package com.sun.identity.sm;

import com.google.inject.assistedinject.Assisted;
import com.iplanet.am.sdk.AMDCTree;
import com.iplanet.am.util.SystemProperties;
import com.iplanet.sso.SSOException;
import com.iplanet.sso.SSOToken;
import com.iplanet.ums.IUMSConstants;
import com.sun.identity.authentication.util.ISAuthConstants;
import com.sun.identity.common.CaseInsensitiveHashSet;
import com.sun.identity.delegation.DelegationException;
import com.sun.identity.delegation.DelegationUtils;
import com.sun.identity.idm.IdConstants;
import com.sun.identity.idm.IdRepoException;
import com.sun.identity.idm.plugins.internal.AgentsRepo;
import com.sun.identity.shared.Constants;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import java.util.StringTokenizer;
import java.util.regex.Pattern;
import org.forgerock.openam.ldap.LDAPUtils;
import org.forgerock.openam.sdk.javax.inject.Inject;
import org.forgerock.openam.sdk.org.forgerock.opendj.ldap.DN;
import org.forgerock.openam.utils.CollectionUtils;

/* loaded from: input_file:WEB-INF/lib/openam-clientsdk-15.0.0.jar:com/sun/identity/sm/OrganizationConfigManager.class */
public class OrganizationConfigManager {
    private SSOToken token;
    private String orgName;
    private String orgDN;
    private OrgConfigViaAMSDK amsdk;
    private OrganizationConfigManagerImpl orgConfigImpl;
    static String orgNamingAttrInLegacyMode;
    static Pattern baseDNpattern = Pattern.compile(SMSEntry.getRootSuffix());
    protected static final String SERVICES_NODE = "ou=services," + SMSEntry.getRootSuffix();
    static String specialCharsString = "*|(|)|!|/|=";
    private static String SEPERATOR = "|";
    private boolean copyOrgInitialized;
    private boolean copyOrgEnabled;
    private String amSDKOrgDN;
    public static final String SUNORG_ALIAS = "sunOrganizationAliases";
    private static final String SMS_INVALID_SSO_TOKEN = "sms-INVALID_SSO_TOKEN";
    private static boolean registeredForConfigNotifications;
    private static boolean realmEnabled;
    private static boolean coexistMode;
    private static boolean migratedTo70;
    private String CONF_ENABLED = "sun-idrepo-amSDK-config-copyconfig-enabled";
    private String SUNDNS_ALIAS = "sunDNSAliases";
    private String SUNPREF_DOMAIN = AMDCTree.IPLANET_DOMAIN_NAME_ATTR;
    private String SUNORG_STATUS = IdConstants.ORGANIZATION_STATUS_ATTR;

    /* loaded from: input_file:WEB-INF/lib/openam-clientsdk-15.0.0.jar:com/sun/identity/sm/OrganizationConfigManager$OrganizationConfigManagerListener.class */
    class OrganizationConfigManagerListener implements ServiceListener {
        OrganizationConfigManagerListener() {
        }

        @Override // com.sun.identity.sm.ServiceListener
        public void schemaChanged(String str, String str2) {
            ServiceManager.schemaChanged();
            if (str.equalsIgnoreCase("iPlanetAMPlatformService")) {
                ServiceManager.accessManagerServers = null;
            }
        }

        @Override // com.sun.identity.sm.ServiceListener
        public void globalConfigChanged(String str, String str2, String str3, String str4, int i) {
            if (str.equalsIgnoreCase(ServiceManager.REALM_SERVICE)) {
                try {
                    ServiceManager.checkFlags(OrganizationConfigManager.this.token);
                } catch (SSOException e) {
                    SMSEntry.debug.error("OrganizationConfigManager: globalConfigChanged ", e);
                } catch (SMSException e2) {
                    SMSEntry.debug.error("OrganizationConfigManager: globalConfigChanged ", e2);
                }
                boolean unused = OrganizationConfigManager.realmEnabled = ServiceManager.isRealmEnabled();
                boolean unused2 = OrganizationConfigManager.coexistMode = ServiceManager.isCoexistenceMode();
                boolean unused3 = OrganizationConfigManager.migratedTo70 = ServiceManager.isConfigMigratedTo70();
            }
        }

        @Override // com.sun.identity.sm.ServiceListener
        public void organizationConfigChanged(String str, String str2, String str3, String str4, String str5, int i) {
            if (str.equalsIgnoreCase(ServiceManager.REALM_SERVICE)) {
                OrgConfigViaAMSDK.attributeMappings = new HashMap();
                OrgConfigViaAMSDK.reverseAttributeMappings = new HashMap();
            }
        }
    }

    @Inject
    public OrganizationConfigManager(@Assisted SSOToken sSOToken, @Assisted String str) throws SMSException {
        this.token = sSOToken;
        this.orgName = str;
        validateConfigImpl();
        this.orgDN = this.orgConfigImpl.getOrgDN();
        try {
            if (migratedTo70 && !registeredForConfigNotifications) {
                new ServiceConfigManager(ServiceManager.REALM_SERVICE, sSOToken).addListener(new OrganizationConfigManagerListener());
                registeredForConfigNotifications = true;
            }
            if (coexistMode) {
                this.amsdk = new OrgConfigViaAMSDK(sSOToken, DNMapper.realmNameToAMSDKName(this.orgDN), this.orgDN);
                if (orgNamingAttrInLegacyMode == null) {
                    orgNamingAttrInLegacyMode = getNamingAttrForOrg();
                }
            }
        } catch (SSOException e) {
            SMSEntry.debug.error("OrganizationConfigManager:Constructor", e);
            throw new SMSException(SMSEntry.bundle.getString(SMS_INVALID_SSO_TOKEN), SMS_INVALID_SSO_TOKEN);
        } catch (SMSException e2) {
            if (!SystemProperties.get(Constants.SYS_PROPERTY_INSTALL_TIME, "false").equals("true")) {
                SMSEntry.debug.warning("OrganizationConfigManager: constructor. Unable to construct ServiceConfigManager for idRepoService ", e2);
            }
            throw e2;
        }
    }

