package com.sun.identity.entitlement.opensso;

import com.iplanet.sso.SSOException;
import com.iplanet.sso.SSOToken;
import com.sun.identity.authentication.util.ISAuthConstants;
import com.sun.identity.common.CaseInsensitiveHashMap;
import com.sun.identity.entitlement.ApplicationTypeManager;
import com.sun.identity.entitlement.EntitlementConfiguration;
import com.sun.identity.entitlement.EntitlementException;
import com.sun.identity.entitlement.EntitlementThreadPool;
import com.sun.identity.entitlement.IPrivilege;
import com.sun.identity.entitlement.Privilege;
import com.sun.identity.entitlement.PrivilegeIndexStore;
import com.sun.identity.entitlement.ReferralPrivilege;
import com.sun.identity.entitlement.ResourceSaveIndexes;
import com.sun.identity.entitlement.ResourceSearchIndexes;
import com.sun.identity.entitlement.SequentialThreadPool;
import com.sun.identity.entitlement.SubjectAttributesManager;
import com.sun.identity.entitlement.interfaces.IThreadPool;
import com.sun.identity.entitlement.util.SearchFilter;
import com.sun.identity.entitlement.util.SimpleIterator;
import com.sun.identity.policy.PolicyConfig;
import com.sun.identity.policy.PolicyManager;
import com.sun.identity.security.AdminTokenAction;
import com.sun.identity.shared.BufferedIterator;
import com.sun.identity.sm.DNMapper;
import com.sun.identity.sm.OrganizationConfigManager;
import com.sun.identity.sm.SMSException;
import com.sun.identity.sm.ServiceConfigManager;
import com.sun.identity.sm.ServiceListener;
import com.sun.identity.sm.ServiceManager;
import com.sun.identity.sm.ServiceSchemaManager;
import java.security.AccessController;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.security.auth.Subject;
import org.apache.commons.configuration.tree.DefaultExpressionEngine;
import org.forgerock.openam.entitlement.PolicyConstants;
import org.forgerock.openam.entitlement.utils.EntitlementUtils;
import org.forgerock.openam.ldap.LDAPUtils;
import org.forgerock.openam.sdk.org.forgerock.util.Reject;
import org.owasp.validator.html.Policy;

/* loaded from: input_file:WEB-INF/lib/openam-clientsdk-15.0.2.jar:com/sun/identity/entitlement/opensso/OpenSSOIndexStore.class */
public class OpenSSOIndexStore extends PrivilegeIndexStore {
    private static final int DEFAULT_CACHE_SIZE = 100000;
    private static final int DEFAULT_THREAD_SIZE = 1;
    private static final int DEFAULT_IDX_CACHE_SIZE = 100000;
    private static final PolicyCache policyCache;
    private static final PolicyCache referralCache;
    private static final int policyCacheSize;
    private static final Map indexCaches;
    private static final Map referralIndexCaches;
    private static final int indexCacheSize;
    private static final DataStore dataStore = DataStore.getInstance();
    private static IThreadPool threadPool;
    private static boolean isMultiThreaded;
    private Subject superAdminSubject;
    private String realmDN;
    private IndexCache indexCache;
    private IndexCache referralIndexCache;
    private EntitlementConfiguration entitlementConfig;

    /* loaded from: input_file:WEB-INF/lib/openam-clientsdk-15.0.2.jar:com/sun/identity/entitlement/opensso/OpenSSOIndexStore$EntitlementsListener.class */
    static class EntitlementsListener implements ServiceListener {
        EntitlementsListener() {
        }

        @Override // com.sun.identity.sm.ServiceListener
        public void schemaChanged(String str, String str2) {
        }

        @Override // com.sun.identity.sm.ServiceListener
        public void globalConfigChanged(String str, String str2, String str3, String str4, int i) {
        }

