package com.sun.identity.entitlement.opensso;

import com.google.inject.assistedinject.Assisted;
import com.iplanet.sso.SSOException;
import com.iplanet.sso.SSOToken;
import com.sun.identity.entitlement.Application;
import com.sun.identity.entitlement.ApplicationType;
import com.sun.identity.entitlement.ApplicationTypeManager;
import com.sun.identity.entitlement.EntitlementConfiguration;
import com.sun.identity.entitlement.EntitlementException;
import com.sun.identity.entitlement.PolicyEventType;
import com.sun.identity.entitlement.interfaces.ISaveIndex;
import com.sun.identity.entitlement.interfaces.ISearchIndex;
import com.sun.identity.entitlement.interfaces.ResourceName;
import com.sun.identity.entitlement.opensso.OpenSSOLogger;
import com.sun.identity.idm.remote.IdRemoteEventListener;
import com.sun.identity.monitoring.MonitoringUtil;
import com.sun.identity.sm.AttributeSchema;
import com.sun.identity.sm.DNMapper;
import com.sun.identity.sm.OrganizationConfigManager;
import com.sun.identity.sm.SMSEntry;
import com.sun.identity.sm.SMSException;
import com.sun.identity.sm.ServiceConfig;
import com.sun.identity.sm.ServiceConfigManager;
import com.sun.identity.sm.ServiceSchemaManager;
import java.text.MessageFormat;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.Map;
import java.util.Set;
import java.util.logging.Level;
import javax.security.auth.Subject;
import org.forgerock.openam.entitlement.PolicyConstants;
import org.forgerock.openam.entitlement.SetupInternalNotificationSubscriptions;
import org.forgerock.openam.entitlement.service.ApplicationQueryFilterVisitor;
import org.forgerock.openam.entitlement.utils.EntitlementUtils;
import org.forgerock.openam.ldap.LDAPUtils;
import org.forgerock.openam.notifications.NotificationBroker;
import org.forgerock.openam.sdk.com.sun.management.snmp.SnmpDefinitions;
import org.forgerock.openam.sdk.javax.inject.Inject;
import org.forgerock.openam.sdk.org.forgerock.json.JsonValue;
import org.forgerock.openam.sdk.org.forgerock.util.query.QueryFilter;

/* loaded from: input_file:WEB-INF/lib/openam-clientsdk-15.0.1.jar:com/sun/identity/entitlement/opensso/EntitlementService.class */
public class EntitlementService implements EntitlementConfiguration {
    public static final String SERVICE_NAME = "sunEntitlementService";
    public static final String ATTR_NAME_SUBJECT_ATTR_NAMES = "subjectAttributeNames";
    public static final String ATTR_NAME_META = "meta";
    public static final String CONFIG_CONDITIONS = "conditions";
    public static final String CONFIG_SUBJECTS = "subjects";
    public static final String CONFIG_ENTITLEMENT_COMBINER = "entitlementCombiner";
    public static final String CONFIG_SEARCH_INDEX_IMPL = "searchIndexImpl";
    public static final String CONFIG_SAVE_INDEX_IMPL = "saveIndexImpl";
    public static final String CONFIG_RESOURCE_COMP_IMPL = "resourceComparator";
    public static final String APPLICATION_CLASSNAME = "applicationClassName";
    private static final String SCHEMA_APPLICATIONS = "applications";
    private static final String CONFIG_SUBJECT_ATTRIBUTES_COLLECTORS = "subjectAttributesCollectors";
    private static final String SCHEMA_SUBJECT_ATTRIBUTES_COLLECTORS = "subjectAttributesCollectors";
    private static final String SCHEMA_OPENSSO_SUBJECT_ATTRIBUTES_COLLECTOR = "OpenSSOSubjectAttributesCollector";
    private static final String NETWORK_MONITOR_ENABLED = "network-monitor-enabled";
    private static final String XACML_PRIVILEGE_ENABLED = "xacml-privilege-enabled";
    private static final String REALM_DN_TEMPLATE = "ou={0},ou=default,ou=OrganizationConfig,ou=1.0,ou=sunEntitlementService,ou=services,{1}";
    private final Subject subject;
    private final String realm;
    private final NotificationBroker broker;

    @Inject
    public EntitlementService(@Assisted Subject subject, @Assisted String str, NotificationBroker notificationBroker) {
        this.subject = subject;
        this.realm = str;
        this.broker = notificationBroker;
    }