    public String getOrganizationName() {
        return this.orgName;
    }

    public Set getConfiguredServices() throws SMSException {
        return getAssignedServices();
    }

    public Set getServiceSchemas() throws SMSException {
        try {
            Set serviceNames = getServiceNames(this.token);
            HashSet hashSet = new HashSet(serviceNames.size() * 2);
            Iterator it = serviceNames.iterator();
            while (it.hasNext()) {
                ServiceSchema organizationCreationSchema = new ServiceSchemaManager((String) it.next(), this.token).getOrganizationCreationSchema();
                if (organizationCreationSchema != null) {
                    hashSet.add(organizationCreationSchema);
                }
            }
            return hashSet;
        } catch (SSOException e) {
            SMSEntry.debug.error("OrganizationConfigManager:getServiceSchemas unable to get service schema", e);
            throw new SMSException(SMSEntry.bundle.getString(SMS_INVALID_SSO_TOKEN), e, SMS_INVALID_SSO_TOKEN);
        }
    }

    public OrganizationConfigManager createSubOrganization(String str, Map map) throws SMSException {
        validateConfigImpl();
        validateOrgNameCollision(str);
        validateOrgAliasCollision(map);
        SMSEntry.debug.message("OrganizationConfigManager::createSubOrganization() New Realm, creating realm: {}", str);
        String normalizeDN = normalizeDN(str, this.orgDN);
        StringTokenizer stringTokenizer = new StringTokenizer(specialCharsString, SEPERATOR);
        while (stringTokenizer.hasMoreTokens()) {
            String nextToken = stringTokenizer.nextToken();
            if (str.indexOf(nextToken) > -1) {
                SMSEntry.debug.error("OrganizationConfigManager::createSubOrganization() : Invalid realm name: " + str);
                SMSEntry.debug.error("OrganizationConfigManager::createSubOrganization() : Detected invalid chars: " + nextToken);
                throw new SMSException("amSDK", SMSEntry.bundle.getString("sms-invalid-org-name"), new Object[]{str});
            }
        }
        validateOrgName(str);
        if (coexistMode || (realmEnabled && isCopyOrgEnabled())) {
            this.amsdk.createSubOrganization(str);
        }
        if ((realmEnabled || normalizeDN.toLowerCase().startsWith(SMSEntry.SUN_INTERNAL_REALM_PREFIX)) && getSubOrganizationNames(str, false).isEmpty()) {
            CreateServiceConfig.createOrganization(this.token, normalizeDN);
        }
        OrganizationConfigManager subOrgConfigManager = getSubOrgConfigManager(str);
        if (map != null && !map.isEmpty()) {
            for (String str2 : map.keySet()) {
                Map map2 = (Map) map.get(str2);
                if (map2 != null && !map2.isEmpty()) {
                    subOrgConfigManager.setAttributes(str2, map2);
                }
            }
        }
        if (realmEnabled) {
            AgentsRepo agentsRepo = new AgentsRepo();
            HashMap hashMap = new HashMap(1);
            HashSet hashSet = new HashSet(1);
            hashSet.add(normalizeDN);
            hashMap.put("agentsRepoRealmName", hashSet);
            try {
                agentsRepo.initialize(hashMap);
                agentsRepo.createAgentGroupConfig(this.token);
            } catch (IdRepoException e) {
                SMSEntry.debug.error("OrganizationConfigManager::createSubOrganization:", e);
            }
        }
        if (realmEnabled && !coexistMode) {
            loadDefaultServices(this.token, subOrgConfigManager);
        }
        if (realmEnabled && isCopyOrgEnabled()) {
            registerSvcsForOrg(str, normalizeDN);
            ServiceConfig serviceConfig = getSubOrgConfigManager(str).getServiceConfig(ServiceManager.REALM_SERVICE);
            if (serviceConfig != null) {
                try {
                    Iterator<String> it = serviceConfig.getSubConfigNames().iterator();
                    if (it.hasNext()) {
                        ServiceConfig subConfig = serviceConfig.getSubConfig(it.next());
                        if (subConfig.getSchemaID().equalsIgnoreCase("amSDK")) {
                            HashMap hashMap2 = new HashMap();
                            HashSet hashSet2 = new HashSet();
                            hashSet2.add(orgNamingAttrInLegacyMode + "=" + str + "," + this.amSDKOrgDN);
                            hashMap2.put("amSDKOrgName", hashSet2);
                            subConfig.setAttributes(hashMap2);
                        }
                    }
                } catch (SSOException e2) {
                    SMSEntry.debug.error("OrganizationConfigManager::createSubOrganization:", e2);
                    throw new SMSException(SMSEntry.bundle.getString(SMS_INVALID_SSO_TOKEN), SMS_INVALID_SSO_TOKEN);
                }
            }
        }
        if (realmEnabled) {
            try {
                if (coexistMode) {
                    DelegationUtils.createRealmPrivileges(this.token, this.orgName);
                } else {
                    DelegationUtils.copyRealmPrivilegesFromParent(this.token, getParentOrgConfigManager(), subOrgConfigManager);
                }
            } catch (SSOException e3) {
                if (SMSEntry.debug.messageEnabled()) {
                    SMSEntry.debug.message("Creating delegation permissions for: " + this.orgName + " failed", e3);
                }
            } catch (DelegationException e4) {
                if (SMSEntry.debug.messageEnabled()) {
                    SMSEntry.debug.message("Creating delegation permissions for: " + this.orgName + " failed", e4);
                }
            } catch (SMSException e5) {
                if (SMSEntry.debug.messageEnabled()) {
                    SMSEntry.debug.message("Creating delegation permissions for: " + this.orgName + " failed", e5);
                }
            }
        }
        return subOrgConfigManager;
    }

