package com.sun.identity.authentication.config;

import com.iplanet.am.util.SystemProperties;
import com.iplanet.sso.SSOException;
import com.iplanet.sso.SSOToken;
import com.sun.identity.authentication.service.AuthUtils;
import com.sun.identity.authentication.share.AuthXMLTags;
import com.sun.identity.authentication.util.ISAuthConstants;
import com.sun.identity.common.DNUtils;
import com.sun.identity.security.AdminTokenAction;
import com.sun.identity.shared.debug.Debug;
import com.sun.identity.shared.xml.XMLUtils;
import com.sun.identity.sm.DNMapper;
import com.sun.identity.sm.OrganizationConfigManager;
import com.sun.identity.sm.SMSEntry;
import com.sun.identity.sm.SMSException;
import com.sun.identity.sm.SchemaType;
import com.sun.identity.sm.ServiceConfig;
import com.sun.identity.sm.ServiceConfigManager;
import com.sun.identity.sm.ServiceSchema;
import com.sun.identity.sm.ServiceSchemaManager;
import java.security.AccessController;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import org.apache.commons.configuration.tree.DefaultExpressionEngine;
import org.forgerock.openam.sts.AMSTSConstants;
import org.w3c.dom.Document;

/* loaded from: input_file:WEB-INF/lib/openam-clientsdk-15.0.3.jar:com/sun/identity/authentication/config/AMAuthenticationManager.class */
public class AMAuthenticationManager {
    private static final String BUNDLE_NAME = "amAuthConfig";
    private static final Debug DEBUG = Debug.getInstance(BUNDLE_NAME);
    private static final Set<String> AUTH_TYPES = new HashSet();
    private static final Map<String, String> MODULE_SERVICE_NAMES = new ConcurrentHashMap();
    private static final Set<String> GLOBAL_MODULE_NAMES = new HashSet();
    private static final Map<String, Map<String, Set<String>>> MODULE_INSTANCE_TABLE = Collections.synchronizedMap(new HashMap());
    private SSOToken token;
    private String realm;
    private ServiceConfig orgServiceConfig;

    public AMAuthenticationManager(SSOToken sSOToken, String str) throws AMConfigurationException {
        try {
            SMSEntry.validateToken(sSOToken);
            this.token = sSOToken;
            this.realm = DNUtils.normalizeDN(DNMapper.orgNameToDN(str));
            this.orgServiceConfig = getOrgServiceConfig();
            if (this.orgServiceConfig == null) {
                throw new AMConfigurationException(BUNDLE_NAME, "badRealm", new Object[]{this.realm});
            }
            synchronized (AMAuthenticationManager.class) {
                if (!MODULE_INSTANCE_TABLE.containsKey(this.realm)) {
                    buildModuleInstanceTable(sSOToken, this.realm);
                }
            }
        } catch (SMSException e) {
            throw new AMConfigurationException(e);
        } catch (Exception e2) {
            String str2 = SystemProperties.get(AdminTokenAction.AMADMIN_MODE);
            if (str2 == null || !str2.equalsIgnoreCase("false")) {
                return;
            }
            DEBUG.error("Token is invalid.", e2);
        }
    }

    public static synchronized void reInitializeAuthServices() {
        AUTH_TYPES.clear();
        GLOBAL_MODULE_NAMES.clear();
        initAuthenticationService();
    }

    public static Set<String> getAuthenticationTypes() {
        return AUTH_TYPES;
    }

    public static Set<String> getAuthenticationServiceNames() {
        HashSet hashSet = new HashSet(MODULE_SERVICE_NAMES.values());
        if (DEBUG.messageEnabled()) {
            DEBUG.message("Authenticator serviceNames: " + hashSet);
        }
        return hashSet;
    }

    public static String getAuthenticationServiceName(String str) {
        return MODULE_SERVICE_NAMES.get(str);
    }

