package org.forgerock.openam.entitlement.configuration;

import com.iplanet.sso.SSOException;
import com.iplanet.sso.SSOToken;
import com.sun.identity.entitlement.EntitlementException;
import com.sun.identity.entitlement.PrivilegeManager;
import com.sun.identity.entitlement.opensso.OpenSSOLogger;
import com.sun.identity.entitlement.opensso.SubjectUtils;
import com.sun.identity.sm.DNMapper;
import com.sun.identity.sm.SMSDataEntry;
import com.sun.identity.sm.SMSEntry;
import com.sun.identity.sm.SMSException;
import com.sun.identity.sm.ServiceConfig;
import java.text.MessageFormat;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import java.util.logging.Level;
import javax.security.auth.Subject;
import org.forgerock.openam.core.DNWrapper;
import org.forgerock.openam.entitlement.ResourceType;
import org.forgerock.openam.entitlement.utils.EntitlementUtils;
import org.forgerock.openam.ldap.LDAPUtils;
import org.forgerock.openam.sdk.javax.inject.Inject;
import org.forgerock.openam.sdk.org.forgerock.opendj.ldap.DN;
import org.forgerock.openam.sdk.org.forgerock.opendj.ldap.Filter;
import org.forgerock.openam.sdk.org.forgerock.util.query.QueryFilter;

/* loaded from: input_file:WEB-INF/lib/openam-clientsdk-15.0.2.jar:org/forgerock/openam/entitlement/configuration/ResourceTypeConfigurationImpl.class */
public class ResourceTypeConfigurationImpl implements ResourceTypeConfiguration {
    private static final String REFERENCE_FILTER = "(|(sunxmlKeyValue=resourceTypeUuid={0})(sunxmlKeyValue=resourceTypeUuids={0}))";
    private final DNWrapper dnHelper;
    private final ResourceTypeServiceConfig resourceTypeServiceConfig;

    @Inject
    public ResourceTypeConfigurationImpl(DNWrapper dNWrapper, ResourceTypeServiceConfig resourceTypeServiceConfig) {
        this.dnHelper = dNWrapper;
        this.resourceTypeServiceConfig = resourceTypeServiceConfig;
    }

    @Override // org.forgerock.openam.entitlement.configuration.ResourceTypeConfiguration
    public ResourceType getResourceType(Subject subject, String str, String str2) throws EntitlementException {
        if (!containsUUID(subject, str, str2)) {
            return null;
        }
        try {
            return EntitlementUtils.resourceTypeFromMap(str2, this.resourceTypeServiceConfig.getOrgConfig(subject, str).getSubConfig(EntitlementUtils.CONFIG_RESOURCE_TYPES).getSubConfig(str2).getAttributesForRead());
        } catch (SSOException e) {
            PrivilegeManager.debug.error("ResourceTypeConfiguration.getResourceType", e);
            throw new EntitlementException(224, e, str);
        } catch (SMSException e2) {
            PrivilegeManager.debug.error("ResourceTypeConfiguration.getResourceType", e2);
            throw new EntitlementException(224, e2, str);
        }
    }

    @Override // org.forgerock.openam.entitlement.configuration.ResourceTypeConfiguration
    public boolean containsUUID(Subject subject, String str, String str2) throws EntitlementException {
        try {
            ServiceConfig subConfig = this.resourceTypeServiceConfig.getOrgConfig(subject, str).getSubConfig(EntitlementUtils.CONFIG_RESOURCE_TYPES);
            if (subConfig == null) {
                return false;
            }
            ServiceConfig subConfig2 = subConfig.getSubConfig(str2);
            return subConfig2 != null && subConfig2.exists();
        } catch (SSOException e) {
            PrivilegeManager.debug.error("ResourceTypeConfiguration.containsUUID", e);
            throw new EntitlementException(224, e, str);
        } catch (SMSException e2) {
            PrivilegeManager.debug.error("ResourceTypeConfiguration.containsUUID", e2);
            throw new EntitlementException(224, e2, str);
        }
    }

    @Override // org.forgerock.openam.entitlement.configuration.ResourceTypeConfiguration
    public boolean containsName(Subject subject, String str, String str2) throws EntitlementException {
        try {
            ServiceConfig subConfig = this.resourceTypeServiceConfig.getOrgConfig(subject, str).getSubConfig(EntitlementUtils.CONFIG_RESOURCE_TYPES);
            if (subConfig == null) {
                return false;
            }
            Iterator<String> it = subConfig.getSubConfigNames().iterator();
            while (it.hasNext()) {
                if (str2.equalsIgnoreCase(EntitlementUtils.getAttribute(subConfig.getSubConfig(it.next()).getAttributes(), "name"))) {
                    return true;
                }
            }
            return false;
        } catch (SSOException e) {
            PrivilegeManager.debug.error("ResourceTypeConfiguration.containsName", e);
            throw new EntitlementException(224, e, str);
        } catch (SMSException e2) {
            PrivilegeManager.debug.error("ResourceTypeConfiguration.containsName", e2);
            throw new EntitlementException(224, e2, str);
        }
    }

