package org.forgerock.openam.entitlement.indextree;

import com.google.common.cache.Cache;
import com.google.common.cache.CacheBuilder;
import com.iplanet.am.util.SystemProperties;
import com.iplanet.sso.SSOToken;
import com.sun.identity.entitlement.EntitlementException;
import com.sun.identity.shared.debug.Debug;
import com.sun.identity.sm.SMSDataEntry;
import com.sun.identity.sm.SMSException;
import com.sun.identity.sm.ServiceManagementDAO;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.Collections;
import java.util.Iterator;
import java.util.Set;
import java.util.concurrent.TimeUnit;
import org.forgerock.openam.core.DNWrapper;
import org.forgerock.openam.entitlement.indextree.events.ErrorEventType;
import org.forgerock.openam.entitlement.indextree.events.EventType;
import org.forgerock.openam.entitlement.indextree.events.IndexChangeEvent;
import org.forgerock.openam.entitlement.indextree.events.IndexChangeObserver;
import org.forgerock.openam.entitlement.indextree.events.ModificationEvent;
import org.forgerock.openam.entitlement.indextree.events.ModificationEventType;
import org.forgerock.openam.entitlement.utils.indextree.IndexRuleTree;
import org.forgerock.openam.entitlement.utils.indextree.SimpleReferenceTree;
import org.forgerock.openam.sdk.javax.inject.Inject;
import org.forgerock.openam.sdk.org.forgerock.util.thread.listener.ShutdownListener;
import org.forgerock.openam.sdk.org.forgerock.util.thread.listener.ShutdownManager;

/* loaded from: input_file:WEB-INF/lib/openam-clientsdk-15.0.2.jar:org/forgerock/openam/entitlement/indextree/IndexTreeServiceImpl.class */
public class IndexTreeServiceImpl implements IndexTreeService, IndexChangeObserver, ShutdownListener {
    private static final Debug DEBUG = Debug.getInstance("amEntitlements");
    private static final String INDEX_PATH_ATT = "pathindex";
    private static final String SEARCH_FILTER = "(sunserviceID=indexes)";
    private static final String REALM_DN_TEMPLATE = "ou=default,ou=OrganizationConfig,ou=1.0,ou=sunEntitlementIndexes,ou=services,%s";
    final Cache<String, IndexRuleTree> indexTreeCache = CacheBuilder.newBuilder().maximumSize(16000).expireAfterWrite(SystemProperties.getAsInt("org.forgerock.openam.sdk.org.openidentityplatform.openam.policy.indextree.cache.ttl", 180), TimeUnit.SECONDS).build();
    private final IndexChangeManager manager;
    private final PrivilegedAction<SSOToken> adminAction;
    private final ServiceManagementDAO smDAO;
    private final DNWrapper dnMapper;

    @Inject
    public IndexTreeServiceImpl(IndexChangeManager indexChangeManager, PrivilegedAction<SSOToken> privilegedAction, ServiceManagementDAO serviceManagementDAO, DNWrapper dNWrapper, ShutdownManager shutdownManager) {
        this.manager = indexChangeManager;
        this.adminAction = privilegedAction;
        this.smDAO = serviceManagementDAO;
        this.dnMapper = dNWrapper;
        shutdownManager.addShutdownListener(this);
        indexChangeManager.registerObserver(this);
    }

    @Override // org.forgerock.openam.entitlement.indextree.IndexTreeService
    public Set<String> searchTree(String str, String str2) throws EntitlementException {
        IndexRuleTree indexTree = getIndexTree(str2);
        if (indexTree == null) {
            return Collections.emptySet();
        }
        Set<String> searchTree = indexTree.searchTree(str);
        if (DEBUG.messageEnabled()) {
            DEBUG.message(String.format("Matched index rules (resource:%s, realm:%s): %s", str, str2, searchTree));
        }
        return searchTree;
    }

    private IndexRuleTree getIndexTree(String str) throws EntitlementException {
        IndexRuleTree ifPresent = this.indexTreeCache.getIfPresent(str);
        if (ifPresent == null) {
            synchronized (this.indexTreeCache) {
                ifPresent = this.indexTreeCache.getIfPresent(str);
                if (ifPresent == null) {
                    ifPresent = createAndPopulateTree(str);
                    if (ifPresent != null) {
                        this.indexTreeCache.put(str, ifPresent);
                    }
                }
            }
        }
        return ifPresent;
    }

    private IndexRuleTree createAndPopulateTree(String str) throws EntitlementException {
        SimpleReferenceTree simpleReferenceTree = null;
        String format = String.format(REALM_DN_TEMPLATE, this.dnMapper.orgNameToDN(str));
        SSOToken sSOToken = (SSOToken) AccessController.doPrivileged(this.adminAction);
        if (this.smDAO.checkIfEntryExists(format, sSOToken)) {
            simpleReferenceTree = new SimpleReferenceTree();
            try {
                Iterator<SMSDataEntry> search = this.smDAO.search(sSOToken, format, SEARCH_FILTER, 0, 0, false, false, Collections.emptySet());
                while (search.hasNext()) {
                    simpleReferenceTree.addIndexRules(search.next().getAttributeValues(INDEX_PATH_ATT));
                }
                if (DEBUG.messageEnabled()) {
                    DEBUG.message(String.format("Index rule tree created for '%s'.", str));
                }
            } catch (SMSException e) {
                throw new EntitlementException(52, new Object[]{format}, e);
            }
        }
        return simpleReferenceTree;
    }

    @Override // org.forgerock.openam.entitlement.indextree.events.IndexChangeObserver
    public void update(IndexChangeEvent indexChangeEvent) {
        EventType type = indexChangeEvent.getType();
        if (!ModificationEventType.contains(type)) {
            if (type == ErrorEventType.DATA_LOSS) {
                this.indexTreeCache.invalidateAll();
                if (DEBUG.messageEnabled()) {
                    DEBUG.message("Potential policy path index loss, cached index trees cleared.");
                    return;
                }
                return;
            }
            return;
        }
        ModificationEventType modificationEventType = (ModificationEventType) type;
        ModificationEvent modificationEvent = (ModificationEvent) indexChangeEvent;
        String realm = modificationEvent.getRealm();
        IndexRuleTree ifPresent = this.indexTreeCache.getIfPresent(realm);
        if (ifPresent != null) {
            String pathIndex = modificationEvent.getPathIndex();
            switch (modificationEventType) {
                case ADD:
                    ifPresent.addIndexRule(pathIndex);
                    break;
                case DELETE:
                    ifPresent.removeIndexRule(pathIndex);
                    break;
            }
            if (DEBUG.messageEnabled()) {
                DEBUG.message(String.format("Policy path index '%s' updated for realm '%s'.", pathIndex, realm));
            }
        }
    }

    @Override // org.forgerock.openam.sdk.org.forgerock.util.thread.listener.ShutdownListener
    public void shutdown() {
        this.manager.removeObserver(this);
        this.manager.shutdown();
    }
}