        @Override // com.sun.identity.sm.ServiceListener
        public void organizationConfigChanged(String str, String str2, String str3, String str4, String str5, int i) {
            if (i == 2) {
                if (str5 == null || str5.trim().length() == 0 || str5.equals("/")) {
                    OpenSSOIndexStore.indexCaches.remove(str3);
                    OpenSSOIndexStore.referralIndexCaches.remove(str3);
                    EntitlementUtils.getApplicationService(PolicyConstants.SUPER_ADMIN_SUBJECT, str3).clearCache();
                }
            }
        }
    }

    /* loaded from: input_file:WEB-INF/lib/openam-clientsdk-15.0.2.jar:com/sun/identity/entitlement/opensso/OpenSSOIndexStore$SearchTask.class */
    public class SearchTask implements Runnable {
        private BufferedIterator iterator;
        private ResourceSearchIndexes indexes;
        private Set<String> subjectIndexes;
        private boolean bSubTree;
        private Set<String> excludeDNs;

        public SearchTask(BufferedIterator bufferedIterator, ResourceSearchIndexes resourceSearchIndexes, Set<String> set, boolean z, Set<String> set2) {
            this.iterator = bufferedIterator;
            this.indexes = resourceSearchIndexes;
            this.subjectIndexes = set;
            this.bSubTree = z;
            this.excludeDNs = set2;
        }

        @Override // java.lang.Runnable
        public void run() {
            try {
                Set<IPrivilege> search = OpenSSOIndexStore.dataStore.search(OpenSSOIndexStore.this.getAdminSubject(), OpenSSOIndexStore.this.getRealmDN(), this.iterator, this.indexes, this.subjectIndexes, this.bSubTree, this.excludeDNs);
                if (OpenSSOIndexStore.indexCacheSize > 0) {
                    Iterator<IPrivilege> it = search.iterator();
                    while (it.hasNext()) {
                        OpenSSOIndexStore.this.cache(it.next(), this.subjectIndexes, OpenSSOIndexStore.this.getRealmDN());
                    }
                }
            } catch (EntitlementException e) {
                this.iterator.isDone();
                PolicyConstants.DEBUG.error("OpenSSOIndexStore.SearchTask.runPolicy", e);
            }
        }
    }

    private static int getInteger(EntitlementConfiguration entitlementConfiguration, String str, int i) {
        Set<String> configuration = entitlementConfiguration.getConfiguration(str);
        return (configuration == null || configuration.isEmpty()) ? i : getNumeric(configuration.iterator().next(), i);
    }

    public OpenSSOIndexStore(Subject subject, String str) {
        super(subject, str);
        this.superAdminSubject = SubjectUtils.createSuperAdminSubject();
        this.realmDN = DNMapper.orgNameToDN(str);
        this.entitlementConfig = EntitlementUtils.getEntitlementConfiguration(subject, str);
        if (indexCacheSize > 0) {
            synchronized (indexCaches) {
                this.indexCache = (IndexCache) indexCaches.get(this.realmDN);
                if (this.indexCache == null) {
                    this.indexCache = new IndexCache(indexCacheSize);
                    indexCaches.put(this.realmDN, this.indexCache);
                }
            }
            synchronized (referralIndexCaches) {
                this.referralIndexCache = (IndexCache) referralIndexCaches.get(this.realmDN);
                if (this.referralIndexCache == null) {
                    this.referralIndexCache = new IndexCache(indexCacheSize);
                    referralIndexCaches.put(this.realmDN, this.referralIndexCache);
                }
            }
        }
    }

    private static int getNumeric(String str, int i) {
        try {
            return Integer.parseInt(str);
        } catch (NumberFormatException e) {
            return i;
        }
    }

