package com.sun.identity.idm;

import com.iplanet.am.sdk.AMConstants;
import com.iplanet.am.sdk.AMDirectoryAccessFactory;
import com.iplanet.am.sdk.AMException;
import com.iplanet.am.sdk.AMSDKBundle;
import com.iplanet.am.sdk.AMStoreConnection;
import com.iplanet.am.sdk.common.IDirectoryServices;
import com.iplanet.am.util.SystemProperties;
import com.iplanet.sso.SSOException;
import com.iplanet.sso.SSOToken;
import com.sun.identity.authentication.service.AuthD;
import com.sun.identity.common.CaseInsensitiveHashMap;
import com.sun.identity.common.DNUtils;
import com.sun.identity.security.AdminTokenAction;
import com.sun.identity.shared.Constants;
import com.sun.identity.shared.debug.Debug;
import com.sun.identity.sm.DNMapper;
import com.sun.identity.sm.OrgConfigViaAMSDK;
import com.sun.identity.sm.SMSEntry;
import com.sun.identity.sm.SMSException;
import com.sun.identity.sm.ServiceConfig;
import com.sun.identity.sm.ServiceConfigManager;
import com.sun.identity.sm.ServiceListener;
import com.sun.identity.sm.ServiceManager;
import java.security.AccessController;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import java.util.StringTokenizer;
import org.forgerock.openam.core.realms.RealmLookup;
import org.forgerock.openam.core.realms.RealmLookupException;
import org.forgerock.openam.ldap.LDAPUtils;
import org.forgerock.openam.sdk.org.forgerock.guice.core.InjectorHolder;
import org.forgerock.openam.sdk.org.forgerock.opendj.ldap.DN;

/* loaded from: input_file:WEB-INF/lib/openam-clientsdk-15.0.3.jar:com/sun/identity/idm/IdUtils.class */
public final class IdUtils {
    private static String notificationId;
    private static ServiceConfigManager serviceConfigManager;
    private static String USER_NAMING_ATTR;
    private static String ORG_NAMING_ATTR;
    private static String ROOT_SUFFIX;
    private static String SERVICES_SUFFIX;
    private static Debug debug = AMIdentityRepository.debug;
    private static Map mapSupportedTypes = new CaseInsensitiveHashMap(10);
    public static Set supportedTypes = new HashSet();
    private static Map mapTypesToServiceNames = new CaseInsensitiveHashMap();
    protected static Map typesCanBeMemberOf = new CaseInsensitiveHashMap();
    protected static Map typesCanHaveMembers = new CaseInsensitiveHashMap();
    protected static Map typesCanAddMembers = new CaseInsensitiveHashMap();
    private static Set specialUsers = new HashSet();

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:WEB-INF/lib/openam-clientsdk-15.0.3.jar:com/sun/identity/idm/IdUtils$IdUtilsListener.class */
    public static class IdUtilsListener implements ServiceListener {
        IdUtilsListener() {
        }

        @Override // com.sun.identity.sm.ServiceListener
        public void schemaChanged(String str, String str2) {
            IdUtils.initialize();
        }

        @Override // com.sun.identity.sm.ServiceListener
        public void globalConfigChanged(String str, String str2, String str3, String str4, int i) {
            IdUtils.initialize();
        }