    private static void initAuthenticationService() {
        SSOToken adminToken = getAdminToken();
        try {
            Iterator<String> it = new ServiceSchemaManager(ISAuthConstants.AUTH_SERVICE_NAME, adminToken).getGlobalSchema().getAttributeDefaults().get(ISAuthConstants.AUTHENTICATORS).iterator();
            while (it.hasNext()) {
                String next = it.next();
                int lastIndexOf = next.lastIndexOf(DefaultExpressionEngine.DEFAULT_PROPERTY_DELIMITER);
                if (lastIndexOf != -1) {
                    next = next.substring(lastIndexOf + 1);
                }
                if (!next.equals("Application")) {
                    AUTH_TYPES.add(next);
                }
                if (MODULE_SERVICE_NAMES.get(next) == null) {
                    String moduleServiceName = AuthUtils.getModuleServiceName(next);
                    try {
                        new ServiceSchemaManager(moduleServiceName, adminToken);
                        MODULE_SERVICE_NAMES.put(next, moduleServiceName);
                    } catch (Exception e) {
                        GLOBAL_MODULE_NAMES.add(next);
                        AUTH_TYPES.remove(next);
                    }
                }
            }
            if (DEBUG.messageEnabled()) {
                DEBUG.message("Global module names: " + GLOBAL_MODULE_NAMES);
                DEBUG.message("moduleServiceNames: " + MODULE_SERVICE_NAMES);
            }
        } catch (Exception e2) {
            String str = SystemProperties.get(AdminTokenAction.AMADMIN_MODE);
            if (str == null || !str.equalsIgnoreCase("false")) {
                return;
            }
            DEBUG.error("Failed to get module types", e2);
        }
    }

    private static void buildModuleInstanceTable(SSOToken sSOToken, String str) {
        try {
            if (DEBUG.messageEnabled()) {
                DEBUG.message("AMAuthenticationManager.buildModuleInstanceTable: realm = " + str);
            }
            Iterator<String> it = MODULE_SERVICE_NAMES.values().iterator();
            while (it.hasNext()) {
                buildModuleInstanceForService(str, it.next());
            }
        } catch (Exception e) {
            if (DEBUG.messageEnabled()) {
                DEBUG.message("building module instance table error", e);
            }
        }
    }

    private static synchronized void buildModuleInstanceForService(String str, String str2) {
        if (DEBUG.messageEnabled()) {
            DEBUG.message("start moduleInstanceTable : " + MODULE_INSTANCE_TABLE + " for realm : " + str + " and service : " + str2);
        }
        try {
            String moduleName = getModuleName(str2);
            if (DEBUG.messageEnabled()) {
                DEBUG.message("Module name : " + moduleName);
            }
            if (moduleName != null && moduleName.length() != 0) {
                ServiceConfig organizationConfig = new ServiceConfigManager(str2, getAdminToken()).getOrganizationConfig(str, null);
                if (organizationConfig == null && DEBUG.messageEnabled()) {
                    DEBUG.message("AMAuthenticationManager.buildModuleInstanceForService: Service=" + str2 + " not configured in realm=" + str);
                }
                String normalizeDN = DNUtils.normalizeDN(DNMapper.orgNameToDN(str));
                synchronized (MODULE_INSTANCE_TABLE) {
                    Map<String, Set<String>> remove = MODULE_INSTANCE_TABLE.remove(normalizeDN);
                    if (remove != null) {
                        HashMap hashMap = new HashMap(remove);
                        hashMap.remove(moduleName);
                        remove = hashMap;
                    }
                    HashSet hashSet = new HashSet();
                    Map map = null;
                    if (organizationConfig != null) {
                        map = organizationConfig.getAttributesWithoutDefaults();
                    }
                    if (map != null && !map.isEmpty()) {
                        hashSet.add(moduleName);
                    }
                    Set<String> set = null;
                    if (organizationConfig != null) {
                        set = organizationConfig.getSubConfigNames();
                    }
                    if (set != null) {
                        hashSet.addAll(set);
                    }
                    if (!hashSet.isEmpty()) {
                        if (remove == null) {
                            remove = new HashMap();
                        }
                        remove.put(moduleName, hashSet);
                    }
                    if (remove != null && !remove.isEmpty()) {
                        MODULE_INSTANCE_TABLE.put(normalizeDN, remove);
                    }
                }
            }
        } catch (Exception e) {
            if (DEBUG.messageEnabled()) {
                DEBUG.message("build module instance for service error: ", e);
            }
        }
        if (DEBUG.messageEnabled()) {
            DEBUG.message("return moduleInstanceTable: " + MODULE_INSTANCE_TABLE);
        }
    }

