package com.sun.identity.plugin.datastore.impl;

import com.iplanet.sso.SSOException;
import com.iplanet.sso.SSOToken;
import com.sun.identity.idm.AMIdentity;
import com.sun.identity.idm.AMIdentityRepository;
import com.sun.identity.idm.IdRepoException;
import com.sun.identity.idm.IdSearchControl;
import com.sun.identity.idm.IdSearchOpModifier;
import com.sun.identity.idm.IdType;
import com.sun.identity.idm.IdUtils;
import com.sun.identity.plugin.datastore.DataStoreProvider;
import com.sun.identity.plugin.datastore.DataStoreProviderException;
import com.sun.identity.security.AdminTokenAction;
import com.sun.identity.shared.debug.Debug;
import com.sun.identity.shared.locale.Locale;
import com.sun.identity.sm.SMSEntry;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.ResourceBundle;
import java.util.Set;
import org.forgerock.openam.utils.CollectionUtils;
import org.forgerock.openam.utils.CrestQuery;
import org.forgerock.util.query.QueryFilter;

/* loaded from: input_file:com/sun/identity/plugin/datastore/impl/IdRepoDataStoreProvider.class */
public class IdRepoDataStoreProvider implements DataStoreProvider {
    private static ResourceBundle bundle = Locale.getInstallResourceBundle("fmDataStoreProvider");
    private static Debug debug = Debug.getInstance("libPlugins");
    private static Map idRepoMap = new HashMap();

    public IdRepoDataStoreProvider() {
        debug.message("IdRepoDataStoreProvider.constructor()");
    }

    public void init(String str) throws DataStoreProviderException {
    }

    public Set<String> getAttribute(String str, String str2) throws DataStoreProviderException {
        if (str == null) {
            throw new DataStoreProviderException(bundle.getString("nullUserId"));
        }
        if (str2 == null) {
            throw new DataStoreProviderException(bundle.getString("nullAttrName"));
        }
        try {
            return IdUtils.getIdentity((SSOToken) AccessController.doPrivileged((PrivilegedAction) AdminTokenAction.getInstance()), str).getAttribute(str2);
        } catch (IdRepoException e) {
            debug.error("IdRepoDataStoreProvider.getAttribute(1): IdRepo exception", e);
            throw new DataStoreProviderException(e);
        } catch (SSOException e2) {
            debug.error("IdRepoDataStoreProvider.getAttribute(1): invalid admin SSOtoken", e2);
            throw new DataStoreProviderException(e2);
        }
    }

    public Map<String, Set<String>> getAttributes(String str, Set<String> set) throws DataStoreProviderException {
        if (str == null) {
            throw new DataStoreProviderException(bundle.getString("nullUserId"));
        }
        if (set == null) {
            throw new DataStoreProviderException(bundle.getString("nullAttrSet"));
        }
        try {
            return IdUtils.getIdentity((SSOToken) AccessController.doPrivileged((PrivilegedAction) AdminTokenAction.getInstance()), str).getAttributes(set);
        } catch (IdRepoException e) {
            debug.error("IdRepoDataStoreProvider.getAttribute(2): IdRepo exception", e);
            throw new DataStoreProviderException(e);
        } catch (SSOException e2) {
            debug.error("IdRepoDataStoreProvider.getAttribute(2): invalid admin SSOtoken", e2);
            throw new DataStoreProviderException(e2);
        }
    }

    public byte[][] getBinaryAttribute(String str, String str2) throws DataStoreProviderException {
        if (str == null) {
            throw new DataStoreProviderException(bundle.getString("nullUserId"));
        }
        if (str2 == null) {
            throw new DataStoreProviderException(bundle.getString("nullAttrName"));
        }
        return getBinaryAttributes(str, CollectionUtils.asSet(new String[]{str2})).get(str2);
    }

    public Map<String, byte[][]> getBinaryAttributes(String str, Set<String> set) throws DataStoreProviderException {
        if (str == null) {
            throw new DataStoreProviderException(bundle.getString("nullUserId"));
        }
        if (set == null) {
            throw new DataStoreProviderException(bundle.getString("nullAttrSet"));
        }
        try {
            return IdUtils.getIdentity((SSOToken) AccessController.doPrivileged((PrivilegedAction) AdminTokenAction.getInstance()), str).getBinaryAttributes(set);
        } catch (IdRepoException e) {
            debug.error("IdRepoDataStoreProvider.getBinaryAttributes(): IdRepo exception", e);
            throw new DataStoreProviderException(e);
        } catch (SSOException e2) {
            debug.error("IdRepoDataStoreProvider.getBinaryAttributes(): invalid admin SSOToken", e2);
            throw new DataStoreProviderException(e2);
        }
    }