        @Override // com.sun.identity.sm.ServiceListener
        public void organizationConfigChanged(String str, String str2, String str3, String str4, String str5, int i) {
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void initialize() {
        if (ServiceManager.isConfigMigratedTo70()) {
            try {
                serviceConfigManager = new ServiceConfigManager((SSOToken) AccessController.doPrivileged(AdminTokenAction.getInstance()), "sunIdentityRepositoryService", "1.0");
                ServiceConfig globalConfig = serviceConfigManager.getGlobalConfig(null);
                Set<String> subConfigNames = globalConfig.getSubConfigNames("*", IdConstants.SUPPORTED_TYPES);
                if (subConfigNames == null || subConfigNames.isEmpty()) {
                    loadDefaultTypes();
                } else {
                    for (String str : subConfigNames) {
                        IdType idType = new IdType(str);
                        supportedTypes.add(idType);
                        mapSupportedTypes.put(idType.getName(), idType);
                        Map<String, Set<String>> attributes = globalConfig.getSubConfig(str).getAttributes();
                        Set<String> set = attributes.get(IdConstants.SERVICE_NAME);
                        Set<String> set2 = attributes.get(IdConstants.ATTR_MEMBER_OF);
                        Set<String> set3 = attributes.get(IdConstants.ATTR_HAVE_MEMBERS);
                        Set<String> set4 = attributes.get(IdConstants.ATTR_ADD_MEMBERS);
                        if (set != null && !set.isEmpty()) {
                            mapTypesToServiceNames.put(str, set.iterator().next());
                        }
                        if (set2 != null && !set2.isEmpty()) {
                            typesCanBeMemberOf.put(str, getMemberSet(set2));
                        }
                        if (set3 != null && !set3.isEmpty()) {
                            typesCanHaveMembers.put(str, getMemberSet(set3));
                        }
                        if (set4 != null && !set4.isEmpty()) {
                            typesCanAddMembers.put(str, getMemberSet(set4));
                        }
                    }
                }
            } catch (SSOException e) {
                debug.error("dUtils.initialize: Loading default types", e);
                loadDefaultTypes();
            } catch (SMSException e2) {
                if (!SystemProperties.get(Constants.SYS_PROPERTY_INSTALL_TIME, "false").equals("true")) {
                    debug.error("IdUtils.initialize: Loading default types.", e2);
                }
                loadDefaultTypes();
            }
        } else {
            loadDefaultTypes();
        }
        if (notificationId == null) {
            try {
                SSOToken sSOToken = (SSOToken) AccessController.doPrivileged(AdminTokenAction.getInstance());
                if (serviceConfigManager == null) {
                    serviceConfigManager = new ServiceConfigManager(sSOToken, "sunIdentityRepositoryService", "1.0");
                }
                notificationId = serviceConfigManager.addListener(new IdUtilsListener());
            } catch (SSOException e3) {
                if (SystemProperties.get(Constants.SYS_PROPERTY_INSTALL_TIME, "false").equals("true")) {
                    return;
                }
                debug.error("IdUtils.initialize: Register notification", e3);
            } catch (SMSException e4) {
                if (SystemProperties.get(Constants.SYS_PROPERTY_INSTALL_TIME, "false").equals("true")) {
                    return;
                }
                debug.error("IdUtils.initialize: Register notification", e4);
            }
        }
    }

    public static AMIdentity getIdentity(SSOToken sSOToken) throws IdRepoException, SSOException {
        String property = sSOToken.getProperty(Constants.UNIVERSAL_IDENTIFIER);
        if (property == null) {
            property = sSOToken.getPrincipal().getName();
        }
        return getIdentity(sSOToken, property);
    }

    public static String getUniversalId(AMIdentity aMIdentity) {
        return aMIdentity.getUniversalId();
    }

    public static AMIdentity getIdentity(SSOToken sSOToken, String str) throws IdRepoException {
        return getIdentity(sSOToken, str, null);
    }

    public static AMIdentity getIdentity(SSOToken sSOToken, String str, String str2) throws IdRepoException {
        if (str == null || !LDAPUtils.isDN(str)) {
            throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.ILLEGAL_UNIVERSAL_IDENTIFIER, new Object[]{str});
        }
        DN newDN = LDAPUtils.newDN(str);
        if (str.toLowerCase().startsWith("id=")) {
            try {
                return new AMIdentity(newDN, sSOToken);
            } catch (IdRepoException e) {
                if (debug.messageEnabled()) {
                    debug.message("IdUtils:getIdentity(token, " + str + ") got exception: " + e.getMessage() + "\n\tContinuing with AMSDK DN check");
                }
            }
        }
        initializeSpecialUsers();
        if (specialUsers.contains(DNUtils.normalizeDN(str))) {
            return new AMIdentity(newDN, sSOToken, LDAPUtils.rdnValueFromDn(newDN), IdType.USER, ROOT_SUFFIX);
        }
        if (!ServiceManager.isAMSDKEnabled()) {
            return null;
        }
        if (str2 != null && !OrgConfigViaAMSDK.isAMSDKConfigured(str2)) {
            return null;
        }
        if (!ServiceManager.isAMSDKConfigured()) {
            return null;
        }
        initializeForGetIdentity();
        try {
            IDirectoryServices directoryServices = AMDirectoryAccessFactory.getDirectoryServices();
            try {
                if (str.startsWith(USER_NAMING_ATTR)) {
                    directoryServices.getAttributes(sSOToken, str, 1);
                }
            } catch (Exception e2) {
            }
            IdType type = getType(AMStoreConnection.getObjectName(directoryServices.getObjectType(sSOToken, str)));
            String str3 = AMConstants.CONTAINER_DEFAULT_TEMPLATE_ROLE;
            if (!type.equals(IdType.REALM)) {
                str3 = LDAPUtils.rdnValueFromDn(newDN);
            }
            String str4 = ROOT_SUFFIX;
            if (!str.equals(ROOT_SUFFIX) && !str.equals(SERVICES_SUFFIX)) {
                int indexOf = str.indexOf(ORG_NAMING_ATTR);
                if (indexOf == 0) {
                    str4 = OrgConfigViaAMSDK.getRealmForAMSDK(str, str2);
                } else if (indexOf > 0) {
                    str4 = OrgConfigViaAMSDK.getRealmForAMSDK(str.substring(indexOf), str2);
                }
                if (debug.messageEnabled()) {
                    debug.message("IdUtils.getIdentity:: amsdkdn=" + str + " maps to realm=" + str4);
                }
            } else if (str.equals(SERVICES_SUFFIX)) {
                String str5 = ROOT_SUFFIX;
            }
            return new AMIdentity(newDN, sSOToken, str3, type, str4);
        } catch (AMException e3) {
            if (!debug.messageEnabled()) {
                return null;
            }
            debug.message("IdUtils.getIdentity: Unable to resolve AMSDK DN: " + str, e3);
            return null;
        } catch (SSOException e4) {
            if (!debug.messageEnabled()) {
                return null;
            }
            debug.message("IdUtils.getIdentity: Unable to resolve AMSDK DN. Got SSOException", e4);
            return null;
        }
    }