    public static synchronized void updateModuleInstanceTable(String str, String str2) {
        String orgNameToDN = DNMapper.orgNameToDN(str);
        if (MODULE_INSTANCE_TABLE.containsKey(orgNameToDN)) {
            buildModuleInstanceForService(orgNameToDN, str2);
        }
    }

    private static String getModuleName(String str) {
        for (String str2 : MODULE_SERVICE_NAMES.keySet()) {
            if (MODULE_SERVICE_NAMES.get(str2).equals(str)) {
                return str2;
            }
        }
        return null;
    }

    public AMAuthenticationSchema getAuthenticationSchema(String str) throws AMConfigurationException {
        return getAuthenticationSchema(str, this.token);
    }

    private static AMAuthenticationSchema getAuthenticationSchema(String str, SSOToken sSOToken) throws AMConfigurationException {
        if (DEBUG.messageEnabled()) {
            DEBUG.message("getting auth schema for " + str);
        }
        try {
            ServiceSchema organizationSchema = new ServiceSchemaManager(getServiceName(str), sSOToken).getOrganizationSchema();
            ServiceSchema subSchema = organizationSchema.getSubSchema(ISAuthConstants.SERVER_SUBSCHEMA);
            return new AMAuthenticationSchema(subSchema != null ? subSchema : organizationSchema);
        } catch (Exception e) {
            throw new AMConfigurationException(e);
        }
    }

    public AMAuthenticationInstance getAuthenticationInstance(String str) {
        String authInstanceType = getAuthInstanceType(str);
        if (authInstanceType == null) {
            return null;
        }
        return getAuthenticationInstance(str, authInstanceType);
    }

    private AMAuthenticationInstance getAuthenticationInstance(String str, String str2) {
        if (GLOBAL_MODULE_NAMES.contains(str)) {
            return new AMAuthenticationInstance(str, str2, null, null);
        }
        String serviceName = getServiceName(str2);
        try {
            Map<String, Set<String>> map = null;
            ServiceSchema serviceSchema = null;
            try {
                serviceSchema = new ServiceSchemaManager(serviceName, this.token).getSchema(SchemaType.GLOBAL);
                if (serviceSchema != null) {
                    map = serviceSchema.getAttributeDefaults();
                }
            } catch (SMSException e) {
            }
            Map<String, Set<String>> map2 = null;
            ServiceConfig serviceConfig = null;
            try {
                serviceConfig = new ServiceConfigManager(serviceName, this.token).getOrganizationConfig(this.realm, null);
                if (serviceConfig != null) {
                    if (str.equals(str2) && serviceConfig.getSubConfig(str) == null) {
                        map2 = serviceConfig.getAttributesWithoutDefaults();
                    } else {
                        serviceConfig = serviceConfig.getSubConfig(str);
                        if (serviceConfig != null) {
                            map2 = serviceConfig.getAttributes();
                        }
                    }
                }
            } catch (SSOException e2) {
                if (DEBUG.warningEnabled()) {
                    DEBUG.warning("Token doesn't have access to service: " + this.token + " :: " + serviceName);
                }
            } catch (SMSException e3) {
            }
            if (DEBUG.messageEnabled()) {
                DEBUG.message("global attrs = " + map);
                DEBUG.message("org attrs = ");
                if (map2 != null) {
                    for (Map.Entry<String, Set<String>> entry : map2.entrySet()) {
                        if (entry.getKey().endsWith("passwd") || entry.getKey().endsWith("Passwd") || entry.getKey().endsWith(AMSTSConstants.USERNAME_TOKEN_PASSWORD) || entry.getKey().endsWith(AuthXMLTags.PASSWORD) || entry.getKey().endsWith("secret")) {
                            DEBUG.message(((Object) entry.getKey()) + ": <BLOCKED>");
                        } else {
                            DEBUG.message(((Object) entry.getKey()) + ": " + entry.getValue());
                        }
                    }
                }
            }
            if ((map == null || map.isEmpty()) && (map2 == null || map2.isEmpty())) {
                return null;
            }
            return new AMAuthenticationInstance(str, str2, serviceConfig, serviceSchema);
        } catch (SSOException e4) {
            DEBUG.error("SSO token is invalid", e4);
            return null;
        } catch (SMSException e5) {
            if (!DEBUG.messageEnabled()) {
                return null;
            }
            DEBUG.message("Instance type does not exist: " + str2);
            return null;
        }
    }

