) {
                hashSet5.add("lastmodifiedby=" + lastModifiedBy);
            }
            long creationDate = privilege.getCreationDate();
            if (creationDate > 0) {
                String str2 = Long.toString(creationDate) + "=creationdate";
                hashSet5.add(str2);
                hashSet5.add("|" + str2);
            }
            long lastModifiedDate = privilege.getLastModifiedDate();
            if (lastModifiedDate > 0) {
                String str3 = Long.toString(lastModifiedDate) + "=lastmodifieddate";
                hashSet5.add(str3);
                hashSet5.add("|" + str3);
            }
            hashSet5.add("application=" + privilege.getEntitlement().getApplicationName());
            Iterator<String> it5 = privilege.getApplicationIndexes().iterator();
            while (it5.hasNext()) {
                hashSet5.add("application=" + it5.next());
            }
            hashMap.put(SMSEntry.PLACEHOLDER_RDN, hashSet5);
            sMSEntry.setAttributes(hashMap);
            sMSEntry.save();
            updateIndexCount(str, 1, false);
            return privilegeDistinguishedName;
        } catch (SSOException e) {
            throw new EntitlementException(ASDataType.BYTE_DATATYPE, e);
        } catch (SMSException e2) {
            throw new EntitlementException(ASDataType.BYTE_DATATYPE, e2);
        } catch (JSONException e3) {
            throw new EntitlementException(ASDataType.BYTE_DATATYPE, e3);
        }
    }

    public String addReferral(Subject subject, String str, ReferralPrivilege referralPrivilege) throws EntitlementException {
        ResourceSaveIndexes resourceSaveIndexes = referralPrivilege.getResourceSaveIndexes(subject, str);
        SSOToken sSOToken = getSSOToken(subject);
        try {
            createDefaultSubConfig(sSOToken, str, REFERRAL_STORE);
            String privilegeDistinguishedName = getPrivilegeDistinguishedName(referralPrivilege.getName(), str, REFERRAL_STORE);
            SMSEntry sMSEntry = new SMSEntry(sSOToken, privilegeDistinguishedName);
            HashMap hashMap = new HashMap();
            HashSet hashSet = new HashSet();
            hashMap.put(SMSEntry.ATTR_XML_KEYVAL, hashSet);
            if (resourceSaveIndexes != null) {
                Iterator<String> it = resourceSaveIndexes.getHostIndexes().iterator();
                while (it.hasNext()) {
                    hashSet.add("hostindex=" + it.next());
                }
                Iterator<String> it2 = resourceSaveIndexes.getPathIndexes().iterator();
                while (it2.hasNext()) {
                    hashSet.add("pathindex=" + it2.next());
                }
                Iterator<String> it3 = resourceSaveIndexes.getParentPathIndexes().iterator();
                while (it3.hasNext()) {
                    hashSet.add("pathparentindex=" + it3.next());
                }
            }
            HashSet hashSet2 = new HashSet(2);
            hashMap.put(SMSEntry.ATTR_SERVICE_ID, hashSet2);
            hashSet2.add("indexes");
            HashSet hashSet3 = new HashSet(2);
            hashMap.put(SMSEntry.ATTR_KEYVAL, hashSet3);
            hashSet3.add("serializable=" + referralPrivilege.toJSON());
            HashSet hashSet4 = new HashSet(4);
            hashMap.put("objectclass", hashSet4);
            hashSet4.add("top");
            hashSet4.add(SMSEntry.OC_SERVICE_COMP);
            HashSet hashSet5 = new HashSet(8);
            String name = referralPrivilege.getName();
            if (name != null) {
                hashSet5.add("name=" + name);
            }
            String description = referralPrivilege.getDescription();
            if (description != null) {
                hashSet5.add("description=" + description);
            }
            String createdBy = referralPrivilege.getCreatedBy();
            if (createdBy != null) {
                hashSet5.add("createdby=" + createdBy);
            }
            String lastModifiedBy = referralPrivilege.getLastModifiedBy();
            if (lastModifiedBy != null) {
                hashSet5.add("lastmodifiedby=" + lastModifiedBy);
            }
            long creationDate = referralPrivilege.getCreationDate();
            if (creationDate > 0) {
                String str2 = Long.toString(creationDate) + "=creationdate";
                hashSet5.add(str2);
                hashSet5.add("|" + str2);
            }
            long lastModifiedDate = referralPrivilege.getLastModifiedDate();
            if (lastModifiedDate > 0) {
                String str3 = Long.toString(lastModifiedDate) + "=lastmodifieddate";
                hashSet5.add(str3);
                hashSet5.add("|" + str3);
            }
            Iterator<String> it4 = referralPrivilege.getRealms().iterator();
            while (it4.hasNext()) {
                hashSet5.add("referralrealms=" + it4.next());
            }
            Iterator<String> it5 = referralPrivilege.getApplicationTypeNames(subject, str).iterator();
            while (it5.hasNext()) {
                hashSet5.add("referralappls=" + it5.next());
            }
            Iterator<String> it6 = referralPrivilege.getMapApplNameToResources().keySet().iterator();
            while (it6.hasNext()) {
                hashSet5.add("application=" + it6.next());
            }
            hashMap.put(SMSEntry.PLACEHOLDER_RDN, hashSet5);
            sMSEntry.setAttributes(hashMap);
            sMSEntry.save();
            updateIndexCount(str, 1, true);
            return privilegeDistinguishedName;
        } catch (SSOException e) {
            throw new EntitlementException(270, e);
        } catch (SMSException e2) {
            throw new EntitlementException(270, e2);
        }
    }