    @Override // com.sun.identity.entitlement.PrivilegeIndexStore
    public void add(Set<IPrivilege> set) throws EntitlementException {
        for (IPrivilege iPrivilege : set) {
            if (iPrivilege instanceof Privilege) {
                add((Privilege) iPrivilege);
            } else if (iPrivilege instanceof ReferralPrivilege) {
                add((ReferralPrivilege) iPrivilege);
            }
        }
    }

    private void add(Privilege privilege) throws EntitlementException {
        Subject adminSubject = getAdminSubject();
        privilege.canonicalizeResources(adminSubject, DNMapper.orgNameToRealmName(getRealm()));
        dataStore.add(adminSubject, this.realmDN, privilege);
        this.entitlementConfig.addSubjectAttributeNames(privilege.getEntitlement().getApplicationName(), SubjectAttributesManager.getRequiredAttributeNames(privilege));
    }

    private void add(ReferralPrivilege referralPrivilege) throws EntitlementException {
        Subject adminSubject = getAdminSubject();
        String realm = getRealm();
        ReferralPrivilege referralPrivilege2 = (ReferralPrivilege) referralPrivilege.clone();
        referralPrivilege2.canonicalizeResources(adminSubject, DNMapper.orgNameToRealmName(realm));
        dataStore.addReferral(adminSubject, realm, referralPrivilege2);
    }

    @Override // com.sun.identity.entitlement.PrivilegeIndexStore
    public void delete(String str) throws EntitlementException {
        delete(str, true);
    }

    @Override // com.sun.identity.entitlement.PrivilegeIndexStore
    public void deleteReferral(String str) throws EntitlementException {
        deleteReferral(str, true);
    }

    @Override // com.sun.identity.entitlement.PrivilegeIndexStore
    public void delete(Set<IPrivilege> set) throws EntitlementException {
        ResourceSaveIndexes resourceSaveIndexes;
        Subject adminSubject = getAdminSubject();
        String realm = getRealm();
        for (IPrivilege iPrivilege : set) {
            String delete = iPrivilege instanceof Privilege ? delete(iPrivilege.getName(), true) : deleteReferral(iPrivilege.getName(), true);
            if (indexCacheSize > 0 && (resourceSaveIndexes = iPrivilege.getResourceSaveIndexes(adminSubject, DNMapper.orgNameToRealmName(realm))) != null) {
                if (iPrivilege instanceof Privilege) {
                    this.indexCache.clear(resourceSaveIndexes, delete);
                } else {
                    this.referralIndexCache.clear(resourceSaveIndexes, delete);
                }
            }
        }
    }

    @Override // com.sun.identity.entitlement.PrivilegeIndexStore
    public String delete(String str, boolean z) throws EntitlementException {
        Subject adminSubject = getAdminSubject();
        String privilegeDistinguishedName = DataStore.getPrivilegeDistinguishedName(str, getRealm(), null);
        if (z) {
            dataStore.remove(adminSubject, this.realmDN, str);
        }
        if (policyCacheSize > 0) {
            policyCache.decache(privilegeDistinguishedName, this.realmDN);
        }
        return privilegeDistinguishedName;
    }

    @Override // com.sun.identity.entitlement.PrivilegeIndexStore
    public String deleteReferral(String str, boolean z) throws EntitlementException {
        Subject adminSubject = getAdminSubject();
        String realm = getRealm();
        String privilegeDistinguishedName = DataStore.getPrivilegeDistinguishedName(str, realm, DataStore.REFERRAL_STORE);
        if (z) {
            dataStore.removeReferral(adminSubject, realm, str);
        }
        if (policyCacheSize > 0) {
            referralCache.decache(privilegeDistinguishedName, this.realmDN);
        }
        return privilegeDistinguishedName;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void cache(IPrivilege iPrivilege, Set<String> set, String str) throws EntitlementException {
        if (iPrivilege instanceof Privilege) {
            cache((Privilege) iPrivilege, set, str);
        } else if (iPrivilege instanceof ReferralPrivilege) {
            cache((ReferralPrivilege) iPrivilege, str);
        }
    }