    @Override // org.forgerock.openam.entitlement.configuration.ResourceTypeConfiguration
    public void removeResourceType(Subject subject, String str, String str2) throws EntitlementException {
        try {
            String[] strArr = {str, str2};
            OpenSSOLogger.log(OpenSSOLogger.LogLevel.MESSAGE, Level.INFO, OpenSSOLogger.Message.ATTEMPT_REMOVE_RESOURCE_TYPE, strArr, subject);
            if (isResourceTypeUsed(subject, str, str2)) {
                throw new EntitlementException(EntitlementException.RESOURCE_TYPE_REFERENCED, str2);
            }
            this.resourceTypeServiceConfig.getSubOrgConfig(subject, str, EntitlementUtils.CONFIG_RESOURCE_TYPES).removeSubConfig(str2);
            OpenSSOLogger.log(OpenSSOLogger.LogLevel.MESSAGE, Level.INFO, OpenSSOLogger.Message.SUCCEEDED_REMOVE_RESOURCE_TYPE, strArr, subject);
        } catch (SSOException e) {
            handleRemoveException(subject, str, str2, e);
        } catch (SMSException e2) {
            handleRemoveException(subject, str, str2, e2);
        }
    }

    private boolean isResourceTypeUsed(Subject subject, String str, String str2) throws EntitlementException {
        try {
            for (String str3 : SMSEntry.search(SubjectUtils.getSSOToken(subject), this.dnHelper.orgNameToDN(str), MessageFormat.format(REFERENCE_FILTER, str2), 0, 0, false, false)) {
                if (str3.contains(EntitlementUtils.INDEXES_NAME) || str3.contains("sunEntitlementService")) {
                    return true;
                }
            }
            return false;
        } catch (SMSException e) {
            throw new EntitlementException(EntitlementException.INTERNAL_ERROR, e);
        }
    }

    @Override // org.forgerock.openam.entitlement.configuration.ResourceTypeConfiguration
    public void storeResourceType(Subject subject, String str, ResourceType resourceType) throws EntitlementException {
        String uuid = resourceType.getUUID();
        createResourceTypeCollectionConfig(subject, str, uuid);
        try {
            SMSEntry sMSEntry = new SMSEntry(SubjectUtils.getSSOToken(subject), getResourceTypeDN(str, uuid));
            String[] strArr = {str, uuid};
            sMSEntry.setAttributes(getResourceTypeData(resourceType));
            OpenSSOLogger.log(OpenSSOLogger.LogLevel.MESSAGE, Level.INFO, OpenSSOLogger.Message.ATTEMPT_SAVE_RESOURCE_TYPE, strArr, subject);
            sMSEntry.save();
            OpenSSOLogger.log(OpenSSOLogger.LogLevel.MESSAGE, Level.INFO, OpenSSOLogger.Message.SUCCEEDED_SAVE_RESOURCE_TYPE, strArr, subject);
        } catch (SSOException e) {
            handleSaveException(subject, str, uuid, e);
        } catch (SMSException e2) {
            handleSaveException(subject, str, uuid, e2);
        }
    }

    @Override // org.forgerock.openam.entitlement.configuration.ResourceTypeConfiguration
    public Set<ResourceType> getResourceTypes(QueryFilter<SmsAttribute> queryFilter, Subject subject, String str) throws EntitlementException {
        SSOToken sSOToken = SubjectUtils.getSSOToken(subject);
        String resourceTypeBaseDN = getResourceTypeBaseDN(str);
        Filter and = Filter.and(Filter.equality(SMSEntry.ATTR_SERVICE_ID, EntitlementUtils.RESOURCE_TYPE), (Filter) queryFilter.accept(new SmsQueryFilterVisitor(), null));
        HashSet hashSet = new HashSet();
        try {
            if (SMSEntry.checkIfEntryExists(resourceTypeBaseDN, sSOToken)) {
                Iterator search = SMSEntry.search(sSOToken, resourceTypeBaseDN, and.toString(), 0, 0, false, false, Collections.emptySet());
                while (search.hasNext()) {
                    SMSDataEntry sMSDataEntry = (SMSDataEntry) search.next();
                    String attributeValue = sMSDataEntry.getAttributeValue("name");
                    String name = LDAPUtils.getName(DN.valueOf(sMSDataEntry.getDN()));
                    Map<String, Boolean> actions = EntitlementUtils.getActions((Set<String>) sMSDataEntry.getAttributeValues("actions"));
                    Set attributeValues = sMSDataEntry.getAttributeValues(EntitlementUtils.CONFIG_PATTERNS);
                    String attributeValue2 = sMSDataEntry.getAttributeValue("description");
                    hashSet.add(ResourceType.builder().setUUID(name).setName(attributeValue).setActions(actions).setPatterns(attributeValues).setDescription(attributeValue2).setCreatedBy(sMSDataEntry.getAttributeValue(EntitlementUtils.CONFIG_CREATED_BY)).setCreationDate(Long.parseLong(sMSDataEntry.getAttributeValue(EntitlementUtils.CONFIG_CREATION_DATE))).setLastModifiedBy(sMSDataEntry.getAttributeValue(EntitlementUtils.CONFIG_LAST_MODIFIED_BY)).setLastModifiedDate(Long.parseLong(sMSDataEntry.getAttributeValue(EntitlementUtils.CONFIG_LAST_MODIFIED_DATE))).build());
                }
            }
            return hashSet;
        } catch (SMSException e) {
            throw new EntitlementException(224, str, e);
        }
    }