    public static String getServiceName(IdType idType) {
        return (String) mapTypesToServiceNames.get(idType.getName());
    }

    public static IdType getType(String str) throws IdRepoException {
        if (str.equalsIgnoreCase("managedrole")) {
            str = "role";
        } else if (str.equalsIgnoreCase("organization") || str.equalsIgnoreCase(SMSEntry.OC_ORG_UNIT)) {
            str = "realm";
        }
        IdType idType = (IdType) mapSupportedTypes.get(str);
        if (idType == null) {
            throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.NOT_SUPPORTED_TYPE, new Object[]{str});
        }
        return idType;
    }

    @Deprecated
    public static String getDN(AMIdentity aMIdentity) {
        return aMIdentity.getDN() != null ? aMIdentity.getDN() : aMIdentity.getUniversalId();
    }

    @Deprecated
    public static String getOrganization(SSOToken sSOToken, String str) throws IdRepoException, SSOException {
        try {
            return ((RealmLookup) InjectorHolder.getInstance(RealmLookup.class)).lookup(str).asDN();
        } catch (RealmLookupException e) {
            throw new IdRepoException(e.getResourceBundleName(), e.getErrorCode(), e.getMessageArgs());
        }
    }

    @Deprecated
    public static boolean isOrganizationActive(SSOToken sSOToken, String str) throws IdRepoException, SSOException {
        try {
            RealmLookup realmLookup = (RealmLookup) InjectorHolder.getInstance(RealmLookup.class);
            return realmLookup.isActive(realmLookup.lookup(str));
        } catch (RealmLookupException e) {
            throw new IdRepoException(e.getResourceBundleName(), e.getErrorCode(), e.getMessageArgs());
        }
    }

    private static void initializeForGetIdentity() {
        if (ROOT_SUFFIX == null) {
            ROOT_SUFFIX = SMSEntry.getRootSuffix();
            StringBuilder sb = new StringBuilder(100);
            sb.append(SMSEntry.SERVICES_RDN).append(",").append(ROOT_SUFFIX);
            SERVICES_SUFFIX = DNUtils.normalizeDN(sb.toString());
        }
        if (ORG_NAMING_ATTR == null || USER_NAMING_ATTR == null) {
            try {
                ORG_NAMING_ATTR = AMStoreConnection.getNamingAttribute(2).toLowerCase() + "=";
                USER_NAMING_ATTR = AMStoreConnection.getNamingAttribute(1).toLowerCase() + "=";
            } catch (AMException e) {
                if (debug.warningEnabled()) {
                    debug.warning("IdUtils: unable to get naming attribute for org/user. Using \"o\"/\"uid\"");
                }
                ORG_NAMING_ATTR = "o=";
                USER_NAMING_ATTR = "uid=";
            }
        }
    }

    private static void initializeSpecialUsers() {
        if (specialUsers.isEmpty()) {
            StringTokenizer stringTokenizer = new StringTokenizer(SystemProperties.get(Constants.AUTHENTICATION_SPECIAL_USERS, ""), "|");
            while (stringTokenizer.hasMoreTokens()) {
                specialUsers.add(DNUtils.normalizeDN(stringTokenizer.nextToken()));
            }
            specialUsers.add(DNUtils.normalizeDN(SystemProperties.get(Constants.AUTHENTICATION_SUPER_USER, "")));
        }
    }