    private void validateOrgNameCollision(String str) throws SMSException {
        String normalizeDN = normalizeDN(str, this.orgDN);
        boolean z = false;
        try {
            new OrganizationConfigManager(this.token, normalizeDN);
            SMSEntry.debug.error("OrganizationConfigManager::validateOrgNameCollision() Realm Already Exists.. " + normalizeDN);
            z = true;
        } catch (SMSException e) {
        }
        if (z) {
            throw new SMSException("amSDK", IUMSConstants.SMS_organization_already_exists_no_args, new Object[]{str});
        }
        try {
            if (CollectionUtils.isNotEmpty(searchOrganizationByAlias(str))) {
                throw new SMSException("amSDK", IUMSConstants.SMS_organization_already_exists_no_args, new Object[]{str});
            }
        } catch (SSOException e2) {
            SMSEntry.debug.error("OrganizationConfigManager::validateOrgNameCollision:", e2);
            throw new SMSException("amSDK", SMS_INVALID_SSO_TOKEN);
        }
    }

    private void validateOrgAliasCollision(Map map) throws SMSException {
        if (CollectionUtils.isNotEmpty((Map<?, ?>) map)) {
            try {
                Map map2 = (Map) map.get("sunIdentityRepositoryService");
                if (CollectionUtils.isNotEmpty((Map<?, ?>) map2)) {
                    Set<String> set = (Set) map2.get("sunOrganizationAliases");
                    if (CollectionUtils.isNotEmpty(set)) {
                        OrganizationConfigManager organizationConfigManager = new OrganizationConfigManager(this.token, null);
                        boolean z = false;
                        for (String str : set) {
                            String normalizeDN = normalizeDN(str, organizationConfigManager.orgDN);
                            try {
                                new OrganizationConfigManager(this.token, normalizeDN);
                                SMSEntry.debug.error("OrganizationConfigManager::validateOrgAliasCollision() Realm Already Exists.. " + normalizeDN);
                                z = true;
                            } catch (SMSException e) {
                            }
                            if (z) {
                                throw new SMSException("amSDK", IUMSConstants.SMS_organization_already_exists_no_args, new Object[]{str});
                            }
                            try {
                                if (CollectionUtils.isNotEmpty(searchOrganizationByAlias(str))) {
                                    throw new SMSException("amSDK", IUMSConstants.SMS_organization_already_exists_no_args, new Object[]{str});
                                }
                            } catch (SSOException e2) {
                                SMSEntry.debug.error("OrganizationConfigManager::validateOrgAliasCollision:", e2);
                                throw new SMSException("amSDK", SMS_INVALID_SSO_TOKEN);
                            }
                        }
                    }
                }
            } catch (ClassCastException e3) {
                SMSEntry.debug.error("OrganizationConfigManager::validateOrgAliasCollision:", e3);
                throw new SMSException("amSDK", "sms-invalid_attribute_type", new Object[]{"sunIdentityRepositoryService"});
            }
        }
    }

    private Set searchOrganizationByAlias(String str) throws SSOException, SMSException {
        return new ServiceManager(this.token).searchOrganizationNames("sunIdentityRepositoryService", "sunOrganizationAliases", Collections.singleton(str));
    }

    private void validateOrgName(String str) throws SMSException {
        String orgNameToRealmName = DNMapper.orgNameToRealmName(str);
        int lastIndexOf = orgNameToRealmName.lastIndexOf(47);
        if (lastIndexOf > -1 && lastIndexOf < orgNameToRealmName.length() - 1) {
            orgNameToRealmName = orgNameToRealmName.substring(lastIndexOf + 1);
        }
        if (InvalidRealmNameManager.getInvalidRealmNames().contains(orgNameToRealmName)) {
            SMSEntry.debug.error("OrganizationConfigManager::createSubOrganization() : Invalid realm name: " + str + " - clashes with REST endpoint");
            throw new SMSException("amSDK", SMSEntry.bundle.getString("sms-invalid-org-name"), new Object[]{str});
        }
    }

    public Set getSubOrganizationNames() throws SMSException {
        try {
            return getSubOrganizationNames("*", false);
        } catch (SMSException e) {
            SMSEntry.debug.error("OrganizationConfigManager: getSubOrganizationNames() Unable to get sub organization names ", e);
            throw e;
        }
    }

    public Set getPeerOrganizationNames() throws SMSException {
        Set set = Collections.EMPTY_SET;
        if (realmEnabled) {
            try {
                set = getParentOrgConfigManager().getSubOrganizationNames();
            } catch (SMSException e) {
                if (SMSEntry.debug.warningEnabled()) {
                    SMSEntry.debug.warning("OrganizationConfigManager: getPeerOrganizationNames() Unable to get Peer organization names ", e);
                }
                throw e;
            }
        }
        return set;
    }

    public Set getSubOrganizationNames(String str, boolean z) throws SMSException {
        validateConfigImpl();
        try {
            return realmEnabled ? this.orgConfigImpl.getSubOrganizationNames(this.token, str, z) : this.amsdk.getSubOrganizationNames(str, z);
        } catch (SMSException e) {
            SMSEntry.debug.error("OrganizationConfigManager: getSubOrganizationNames(String pattern, boolean recursive) Unable to get sub organization names for filter: " + str, e);
            throw e;
        }
    }