    @Override // com.sun.identity.entitlement.EntitlementConfiguration
    public Set<String> getConfiguration(String str) {
        return getConfiguration(EntitlementUtils.getAdminToken(), str);
    }

    public static int getConfiguration(String str, int i) {
        Set<String> configuration = getConfiguration(EntitlementUtils.getAdminToken(), str);
        if (configuration == null || configuration.isEmpty()) {
            return i;
        }
        try {
            return Integer.parseInt(configuration.iterator().next());
        } catch (NumberFormatException e) {
            PolicyConstants.DEBUG.error("EntitlementService.getConfiguration: attribute name=" + str, e);
            return i;
        }
    }

    private static Set<String> getConfiguration(SSOToken sSOToken, String str) {
        try {
            if (sSOToken != null) {
                AttributeSchema attributeSchema = new ServiceSchemaManager("sunEntitlementService", sSOToken).getGlobalSchema().getAttributeSchema(str);
                if (attributeSchema != null) {
                    return attributeSchema.getDefaultValues();
                }
            } else {
                PolicyConstants.DEBUG.error("EntitlementService.getAttributeValues: admin token is missing");
            }
        } catch (SSOException e) {
            PolicyConstants.DEBUG.error("EntitlementService.getAttributeValues", e);
        } catch (SMSException e2) {
            PolicyConstants.DEBUG.error("EntitlementService.getAttributeValues", e2);
        }
        return Collections.EMPTY_SET;
    }

    private static void setConfiguration(SSOToken sSOToken, String str, Set<String> set) {
        try {
            if (sSOToken != null) {
                AttributeSchema attributeSchema = new ServiceSchemaManager("sunEntitlementService", sSOToken).getGlobalSchema().getAttributeSchema(str);
                if (attributeSchema != null) {
                    attributeSchema.setDefaultValues(set);
                }
            } else {
                PolicyConstants.DEBUG.error("EntitlementService.getAttributeValues: admin token is missing");
            }
        } catch (SSOException e) {
            PolicyConstants.DEBUG.error("EntitlementService.setAttributeValues", e);
        } catch (SMSException e2) {
            PolicyConstants.DEBUG.error("EntitlementService.setAttributeValues", e2);
        }
    }

    @Override // com.sun.identity.entitlement.EntitlementConfiguration
    public Set<ApplicationType> getApplicationTypes() {
        HashSet hashSet = new HashSet();
        try {
            SSOToken sSOToken = getSSOToken();
            if (sSOToken == null) {
                PolicyConstants.DEBUG.error("EntitlementService.getApplicationTypes : admin sso token is absent");
            } else {
                ServiceConfig applicationTypeCollectionConfig = getApplicationTypeCollectionConfig(sSOToken);
                for (String str : applicationTypeCollectionConfig.getSubConfigNames()) {
                    hashSet.add(EntitlementUtils.createApplicationType(str, applicationTypeCollectionConfig.getSubConfig(str).getAttributes()));
                }
            }
        } catch (SSOException e) {
            PolicyConstants.DEBUG.error("EntitlementService.getApplicationTypes", e);
        } catch (SMSException e2) {
            PolicyConstants.DEBUG.error("EntitlementService.getApplicationTypes", e2);
        } catch (IllegalAccessException e3) {
            PolicyConstants.DEBUG.error("EntitlementService.getApplicationTypes", e3);
        } catch (InstantiationException e4) {
            PolicyConstants.DEBUG.error("EntitlementService.getApplicationTypes", e4);
        }
        return hashSet;
    }

    private ServiceConfig getApplicationTypeCollectionConfig(SSOToken sSOToken) throws SMSException, SSOException {
        ServiceConfig globalConfig = new ServiceConfigManager("sunEntitlementService", sSOToken).getGlobalConfig(null);
        if (globalConfig != null) {
            return globalConfig.getSubConfig(EntitlementUtils.APPLICATION_TYPES);
        }
        return null;
    }

    private Set<String> getSet(String str) {
        HashSet hashSet = new HashSet();
        if (str != null) {
            hashSet.add(str);
        }
        return hashSet;
    }

    private SSOToken getSSOToken() {
        return PolicyConstants.SUPER_ADMIN_SUBJECT.equals(this.subject) ? EntitlementUtils.getAdminToken() : SubjectUtils.getSSOToken(this.subject);
    }