    public void remove(Subject subject, String str, String str2) throws EntitlementException {
        SSOToken sSOToken = getSSOToken(subject);
        if (sSOToken == null) {
            throw new EntitlementException(55, str2);
        }
        String str3 = null;
        try {
            str3 = getPrivilegeDistinguishedName(str2, str, null);
            if (SMSEntry.checkIfEntryExists(str3, sSOToken)) {
                new SMSEntry(sSOToken, str3).delete();
                updateIndexCount(str, -1, false);
            }
        } catch (SSOException e) {
            throw new EntitlementException(10, (Object[]) null, e);
        } catch (SMSException e2) {
            throw new EntitlementException(51, new Object[]{str3}, e2);
        }
    }

    public void removeReferral(Subject subject, String str, String str2) throws EntitlementException {
        SSOToken sSOToken = getSSOToken(subject);
        if (sSOToken == null) {
            throw new EntitlementException(55, str2);
        }
        String str3 = null;
        try {
            str3 = getPrivilegeDistinguishedName(str2, str, REFERRAL_STORE);
            if (SMSEntry.checkIfEntryExists(str3, sSOToken)) {
                new SMSEntry(sSOToken, str3).delete();
                updateIndexCount(str, -1, true);
            }
        } catch (SSOException e) {
            throw new EntitlementException(10, (Object[]) null, e);
        } catch (SMSException e2) {
            throw new EntitlementException(51, new Object[]{str3}, e2);
        }
    }

    public Set<String> search(Subject subject, String str, String str2, int i, boolean z, boolean z2) throws EntitlementException {
        return search(subject, str, str2, i, z, z2, (String) null);
    }

    public Set<String> searchReferral(Subject subject, String str, String str2, int i, boolean z, boolean z2) throws EntitlementException {
        return search(subject, str, str2, i, z, z2, REFERRAL_STORE);
    }

    private Set<String> search(Subject subject, String str, String str2, int i, boolean z, boolean z2, String str3) throws EntitlementException {
        try {
            SSOToken sSOToken = getSSOToken(subject);
            if (sSOToken == null) {
                throw new EntitlementException(216);
            }
            String searchBaseDN = getSearchBaseDN(str, str3);
            return SMSEntry.checkIfEntryExists(searchBaseDN, sSOToken) ? LDAPUtils.collectNonIdenticalValues(DN.valueOf(searchBaseDN), SMSEntry.search(sSOToken, searchBaseDN, str2, i, 0, z, z2)) : Collections.emptySet();
        } catch (SMSException | NamingException e) {
            throw new EntitlementException(215, e);
        }
    }

    public boolean hasPrivilgesWithApplication(Subject subject, String str, String str2) throws EntitlementException {
        SSOToken sSOToken = getSSOToken(subject);
        String str3 = "(ou=application=" + str2 + DefaultExpressionEngine.DEFAULT_INDEX_END;
        return hasEntries(sSOToken, getSearchBaseDN(str, null), str3) || hasEntries(sSOToken, getSearchBaseDN(str, REFERRAL_STORE), str3) || hasEntries(sSOToken, getSearchBaseDN(getHiddenRealmDN(), null), str3);
    }