    public void deleteSubOrganization(String str, boolean z) throws SMSException {
        validateConfigImpl();
        String normalizeDN = normalizeDN(str, this.orgDN);
        if (normalizeDN.equals("/") || normalizeDN.equalsIgnoreCase(SMSEntry.getRootSuffix()) || normalizeDN.equalsIgnoreCase(SERVICES_NODE)) {
            Object[] objArr = {this.orgName};
            SMSEntry.debug.error("OrganizationConfigManager: deleteSubOrganization(Root realm " + this.orgName + " cannot be deleted. ");
            throw new SMSException("amSDK", "sms-cannot_delete_rootsuffix", objArr);
        }
        Set subOrganizationNames = getSubOrgConfigManager(str).getSubOrganizationNames("*", true);
        boolean isCopyOrgEnabled = isCopyOrgEnabled();
        if (realmEnabled) {
            try {
                CachedSMSEntry cachedSMSEntry = CachedSMSEntry.getInstance(this.token, normalizeDN);
                if (cachedSMSEntry.isDirty()) {
                    cachedSMSEntry.refresh();
                }
                SMSEntry clonedSMSEntry = cachedSMSEntry.getClonedSMSEntry();
                if (!z && subOrganizationNames != null && !subOrganizationNames.isEmpty()) {
                    throw new SMSException(SMSEntry.bundle.getString("sms-entries-exists"), "sms-entries-exists");
                }
                clonedSMSEntry.delete(this.token);
                cachedSMSEntry.refresh(clonedSMSEntry);
            } catch (SSOException e) {
                SMSEntry.debug.error("OrganizationConfigManager: deleteSubOrganization(String subOrgName, boolean recursive) Unable to delete sub organization ", e);
                throw new SMSException(SMSEntry.bundle.getString(SMS_INVALID_SSO_TOKEN), SMS_INVALID_SSO_TOKEN);
            }
        }
        if (coexistMode || (realmEnabled && isCopyOrgEnabled)) {
            String realmNameToAMSDKName = DNMapper.realmNameToAMSDKName(normalizeDN);
            if (!SMSEntry.getRootSuffix().equalsIgnoreCase(SMSEntry.getAMSdkBaseDN())) {
                String str2 = str;
                if (str.startsWith("/")) {
                    str2 = DNMapper.convertToDN(str).toString();
                }
                realmNameToAMSDKName = str2 + "," + this.amSDKOrgDN;
            }
            this.amsdk.deleteSubOrganization(realmNameToAMSDKName);
        }
    }

    public OrganizationConfigManager getSubOrgConfigManager(String str) throws SMSException {
        validateConfigImpl();
        return new OrganizationConfigManager(this.token, normalizeDN(str, this.orgDN));
    }

    public Map getAttributes(String str) throws SMSException {
        validateConfigImpl();
        if (str == null) {
            return Collections.EMPTY_MAP;
        }
        HashMap hashMap = null;
        if (migratedTo70) {
            str = str.toLowerCase();
            try {
                CachedSMSEntry cachedSMSEntry = CachedSMSEntry.getInstance(this.token, this.orgDN);
                if (cachedSMSEntry.isDirty() || coexistMode || (realmEnabled && isCopyOrgEnabled())) {
                    cachedSMSEntry.refresh();
                }
                Map<String, Set<String>> attrsFromEntry = SMSUtils.getAttrsFromEntry(cachedSMSEntry.getSMSEntry());
                if (attrsFromEntry != null && !attrsFromEntry.isEmpty()) {
                    for (String str2 : attrsFromEntry.keySet()) {
                        if (str2.toLowerCase().startsWith(str)) {
                            Set<String> set = attrsFromEntry.get(str2);
                            String substring = !str.isEmpty() ? str2.substring(str.length() + 1) : str2;
                            if (hashMap == null) {
                                hashMap = new HashMap();
                            }
                            hashMap.put(substring, set);
                        }
                    }
                }
            } catch (SSOException e) {
                SMSEntry.debug.error("OrganizationConfigManager: getAttributes(String serviceName) Unable to get Attributes", e);
                throw new SMSException(SMSEntry.bundle.getString(SMS_INVALID_SSO_TOKEN), SMS_INVALID_SSO_TOKEN);
            }
        }
        if ((coexistMode || (realmEnabled && isCopyOrgEnabled())) && str.equalsIgnoreCase(ServiceManager.REALM_SERVICE)) {
            Map attributes = this.amsdk.getAttributes();
            HashMap hashMap2 = new HashMap(2);
            if (attributes != null && !attributes.isEmpty()) {
                HashSet hashSet = new HashSet(2);
                for (String str3 : attributes.keySet()) {
                    if (str3.equalsIgnoreCase(this.SUNDNS_ALIAS) || str3.equalsIgnoreCase(this.SUNPREF_DOMAIN) || str3.equalsIgnoreCase("sunOrganizationAliases")) {
                        buildSet(str3, attributes, hashSet);
                    }
                }
                hashMap2.put("sunOrganizationAliases", hashSet);
                hashMap2.put(this.SUNORG_STATUS, (Set) attributes.get(this.SUNORG_STATUS));
            }
            if (hashMap == null) {
                hashMap = hashMap2;
            } else {
                hashMap.putAll(hashMap2);
            }
        }
        return hashMap == null ? Collections.EMPTY_MAP : hashMap;
    }

    private Set buildSet(String str, Map map, Set set) {
        Set set2 = (Set) map.get(str);
        if (set2 != null && !set2.isEmpty()) {
            set.addAll(set2);
        }
        return set;
    }

    public void addAttributeValues(String str, String str2, Set set) throws SMSException {
        validateConfigImpl();
        if (str == null || str2 == null) {
            return;
        }
        if (migratedTo70) {
            str = str.toLowerCase();
            try {
                CachedSMSEntry cachedSMSEntry = CachedSMSEntry.getInstance(this.token, this.orgDN);
                if (cachedSMSEntry.isDirty()) {
                    cachedSMSEntry.refresh();
                }
                SMSEntry clonedSMSEntry = cachedSMSEntry.getClonedSMSEntry();
                ServiceSchema organizationCreationSchema = new ServiceSchemaManager(str, this.token).getOrganizationCreationSchema();
                if (organizationCreationSchema == null) {
                    throw new SMSException(SMSEntry.bundle.getString("sms-SMSSchema_service_notfound"), "sms-SMSSchema_service_notfound");
                }
                HashMap hashMap = new HashMap(2);
                HashSet hashSet = new HashSet(set);
                Set<String> set2 = organizationCreationSchema.getAttributeDefaults().get(str2);
                if (set2 != null && !set2.isEmpty()) {
                    hashSet.addAll(set2);
                }
                hashMap.put(str2, hashSet);
                organizationCreationSchema.validateAttributes(hashMap);
                SMSUtils.addAttribute(clonedSMSEntry, str + "-" + str2, set, organizationCreationSchema.getSearchableAttributeNames());
                clonedSMSEntry.save(this.token);
                cachedSMSEntry.refresh(clonedSMSEntry);
            } catch (SSOException e) {
                SMSEntry.debug.error("OrganizationConfigManager: Unable to add Attribute Values", e);
                throw new SMSException(SMSEntry.bundle.getString(SMS_INVALID_SSO_TOKEN), SMS_INVALID_SSO_TOKEN);
            }
        }
        if (coexistMode && str.equalsIgnoreCase(ServiceManager.REALM_SERVICE)) {
            this.amsdk.addAttributeValues(str2, set);
        }
    }