    @Override // com.sun.identity.entitlement.EntitlementConfiguration
    public Set<Application> searchApplications(Subject subject, QueryFilter<String> queryFilter) throws EntitlementException {
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        ServiceConfig applicationConfiguration = getApplicationConfiguration(getSSOToken(subject), this.realm);
        if (applicationConfiguration == null) {
            return linkedHashSet;
        }
        try {
            for (String str : applicationConfiguration.getSubConfigNames()) {
                ServiceConfig subConfig = applicationConfiguration.getSubConfig(str);
                Map<String, Set<String>> attributes = subConfig.getAttributes();
                if (((Boolean) queryFilter.accept(new ApplicationQueryFilterVisitor(str), subConfig)).booleanValue()) {
                    linkedHashSet.add(EntitlementUtils.createApplication(ApplicationTypeManager.getAppplicationType(subject, EntitlementUtils.getAttribute(attributes, "applicationType")), str, attributes));
                }
            }
            return linkedHashSet;
        } catch (SSOException | SMSException | IllegalAccessException | InstantiationException e) {
            PolicyConstants.DEBUG.error("EntitlementService.searchApplications", e);
            throw new EntitlementException(EntitlementException.APPLICATION_SEARCH_FAILED, e);
        } catch (UnsupportedOperationException e2) {
            PolicyConstants.DEBUG.error("EntitlementService.searchApplications", e2);
            throw new EntitlementException(EntitlementException.INVALID_QUERY_FILTER, e2);
        }
    }

    private SSOToken getSSOToken(Subject subject) {
        return PolicyConstants.SUPER_ADMIN_SUBJECT.equals(subject) ? EntitlementUtils.getAdminToken() : SubjectUtils.getSSOToken(subject);
    }

    private static String getApplicationSearchBaseDN(String str) {
        return MessageFormat.format("ou={0},ou=default,ou=OrganizationConfig,ou=1.0,ou=sunEntitlementService,ou=services,{1}", EntitlementUtils.REGISTERED_APPLICATIONS, DNMapper.orgNameToDN(str));
    }

    @Override // com.sun.identity.entitlement.EntitlementConfiguration
    public Application getApplication(String str) {
        try {
            ServiceConfig applicationConfiguration = getApplicationConfiguration(getSSOToken(), this.realm);
            Set<String> subConfigNames = applicationConfiguration.getSubConfigNames();
            if (applicationConfiguration == null || !subConfigNames.contains(str)) {
                return null;
            }
            return createApplication(applicationConfiguration, str);
        } catch (SSOException e) {
            PolicyConstants.DEBUG.error("EntitlementService.getApplication", e);
            return null;
        } catch (EntitlementException e2) {
            PolicyConstants.DEBUG.error("EntitlementService.getApplication", e2);
            return null;
        } catch (SMSException e3) {
            PolicyConstants.DEBUG.error("EntitlementService.getApplication", e3);
            return null;
        } catch (ClassCastException e4) {
            PolicyConstants.DEBUG.error("EntitlementService.getApplication", e4);
            return null;
        } catch (IllegalAccessException e5) {
            PolicyConstants.DEBUG.error("EntitlementService.getApplication", e5);
            return null;
        } catch (InstantiationException e6) {
            PolicyConstants.DEBUG.error("EntitlementService.getApplication", e6);
            return null;
        }
    }

    @Override // com.sun.identity.entitlement.EntitlementConfiguration
    public Set<Application> getApplications() {
        HashSet hashSet = new HashSet();
        try {
            ServiceConfig applicationConfiguration = getApplicationConfiguration(getSSOToken(), this.realm);
            if (applicationConfiguration != null) {
                Iterator<String> it = applicationConfiguration.getSubConfigNames().iterator();
                while (it.hasNext()) {
                    hashSet.add(createApplication(applicationConfiguration, it.next()));
                }
            }
        } catch (SSOException e) {
            PolicyConstants.DEBUG.error("EntitlementService.getRawApplications", e);
        } catch (EntitlementException e2) {
            PolicyConstants.DEBUG.error("EntitlementService.getRawApplications", e2);
        } catch (SMSException e3) {
            PolicyConstants.DEBUG.error("EntitlementService.getRawApplications", e3);
        } catch (ClassCastException e4) {
            PolicyConstants.DEBUG.error("EntitlementService.getRawApplications", e4);
        } catch (IllegalAccessException e5) {
            PolicyConstants.DEBUG.error("EntitlementService.getRawApplications", e5);
        } catch (InstantiationException e6) {
            PolicyConstants.DEBUG.error("EntitlementService.getRawApplications", e6);
        }
        return hashSet;
    }

