package org.forgerock.openam.security.whitelist;

import com.iplanet.sso.SSOException;
import com.iplanet.sso.SSOToken;
import com.sun.identity.security.AdminTokenAction;
import com.sun.identity.shared.debug.Debug;
import com.sun.identity.sm.DNMapper;
import com.sun.identity.sm.OrganizationConfigManager;
import com.sun.identity.sm.SMSException;
import com.sun.identity.sm.ServiceConfigManager;
import com.sun.identity.sm.ServiceListener;
import java.security.AccessController;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import java.util.Set;
import org.forgerock.openam.shared.security.whitelist.ValidDomainExtractor;

/* loaded from: input_file:WEB-INF/lib/openam-clientsdk-15.0.3.jar:org/forgerock/openam/security/whitelist/ValidGotoUrlExtractor.class */
public class ValidGotoUrlExtractor implements ValidDomainExtractor<String> {
    private static final String VALIDATION_SERVICE = "validationService";
    private static final String VALID_GOTO_RESOURCES = "openam-auth-valid-goto-resources";
    private static final ValidDomainExtractor<String> INSTANCE = new ValidGotoUrlExtractor();
    private static final Debug DEBUG = Debug.getInstance("patternMatching");
    private static final Map<String, Set<String>> CACHE = Collections.synchronizedMap(new HashMap());
    private static volatile boolean isListenerRegistered = false;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/openam-clientsdk-15.0.3.jar:org/forgerock/openam/security/whitelist/ValidGotoUrlExtractor$ConfigListener.class */
    public class ConfigListener implements ServiceListener {
        private ConfigListener() {
        }

        @Override // com.sun.identity.sm.ServiceListener
        public void schemaChanged(String str, String str2) {
        }

        @Override // com.sun.identity.sm.ServiceListener
        public void globalConfigChanged(String str, String str2, String str3, String str4, int i) {
        }

        @Override // com.sun.identity.sm.ServiceListener
        public void organizationConfigChanged(String str, String str2, String str3, String str4, String str5, int i) {
            if (ValidGotoUrlExtractor.DEBUG.messageEnabled()) {
                ValidGotoUrlExtractor.DEBUG.message("Auth Service organization configuration has changed\nserviceName: " + str + "\nversion: " + str2 + "\norgName: " + str3 + "\ngroupName: " + str4 + "\nserviceComponent: " + str5 + "\ntype: " + i);
            }
            ValidGotoUrlExtractor.CACHE.remove(ValidGotoUrlExtractor.this.normalizeRealm(str3));
        }
    }

    private ValidGotoUrlExtractor() {
    }

    public static ValidDomainExtractor<String> getInstance() {
        return INSTANCE;
    }

    @Override // org.forgerock.openam.shared.security.whitelist.ValidDomainExtractor
    public Collection<String> extractValidDomains(String str) {
        String normalizeRealm = normalizeRealm(str);
        Set<String> set = CACHE.get(normalizeRealm);
        if (set == null) {
            synchronized (CACHE) {
                set = CACHE.get(normalizeRealm);
                if (set == null) {
                    try {
                        set = getValidGotoUrlPatterns(normalizeRealm);
                        CACHE.put(normalizeRealm, set);
                    } catch (SMSException e) {
                        DEBUG.error("An error occurred while retrieving the valid goto URLs for realm " + normalizeRealm, e);
                        return null;
                    }
                }
            }
        }
        return set;
    }

    protected Set<String> getValidGotoUrlPatterns(String str) throws SMSException {
        Set<String> set = new OrganizationConfigManager(getAdminToken(), str).getServiceConfig(VALIDATION_SERVICE).getAttributes().get(VALID_GOTO_RESOURCES);
        if (DEBUG.messageEnabled()) {
            DEBUG.message("Valid goto URLs in realm " + str + ":\n" + set);
        }
        if (!isListenerRegistered) {
            try {
                new ServiceConfigManager(VALIDATION_SERVICE, getAdminToken()).addListener(new ConfigListener());
                isListenerRegistered = true;
            } catch (SSOException e) {
                DEBUG.error("An error occurred while registering SMS listener", e);
            } catch (SMSException e2) {
                DEBUG.error("An error occurred while registering SMS listener", e2);
            }
        }
        return set == null ? Collections.EMPTY_SET : Collections.unmodifiableSet(set);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public String normalizeRealm(String str) {
        return DNMapper.orgNameToDN(str);
    }

    private SSOToken getAdminToken() {
        return (SSOToken) AccessController.doPrivileged(AdminTokenAction.getInstance());
    }
}