    private void cache(Privilege privilege, Set<String> set, String str) throws EntitlementException {
        String privilegeDistinguishedName = DataStore.getPrivilegeDistinguishedName(privilege.getName(), str, null);
        String orgNameToRealmName = DNMapper.orgNameToRealmName(str);
        if (set == null) {
            set = SubjectAttributesManager.getSubjectSearchIndexes(privilege);
        }
        this.indexCache.cache(privilege.getEntitlement().getResourceSaveIndexes(this.superAdminSubject, orgNameToRealmName), set, privilegeDistinguishedName);
        policyCache.cache(privilegeDistinguishedName, privilege, this.realmDN);
    }

    private void cache(ReferralPrivilege referralPrivilege, String str) throws EntitlementException {
        String privilegeDistinguishedName = DataStore.getPrivilegeDistinguishedName(referralPrivilege.getName(), str, DataStore.REFERRAL_STORE);
        this.referralIndexCache.cache(referralPrivilege.getResourceSaveIndexes(this.superAdminSubject, DNMapper.orgNameToRealmName(str)), (Set<String>) null, privilegeDistinguishedName);
        referralCache.cache(privilegeDistinguishedName, referralPrivilege, this.realmDN);
    }

    @Override // com.sun.identity.entitlement.PrivilegeIndexStore
    public Iterator<IPrivilege> search(String str, ResourceSearchIndexes resourceSearchIndexes, Set<String> set, boolean z) throws EntitlementException {
        return search(str, resourceSearchIndexes, set, z, true);
    }

    public Iterator<IPrivilege> search(String str, ResourceSearchIndexes resourceSearchIndexes, Set<String> set, boolean z, boolean z2) throws EntitlementException {
        ReferralPrivilege orgAliasReferral;
        BufferedIterator bufferedIterator = isMultiThreaded ? new BufferedIterator() : new SimpleIterator();
        if (!z && resourceSearchIndexes.getPathIndexes().isEmpty()) {
            return bufferedIterator;
        }
        if (z && resourceSearchIndexes.getParentPathIndexes().isEmpty()) {
            return bufferedIterator;
        }
        HashSet hashSet = new HashSet();
        if (indexCacheSize > 0) {
            hashSet.addAll(searchPrivileges(resourceSearchIndexes, set, z, bufferedIterator));
            hashSet.addAll(searchReferrals(resourceSearchIndexes, z, bufferedIterator));
        }
        if (z2) {
            if ((LDAPUtils.isDN(str) ? DNMapper.orgNameToRealmName(str) : str).equals("/") && (orgAliasReferral = getOrgAliasReferral(resourceSearchIndexes)) != null) {
                bufferedIterator.add((BufferedIterator) orgAliasReferral);
            }
        }
        if (indexCacheSize == 0 || isDSSearchNecessary()) {
            threadPool.submit(new SearchTask(bufferedIterator, resourceSearchIndexes, set, z, hashSet));
        } else {
            bufferedIterator.isDone();
        }
        return bufferedIterator;
    }

    @Override // com.sun.identity.entitlement.PrivilegeIndexStore
    public IPrivilege getPrivilege(String str) {
        if (policyCacheSize > 0) {
            Privilege policy = policyCache.getPolicy(DataStore.getPrivilegeDistinguishedName(str, getRealm(), null));
            if (policy != null) {
                return policy;
            }
        }
        if (!isPolicyCacheBehind(getRealm())) {
            return null;
        }
        try {
            IPrivilege privilege = dataStore.getPrivilege(getRealm(), str);
            cache(privilege, (Set<String>) null, getRealm());
            return privilege;
        } catch (EntitlementException e) {
            PolicyConstants.DEBUG.error("OpenSSOIndexStore.GetTask.runPolicy", e);
            return null;
        }
    }