    private static String getHiddenRealmDN() {
        return HIDDEN_REALM_DN + SMSEntry.getRootSuffix();
    }

    private boolean hasEntries(SSOToken sSOToken, String str, String str2) throws EntitlementException {
        if (!SMSEntry.checkIfEntryExists(str, sSOToken)) {
            return false;
        }
        try {
            Set<String> search = SMSEntry.search(sSOToken, str, str2, 0, 0, false, false);
            if (search != null) {
                return !search.isEmpty();
            }
            return false;
        } catch (SMSException e) {
            throw new EntitlementException(52, new Object[]{str}, e);
        }
    }

    public Set<IPrivilege> search(Subject subject, String str, BufferedIterator bufferedIterator, ResourceSearchIndexes resourceSearchIndexes, Set<String> set, boolean z, Set<String> set2) throws EntitlementException {
        SSOToken sSOToken = getSSOToken(subject);
        Set<IPrivilege> searchPrivileges = searchPrivileges(str, bufferedIterator, resourceSearchIndexes, set, z, set2);
        if (getNumberOfReferrals(str) > 0) {
            searchPrivileges.addAll(searchReferral(sSOToken, str, bufferedIterator, resourceSearchIndexes, z, set2));
        }
        return searchPrivileges;
    }

    public IPrivilege getPrivilege(String str, String str2) throws EntitlementException {
        String privilegeDistinguishedName = getPrivilegeDistinguishedName(str2, str, null);
        long start = DB_MONITOR_PRIVILEGE.start();
        Privilege privilege = null;
        try {
            Iterator search = SMSEntry.search((SSOToken) AccessController.doPrivileged(AdminTokenAction.getInstance()), privilegeDistinguishedName, NO_FILTER, 0, 0, false, false, NO_EXCLUSIONS);
            while (search.hasNext()) {
                privilege = Privilege.getInstance(new JSONObject(((SMSDataEntry) search.next()).getAttributeValue(SERIALIZABLE_INDEX_KEY)));
            }
            DB_MONITOR_PRIVILEGE.end(start);
            return privilege;
        } catch (SMSException e) {
            throw new EntitlementException(52, new Object[]{privilegeDistinguishedName}, e);
        } catch (JSONException e2) {
            throw new EntitlementException(52, new Object[]{privilegeDistinguishedName}, e2);
        }
    }

    private Set<IPrivilege> searchPrivileges(String str, BufferedIterator bufferedIterator, ResourceSearchIndexes resourceSearchIndexes, Set<String> set, boolean z, Set<String> set2) throws EntitlementException {
        HashSet hashSet = new HashSet();
        String filter = getFilter(resourceSearchIndexes, set, z);
        String searchBaseDN = getSearchBaseDN(str, null);
        if (PolicyConstants.DEBUG.messageEnabled()) {
            PolicyConstants.DEBUG.message("[PolicyEval] DataStore.searchPrivileges");
            PolicyConstants.DEBUG.message("[PolicyEval] search filter: " + filter);
            PolicyConstants.DEBUG.message("[PolicyEval] search DN: " + searchBaseDN);
        }
        if (filter != null) {
            SSOToken sSOToken = (SSOToken) AccessController.doPrivileged(AdminTokenAction.getInstance());
            long start = DB_MONITOR_PRIVILEGE.start();
            if (SMSEntry.checkIfEntryExists(searchBaseDN, sSOToken)) {
                try {
                    Iterator search = SMSEntry.search(sSOToken, searchBaseDN, filter, 0, 0, false, false, set2);
                    while (search.hasNext()) {
                        Privilege privilege = Privilege.getInstance(new JSONObject(((SMSDataEntry) search.next()).getAttributeValue(SERIALIZABLE_INDEX_KEY)));
                        bufferedIterator.add((BufferedIterator) privilege);
                        hashSet.add(privilege);
                    }
                } catch (SMSException e) {
                    throw new EntitlementException(52, new Object[]{searchBaseDN}, e);
                } catch (JSONException e2) {
                    throw new EntitlementException(52, new Object[]{searchBaseDN}, e2);
                }
            }
            DB_MONITOR_PRIVILEGE.end(start);
        }
        return hashSet;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public List<Privilege> findPoliciesByRealm(String str) throws EntitlementException {
        return findPolicies(str, "(sunserviceID=indexes)");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public List<Privilege> findPoliciesByRealmAndApplication(String str, String str2) throws EntitlementException {
        return findPolicies(str, String.format("(&(sunserviceID=indexes)(ou=application=%s))", str2));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public List<Privilege> findAllPoliciesByRealmAndSubjectIndex(String str, Set<String> set) throws EntitlementException {
        StringBuilder sb = new StringBuilder("(|");
        Iterator<String> it = set.iterator();
        while (it.hasNext()) {
            sb.append('(').append(SMSEntry.ATTR_XML_KEYVAL).append('=').append(SUBJECT_INDEX_KEY).append('=').append(escapeCharactersInFilter(it.next())).append(')');
        }
        sb.append(')');
        return findPolicies(str, sb.toString());
    }