    public static IdRepoException convertAMException(AMException aMException) {
        Object[] messageArgs = aMException.getMessageArgs();
        IdRepoException idRepoException = messageArgs == null ? new IdRepoException(AMSDKBundle.BUNDLE_NAME, aMException.getErrorCode(), null) : new IdRepoException(AMSDKBundle.BUNDLE_NAME, aMException.getErrorCode(), messageArgs);
        idRepoException.setLDAPErrorCode(aMException.getLDAPErrorCode());
        return idRepoException;
    }

    private static void loadDefaultTypes() {
        supportedTypes.add(IdType.REALM);
        supportedTypes.add(IdType.AGENT);
        supportedTypes.add(IdType.USER);
        supportedTypes.add(IdType.ROLE);
        supportedTypes.add(IdType.GROUP);
        supportedTypes.add(IdType.FILTEREDROLE);
        mapSupportedTypes.put(IdType.REALM.getName(), IdType.REALM);
        mapSupportedTypes.put(IdType.USER.getName(), IdType.USER);
        mapSupportedTypes.put(IdType.ROLE.getName(), IdType.ROLE);
        mapSupportedTypes.put(IdType.FILTEREDROLE.getName(), IdType.FILTEREDROLE);
        mapSupportedTypes.put(IdType.AGENT.getName(), IdType.AGENT);
        mapSupportedTypes.put(IdType.GROUP.getName(), IdType.GROUP);
        HashSet hashSet = new HashSet();
        hashSet.add(IdType.ROLE);
        hashSet.add(IdType.GROUP);
        hashSet.add(IdType.FILTEREDROLE);
        typesCanBeMemberOf.put(IdType.USER.getName(), hashSet);
        HashSet hashSet2 = new HashSet();
        hashSet2.add(IdType.USER);
        typesCanHaveMembers.put(IdType.ROLE.getName(), hashSet2);
        typesCanHaveMembers.put(IdType.GROUP.getName(), hashSet2);
        typesCanHaveMembers.put(IdType.FILTEREDROLE.getName(), hashSet2);
        typesCanAddMembers.put(IdType.GROUP.getName(), hashSet2);
        typesCanAddMembers.put(IdType.ROLE.getName(), hashSet2);
    }

    private static Set getMemberSet(Set set) {
        HashSet hashSet = new HashSet(set.size() * 2);
        Iterator it = set.iterator();
        while (it.hasNext()) {
            hashSet.add(new IdType((String) it.next()));
        }
        return hashSet;
    }

    public static String getIdentityName(String str, String str2) throws IdRepoException {
        String str3 = str;
        if (str != null && str.toLowerCase().startsWith("id=")) {
            AMIdentity aMIdentity = new AMIdentity((SSOToken) null, str);
            str3 = aMIdentity.getName();
            if (!DNUtils.normalizeDN(str2).equals(DNUtils.normalizeDN(aMIdentity.getRealm()))) {
                throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.REALM_NAME_NOT_MATCH_AUTHENTICATION_REALM, new Object[]{str, str2});
            }
        }
        return str3;
    }

    public static AMIdentity getIdentity(String str, String str2) {
        AMIdentity aMIdentity = null;
        Set set = Collections.EMPTY_SET;
        try {
        } catch (SSOException e) {
            debug.warning("User's ssoToken has expired");
        } catch (IdRepoException e2) {
            debug.warning("Error searching for user identity");
        }
        if (str.toLowerCase().startsWith("id=")) {
            return new AMIdentity((SSOToken) null, str);
        }
        AMIdentityRepository aMIdentityRepository = getAMIdentityRepository(DNMapper.orgNameToDN(str2));
        IdSearchControl idSearchControl = new IdSearchControl();
        idSearchControl.setRecursive(true);
        idSearchControl.setAllReturnAttributes(false);
        idSearchControl.setMaxResults(0);
        IdSearchResults searchIdentities = aMIdentityRepository.searchIdentities(IdType.USER, str, idSearchControl);
        if (searchIdentities != null) {
            set = searchIdentities.getSearchResults();
        }
        if (set == null || set.size() != 1) {
            throw new IdRepoException("IdUtils.getIdentity : More than one user found");
        }
        aMIdentity = (AMIdentity) set.iterator().next();
        return aMIdentity;
    }

    public static AMIdentityRepository getAMIdentityRepository(String str) {
        return AuthD.getAuth().getAMIdentityRepository(str);
    }

    static {
        initialize();
    }
}