    private ReferralPrivilege getOrgAliasReferral(ResourceSearchIndexes resourceSearchIndexes) throws EntitlementException {
        ReferralPrivilege referralPrivilege = null;
        SSOToken sSOToken = SubjectUtils.getSSOToken(this.superAdminSubject);
        if (isOrgAliasMappingResourceEnabled(sSOToken)) {
            try {
                Set<String> referredRealmNames = getReferredRealmNames(sSOToken, resourceSearchIndexes);
                if (referredRealmNames != null && !referredRealmNames.isEmpty()) {
                    HashMap hashMap = new HashMap();
                    HashSet hashSet = new HashSet();
                    hashSet.add("http*://" + getReferralURL(resourceSearchIndexes.getHostIndexes()) + PolicyManager.ORG_ALIAS_URL_SUFFIX);
                    hashMap.put(ApplicationTypeManager.URL_APPLICATION_TYPE_NAME, hashSet);
                    referralPrivilege = new ReferralPrivilege("referralprivilege111", hashMap, referredRealmNames);
                }
            } catch (SSOException e) {
                PolicyConstants.DEBUG.error("OpenSSOIndexStore.getOrgAliasReferral", e);
            } catch (SMSException e2) {
                PolicyConstants.DEBUG.error("OpenSSOIndexStore.getOrgAliasReferral", e2);
            }
        }
        return referralPrivilege;
    }

    private String getReferralURL(Set<String> set) {
        int i = -1;
        String str = null;
        for (String str2 : set) {
            if (str2.length() > i) {
                str = str2;
                i = str2.length();
            }
        }
        return str;
    }

    private Set<String> getReferredRealmNames(SSOToken sSOToken, ResourceSearchIndexes resourceSearchIndexes) throws SMSException, SSOException {
        HashSet hashSet = new HashSet();
        Iterator<String> it = resourceSearchIndexes.getHostIndexes().iterator();
        while (it.hasNext()) {
            String next = it.next();
            if (next.startsWith(ISAuthConstants.URL_SEPARATOR)) {
                next = next.substring(3);
            }
            if (next.length() > 0) {
                hashSet.add(next);
            }
        }
        HashSet hashSet2 = new HashSet();
        hashSet2.add(getReferralURL(hashSet));
        Set<String> searchOrganizationNames = new ServiceManager(sSOToken).searchOrganizationNames("sunIdentityRepositoryService", "sunOrganizationAliases", hashSet2);
        if (searchOrganizationNames == null || searchOrganizationNames.isEmpty()) {
            return Collections.EMPTY_SET;
        }
        HashSet hashSet3 = new HashSet();
        for (String str : searchOrganizationNames) {
            if (!str.equals("/")) {
                if (!str.startsWith("/")) {
                    str = "/" + str;
                }
                hashSet3.add(str);
            }
        }
        return hashSet3;
    }

    private boolean isPolicyCacheBehind(String str) {
        if (!CacheTaboo.isEmpty()) {
            return true;
        }
        int count = policyCache.getCount(str);
        int numberOfPolicies = DataStore.getNumberOfPolicies(str);
        return numberOfPolicies > 0 && count < numberOfPolicies;
    }

    private boolean isReferralCacheBehind(String str) {
        if (!CacheTaboo.isEmpty()) {
            return true;
        }
        int count = referralCache.getCount(str);
        int numberOfReferrals = DataStore.getNumberOfReferrals(str);
        return numberOfReferrals > 0 && count < numberOfReferrals;
    }

    private boolean isDSSearchNecessary() {
        String realm = getRealm();
        return isPolicyCacheBehind(realm) || isReferralCacheBehind(realm);
    }

    private Set<String> searchReferrals(ResourceSearchIndexes resourceSearchIndexes, boolean z, BufferedIterator bufferedIterator) {
        Set<String> matchingEntries = this.referralIndexCache.getMatchingEntries(resourceSearchIndexes, null, z);
        Iterator<String> it = matchingEntries.iterator();
        while (it.hasNext()) {
            ReferralPrivilege referral = referralCache.getReferral(it.next());
            if (referral != null) {
                bufferedIterator.add((BufferedIterator) referral);
            } else {
                it.remove();
            }
        }
        return matchingEntries;
    }