    private List<Privilege> findPolicies(String str, String str2) throws EntitlementException {
        ArrayList arrayList = new ArrayList();
        String searchBaseDN = getSearchBaseDN(str, null);
        SSOToken sSOToken = (SSOToken) AccessController.doPrivileged(AdminTokenAction.getInstance());
        if (SMSEntry.checkIfEntryExists(searchBaseDN, sSOToken)) {
            try {
                Iterator search = SMSEntry.search(sSOToken, searchBaseDN, str2, 0, 0, false, false, Collections.emptySet());
                while (search.hasNext()) {
                    arrayList.add(Privilege.getInstance(new JSONObject(((SMSDataEntry) search.next()).getAttributeValue(SERIALIZABLE_INDEX_KEY))));
                }
            } catch (SMSException | JSONException e) {
                throw new EntitlementException(215, e);
            }
        }
        return arrayList;
    }

    public Set<ReferralPrivilege> searchReferral(SSOToken sSOToken, String str, BufferedIterator bufferedIterator, ResourceSearchIndexes resourceSearchIndexes, boolean z, Set<String> set) throws EntitlementException {
        HashSet hashSet = new HashSet();
        String filter = getFilter(resourceSearchIndexes, null, z);
        String searchBaseDN = getSearchBaseDN(str, REFERRAL_STORE);
        if (PolicyConstants.DEBUG.messageEnabled()) {
            PolicyConstants.DEBUG.message("[PolicyEval] DataStore.searchReferral");
            PolicyConstants.DEBUG.message("[PolicyEval] search filter: " + filter);
            PolicyConstants.DEBUG.message("[PolicyEval] search DN: " + searchBaseDN);
        }
        if (filter != null) {
            SSOToken sSOToken2 = (SSOToken) AccessController.doPrivileged(AdminTokenAction.getInstance());
            long start = DB_MONITOR_REFERRAL.start();
            if (SMSEntry.checkIfEntryExists(searchBaseDN, sSOToken2)) {
                try {
                    Iterator search = SMSEntry.search(sSOToken2, searchBaseDN, filter, 0, 0, false, false, set);
                    while (search.hasNext()) {
                        ReferralPrivilege referralPrivilege = ReferralPrivilege.getInstance(new JSONObject(((SMSDataEntry) search.next()).getAttributeValue(SERIALIZABLE_INDEX_KEY)));
                        bufferedIterator.add((BufferedIterator) referralPrivilege);
                        hashSet.add(referralPrivilege);
                    }
                    bufferedIterator.isDone();
                } catch (SMSException e) {
                    throw new EntitlementException(52, new Object[]{searchBaseDN}, e);
                } catch (JSONException e2) {
                    throw new EntitlementException(52, new Object[]{searchBaseDN}, e2);
                }
            }
            DB_MONITOR_REFERRAL.end(start);
        }
        return hashSet;
    }

    private static String getFilter(Set<String> set) {
        StringBuilder sb = new StringBuilder();
        if (CollectionUtils.isNotEmpty(set)) {
            sb.append("(|");
            Iterator<String> it = set.iterator();
            while (it.hasNext()) {
                sb.append(MessageFormat.format(SUBJECT_FILTER_TEMPLATE, escapeCharactersInFilter(it.next())));
            }
            sb.append(')');
        }
        return sb.toString();
    }