    private ServiceConfig getApplicationConfiguration(SSOToken sSOToken, String str) {
        try {
            if (sSOToken != null) {
                String entitlementConfigurationRealm = EntitlementUtils.getEntitlementConfigurationRealm(str);
                ServiceConfig organizationConfig = new ServiceConfigManager("sunEntitlementService", sSOToken).getOrganizationConfig(LDAPUtils.isDN(entitlementConfigurationRealm) ? DNMapper.orgNameToRealmName(entitlementConfigurationRealm) : entitlementConfigurationRealm, null);
                if (organizationConfig != null) {
                    return organizationConfig.getSubConfig(EntitlementUtils.REGISTERED_APPLICATIONS);
                }
            } else {
                PolicyConstants.DEBUG.error("EntitlementService.getApplicationConfiguration, admin token is missing");
            }
            return null;
        } catch (SSOException e) {
            PolicyConstants.DEBUG.error("EntitlementService.getApplicationConfiguration", e);
            return null;
        } catch (SMSException e2) {
            PolicyConstants.DEBUG.error("EntitlementService.getApplicationConfiguration", e2);
            return null;
        } catch (ClassCastException e3) {
            PolicyConstants.DEBUG.error("EntitlementService.getApplicationConfiguration", e3);
            return null;
        }
    }

    private Application createApplication(ServiceConfig serviceConfig, String str) throws IllegalAccessException, EntitlementException, InstantiationException, SMSException, SSOException {
        Map<String, Set<String>> attributes = serviceConfig.getSubConfig(str).getAttributes();
        return EntitlementUtils.createApplication(ApplicationTypeManager.getAppplicationType(this.subject, EntitlementUtils.getAttribute(attributes, "applicationType")), str, attributes);
    }

    @Override // com.sun.identity.entitlement.EntitlementConfiguration
    public void addSubjectAttributeNames(String str, Set<String> set) throws EntitlementException {
        if (set == null || set.isEmpty()) {
            return;
        }
        try {
            SSOToken sSOToken = getSSOToken();
            if (sSOToken == null) {
                throw new EntitlementException(225);
            }
            Application application = EntitlementUtils.getApplicationService(PolicyConstants.SUPER_ADMIN_SUBJECT, this.realm).getApplication(str);
            if (application != null) {
                application.addAttributeNames(set);
            }
            ServiceConfig applicationSubConfig = getApplicationSubConfig(sSOToken, this.realm, str);
            String str2 = this.realm;
            while (applicationSubConfig == null) {
                str2 = getParentRealm(str2);
                if (str2 == null) {
                    break;
                } else {
                    applicationSubConfig = getApplicationSubConfig(sSOToken, str2, str);
                }
            }
            if (applicationSubConfig != null) {
                Set<String> set2 = applicationSubConfig.getAttributes().get(ATTR_NAME_SUBJECT_ATTR_NAMES);
                if (set2 == null || set2.isEmpty()) {
                    set2 = new HashSet();
                }
                set2.addAll(set);
                HashMap hashMap = new HashMap();
                hashMap.put(ATTR_NAME_SUBJECT_ATTR_NAMES, set2);
                applicationSubConfig.setAttributes(hashMap);
            }
        } catch (SSOException e) {
            throw new EntitlementException(220, e);
        } catch (SMSException e2) {
            throw new EntitlementException(220, e2);
        }
    }

    private ServiceConfig getApplicationSubConfig(SSOToken sSOToken, String str, String str2) throws SMSException, SSOException {
        ServiceConfig subConfig;
        ServiceConfig serviceConfig = null;
        ServiceConfig organizationConfig = new ServiceConfigManager("sunEntitlementService", sSOToken).getOrganizationConfig(str, null);
        if (organizationConfig != null && (subConfig = organizationConfig.getSubConfig(EntitlementUtils.REGISTERED_APPLICATIONS)) != null) {
            serviceConfig = subConfig.getSubConfig(str2);
        }
        return serviceConfig;
    }

    @Override // com.sun.identity.entitlement.EntitlementConfiguration
    public void removeApplication(String str) throws EntitlementException {
        try {
            ServiceConfig applicationCollectionConfig = getApplicationCollectionConfig(this.realm);
            if (applicationCollectionConfig != null) {
                String[] strArr = {this.realm, str};
                OpenSSOLogger.log(OpenSSOLogger.LogLevel.MESSAGE, Level.INFO, "ATTEMPT_REMOVE_APPLICATION", strArr, this.subject);
                applicationCollectionConfig.removeSubConfig(str);
                OpenSSOLogger.log(OpenSSOLogger.LogLevel.MESSAGE, Level.INFO, "SUCCEEDED_REMOVE_APPLICATION", strArr, this.subject);
                publishInternalNotifications(str, this.realm);
            }
        } catch (SSOException e) {
            OpenSSOLogger.log(OpenSSOLogger.LogLevel.MESSAGE, Level.INFO, "FAILED_REMOVE_APPLICATION", new String[]{this.realm, str, e.getMessage()}, this.subject);
            throw new EntitlementException(230, str);
        } catch (SMSException e2) {
            OpenSSOLogger.log(OpenSSOLogger.LogLevel.MESSAGE, Level.INFO, "FAILED_REMOVE_APPLICATION", new String[]{this.realm, str, e2.getMessage()}, this.subject);
            throw new EntitlementException(230, str);
        }
    }