    private Set<String> searchPrivileges(ResourceSearchIndexes resourceSearchIndexes, Set<String> set, boolean z, BufferedIterator bufferedIterator) {
        Set<String> matchingEntries = this.indexCache.getMatchingEntries(resourceSearchIndexes, set, z);
        Iterator<String> it = matchingEntries.iterator();
        while (it.hasNext()) {
            Privilege policy = policyCache.getPolicy(it.next());
            if (policy != null) {
                bufferedIterator.add((BufferedIterator) policy);
            } else {
                it.remove();
            }
        }
        return matchingEntries;
    }

    @Override // com.sun.identity.entitlement.PrivilegeIndexStore
    public Set<String> searchPrivilegeNames(Set<SearchFilter> set, boolean z, int i, boolean z2, boolean z3) throws EntitlementException {
        return dataStore.search(getAdminSubject(), getRealm(), getSearchFilter(set, z), i * 2, z2, z3);
    }

    private String getSearchFilter(Set<SearchFilter> set, boolean z) {
        StringBuilder sb = new StringBuilder();
        if (set == null || set.isEmpty()) {
            sb.append("(ou=*)");
        } else if (set.size() == 1) {
            sb.append(set.iterator().next().getFilter());
        } else {
            if (z) {
                sb.append("(&");
            } else {
                sb.append("(|");
            }
            Iterator<SearchFilter> it = set.iterator();
            while (it.hasNext()) {
                sb.append(it.next().getFilter());
            }
            sb.append(DefaultExpressionEngine.DEFAULT_INDEX_END);
        }
        return sb.toString();
    }

    @Override // com.sun.identity.entitlement.PrivilegeIndexStore
    public Set<String> searchReferralPrivilegeNames(Set<SearchFilter> set, boolean z, int i, boolean z2, boolean z3) throws EntitlementException {
        return searchReferralPrivilegeNames(set, getAdminSubject(), getRealm(), z, i, z2, z3);
    }

    public Set<String> searchReferralPrivilegeNames(Set<SearchFilter> set, Subject subject, String str, boolean z, int i, boolean z2, boolean z3) throws EntitlementException {
        StringBuilder sb = new StringBuilder();
        if (set.isEmpty()) {
            sb.append("(ou=*)");
        } else if (set.size() == 1) {
            sb.append(set.iterator().next().getFilter());
        } else {
            if (z) {
                sb.append("(&");
            } else {
                sb.append("(|");
            }
            Iterator<SearchFilter> it = set.iterator();
            while (it.hasNext()) {
                sb.append(it.next().getFilter());
            }
            sb.append(DefaultExpressionEngine.DEFAULT_INDEX_END);
        }
        return dataStore.searchReferral(subject, str, sb.toString(), i, z2, z3);
    }

