package com.sun.identity.entitlement.opensso;

import com.iplanet.sso.SSOToken;
import com.sun.identity.entitlement.ApplicationPrivilege;
import com.sun.identity.entitlement.ApplicationPrivilegeManager;
import com.sun.identity.entitlement.EntitlementException;
import com.sun.identity.entitlement.PolicyDataStore;
import com.sun.identity.entitlement.PolicyEventType;
import com.sun.identity.entitlement.Privilege;
import com.sun.identity.entitlement.PrivilegeChangeNotifier;
import com.sun.identity.entitlement.PrivilegeIndexStore;
import com.sun.identity.entitlement.PrivilegeManager;
import com.sun.identity.idm.remote.IdRemoteEventListener;
import com.sun.identity.policy.remote.PolicyService;
import com.sun.identity.security.AdminTokenAction;
import java.security.AccessController;
import java.security.Principal;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.security.auth.Subject;
import org.forgerock.openam.entitlement.constraints.ConstraintValidator;
import org.forgerock.openam.entitlement.service.ApplicationServiceFactory;
import org.forgerock.openam.entitlement.service.ResourceTypeService;
import org.forgerock.openam.notifications.NotificationBroker;
import org.forgerock.openam.notifications.NotificationsConfig;
import org.forgerock.openam.notifications.Topic;
import org.forgerock.openam.sdk.javax.inject.Inject;
import org.forgerock.openam.sdk.org.forgerock.json.JsonValue;
import org.forgerock.openam.sdk.org.forgerock.util.Reject;
import org.forgerock.openam.utils.Time;

/* loaded from: input_file:WEB-INF/lib/openam-clientsdk-15.0.2.jar:com/sun/identity/entitlement/opensso/PolicyPrivilegeManager.class */
public class PolicyPrivilegeManager extends PrivilegeManager {
    private String realm;
    private static Subject dsameUserSubject = SubjectUtils.createSubject((SSOToken) AccessController.doPrivileged(AdminTokenAction.getInstance()));
    private final NotificationBroker broker;
    private final NotificationsConfig notificationsConfig;

    @Inject
    public PolicyPrivilegeManager(ApplicationServiceFactory applicationServiceFactory, ResourceTypeService resourceTypeService, ConstraintValidator constraintValidator, NotificationBroker notificationBroker, NotificationsConfig notificationsConfig) {
        super(applicationServiceFactory, resourceTypeService, constraintValidator);
        this.realm = "/";
        this.broker = notificationBroker;
        this.notificationsConfig = notificationsConfig;
    }

    @Override // com.sun.identity.entitlement.PrivilegeManager
    public void initialize(String str, Subject subject) {
        super.initialize(str, subject);
        this.realm = str;
        SubjectUtils.getSSOToken(subject);
    }

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // com.sun.identity.entitlement.IPrivilegeManager
    public Privilege findByName(String str) throws EntitlementException {
        return findByName(str, getAdminSubject());
    }

    @Override // com.sun.identity.entitlement.PrivilegeManager
    public Privilege findByName(String str, Subject subject) throws EntitlementException {
        if (str == null) {
            throw new EntitlementException(12);
        }
        Privilege privilege = (Privilege) PrivilegeIndexStore.getInstance(subject, getRealm()).getPrivilege(str);
        if (privilege == null) {
            throw new EntitlementException(203, str);
        }
        if (subject != PrivilegeManager.superAdminSubject && privilege != null) {
            ApplicationPrivilegeManager applicationPrivilegeManager = ApplicationPrivilegeManager.getInstance(this.realm, PrivilegeManager.superAdminSubject);
            if (applicationPrivilegeManager == null) {
                return null;
            }
            if (!applicationPrivilegeManager.hasPrivilege(privilege, ApplicationPrivilege.Action.READ)) {
                throw new EntitlementException(EntitlementException.PERMISSION_DENIED);
            }
        }
        return privilege;
    }

    @Override // com.sun.identity.entitlement.PrivilegeManager
    public List<Privilege> findAllPolicies() throws EntitlementException {
        PrivilegeIndexStore privilegeIndexStore = PrivilegeIndexStore.getInstance(getAdminSubject(), getRealm());
        if (privilegeIndexStore == null) {
            throw new NullPointerException("Policy index store not initialised");
        }
        return privilegeIndexStore.findAllPolicies();
    }

    @Override // com.sun.identity.entitlement.PrivilegeManager
    public List<Privilege> findAllPoliciesByApplication(String str) throws EntitlementException {
        PrivilegeIndexStore privilegeIndexStore = PrivilegeIndexStore.getInstance(getAdminSubject(), getRealm());
        if (privilegeIndexStore == null) {
            throw new NullPointerException("Policy index store not initialised");
        }
        return privilegeIndexStore.findAllPoliciesByApplication(str);
    }