    @Override // com.sun.identity.entitlement.EntitlementConfiguration
    public void removeApplicationType(String str) throws EntitlementException {
        try {
            SSOToken sSOToken = SubjectUtils.getSSOToken(this.subject);
            if (sSOToken == null) {
                throw new EntitlementException(SnmpDefinitions.snmpAuthNotSupported, str);
            }
            ServiceConfig applicationTypeCollectionConfig = getApplicationTypeCollectionConfig(sSOToken);
            if (applicationTypeCollectionConfig != null) {
                applicationTypeCollectionConfig.removeSubConfig(str);
            }
        } catch (SSOException e) {
            throw new EntitlementException(SnmpDefinitions.snmpReqInternalError, new Object[]{str}, e);
        } catch (SMSException e2) {
            throw new EntitlementException(SnmpDefinitions.snmpReqInternalError, new Object[]{str}, e2);
        }
    }

    private ServiceConfig getApplicationCollectionConfig(String str) throws SMSException, SSOException {
        ServiceConfig organizationConfig = new ServiceConfigManager("sunEntitlementService", getSSOToken()).getOrganizationConfig(str, null);
        if (organizationConfig != null) {
            return organizationConfig.getSubConfig(EntitlementUtils.REGISTERED_APPLICATIONS);
        }
        return null;
    }

    private ServiceConfig createApplicationCollectionConfig(String str) throws SMSException, SSOException {
        ServiceConfig serviceConfig = null;
        ServiceConfig organizationConfig = new ServiceConfigManager("sunEntitlementService", SubjectUtils.getSSOToken(this.subject)).getOrganizationConfig(str, null);
        if (organizationConfig != null) {
            serviceConfig = organizationConfig.getSubConfig(EntitlementUtils.REGISTERED_APPLICATIONS);
        }
        if (serviceConfig == null) {
            organizationConfig.addSubConfig(EntitlementUtils.REGISTERED_APPLICATIONS, SCHEMA_APPLICATIONS, 0, Collections.EMPTY_MAP);
            serviceConfig = organizationConfig.getSubConfig(EntitlementUtils.REGISTERED_APPLICATIONS);
        }
        return serviceConfig;
    }

    @Override // com.sun.identity.entitlement.EntitlementConfiguration
    public void storeApplication(Application application) throws EntitlementException {
        SSOToken sSOToken = SubjectUtils.getSSOToken(this.subject);
        try {
            createApplicationCollectionConfig(this.realm);
            SMSEntry sMSEntry = new SMSEntry(sSOToken, getApplicationDN(application.getName(), this.realm));
            sMSEntry.setAttributes(getApplicationData(application));
            String[] strArr = {this.realm, application.getName()};
            OpenSSOLogger.log(OpenSSOLogger.LogLevel.MESSAGE, Level.INFO, "ATTEMPT_SAVE_APPLICATION", strArr, this.subject);
            sMSEntry.save();
            OpenSSOLogger.log(OpenSSOLogger.LogLevel.MESSAGE, Level.INFO, "SUCCEEDED_SAVE_APPLICATION", strArr, this.subject);
            publishInternalNotifications(application.getName(), this.realm);
        } catch (SSOException e) {
            OpenSSOLogger.log(OpenSSOLogger.LogLevel.ERROR, Level.INFO, "FAILED_SAVE_APPLICATION", new String[]{this.realm, application.getName(), e.getMessage()}, this.subject);
            throw new EntitlementException(231, new Object[]{application.getName()}, e);
        } catch (SMSException e2) {
            OpenSSOLogger.log(OpenSSOLogger.LogLevel.ERROR, Level.INFO, "FAILED_SAVE_APPLICATION", new String[]{this.realm, application.getName(), e2.getMessage()}, this.subject);
            throw new EntitlementException(231, new Object[]{application.getName()}, e2);
        }
    }

    private String getApplicationDN(String str, String str2) {
        return "ou=" + str + "," + getApplicationSearchBaseDN(str2);
    }