    @Override // com.sun.identity.entitlement.PrivilegeIndexStore
    public Set<String> getReferredResources(String str) throws EntitlementException {
        String realm = getRealm();
        if (realm.equals("/")) {
            return Collections.EMPTY_SET;
        }
        if (LDAPUtils.isDN(realm)) {
            realm = DNMapper.orgNameToRealmName(realm);
        }
        SSOToken sSOToken = SubjectUtils.getSSOToken(this.superAdminSubject);
        try {
            HashSet hashSet = new HashSet();
            Set<String> peerRealms = getPeerRealms(realm);
            peerRealms.addAll(getParentRealms(realm));
            String str2 = "(&(ou=referralappls=" + str + ")(ou=" + DataStore.REFERRAL_REALMS + "=" + realm + "))";
            HashMap hashMap = new HashMap();
            for (String str3 : peerRealms) {
                hashMap.put(str3, dataStore.searchReferrals(sSOToken, str3, str2));
            }
            for (String str4 : hashMap.keySet()) {
                Set set = (Set) hashMap.get(str4);
                String orgNameToRealmName = LDAPUtils.isDN(str4) ? DNMapper.orgNameToRealmName(str4) : str4;
                Iterator it = set.iterator();
                while (it.hasNext()) {
                    Map<String, Set<String>> originalMapApplNameToResources = ((ReferralPrivilege) it.next()).getOriginalMapApplNameToResources();
                    for (String str5 : originalMapApplNameToResources.keySet()) {
                        if (EntitlementUtils.getApplicationService(PolicyConstants.SUPER_ADMIN_SUBJECT, orgNameToRealmName).getApplication(str5).getApplicationType().getName().equals(str)) {
                            hashSet.addAll(originalMapApplNameToResources.get(str5));
                        }
                    }
                }
            }
            hashSet.addAll(getOrgAliasMappingResources(realm, str));
            return hashSet;
        } catch (SMSException e) {
            PolicyConstants.DEBUG.error("OpenSSOIndexStore.getReferredResources", e);
            throw new EntitlementException(275, realm);
        }
    }

    @Override // com.sun.identity.entitlement.PrivilegeIndexStore
    public List<Privilege> findAllPolicies() throws EntitlementException {
        return dataStore.findPoliciesByRealm(getRealm());
    }

    @Override // com.sun.identity.entitlement.PrivilegeIndexStore
    public List<Privilege> findAllPoliciesByApplication(String str) throws EntitlementException {
        return dataStore.findPoliciesByRealmAndApplication(getRealm(), str);
    }

    @Override // com.sun.identity.entitlement.PrivilegeIndexStore
    public List<Privilege> findAllPoliciesByIdentityUid(String str) throws EntitlementException {
        Reject.ifNull(str);
        return dataStore.findAllPoliciesByRealmAndSubjectIndex(getRealm(), Collections.singleton("identity:=" + str));
    }

    private Set<String> getParentRealms(String str) throws SMSException {
        String orgNameToRealmName;
        HashSet hashSet = new HashSet();
        OrganizationConfigManager organizationConfigManager = new OrganizationConfigManager(SubjectUtils.getSSOToken(this.superAdminSubject), str);
        do {
            organizationConfigManager = organizationConfigManager.getParentOrgConfigManager();
            orgNameToRealmName = DNMapper.orgNameToRealmName(organizationConfigManager.getOrganizationName());
            hashSet.add(orgNameToRealmName);
        } while (!orgNameToRealmName.equals("/"));
        return hashSet;
    }

    private Set<String> getPeerRealms(String str) throws SMSException {
        OrganizationConfigManager parentOrgConfigManager = new OrganizationConfigManager(SubjectUtils.getSSOToken(this.superAdminSubject), str).getParentOrgConfigManager();
        String orgNameToRealmName = DNMapper.orgNameToRealmName(parentOrgConfigManager.getOrganizationName());
        if (!orgNameToRealmName.endsWith("/")) {
            orgNameToRealmName = orgNameToRealmName + "/";
        }
        HashSet hashSet = new HashSet();
        Iterator it = parentOrgConfigManager.getSubOrganizationNames().iterator();
        while (it.hasNext()) {
            hashSet.add(orgNameToRealmName + ((String) it.next()));
        }
        hashSet.remove(getRealm());
        return hashSet;
    }