    public void setAttributes(String str, Map map) throws SMSException {
        validateConfigImpl();
        if (str == null) {
            return;
        }
        if (migratedTo70) {
            str = str.toLowerCase();
            try {
                CachedSMSEntry cachedSMSEntry = CachedSMSEntry.getInstance(this.token, this.orgDN);
                if (cachedSMSEntry.isDirty()) {
                    cachedSMSEntry.refresh();
                }
                SMSEntry clonedSMSEntry = cachedSMSEntry.getClonedSMSEntry();
                if (map != null && !map.isEmpty()) {
                    ServiceSchema organizationCreationSchema = new ServiceSchemaManager(str, this.token).getOrganizationCreationSchema();
                    organizationCreationSchema.validateAttributes(map);
                    HashMap hashMap = new HashMap();
                    for (String str2 : map.keySet()) {
                        hashMap.put(str + "-" + str2, (Set) map.get(str2));
                    }
                    Map attributes = getAttributes(str);
                    for (String str3 : attributes.keySet()) {
                        if (!map.containsKey(str3)) {
                            hashMap.put(str + "-" + str3, attributes.get(str3));
                        }
                    }
                    SMSUtils.setAttributeValuePairs(clonedSMSEntry, hashMap, organizationCreationSchema.getSearchableAttributeNames());
                    String dataStore = SMSEntry.getDataStore(this.token);
                    if (dataStore != null && !dataStore.equals(SMSEntry.DATASTORE_ACTIVE_DIR)) {
                        if (clonedSMSEntry.getDN().equalsIgnoreCase(SERVICES_NODE)) {
                            String[] attributeValues = clonedSMSEntry.getAttributeValues("objectclass");
                            boolean z = false;
                            int i = 0;
                            while (true) {
                                if (attributeValues == null || i >= attributeValues.length) {
                                    break;
                                }
                                if (attributeValues[i].startsWith(SMSEntry.OC_SERVICE_COMP)) {
                                    z = true;
                                    break;
                                }
                                i++;
                            }
                            if (!z) {
                                clonedSMSEntry.addAttribute("objectclass", SMSEntry.OC_SERVICE_COMP);
                            }
                        } else if (clonedSMSEntry.getDN().startsWith("o=")) {
                            String[] attributeValues2 = clonedSMSEntry.getAttributeValues("objectclass");
                            boolean z2 = false;
                            int i2 = 0;
                            while (true) {
                                if (attributeValues2 == null || i2 >= attributeValues2.length) {
                                    break;
                                }
                                if (attributeValues2[i2].equalsIgnoreCase(SMSEntry.OC_REALM_SERVICE)) {
                                    z2 = true;
                                    break;
                                }
                                i2++;
                            }
                            if (!z2) {
                                clonedSMSEntry.addAttribute("objectclass", SMSEntry.OC_REALM_SERVICE);
                            }
                        }
                    }
                    clonedSMSEntry.save(this.token);
                    cachedSMSEntry.refresh(clonedSMSEntry);
                }
            } catch (SSOException e) {
                SMSEntry.debug.error("OrganizationConfigManager: Unable to set Attributes", e);
                throw new SMSException(SMSEntry.bundle.getString(SMS_INVALID_SSO_TOKEN), SMS_INVALID_SSO_TOKEN);
            }
        }
        if ((coexistMode || (realmEnabled && isCopyOrgEnabled())) && str.equalsIgnoreCase(ServiceManager.REALM_SERVICE)) {
            this.amsdk.setAttributes(map);
        }
    }

    public void removeAttribute(String str, String str2) throws SMSException {
        validateConfigImpl();
        if (str == null || str2 == null) {
            return;
        }
        if (migratedTo70) {
            try {
                CachedSMSEntry cachedSMSEntry = CachedSMSEntry.getInstance(this.token, this.orgDN);
                if (cachedSMSEntry.isDirty()) {
                    cachedSMSEntry.refresh();
                }
                SMSEntry clonedSMSEntry = cachedSMSEntry.getClonedSMSEntry();
                SMSUtils.removeAttribute(clonedSMSEntry, str.toLowerCase() + "-" + str2);
                clonedSMSEntry.save(this.token);
                cachedSMSEntry.refresh(clonedSMSEntry);
            } catch (SSOException e) {
                SMSEntry.debug.error("OrganizationConfigManager: Unable to remove Attribute", e);
                throw new SMSException(SMSEntry.bundle.getString(SMS_INVALID_SSO_TOKEN), SMS_INVALID_SSO_TOKEN);
            }
        }
        if (coexistMode && str.equalsIgnoreCase(ServiceManager.REALM_SERVICE)) {
            this.amsdk.removeAttribute(str2);
        }
    }

    public void removeAttributeValues(String str, String str2, Set set) throws SMSException {
        validateConfigImpl();
        if (str == null || str2 == null) {
            return;
        }
        if (migratedTo70) {
            try {
                CachedSMSEntry cachedSMSEntry = CachedSMSEntry.getInstance(this.token, this.orgDN);
                if (cachedSMSEntry.isDirty()) {
                    cachedSMSEntry.refresh();
                }
                SMSEntry clonedSMSEntry = cachedSMSEntry.getClonedSMSEntry();
                ServiceSchema organizationCreationSchema = new ServiceSchemaManager(str, this.token).getOrganizationCreationSchema();
                HashMap hashMap = new HashMap(2);
                hashMap.put(str2, set);
                organizationCreationSchema.validateAttributes(hashMap);
                SMSUtils.removeAttributeValues(clonedSMSEntry, str.toLowerCase() + "-" + str2, set, organizationCreationSchema.getSearchableAttributeNames());
                clonedSMSEntry.save(this.token);
                cachedSMSEntry.refresh(clonedSMSEntry);
            } catch (SSOException e) {
                SMSEntry.debug.error("OrganizationConfigManager: Unable to remove Attribute Values", e);
                throw new SMSException(SMSEntry.bundle.getString(SMS_INVALID_SSO_TOKEN), SMS_INVALID_SSO_TOKEN);
            }
        }
        if (coexistMode && str.equalsIgnoreCase(ServiceManager.REALM_SERVICE)) {
            this.amsdk.removeAttributeValues(str2, set);
        }
    }