    public String getAuthInstanceType(String str) {
        String str2 = null;
        if (GLOBAL_MODULE_NAMES.contains(str)) {
            str2 = str;
        } else {
            Map<String, Set<String>> map = MODULE_INSTANCE_TABLE.get(this.realm);
            if (map != null) {
                Iterator<String> it = map.keySet().iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    String next = it.next();
                    if (map.get(next).contains(str)) {
                        str2 = next;
                        break;
                    }
                }
            }
        }
        return str2;
    }

    public Set<String> getModuleInstanceNames(String str) {
        Set<String> set = Collections.EMPTY_SET;
        Map<String, Set<String>> map = MODULE_INSTANCE_TABLE.get(this.realm);
        if (map != null || !GLOBAL_MODULE_NAMES.isEmpty()) {
            set = new HashSet();
            if (map != null) {
                for (String str2 : map.keySet()) {
                    if (str2.equals(str)) {
                        set.addAll(map.get(str2));
                    }
                }
            }
        }
        if (DEBUG.messageEnabled()) {
            DEBUG.message("Registered module names: " + set);
        }
        return set;
    }

    private Set<String> getRegisteredModuleNames() {
        Set<String> set = Collections.EMPTY_SET;
        Map<String, Set<String>> map = MODULE_INSTANCE_TABLE.get(this.realm);
        if (map != null || !GLOBAL_MODULE_NAMES.isEmpty()) {
            set = new HashSet();
            if (map != null) {
                Iterator<String> it = map.keySet().iterator();
                while (it.hasNext()) {
                    set.addAll(map.get(it.next()));
                }
            }
            if (!GLOBAL_MODULE_NAMES.isEmpty()) {
                set.addAll(GLOBAL_MODULE_NAMES);
            }
        }
        if (DEBUG.messageEnabled()) {
            DEBUG.message("Registered module names: " + set);
        }
        return set;
    }

    public Set<String> getAllowedModuleNames() {
        Set<String> registeredModuleNames = getRegisteredModuleNames();
        if (registeredModuleNames != null) {
            registeredModuleNames.remove("Application");
        }
        return registeredModuleNames;
    }

    private boolean isInheritedAuthInstance(String str) {
        Set<String> set = this.orgServiceConfig.getAttributes().get(ISAuthConstants.AUTH_ALLOWED_MODULES);
        return set != null && set.contains(str);
    }

    private ServiceConfig getOrgServiceConfig() {
        try {
            return new ServiceConfigManager(ISAuthConstants.AUTH_SERVICE_NAME, this.token).getOrganizationConfig(this.realm, null);
        } catch (Exception e) {
            String str = SystemProperties.get(AdminTokenAction.AMADMIN_MODE);
            if (str == null || !str.equalsIgnoreCase("false")) {
                return null;
            }
            DEBUG.error("Service config for " + this.realm + " is null." + e.getMessage());
            return null;
        }
    }