    static Set<String> getOrgAliasMappingResources(String str, String str2) throws SMSException {
        Set<String> set;
        HashSet hashSet = new HashSet();
        if (str2.equalsIgnoreCase(ApplicationTypeManager.URL_APPLICATION_TYPE_NAME)) {
            SSOToken sSOToken = (SSOToken) AccessController.doPrivileged(AdminTokenAction.getInstance());
            if (isOrgAliasMappingResourceEnabled(sSOToken) && (set = (Set) new OrganizationConfigManager(sSOToken, str).getAttributes("sunIdentityRepositoryService").get("sunOrganizationAliases")) != null && !set.isEmpty()) {
                for (String str3 : set) {
                    hashSet.add("https://" + str3.trim() + PolicyManager.ORG_ALIAS_URL_SUFFIX);
                    hashSet.add(PolicyManager.ORG_ALIAS_URL_HTTP_PREFIX + str3.trim() + PolicyManager.ORG_ALIAS_URL_SUFFIX);
                }
            }
        }
        return hashSet;
    }

    public static boolean isOrgAliasMappingResourceEnabled(SSOToken sSOToken) {
        try {
            Set<String> set = new ServiceSchemaManager(PolicyConfig.POLICY_CONFIG_SERVICE, sSOToken).getGlobalSchema().getAttributeDefaults().get(PolicyConfig.ORG_ALIAS_MAPPED_RESOURCES_ENABLED);
            if (set == null || set.isEmpty()) {
                return false;
            }
            return Boolean.valueOf(set.iterator().next()).booleanValue();
        } catch (SSOException e) {
            PolicyConstants.DEBUG.error("OpenSSOIndexStore.isOrgAliasMappingResourceEnabled", e);
            return false;
        } catch (SMSException e2) {
            PolicyConstants.DEBUG.error("OpenSSOIndexStore.isOrgAliasMappingResourceEnabled", e2);
            return false;
        }
    }

    String getRealmDN() {
        return this.realmDN;
    }

    public static int getNumCachedPolicies(String str) {
        return policyCache.getCount(str);
    }

    public static int getNumCachedReferrals(String str) {
        return referralCache.getCount(str);
    }

    public static int getNumCachedPolicies() {
        return policyCache.getCount();
    }

    public static int getNumCachedReferrals() {
        return referralCache.getCount();
    }

    @Override // com.sun.identity.entitlement.PrivilegeIndexStore
    public boolean hasPrivilgesWithApplication(String str, String str2) throws EntitlementException {
        return dataStore.hasPrivilgesWithApplication(getAdminSubject(), str, str2);
    }

    static {
        EntitlementConfiguration entitlementConfiguration = EntitlementUtils.getEntitlementConfiguration(SubjectUtils.createSuperAdminSubject(), "/");
        policyCacheSize = getInteger(entitlementConfiguration, EntitlementConfiguration.POLICY_CACHE_SIZE, Policy.DEFAULT_MAX_INPUT_SIZE);
        if (policyCacheSize > 0) {
            policyCache = new PolicyCache("PolicyCache", policyCacheSize);
            referralCache = new PolicyCache("ReferralPolicyCache", policyCacheSize);
        } else {
            policyCache = null;
            referralCache = null;
        }
        indexCacheSize = getInteger(entitlementConfiguration, EntitlementConfiguration.INDEX_CACHE_SIZE, Policy.DEFAULT_MAX_INPUT_SIZE);
        if (indexCacheSize > 0) {
            indexCaches = new CaseInsensitiveHashMap();
            referralIndexCaches = new CaseInsensitiveHashMap();
        } else {
            indexCaches = null;
            referralIndexCaches = null;
        }
        int integer = getInteger(entitlementConfiguration, EntitlementConfiguration.POLICY_SEARCH_THREAD_SIZE, 1);
        isMultiThreaded = integer > 1;
        threadPool = isMultiThreaded ? new EntitlementThreadPool(integer) : new SequentialThreadPool();
        try {
            new ServiceConfigManager(PolicyManager.POLICY_SERVICE_NAME, (SSOToken) AccessController.doPrivileged(AdminTokenAction.getInstance())).addListener(new EntitlementsListener());
        } catch (Exception e) {
            PolicyConstants.DEBUG.error("OpenSSOIndexStore.init Unable to register for SMS notifications", e);
        }
    }
}