    public ServiceConfig getServiceConfig(String str) throws SMSException {
        try {
            return new ServiceConfigManager(str, this.token).getOrganizationConfig(this.orgName, null);
        } catch (SSOException e) {
            SMSEntry.debug.error("OrganizationConfigManager: Unable to get Service Config", e);
            throw new SMSException(SMSEntry.bundle.getString(SMS_INVALID_SSO_TOKEN), SMS_INVALID_SSO_TOKEN);
        }
    }

    ServiceSchema getServiceSchema(String str) throws SMSException {
        try {
            return new ServiceSchemaManager(str, this.token).getOrganizationSchema();
        } catch (SSOException e) {
            SMSEntry.debug.error("OrganizationConfigManager: Unable to get Service Schema", e);
            throw new SMSException(SMSEntry.bundle.getString(SMS_INVALID_SSO_TOKEN), SMS_INVALID_SSO_TOKEN);
        }
    }

    public ServiceConfig addServiceConfig(String str, Map map) throws SMSException {
        try {
            ServiceConfigImpl organizationConfig = ServiceConfigManagerImpl.getInstance(this.token, str, ServiceManager.getVersion(str)).getOrganizationConfig(this.token, this.orgName, null);
            if (organizationConfig == null || organizationConfig.isNewEntry()) {
                return new ServiceConfigManager(str, this.token).createOrganizationConfig(this.orgName, map);
            }
            SMSEntry.debug.error("OrganizationConfigManager: ServiceConfig already exists: " + organizationConfig.getDN());
            throw new SMSException(SMSEntry.bundle.getString(IUMSConstants.SMS_service_already_exists_no_args));
        } catch (SSOException e) {
            SMSEntry.debug.error("OrganizationConfigManager: Unable to add Service Config", e);
            throw new SMSException(SMSEntry.bundle.getString(SMS_INVALID_SSO_TOKEN), SMS_INVALID_SSO_TOKEN);
        }
    }

    public void removeServiceConfig(String str) throws SMSException {
        try {
            new ServiceConfigManager(str, this.token).deleteOrganizationConfig(this.orgName);
        } catch (SSOException e) {
            SMSEntry.debug.error("OrganizationConfigManager: Unable to delete Service Config", e);
            throw new SMSException(SMSEntry.bundle.getString(SMS_INVALID_SSO_TOKEN), SMS_INVALID_SSO_TOKEN);
        }
    }

    public String addListener(ServiceListener serviceListener) {
        return this.orgConfigImpl.addListener(serviceListener);
    }

    public void removeListener(String str) {
        this.orgConfigImpl.removeListener(str);
    }

    private static String normalizeDN(String str, String str2) {
        String str3;
        if (str == null || str.length() == 0) {
            return str2;
        }
        if (SMSEntry.debug.messageEnabled()) {
            SMSEntry.debug.message("OrganizationConfigManager.normalizeDN()-subOrgName " + str);
        }
        if (LDAPUtils.isDN(str) && !str.startsWith("///")) {
            int lastIndexOf = str.lastIndexOf(DNMapper.serviceDN);
            if (lastIndexOf == -1) {
                lastIndexOf = str.lastIndexOf(SMSEntry.getRootSuffix());
            }
            if (lastIndexOf > 0) {
                str = str.substring(0, lastIndexOf - 1);
            }
            str3 = DNMapper.normalizeDN(str) + str2;
        } else if (str.indexOf(47) != -1) {
            String stringBuffer = DNMapper.convertToDN(str).toString();
            if (SMSEntry.debug.messageEnabled()) {
                SMSEntry.debug.message("OrganizationConfigManager.normalizeDN()-slashConvertedString: " + stringBuffer);
            }
            str3 = (stringBuffer == null || stringBuffer.length() <= 0) ? str2 : stringBuffer.charAt(stringBuffer.length() - 1) == ',' ? stringBuffer + DNMapper.serviceDN : stringBuffer.indexOf(",") >= 0 ? stringBuffer + "," + DNMapper.serviceDN : stringBuffer + "," + str2;
        } else {
            str3 = str.startsWith(SMSEntry.SUN_INTERNAL_REALM_NAME) ? "o=" + str + "," + DNMapper.serviceDN : coexistMode ? orgNamingAttrInLegacyMode + "=" + str + "," + DNMapper.realmNameToAMSDKName(str2) : "o=" + str + "," + str2;
        }
        if (SMSEntry.debug.messageEnabled()) {
            SMSEntry.debug.message("OrganizationConfigManager::normalizeDN() suborgdn " + str3);
        }
        return str3;
    }

    static Set getServiceNames(SSOToken sSOToken) throws SMSException, SSOException {
        return CachedSubEntries.getInstance(sSOToken, DNMapper.serviceDN).getSubEntries(sSOToken);
    }