    @Override // com.sun.identity.entitlement.EntitlementConfiguration
    public void storeApplicationType(ApplicationType applicationType) throws EntitlementException {
        try {
            SSOToken sSOToken = SubjectUtils.getSSOToken(this.subject);
            if (sSOToken == null) {
                throw new EntitlementException(SnmpDefinitions.snmpPrivNotSupported, applicationType.getName());
            }
            ServiceConfig applicationTypeCollectionConfig = getApplicationTypeCollectionConfig(sSOToken);
            if (applicationTypeCollectionConfig != null) {
                ServiceConfig subConfig = applicationTypeCollectionConfig.getSubConfig(applicationType.getName());
                if (subConfig == null) {
                    applicationTypeCollectionConfig.addSubConfig(applicationType.getName(), "applicationType", 0, getApplicationTypeData(applicationType));
                } else {
                    subConfig.setAttributes(getApplicationTypeData(applicationType));
                }
            }
        } catch (SSOException e) {
            throw new EntitlementException(SnmpDefinitions.snmpReqSocketIOError, new Object[]{applicationType.getName()}, e);
        } catch (SMSException e2) {
            throw new EntitlementException(SnmpDefinitions.snmpReqSocketIOError, new Object[]{applicationType.getName()}, e2);
        }
    }

    private Map<String, Set<String>> getApplicationTypeData(ApplicationType applicationType) {
        HashMap hashMap = new HashMap();
        hashMap.put("actions", EntitlementUtils.getActionSet(applicationType.getActions()));
        ISaveIndex saveIndex = applicationType.getSaveIndex();
        String name = saveIndex != null ? saveIndex.getClass().getName() : null;
        hashMap.put(CONFIG_SAVE_INDEX_IMPL, name == null ? Collections.EMPTY_SET : getSet(name));
        ISearchIndex searchIndex = applicationType.getSearchIndex();
        String name2 = searchIndex != null ? searchIndex.getClass().getName() : null;
        hashMap.put(CONFIG_SEARCH_INDEX_IMPL, name2 == null ? Collections.EMPTY_SET : getSet(name2));
        ResourceName resourceComparator = applicationType.getResourceComparator();
        String name3 = resourceComparator != null ? resourceComparator.getClass().getName() : null;
        hashMap.put(CONFIG_RESOURCE_COMP_IMPL, name3 == null ? Collections.EMPTY_SET : getSet(name3));
        return hashMap;
    }

    private Map<String, Set<String>> getApplicationData(Application application) {
        HashMap hashMap = new HashMap();
        HashSet hashSet = new HashSet(2);
        hashMap.put(SMSEntry.ATTR_SERVICE_ID, hashSet);
        hashSet.add("application");
        HashSet hashSet2 = new HashSet(4);
        hashMap.put("objectclass", hashSet2);
        hashSet2.add("top");
        hashSet2.add(SMSEntry.OC_SERVICE_COMP);
        HashSet hashSet3 = new HashSet();
        hashMap.put(SMSEntry.ATTR_KEYVAL, hashSet3);
        hashSet3.add("applicationType=" + application.getApplicationType().getName());
        if (application.getDescription() != null) {
            hashSet3.add("description=" + application.getDescription());
        } else {
            hashSet3.add("description=");
        }
        hashSet3.add("entitlementCombiner=" + application.getEntitlementCombiner().getClass().getName());
        Set<String> conditions = application.getConditions();
        if (conditions == null || conditions.isEmpty()) {
            hashSet3.add("conditions=");
        } else {
            Iterator<String> it = conditions.iterator();
            while (it.hasNext()) {
                hashSet3.add("conditions=" + it.next());
            }
        }
        Set<String> subjects = application.getSubjects();
        if (subjects == null || subjects.isEmpty()) {
            hashSet3.add("subjects=");
        } else {
            Iterator<String> it2 = subjects.iterator();
            while (it2.hasNext()) {
                hashSet3.add("subjects=" + it2.next());
            }
        }
        ISaveIndex saveIndex = application.getSaveIndex();
        if (saveIndex != null) {
            hashSet3.add("saveIndexImpl=" + saveIndex.getClass().getName());
        }
        ISearchIndex searchIndex = application.getSearchIndex();
        if (searchIndex != null) {
            hashSet3.add("searchIndexImpl=" + searchIndex.getClass().getName());
        }
        ResourceName resourceComparator = application.getResourceComparator(false);
        if (resourceComparator != null) {
            hashSet3.add("resourceComparator=" + resourceComparator.getClass().getName());
        }
        Set<String> attributeNames = application.getAttributeNames();
        if (attributeNames == null || attributeNames.isEmpty()) {
            hashSet3.add("subjectAttributeNames=");
        } else {
            Iterator<String> it3 = attributeNames.iterator();
            while (it3.hasNext()) {
                hashSet3.add("subjectAttributeNames=" + it3.next());
            }
        }
        Iterator<String> it4 = application.getMetaData().iterator();
        while (it4.hasNext()) {
            hashSet3.add("meta=" + it4.next());
        }
        String displayName = application.getDisplayName();
        hashSet3.add("displayName=" + (displayName == null ? "" : displayName));
        if (!application.getResourceTypeUuids().isEmpty()) {
            HashSet hashSet4 = new HashSet();
            Iterator<String> it5 = application.getResourceTypeUuids().iterator();
            while (it5.hasNext()) {
                hashSet4.add("resourceTypeUuids=" + it5.next());
            }
            hashMap.put(SMSEntry.ATTR_XML_KEYVAL, hashSet4);
        }
        return hashMap;
    }