    public void setAttributes(String str, Map<String, Set<String>> map) throws DataStoreProviderException {
        if (str == null) {
            throw new DataStoreProviderException(bundle.getString("nullUserId"));
        }
        if (map == null) {
            throw new DataStoreProviderException(bundle.getString("nullAttrMap"));
        }
        try {
            AMIdentity identity = IdUtils.getIdentity((SSOToken) AccessController.doPrivileged((PrivilegedAction) AdminTokenAction.getInstance()), str);
            identity.setAttributes(map);
            identity.store();
        } catch (IdRepoException e) {
            debug.error("IdRepoDataStoreProvider.setAttribute(): IdRepo exception", e);
            throw new DataStoreProviderException(e);
        } catch (SSOException e2) {
            debug.error("IdRepoDataStoreProvider.setAttribute(): invalid admin SSOtoken", e2);
            throw new DataStoreProviderException(e2);
        }
    }

    public String getUserID(String str, Map<String, Set<String>> map) throws DataStoreProviderException {
        if (str == null) {
            str = SMSEntry.getRootSuffix();
        }
        if (map == null || map.isEmpty()) {
            throw new DataStoreProviderException(bundle.getString("nullAvPair"));
        }
        try {
            Set searchResults = getAMIdentityRepository(str).searchIdentities(IdType.USER, new CrestQuery("*", (QueryFilter) null, (List) null, false), getIdSearchControl(map, IdSearchOpModifier.AND)).getSearchResults();
            if (searchResults == null || searchResults.isEmpty()) {
                debug.message("IdRepoDataStoreProvider.getUserID : user not found");
                return null;
            }
            if (searchResults.size() > 1) {
                debug.message("IdRepoDataStoreProvider.getUserID : multiple match");
                throw new DataStoreProviderException(bundle.getString("multipleMatches"));
            }
            AMIdentity aMIdentity = (AMIdentity) searchResults.iterator().next();
            String universalId = IdUtils.getUniversalId(aMIdentity);
            if (debug.messageEnabled()) {
                debug.message("IdRepoDataStoreProvider.getUserID() Name=: " + aMIdentity.getName() + " DN=: " + aMIdentity.getDN() + " univId=: " + universalId);
            }
            return universalId;
        } catch (SSOException e) {
            debug.error("IdRepoDataStoreProvider.getUserID() : SSOException", e);
            throw new DataStoreProviderException(e);
        } catch (IdRepoException e2) {
            debug.error("IdRepoDataStoreProvider.getUserID(): IdRepoException", e2);
            throw new DataStoreProviderException(e2);
        }
    }

    public boolean isUserExists(String str) throws DataStoreProviderException {
        if (str == null) {
            throw new DataStoreProviderException(bundle.getString("nullUserId"));
        }
        try {
            return IdUtils.getIdentity((SSOToken) AccessController.doPrivileged((PrivilegedAction) AdminTokenAction.getInstance()), str).isActive();
        } catch (IdRepoException e) {
            debug.message("IdRepoDataStoreProvider.isUserExists()", e);
            return false;
        } catch (SSOException e2) {
            debug.error("IdRepoDataStoreProvider.isUserExists() : SSOException", e2);
            throw new DataStoreProviderException(e2);
        }
    }

    private synchronized AMIdentityRepository getAMIdentityRepository(String str) throws DataStoreProviderException {
        SSOToken sSOToken = (SSOToken) AccessController.doPrivileged((PrivilegedAction) AdminTokenAction.getInstance());
        AMIdentityRepository aMIdentityRepository = (AMIdentityRepository) idRepoMap.get(str);
        if (aMIdentityRepository == null) {
            aMIdentityRepository = new AMIdentityRepository(str, sSOToken);
            idRepoMap.put(str, aMIdentityRepository);
            if (debug.messageEnabled()) {
                debug.message("IdRepoDataStoreProvider.getAMIdRepo :  create IdRepo for realm " + str);
            }
        }
        return aMIdentityRepository;
    }

    private static IdSearchControl getIdSearchControl(Map map, IdSearchOpModifier idSearchOpModifier) {
        if (map == null || map.isEmpty()) {
            return null;
        }
        IdSearchControl idSearchControl = new IdSearchControl();
        idSearchControl.setTimeOut(0);
        idSearchControl.setMaxResults(0);
        idSearchControl.setAllReturnAttributes(false);
        idSearchControl.setSearchModifiers(IdSearchOpModifier.AND, map);
        return idSearchControl;
    }
}
