package org.forgerock.openam.core.realms;

import com.iplanet.am.sdk.AMException;
import com.iplanet.am.sdk.AMSDKBundle;
import com.iplanet.am.sdk.AMStoreConnection;
import com.iplanet.sso.SSOException;
import com.iplanet.sso.SSOToken;
import com.sun.identity.idm.IdConstants;
import com.sun.identity.idm.IdRepoException;
import com.sun.identity.sm.OrganizationConfigManager;
import com.sun.identity.sm.OrganizationConfigManagerFactory;
import com.sun.identity.sm.SMSException;
import com.sun.identity.sm.ServiceManager;
import java.util.Collections;
import java.util.Set;
import java.util.StringTokenizer;
import org.forgerock.openam.ldap.LDAPConstants;
import org.forgerock.openam.ldap.LDAPUtils;
import org.forgerock.openam.sdk.javax.inject.Inject;
import org.forgerock.openam.sdk.javax.inject.Named;
import org.forgerock.openam.sdk.javax.inject.Provider;
import org.forgerock.openam.sdk.javax.inject.Singleton;
import org.forgerock.openam.sdk.org.forgerock.util.annotations.VisibleForTesting;
import org.forgerock.openam.sdk.org.slf4j.Logger;
import org.forgerock.openam.sdk.org.slf4j.LoggerFactory;
import org.forgerock.openam.utils.CollectionUtils;
import org.forgerock.openam.utils.StringUtils;

@Singleton
/* loaded from: input_file:WEB-INF/lib/openam-clientsdk-15.0.3.jar:org/forgerock/openam/core/realms/DefaultRealmLookup.class */
class DefaultRealmLookup implements RealmLookup {
    private static Logger logger = LoggerFactory.getLogger("amIdm");
    private final Provider<SSOToken> adminTokenProvider;
    private final OrganizationConfigManagerFactory organizationConfigManagerFactory;

    @Inject
    DefaultRealmLookup(@Named("AdminToken") Provider<SSOToken> provider, OrganizationConfigManagerFactory organizationConfigManagerFactory) {
        this.adminTokenProvider = provider;
        this.organizationConfigManagerFactory = organizationConfigManagerFactory;
    }

    @Override // org.forgerock.openam.core.realms.RealmLookup
    public final Realm lookup(String str) throws RealmLookupException {
        String str2 = null;
        logger.trace("DefaultRealms:lookup Input orgname: {}", str);
        if (StringUtils.isEmpty(str) || str.equals("/")) {
            str2 = Realm.root().asDN();
        } else if (str.startsWith("/")) {
            str2 = Realm.convertRealmPathToDN(str);
            try {
                this.organizationConfigManagerFactory.create((SSOToken) this.adminTokenProvider.get(), str);
            } catch (SMSException e) {
                logger.trace("DefaultRealms:lookup Exception in getting org name from SMS", (Throwable) e);
                throw new NoRealmFoundException(str);
            }
        } else if (LDAPUtils.isDN(str)) {
            str2 = str;
            try {
                this.organizationConfigManagerFactory.create((SSOToken) this.adminTokenProvider.get(), str);
            } catch (SMSException e2) {
                logger.trace("DefaultRealms:lookup Exception in getting org name from SMS", (Throwable) e2);
                throw new NoRealmFoundException(str);
            }
        } else if (isCoexistenceMode()) {
            logger.trace("DefaultRealms:lookup: getting from AMSDK");
            try {
                str2 = new AMStoreConnection((SSOToken) this.adminTokenProvider.get()).getOrganizationDN(str, null);
            } catch (AMException e3) {
                logger.trace("DefaultRealms:lookup Exception in getting org name from AMSDK", (Throwable) e3);
                throw convertAMException(e3);
            } catch (SSOException e4) {
                throw new RealmLookupException(e4);
            }
        } else {
            logger.trace("DefaultRealms:lookup: getting from SMS realms");
            try {
                boolean z = false;
                Set<String> subOrganisations = getSubOrganisations((SSOToken) this.adminTokenProvider.get(), str);
                if (CollectionUtils.isNotEmpty(subOrganisations)) {
                    if (subOrganisations.size() == 1) {
                        str2 = Realm.convertRealmPathToDN(subOrganisations.iterator().next());
                        z = true;
                    } else {
                        for (String str3 : subOrganisations) {
                            StringTokenizer stringTokenizer = new StringTokenizer(str3, "/");
                            while (stringTokenizer.hasMoreTokens()) {
                                if (stringTokenizer.nextToken().equalsIgnoreCase(str)) {
                                    if (z) {
                                        throw new MultipleRealmsFoundException(str);
                                    }
                                    str2 = Realm.convertRealmPathToDN(str3);
                                    z = true;
                                }
                            }
                        }
                    }
                }
                logger.trace("DefaultRealms:lookup: getting from SMS realms aliases");
                Set<String> realmAliases = getRealmAliases((SSOToken) this.adminTokenProvider.get(), str);
                if (!z && CollectionUtils.isEmpty(realmAliases)) {
                    logger.warn("DefaultRealms:lookup Unable to find Org name for: {}", str);
                    throw new NoRealmFoundException(str);
                }
                if (CollectionUtils.isNotEmpty(realmAliases) && z) {
                    boolean z2 = false;
                    if (realmAliases.size() == 1 && StringUtils.isEqualTo(Realm.convertRealmPathToDN(realmAliases.iterator().next()), str2)) {
                        z2 = true;
                    }
                    if (!z2) {
                        logger.warn("DefaultRealms:lookup Multiple  matching Orgs found for: {}", str);
                        throw new MultipleRealmsFoundException(str);
                    }
                } else if (CollectionUtils.isNotEmpty(realmAliases) && realmAliases.size() > 1) {
                    logger.warn("DefaultRealms:lookup Multiple  matching Orgs found for: {}", str);
                    throw new MultipleRealmsFoundException(str);
                }
                if (!z) {
                    str2 = Realm.convertRealmPathToDN(realmAliases.iterator().next());
                }
            } catch (SSOException | SMSException e5) {
                logger.trace("DefaultRealms:lookup Exception in getting org name from SMS", e5);
                throw new NoRealmFoundException(str);
            }
        }
        logger.trace("DefaultRealms:lookup Search for OrgIdentifier:{} returning realm DN: {}", str, str2);
        return new Realm(str2);
    }