    @Override // com.sun.identity.entitlement.EntitlementConfiguration
    public Set<String> getSubjectAttributeNames(String str) {
        try {
            Application application = EntitlementUtils.getApplicationService(PolicyConstants.SUPER_ADMIN_SUBJECT, this.realm).getApplication(str);
            if (application != null) {
                return application.getAttributeNames();
            }
        } catch (EntitlementException e) {
            PolicyConstants.DEBUG.error("EntitlementService.getSubjectAttributeNames", e);
        }
        return Collections.EMPTY_SET;
    }

    @Override // com.sun.identity.entitlement.EntitlementConfiguration
    public Map<String, Set<String>> getSubjectAttributesCollectorConfiguration(String str) throws EntitlementException {
        ServiceConfig serviceConfig;
        ServiceConfig subConfig;
        ServiceConfig subConfig2;
        try {
            SSOToken sSOToken = getSSOToken();
            if (sSOToken == null) {
                PolicyConstants.DEBUG.error("EntitlementService.getSubjectAttributesCollectorConfiguration:admin sso token is absent");
                throw new EntitlementException(287, str);
            }
            OrganizationConfigManager organizationConfigManager = new OrganizationConfigManager(sSOToken, this.realm);
            ServiceConfig serviceConfig2 = organizationConfigManager.getServiceConfig("sunEntitlementService");
            if (serviceConfig2 == null) {
                return null;
            }
            Set<String> subConfigNames = serviceConfig2.getSubConfigNames();
            if (subConfigNames == null || !subConfigNames.contains("subjectAttributesCollectors")) {
                serviceConfig2.addSubConfig("subjectAttributesCollectors", "subjectAttributesCollectors", 0, Collections.EMPTY_MAP);
            }
            ServiceConfig subConfig3 = serviceConfig2.getSubConfig("subjectAttributesCollectors");
            ServiceConfig subConfig4 = subConfig3.getSubConfig(str);
            if (subConfig4 == null) {
                Map<String, Set<String>> map = Collections.EMPTY_MAP;
                OrganizationConfigManager parentOrgConfigManager = organizationConfigManager.getParentOrgConfigManager();
                if (parentOrgConfigManager != null && (serviceConfig = parentOrgConfigManager.getServiceConfig("sunEntitlementService")) != null && (subConfig = serviceConfig.getSubConfig("subjectAttributesCollectors")) != null && (subConfig2 = subConfig.getSubConfig(str)) != null) {
                    map = subConfig2.getAttributes();
                }
                subConfig3.addSubConfig(str, SCHEMA_OPENSSO_SUBJECT_ATTRIBUTES_COLLECTOR, 0, map);
                subConfig4 = subConfig3.getSubConfig(str);
            }
            return subConfig4.getAttributes();
        } catch (SSOException e) {
            PolicyConstants.DEBUG.error("EntitlementService.getSubjectAttributesCollectorConfiguration", e);
            throw new EntitlementException(288, new Object[]{str}, e);
        } catch (SMSException e2) {
            PolicyConstants.DEBUG.error("EntitlementService.getSubjectAttributesCollectorConfiguration", e2);
            throw new EntitlementException(288, new Object[]{str}, e2);
        }
    }