    public Set<AMAuthenticationInstance> getAuthenticationInstances() {
        AMAuthenticationInstance authenticationInstance;
        Set<AMAuthenticationInstance> set = Collections.EMPTY_SET;
        Map<String, Set<String>> map = MODULE_INSTANCE_TABLE.get(this.realm);
        if (map != null || !GLOBAL_MODULE_NAMES.isEmpty()) {
            set = new HashSet();
            if (!GLOBAL_MODULE_NAMES.isEmpty()) {
                for (String str : GLOBAL_MODULE_NAMES) {
                    if (!str.equals("Application") && (authenticationInstance = getAuthenticationInstance(str, str)) != null) {
                        set.add(authenticationInstance);
                    }
                }
            }
            if (map != null) {
                for (String str2 : map.keySet()) {
                    Iterator<String> it = map.get(str2).iterator();
                    while (it.hasNext()) {
                        AMAuthenticationInstance authenticationInstance2 = getAuthenticationInstance(it.next(), str2);
                        if (authenticationInstance2 != null) {
                            set.add(authenticationInstance2);
                        }
                    }
                }
            }
        }
        return set;
    }

    public AMAuthenticationInstance createAuthenticationInstance(String str, String str2, Map map) throws AMConfigurationException {
        if (str.indexOf(32) != -1) {
            throw new AMConfigurationException(BUNDLE_NAME, "invalidAuthenticationInstanceName", null);
        }
        if (!getAuthenticationTypes().contains(str2)) {
            throw new AMConfigurationException(BUNDLE_NAME, "wrongType", new Object[]{str2});
        }
        AMAuthenticationInstance authenticationInstance = getAuthenticationInstance(str);
        if (authenticationInstance != null) {
            if (authenticationInstance.getServiceConfig() != null) {
                throw new AMConfigurationException(BUNDLE_NAME, "authInstanceExist", new Object[]{str});
            }
            throw new AMConfigurationException(BUNDLE_NAME, "authInstanceIsGlobal", new Object[]{str});
        }
        String serviceName = getServiceName(str2);
        ServiceSchema serviceSchema = null;
        try {
            serviceSchema = new ServiceSchemaManager(serviceName, this.token).getSchema(SchemaType.GLOBAL);
        } catch (SSOException e) {
            if (DEBUG.warningEnabled()) {
                DEBUG.warning("Token doesn't have access to service: " + this.token + " -> " + serviceName);
            }
        } catch (SMSException e2) {
        }
        try {
            OrganizationConfigManager organizationConfigManager = new OrganizationConfigManager(this.token, this.realm);
            if (!organizationConfigManager.getAssignedServices().contains(serviceName)) {
                organizationConfigManager.assignService(serviceName, null);
            }
            ServiceConfig serviceConfig = organizationConfigManager.getServiceConfig(serviceName);
            if (serviceConfig == null) {
                serviceConfig = organizationConfigManager.addServiceConfig(serviceName, null);
            }
            ServiceConfig serviceConfig2 = serviceConfig;
            if (str.equals(str2)) {
                serviceConfig2.setAttributes(map);
            } else {
                serviceConfig.addSubConfig(str, ISAuthConstants.SERVER_SUBSCHEMA, 0, map);
                serviceConfig2 = serviceConfig.getSubConfig(str);
            }
            if (!SystemProperties.isServerMode()) {
                buildModuleInstanceForService(this.realm, serviceName);
            }
            return new AMAuthenticationInstance(str, str2, serviceConfig2, serviceSchema);
        } catch (Exception e3) {
            throw new AMConfigurationException(e3);
        }
    }