    @Override // org.forgerock.openam.core.realms.RealmLookup
    public final boolean isActive(Realm realm) throws RealmLookupException {
        boolean z = true;
        if (!isCoexistenceMode()) {
            try {
                OrganizationConfigManager create = this.organizationConfigManagerFactory.create((SSOToken) this.adminTokenProvider.get(), realm.asDN());
                if (create == null) {
                    throw new NoRealmFoundException(realm.asPath());
                }
                Set set = (Set) create.getAttributes("sunIdentityRepositoryService").get(IdConstants.ORGANIZATION_STATUS_ATTR);
                z = (set == null || set.isEmpty()) ? true : ((String) set.iterator().next()).equalsIgnoreCase(LDAPConstants.STATUS_ACTIVE);
            } catch (SMSException e) {
                throw new NoRealmFoundException(realm.asPath());
            }
        } else if (isAMSDKEnabled()) {
            try {
                z = new AMStoreConnection((SSOToken) this.adminTokenProvider.get()).getOrganization(realm.asDN()).isActivated();
            } catch (AMException e2) {
                throw convertAMException(e2);
            } catch (SSOException e3) {
                throw new RealmLookupException(e3);
            }
        }
        return z;
    }

    private static RealmLookupException convertAMException(AMException aMException) {
        Object[] messageArgs = aMException.getMessageArgs();
        IdRepoException idRepoException = messageArgs == null ? new IdRepoException(AMSDKBundle.BUNDLE_NAME, aMException.getErrorCode(), null) : new IdRepoException(AMSDKBundle.BUNDLE_NAME, aMException.getErrorCode(), messageArgs);
        idRepoException.setLDAPErrorCode(aMException.getLDAPErrorCode());
        return new RealmLookupException(idRepoException);
    }

    @VisibleForTesting
    Set<String> getSubOrganisations(SSOToken sSOToken, String str) throws SMSException, SSOException {
        return new ServiceManager(sSOToken).getOrganizationConfigManager("/").getSubOrganizationNames(str, true);
    }

    @VisibleForTesting
    Set<String> getRealmAliases(SSOToken sSOToken, String str) throws RealmLookupException {
        try {
            return new ServiceManager(sSOToken).searchOrganizationNames("sunIdentityRepositoryService", "sunOrganizationAliases", Collections.singleton(str));
        } catch (SSOException | SMSException e) {
            throw new RealmLookupException(e);
        }
    }

    @VisibleForTesting
    boolean isCoexistenceMode() {
        return ServiceManager.isCoexistenceMode();
    }

    @VisibleForTesting
    boolean isAMSDKEnabled() {
        return ServiceManager.isAMSDKEnabled();
    }
}