    @Override // com.sun.identity.entitlement.PrivilegeManager
    public List<Privilege> findAllPoliciesByIdentityUid(String str) throws EntitlementException {
        Reject.ifNull(str);
        PrivilegeIndexStore privilegeIndexStore = PrivilegeIndexStore.getInstance(getAdminSubject(), getRealm());
        Reject.ifNull(privilegeIndexStore, "Policy index store not initialised");
        return privilegeIndexStore.findAllPoliciesByIdentityUid(str);
    }

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // com.sun.identity.entitlement.PrivilegeManager, com.sun.identity.entitlement.IPrivilegeManager
    public void add(Privilege privilege) throws EntitlementException {
        super.add(privilege);
        PolicyDataStore policyDataStore = PolicyDataStore.getInstance();
        String realm = getRealm();
        policyDataStore.addPolicy(getAdminSubject(), realm, privilege);
        notifyPrivilegeChanged(realm, null, privilege, PolicyEventType.CREATE);
    }

    @Override // com.sun.identity.entitlement.IPrivilegeManager
    public void remove(String str) throws EntitlementException {
        if (str == null) {
            throw new EntitlementException(12);
        }
        Privilege findByName = findByName(str);
        if (findByName != null) {
            String realm = getRealm();
            PolicyDataStore.getInstance().removePrivilege(getAdminSubject(), realm, findByName);
            notifyPrivilegeChanged(realm, null, findByName, PolicyEventType.DELETE);
        }
    }

    private void updateMetaInfo(String str, Privilege privilege) throws EntitlementException {
        Privilege findByName = findByName(str, PrivilegeManager.superAdminSubject);
        if (findByName != null) {
            privilege.setCreatedBy(findByName.getCreatedBy());
            privilege.setCreationDate(findByName.getCreationDate());
        }
        privilege.setLastModifiedDate(Time.newDate().getTime());
        Set<Principal> principals = getAdminSubject().getPrincipals();
        if (principals == null || principals.isEmpty()) {
            return;
        }
        privilege.setLastModifiedBy(principals.iterator().next().getName());
    }

    @Override // com.sun.identity.entitlement.PrivilegeManager
    public void modify(String str, Privilege privilege) throws EntitlementException {
        validate(privilege);
        updateMetaInfo(str, privilege);
        PolicyDataStore policyDataStore = PolicyDataStore.getInstance();
        Privilege findByName = findByName(str, getAdminSubject());
        String realm = getRealm();
        policyDataStore.removePrivilege(getAdminSubject(), realm, findByName);
        policyDataStore.addPolicy(getAdminSubject(), realm, privilege);
        notifyPrivilegeChanged(realm, findByName, privilege, PolicyEventType.UPDATE);
    }

    @Override // com.sun.identity.entitlement.IPrivilegeManager
    public void modify(Privilege privilege) throws EntitlementException {
        modify(privilege.getName(), privilege);
    }

    @Override // com.sun.identity.entitlement.PrivilegeManager
    protected void notifyPrivilegeChanged(String str, Privilege privilege, Privilege privilege2, PolicyEventType policyEventType) throws EntitlementException {
        Set<String> resourceNames;
        HashSet hashSet = new HashSet();
        if (privilege != null && (resourceNames = privilege.getEntitlement().getResourceNames()) != null) {
            hashSet.addAll(resourceNames);
        }
        Set<String> resourceNames2 = privilege2.getEntitlement().getResourceNames();
        if (resourceNames2 != null) {
            hashSet.addAll(resourceNames2);
        }
        String applicationName = privilege2.getEntitlement().getApplicationName();
        if (PrivilegeManager.debug.messageEnabled()) {
            PrivilegeManager.debug.message("PolicyPrivilegeManager.notifyPrivilegeChanged():applicationName=" + applicationName + ", resources=" + hashSet);
        }
        if (this.notificationsConfig.isAgentsEnabled()) {
            this.broker.publish(Topic.of("/agent/policy"), JsonValue.json(JsonValue.object((Map.Entry<String, Object>[]) new Map.Entry[]{JsonValue.field("realm", str), JsonValue.field(PolicyService.POLICY_SERVICE, privilege2.getName()), JsonValue.field("policySet", applicationName), JsonValue.field(IdRemoteEventListener.EVENT_TYPE, policyEventType)})));
        }
        PrivilegeChangeNotifier.getInstance().notify(getAdminSubject(), str, applicationName, privilege2.getName(), hashSet);
    }

    static {
        try {
            if (PrivilegeManager.debug.messageEnabled()) {
                PrivilegeManager.debug.message("PolicyPrivilegeManager.static initializer, getting instance of PolicyCache");
            }
        } catch (Exception e) {
            PrivilegeManager.debug.error("PolicyPrivilegeManager.static initializer failed to create PolicyCache", e);
        }
    }
}