    @Override // com.sun.identity.entitlement.EntitlementConfiguration
    public void setSubjectAttributesCollectorConfiguration(String str, Map<String, Set<String>> map) throws EntitlementException {
        try {
            SSOToken sSOToken = getSSOToken();
            if (sSOToken == null) {
                PolicyConstants.DEBUG.error("EntitlementService.setSubjectAttributesCollectorConfiguration:admin sso token is absent");
                throw new EntitlementException(289, str);
            }
            ServiceConfig serviceConfig = new OrganizationConfigManager(sSOToken, this.realm).getServiceConfig("sunEntitlementService");
            if (serviceConfig != null) {
                Set<String> subConfigNames = serviceConfig.getSubConfigNames();
                if (subConfigNames == null || !subConfigNames.contains("subjectAttributesCollectors")) {
                    serviceConfig.addSubConfig("subjectAttributesCollectors", "subjectAttributesCollectors", 0, Collections.EMPTY_MAP);
                }
                ServiceConfig subConfig = serviceConfig.getSubConfig("subjectAttributesCollectors");
                ServiceConfig subConfig2 = subConfig.getSubConfig(str);
                if (subConfig2 == null) {
                    subConfig.addSubConfig(str, SCHEMA_OPENSSO_SUBJECT_ATTRIBUTES_COLLECTOR, 0, map);
                } else {
                    subConfig2.setAttributes(map);
                }
            }
        } catch (SSOException e) {
            PolicyConstants.DEBUG.error("EntitlementService.setSubjectAttributesCollectorConfiguration", e);
            throw new EntitlementException(290, new Object[]{str}, e);
        } catch (SMSException e2) {
            PolicyConstants.DEBUG.error("EntitlementService.setSubjectAttributesCollectorConfiguration", e2);
            throw new EntitlementException(290, new Object[]{str}, e2);
        }
    }

    @Override // com.sun.identity.entitlement.EntitlementConfiguration
    public boolean hasEntitlementDITs() {
        try {
            new ServiceSchemaManager("sunEntitlementService", EntitlementUtils.getAdminToken());
            return true;
        } catch (SSOException e) {
            return false;
        } catch (SMSException e2) {
            return false;
        }
    }

    @Override // com.sun.identity.entitlement.EntitlementConfiguration
    public boolean xacmlPrivilegeEnabled() {
        if (!hasEntitlementDITs()) {
            return false;
        }
        Set<String> configuration = getConfiguration(XACML_PRIVILEGE_ENABLED);
        String next = (configuration == null || configuration.isEmpty()) ? null : configuration.iterator().next();
        if (next != null) {
            return Boolean.parseBoolean(next);
        }
        return false;
    }

    @Override // com.sun.identity.entitlement.EntitlementConfiguration
    public boolean networkMonitorEnabled() {
        if (!hasEntitlementDITs()) {
            return false;
        }
        Set<String> configuration = getConfiguration(NETWORK_MONITOR_ENABLED);
        String next = (configuration == null || configuration.isEmpty()) ? null : configuration.iterator().next();
        if (next != null) {
            return Boolean.parseBoolean(next);
        }
        return false;
    }

    @Override // com.sun.identity.entitlement.EntitlementConfiguration
    public void setNetworkMonitorEnabled(boolean z) {
        HashSet hashSet = new HashSet();
        hashSet.add(Boolean.toString(z));
        setConfiguration(EntitlementUtils.getAdminToken(), NETWORK_MONITOR_ENABLED, hashSet);
    }

    @Override // com.sun.identity.entitlement.EntitlementConfiguration
    public void reindexApplications() {
        Iterator<Application> it = getApplications().iterator();
        while (it.hasNext()) {
            try {
                EntitlementUtils.getApplicationService(this.subject, this.realm).saveApplication(it.next());
            } catch (EntitlementException e) {
            }
        }
    }

    private String getParentRealm(String str) {
        int indexOf;
        if (str.equals("/") || (indexOf = str.indexOf("/")) == -1) {
            return null;
        }
        return indexOf == 0 ? "/" : str.substring(0, indexOf);
    }

    @Override // com.sun.identity.entitlement.EntitlementConfiguration
    public boolean isMonitoringRunning() {
        return MonitoringUtil.isRunning();
    }

    @Override // com.sun.identity.entitlement.EntitlementConfiguration
    public int getPolicyWindowSize() {
        return MonitoringUtil.getPolicyWindowSize();
    }

    private void publishInternalNotifications(String str, String str2) {
        this.broker.publish(SetupInternalNotificationSubscriptions.TOPIC_INTERNAL_POLICYSET, JsonValue.json(JsonValue.object((Map.Entry<String, Object>[]) new Map.Entry[]{JsonValue.field("name", str), JsonValue.field("realm", str2), JsonValue.field(IdRemoteEventListener.EVENT_TYPE, PolicyEventType.UPDATE)})));
    }
}