    static String getFilter(ResourceSearchIndexes resourceSearchIndexes, Set<String> set, boolean z) {
        Set<String> parentPathIndexes;
        StringBuilder sb = new StringBuilder();
        sb.append(getFilter(set));
        Set<String> hostIndexes = resourceSearchIndexes.getHostIndexes();
        StringBuilder sb2 = new StringBuilder();
        if (hostIndexes != null && !hostIndexes.isEmpty()) {
            Iterator<String> it = resourceSearchIndexes.getHostIndexes().iterator();
            while (it.hasNext()) {
                sb2.append(MessageFormat.format(HOST_FILTER_TEMPLATE, escapeCharactersInFilter(it.next())));
            }
        }
        if (sb2.length() > 0) {
            sb.append("(|").append(sb2.toString()).append(DefaultExpressionEngine.DEFAULT_INDEX_END);
        }
        StringBuilder sb3 = new StringBuilder();
        Set<String> pathIndexes = resourceSearchIndexes.getPathIndexes();
        if (pathIndexes != null && !pathIndexes.isEmpty()) {
            Iterator<String> it2 = pathIndexes.iterator();
            while (it2.hasNext()) {
                sb3.append(MessageFormat.format(PATH_FILTER_TEMPLATE, escapeCharactersInFilter(it2.next())));
            }
        }
        if (z && (parentPathIndexes = resourceSearchIndexes.getParentPathIndexes()) != null && !parentPathIndexes.isEmpty()) {
            Iterator<String> it3 = parentPathIndexes.iterator();
            while (it3.hasNext()) {
                sb3.append(MessageFormat.format(PATH_PARENT_FILTER_TEMPLATE, escapeCharactersInFilter(it3.next())));
            }
        }
        if (sb3.length() > 0) {
            sb.append("(|").append(sb3.toString()).append(DefaultExpressionEngine.DEFAULT_INDEX_END);
        }
        String sb4 = sb.toString();
        if (sb4.length() > 0) {
            return "(&" + sb4 + DefaultExpressionEngine.DEFAULT_INDEX_END;
        }
        return null;
    }

    public Set<ReferralPrivilege> searchReferrals(SSOToken sSOToken, String str, String str2) throws EntitlementException {
        HashSet hashSet = new HashSet();
        String searchBaseDN = getSearchBaseDN(str, REFERRAL_STORE);
        if (SMSEntry.checkIfEntryExists(searchBaseDN, sSOToken)) {
            try {
                Iterator search = SMSEntry.search(sSOToken, searchBaseDN, str2, 0, 0, false, false, NO_EXCLUSIONS);
                while (search.hasNext()) {
                    hashSet.add(ReferralPrivilege.getInstance(new JSONObject(((SMSDataEntry) search.next()).getAttributeValue(SERIALIZABLE_INDEX_KEY))));
                }
            } catch (SMSException e) {
                throw new EntitlementException(52, new Object[]{searchBaseDN}, e);
            } catch (JSONException e2) {
                throw new EntitlementException(52, new Object[]{searchBaseDN}, e2);
            }
        }
        return hashSet;
    }

    private SSOToken getSSOToken(Subject subject) {
        return PolicyConstants.SUPER_ADMIN_SUBJECT.equals(subject) ? adminToken : SubjectUtils.getSSOToken(subject);
    }

    static Set<String> getReferralNames(String str, String str2) throws EntitlementException {
        try {
            String str3 = "(ou=referralrealms=" + DNMapper.orgNameToRealmName(str2) + DefaultExpressionEngine.DEFAULT_INDEX_END;
            String searchBaseDN = getSearchBaseDN(str, REFERRAL_STORE);
            return SMSEntry.checkIfEntryExists(searchBaseDN, adminToken) ? LDAPUtils.collectNonIdenticalValues(DN.valueOf(searchBaseDN), SMSEntry.search(adminToken, searchBaseDN, str3, 0, 0, false, false)) : Collections.emptySet();
        } catch (SMSException | NamingException e) {
            throw new EntitlementException(215, e);
        }
    }

    private static String escapeCharactersInFilter(String str) {
        StringBuilder sb = new StringBuilder(str.length());
        for (int i = 0; i < str.length(); i++) {
            char charAt = str.charAt(i);
            switch (charAt) {
                case 0:
                    sb.append("\\00");
                    break;
                case '(':
                    sb.append("\\28");
                    break;
                case ')':
                    sb.append("\\29");
                    break;
                case '*':
                    sb.append("\\2a");
                    break;
                case '/':
                    sb.append("\\2f");
                    break;
                case '\\':
                    sb.append("\\5c");
                    break;
                default:
                    sb.append(charAt);
                    break;
            }
        }
        return sb.toString();
    }

    static {
        Stats stats = Stats.getInstance("Entitlements");
        stats.addStatsListener(new EntitlementsStats(stats));
    }
}