    public Set<String> getAssignableServices() throws SMSException {
        HashSet hashSet = new HashSet();
        try {
            for (String str : getServiceNames(this.token)) {
                if (ServiceSchemaManagerImpl.getInstance(this.token, str, ServiceManager.getVersion(str)).getSchema(SchemaType.ORGANIZATION) != null) {
                    StringBuilder sb = new StringBuilder(100);
                    sb.append(SMSEntry.PLACEHOLDER_RDN).append("=").append("default").append(",").append("ou=OrganizationConfig,").append(SMSEntry.PLACEHOLDER_RDN).append("=").append("1.0").append(",").append(SMSEntry.PLACEHOLDER_RDN).append("=");
                    sb.append(str);
                    if (!this.orgDN.equalsIgnoreCase(DNMapper.serviceDN)) {
                        sb.append(",").append(SMSEntry.SERVICES_RDN);
                    }
                    sb.append(",").append(this.orgDN);
                    try {
                        SMSEntry.getDelegationPermission(this.token, sb.toString(), SMSEntry.modifyActionSet);
                        hashSet.add(str);
                    } catch (SMSException e) {
                        if (e.getExceptionCode() != 8) {
                            throw e;
                        }
                    }
                }
            }
            HashSet hashSet2 = new HashSet(hashSet);
            hashSet2.removeAll(getAssignedServices());
            return hashSet2;
        } catch (SSOException e2) {
            SMSEntry.debug.error("OrganizationConfigManager.getAssignableServices(): SSOException", e2);
            throw new SMSException(SMSEntry.bundle.getString(SMS_INVALID_SSO_TOKEN), SMS_INVALID_SSO_TOKEN);
        }
    }

    public Set<String> getAssignedServices() throws SMSException {
        return getAssignedServices(true);
    }

    public Set<String> getAssignedServices(boolean z) throws SMSException {
        validateConfigImpl();
        Set set = Collections.EMPTY_SET;
        Set assignedServices = coexistMode ? this.amsdk.getAssignedServices() : this.orgConfigImpl.getAssignedServices(this.token);
        if (!z) {
            assignedServices.removeAll(ServiceManager.requiredServices());
        }
        return assignedServices;
    }

    public void assignService(String str, Map map) throws SMSException {
        addServiceConfig(str, map);
    }

    public Map getServiceAttributes(String str) throws SMSException {
        ServiceConfig serviceConfig = getServiceConfig(str);
        if (serviceConfig != null) {
            return serviceConfig.getAttributes();
        }
        Object[] objArr = {str};
        SMSEntry.debug.error("OrganizationConfigManager.getServiceAttributes() Unable to get service attributes. ");
        throw new SMSException("amSDK", "sms-no-organization-schema", objArr);
    }

    public void unassignService(String str) throws SMSException {
        removeServiceConfig(str);
    }

    public void modifyService(String str, Map map) throws SMSException {
        try {
            getServiceConfig(str).setAttributes(map);
        } catch (SSOException e) {
            SMSEntry.debug.error("OrganizationConfigManager.modifyService SSOException in modify service ", e);
            throw new SMSException(SMSEntry.bundle.getString(SMS_INVALID_SSO_TOKEN), SMS_INVALID_SSO_TOKEN);
        }
    }

    public String getNamingAttrForOrg() {
        return OrgConfigViaAMSDK.getNamingAttrForOrg();
    }

    public OrganizationConfigManager getParentOrgConfigManager() throws SMSException {
        OrganizationConfigManager organizationConfigManager = null;
        if (LDAPUtils.isDN(this.orgDN)) {
            if (this.orgDN.equalsIgnoreCase(DNMapper.serviceDN)) {
                return this;
            }
            String dn = DN.valueOf(this.orgDN).parent().toString();
            if (SMSEntry.debug.messageEnabled()) {
                SMSEntry.debug.message("OrganizationConfigManager.getParentOrgConfigManager() parentDN : " + dn);
            }
            if (dn != null && dn.length() > 0) {
                organizationConfigManager = new OrganizationConfigManager(this.token, dn);
            }
        }
        return organizationConfigManager;
    }

    public static void loadDefaultServices(SSOToken sSOToken, OrganizationConfigManager organizationConfigManager) throws SMSException {
        if (!migratedTo70) {
            return;
        }
        Set servicesAssignedByDefault = ServiceManager.servicesAssignedByDefault();
        OrganizationConfigManager parentOrgConfigManager = organizationConfigManager.getParentOrgConfigManager();
        if (servicesAssignedByDefault == null) {
            return;
        }
        CaseInsensitiveHashSet caseInsensitiveHashSet = new CaseInsensitiveHashSet(parentOrgConfigManager.getAssignedServices());
        if (SMSEntry.debug.messageEnabled()) {
            SMSEntry.debug.message("OrganizationConfigManager::loadDefaultServices assignedServices : " + caseInsensitiveHashSet);
        }
        boolean z = false;
        boolean z2 = false;
        String str = null;
        Iterator it = servicesAssignedByDefault.iterator();
        while (true) {
            if (!it.hasNext() && !z2 && !z) {
                return;
            }
            try {
                if (it.hasNext()) {
                    str = (String) it.next();
                    if (str.equals(ISAuthConstants.AUTH_SERVICE_NAME)) {
                        z = true;
                    } else if (str.equals(ISAuthConstants.AUTH_HTTP_BASIC_SERVICE_NAME)) {
                        z2 = true;
                    }
                } else if (z2) {
                    str = ISAuthConstants.AUTH_HTTP_BASIC_SERVICE_NAME;
                    z2 = false;
                } else if (z) {
                    str = ISAuthConstants.AUTH_SERVICE_NAME;
                    z = false;
                }
                ServiceConfig serviceConfig = parentOrgConfigManager.getServiceConfig(str);
                ServiceSchema serviceSchema = parentOrgConfigManager.getServiceSchema(str);
                if (serviceConfig != null && caseInsensitiveHashSet.contains(str)) {
                    Map attributesWithoutDefaults = serviceConfig.getAttributesWithoutDefaults();
                    if (SMSEntry.debug.messageEnabled()) {
                        SMSEntry.debug.message("OrganizationConfigManager::loadDefaultServices Copying service from parent: " + str);
                    }
                    copySubConfig(serviceConfig, organizationConfigManager.addServiceConfig(str, attributesWithoutDefaults), serviceSchema);
                }
            } catch (SSOException e) {
                if (SMSEntry.debug.messageEnabled()) {
                    SMSEntry.debug.message("OrganizationConfigManager.loadDefaultServices SSOException in loading default services ", e);
                }
                throw new SMSException(SMSEntry.bundle.getString(SMS_INVALID_SSO_TOKEN), SMS_INVALID_SSO_TOKEN);
            }
            if (SMSEntry.debug.messageEnabled()) {
                SMSEntry.debug.message("OrganizationConfigManager::loadDefaultServices:ServiceName " + str);
            }
        }
    }