    public void deleteAuthenticationInstance(String str) throws AMConfigurationException {
        AMAuthenticationInstance authenticationInstance = getAuthenticationInstance(str);
        if (authenticationInstance == null) {
            throw new AMConfigurationException(BUNDLE_NAME, "authInstanceNotExist", new Object[]{str});
        }
        if (isModuleInstanceInUse(str)) {
            throw new AMConfigurationException(BUNDLE_NAME, "authInstanceInUse", new Object[]{str});
        }
        String authInstanceType = getAuthInstanceType(str);
        ServiceConfig serviceConfig = authenticationInstance.getServiceConfig();
        if (serviceConfig == null) {
            throw new AMConfigurationException(BUNDLE_NAME, "authInstanceIsGlobal", new Object[]{authInstanceType});
        }
        try {
            if (str.equals(authInstanceType)) {
                Map attributesWithoutDefaults = serviceConfig.getAttributesWithoutDefaults();
                if (attributesWithoutDefaults != null) {
                    serviceConfig.removeAttributes(attributesWithoutDefaults.keySet());
                }
            } else {
                new ServiceConfigManager(serviceConfig.getServiceName(), this.token).getOrganizationConfig(this.realm, null).removeSubConfig(str);
            }
            if (isInheritedAuthInstance(str)) {
                HashSet hashSet = new HashSet();
                hashSet.add(str);
                this.orgServiceConfig.removeAttributeValues(ISAuthConstants.AUTH_ALLOWED_MODULES, hashSet);
            }
            if (!SystemProperties.isServerMode()) {
                buildModuleInstanceForService(this.realm, serviceConfig.getServiceName());
            }
        } catch (Exception e) {
            throw new AMConfigurationException(e);
        }
    }

    public boolean isEditable(AMAuthenticationInstance aMAuthenticationInstance) {
        return true;
    }

    private static String getServiceName(String str) {
        return MODULE_SERVICE_NAMES.get(str);
    }

    private boolean isModuleInstanceInUse(String str) {
        ServiceConfig subConfig;
        Set<String> set = Collections.EMPTY_SET;
        boolean z = false;
        try {
            ServiceConfig organizationConfig = new ServiceConfigManager("iPlanetAMAuthConfiguration", this.token).getOrganizationConfig(this.realm, null);
            if (organizationConfig != null && (subConfig = organizationConfig.getSubConfig("Configurations")) != null) {
                set = subConfig.getSubConfigNames("*");
            }
        } catch (Exception e) {
            if (DEBUG.messageEnabled()) {
                DEBUG.message("Failed to get named sub configurations.");
            }
        }
        Iterator<String> it = set.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            String next = it.next();
            if (DEBUG.messageEnabled()) {
                DEBUG.message("Checking " + next + " ...");
            }
            if (serviceContains(next, str)) {
                if (DEBUG.messageEnabled()) {
                    DEBUG.message(str + " is used in " + next);
                }
                z = true;
            }
        }
        return z;
    }

    private boolean serviceContains(String str, String str2) {
        Set set;
        Document dOMDocument;
        boolean z = false;
        Map map = null;
        if (str != null) {
            try {
                map = AMAuthConfigUtils.getNamedConfig(str, this.realm, this.token);
            } catch (Exception e) {
                if (DEBUG.messageEnabled()) {
                    DEBUG.message("Failed to get named sub config attrs.");
                }
            }
        }
        if (map != null && (set = (Set) map.get(ISAuthConstants.AUTHCONFIG_ROLE)) != null && !set.isEmpty()) {
            String str3 = (String) set.iterator().next();
            if (DEBUG.messageEnabled()) {
                DEBUG.message("service config for " + str + "  = " + str3);
            }
            if (str3 != null && str3.length() != 0 && (dOMDocument = XMLUtils.toDOMDocument(str3, DEBUG)) != null) {
                Iterator<String> it = XMLUtils.getAttributeValuePair(dOMDocument.getDocumentElement()).iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    String[] split = it.next().split(" ");
                    if (split.length > 0 && split[0].equals(str2)) {
                        z = true;
                        break;
                    }
                }
            }
        }
        return z;
    }

    private static SSOToken getAdminToken() {
        return (SSOToken) AccessController.doPrivileged(AdminTokenAction.getInstance());
    }

    static {
        initAuthenticationService();
    }
}