    @Override // org.forgerock.openam.entitlement.configuration.ResourceTypeConfiguration
    public Map<String, Map<String, Set<String>>> getResourceTypesData(Subject subject, String str) throws EntitlementException {
        HashMap hashMap = new HashMap();
        try {
            ServiceConfig subConfig = this.resourceTypeServiceConfig.getOrgConfig(subject, str).getSubConfig(EntitlementUtils.CONFIG_RESOURCE_TYPES);
            if (subConfig == null) {
                return hashMap;
            }
            for (String str2 : subConfig.getSubConfigNames()) {
                hashMap.put(str2, subConfig.getSubConfig(str2).getAttributesForRead());
            }
            return hashMap;
        } catch (SSOException e) {
            PrivilegeManager.debug.error("ResourceTypeConfiguration.getResourceTypesData", e);
            throw new EntitlementException(224, e, str);
        } catch (SMSException e2) {
            PrivilegeManager.debug.error("ResourceTypeConfiguration.getResourceTypesData", e2);
            throw new EntitlementException(224, e2, str);
        }
    }

    private void createResourceTypeCollectionConfig(Subject subject, String str, String str2) throws EntitlementException {
        try {
            ServiceConfig orgConfig = this.resourceTypeServiceConfig.getOrgConfig(subject, str);
            if (orgConfig.getSubConfig(EntitlementUtils.CONFIG_RESOURCE_TYPES) == null) {
                orgConfig.addSubConfig(EntitlementUtils.CONFIG_RESOURCE_TYPES, EntitlementUtils.SCHEMA_RESOURCE_TYPES, 0, Collections.EMPTY_MAP);
            }
        } catch (SSOException e) {
            handleSaveException(subject, str, str2, e);
        } catch (SMSException e2) {
            handleSaveException(subject, str, str2, e2);
        }
    }

    private String getResourceTypeDN(String str, String str2) {
        return "ou=" + str2 + "," + getResourceTypeBaseDN(str);
    }

    private String getResourceTypeBaseDN(String str) {
        return MessageFormat.format(EntitlementUtils.REALM_DN_TEMPLATE, EntitlementUtils.CONFIG_RESOURCE_TYPES, DNMapper.orgNameToDN(str));
    }

    private Map<String, Set<String>> getResourceTypeData(ResourceType resourceType) {
        HashMap hashMap = new HashMap();
        this.resourceTypeServiceConfig.prepareAttributeMap(hashMap, EntitlementUtils.RESOURCE_TYPE);
        HashSet hashSet = new HashSet();
        hashMap.put(SMSEntry.ATTR_KEYVAL, hashSet);
        if (resourceType.getDescription() != null) {
            hashSet.add("description=" + resourceType.getDescription());
        } else {
            hashSet.add("description=");
        }
        hashSet.add("creationDate=" + resourceType.getCreationDate());
        if (resourceType.getLastModifiedBy() != null) {
            hashSet.add("lastModifiedBy=" + resourceType.getLastModifiedBy());
        } else {
            hashSet.add("lastModifiedBy=");
        }
        hashSet.add("lastModifiedDate=" + resourceType.getLastModifiedDate());
        HashSet hashSet2 = new HashSet();
        hashMap.put(SMSEntry.ATTR_XML_KEYVAL, hashSet2);
        hashSet2.add("name=" + resourceType.getName());
        Iterator it = resourceType.getPatterns().iterator();
        while (it.hasNext()) {
            hashSet2.add("patterns=" + ((String) it.next()));
        }
        Iterator<String> it2 = EntitlementUtils.getActionSet(resourceType.getActions()).iterator();
        while (it2.hasNext()) {
            hashSet2.add("actions=" + it2.next());
        }
        if (resourceType.getCreatedBy() != null) {
            hashSet2.add("createdBy=" + resourceType.getCreatedBy());
        } else {
            hashSet2.add("createdBy=");
        }
        return hashMap;
    }

    private void handleSaveException(Subject subject, String str, String str2, Exception exc) throws EntitlementException {
        OpenSSOLogger.log(OpenSSOLogger.LogLevel.ERROR, Level.INFO, OpenSSOLogger.Message.FAILED_SAVE_RESOURCE_TYPE, new String[]{str, str2, exc.getMessage()}, subject);
        throw new EntitlementException(EntitlementException.MODIFY_RESOURCE_TYPE_FAIL, exc, str2);
    }

    private void handleRemoveException(Subject subject, String str, String str2, Exception exc) throws EntitlementException {
        OpenSSOLogger.log(OpenSSOLogger.LogLevel.ERROR, Level.INFO, OpenSSOLogger.Message.FAILED_REMOVE_RESOURCE_TYPE, new String[]{str, str2, exc.getMessage()}, subject);
        throw new EntitlementException(232, exc, str2);
    }
}