    private void registerSvcsForOrg(String str, String str2) {
        try {
            Set<String> servicesAssignedByDefault = ServiceManager.servicesAssignedByDefault();
            if (SMSEntry.debug.messageEnabled()) {
                SMSEntry.debug.message("OrganizationConfigManager::registerSvcsForOrg. defaultServices : " + servicesAssignedByDefault);
            }
            if (servicesAssignedByDefault != null) {
                Set assignedServices = this.amsdk.getAssignedServices();
                if (SMSEntry.debug.messageEnabled()) {
                    SMSEntry.debug.message("OrganizationConfigManager::registerSvcsForOrg:assignedServices: " + assignedServices);
                }
                if (SMSEntry.getRootSuffix().equalsIgnoreCase(SMSEntry.getAMSdkBaseDN())) {
                    this.amsdk = new OrgConfigViaAMSDK(this.token, orgNamingAttrInLegacyMode + "=" + str + "," + DNMapper.realmNameToAMSDKName(this.orgDN), str2);
                } else {
                    this.amsdk = new OrgConfigViaAMSDK(this.token, orgNamingAttrInLegacyMode + "=" + str + "," + this.amSDKOrgDN, str2);
                }
                for (String str3 : servicesAssignedByDefault) {
                    if (assignedServices.contains(str3)) {
                        if (SMSEntry.debug.messageEnabled()) {
                            SMSEntry.debug.message("OrganizationConfigManager::registerSvcsForOrg:ServiceName : " + str3);
                        }
                        this.amsdk.assignService(str3);
                    }
                }
            }
        } catch (SMSException e) {
            if (SMSEntry.debug.warningEnabled()) {
                SMSEntry.debug.warning("OrganizationConfigManager::registerSvcsForOrg. SMSException in registering services: ", e);
            }
        }
    }

    static void copySubConfig(ServiceConfig serviceConfig, ServiceConfig serviceConfig2, ServiceSchema serviceSchema) throws SMSException, SSOException {
        for (String str : serviceConfig.getSubConfigNames()) {
            ServiceConfig subConfig = serviceConfig.getSubConfig(str);
            ServiceSchema subSchema = serviceSchema.getSubSchema(subConfig.getSchemaID());
            if (subSchema.isRealmCloneable()) {
                serviceConfig2.addSubConfig(str, subConfig.getSchemaID(), subConfig.getPriority(), subConfig.getAttributesWithoutDefaults());
                copySubConfig(subConfig, serviceConfig2.getSubConfig(str), subSchema);
            }
        }
    }

    protected boolean isCopyOrgEnabled() {
        Map<String, Set<String>> attributes;
        Set<String> set;
        if (this.copyOrgInitialized) {
            return this.copyOrgEnabled;
        }
        if (SMSEntry.debug.messageEnabled()) {
            SMSEntry.debug.message("OrganizationConfigManager: in isCopyOrgEnabled() ");
        }
        try {
            ServiceConfig serviceConfig = getServiceConfig(ServiceManager.REALM_SERVICE);
            if (serviceConfig != null) {
                Iterator<String> it = serviceConfig.getSubConfigNames().iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    String obj = it.next().toString();
                    ServiceConfig subConfig = serviceConfig.getSubConfig(obj);
                    if (subConfig == null) {
                        SMSEntry.debug.error("OrganizationConfigManager.isCopyOrgEnabled. SubConfig is NULL: SC Name: " + obj + " For org: " + this.orgDN);
                        return false;
                    }
                    if (subConfig.getSchemaID().equalsIgnoreCase("amSDK") && (attributes = subConfig.getAttributes()) != null && !attributes.isEmpty() && (set = attributes.get("amSDKOrgName")) != null && !set.isEmpty()) {
                        this.amSDKOrgDN = set.iterator().next();
                        Set<String> set2 = attributes.get(this.CONF_ENABLED);
                        if (set2 != null && !set2.isEmpty() && set2.contains("true") && this.amSDKOrgDN != null) {
                            this.amsdk = new OrgConfigViaAMSDK(this.token, this.amSDKOrgDN, this.orgDN);
                            if (orgNamingAttrInLegacyMode == null) {
                                orgNamingAttrInLegacyMode = getNamingAttrForOrg();
                            }
                            this.copyOrgEnabled = true;
                        }
                    }
                }
            }
        } catch (SSOException e) {
            if (SMSEntry.debug.messageEnabled()) {
                SMSEntry.debug.message("OrganizationConfigManager:isCopyOrgEnabled() Unable to get service: sunidentityrepositoryservice", e);
            }
        } catch (SMSException e2) {
            if (SMSEntry.debug.messageEnabled()) {
                SMSEntry.debug.message("OrganizationConfigManager:isCopyOrgEnabled() Unable to get service: sunidentityrepositoryservice", e2);
            }
        }
        this.copyOrgInitialized = true;
        if (SMSEntry.debug.messageEnabled()) {
            SMSEntry.debug.message("OrganizationConfigManager: copyOrgEnabled == " + this.copyOrgEnabled);
        }
        return this.copyOrgEnabled;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void initializeFlags() {
        realmEnabled = ServiceManager.isRealmEnabled();
        coexistMode = ServiceManager.isCoexistenceMode();
        migratedTo70 = ServiceManager.isConfigMigratedTo70();
    }

    void validateConfigImpl() throws SMSException {
        if (this.orgConfigImpl == null || !this.orgConfigImpl.isValid()) {
            try {
                this.orgConfigImpl = OrganizationConfigManagerImpl.getInstance(this.token, this.orgName);
            } catch (SSOException e) {
                throw new SMSException(e, SMS_INVALID_SSO_TOKEN);
            }
        }
    }

    static {
        initializeFlags();
    }
}
