package org.forgerock.openam.audit.configuration;

import com.iplanet.am.util.SystemProperties;
import com.iplanet.sso.SSOException;
import com.iplanet.sso.SSOToken;
import com.sun.identity.security.AdminTokenAction;
import com.sun.identity.shared.datastruct.CollectionHelper;
import com.sun.identity.shared.debug.Debug;
import com.sun.identity.sm.DNMapper;
import com.sun.identity.sm.SMSException;
import com.sun.identity.sm.SMSUtils;
import com.sun.identity.sm.ServiceConfig;
import com.sun.identity.sm.ServiceConfigManager;
import com.sun.identity.sm.ServiceListener;
import java.io.IOException;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.CopyOnWriteArrayList;
import javax.inject.Singleton;
import org.forgerock.audit.events.EventTopicsMetaData;
import org.forgerock.audit.events.EventTopicsMetaDataBuilder;
import org.forgerock.audit.filter.FilterPolicy;
import org.forgerock.openam.audit.AMAuditService;
import org.forgerock.openam.audit.AuditConstants;
import org.forgerock.openam.utils.IOUtils;
import org.forgerock.openam.utils.JsonValueBuilder;
import org.forgerock.openam.utils.RealmUtils;
import org.forgerock.openam.utils.StringUtils;

@Singleton
/* loaded from: input_file:org/forgerock/openam/audit/configuration/AuditServiceConfigurationProviderImpl.class */
public class AuditServiceConfigurationProviderImpl implements AuditServiceConfigurationProvider, ServiceListener {
    private final Debug debug = Debug.getInstance("amAudit");
    private final List<AuditServiceConfigurationListener> listeners = new CopyOnWriteArrayList();
    private volatile boolean initialised = false;
    private final EventTopicsMetaData eventTopicsMetaData = getEventTopicsMetaData();

    public void setupComplete() {
        if (this.initialised) {
            return;
        }
        notifyDefaultConfigurationListeners();
        Iterator<String> it = getRealmNames().iterator();
        while (it.hasNext()) {
            notifyRealmConfigurationListeners(it.next());
        }
        registerServiceListener();
        this.initialised = true;
    }

    public void addConfigurationListener(AuditServiceConfigurationListener auditServiceConfigurationListener) {
        this.listeners.add(auditServiceConfigurationListener);
        if (this.initialised) {
            auditServiceConfigurationListener.globalConfigurationChanged();
            for (String str : getRealmNames()) {
                if (SMSUtils.serviceExists(getAuditRealmConfiguration(str))) {
                    auditServiceConfigurationListener.realmConfigurationChanged(str);
                } else {
                    auditServiceConfigurationListener.realmConfigurationRemoved(str);
                }
            }
        }
    }

    public void removeConfigurationListener(AuditServiceConfigurationListener auditServiceConfigurationListener) {
        this.listeners.remove(auditServiceConfigurationListener);
    }

    public void globalConfigChanged(String str, String str2, String str3, String str4, int i) {
        if ("AuditService".equals(str)) {
            notifyDefaultConfigurationListeners();
        }
    }

    public void organizationConfigChanged(String str, String str2, String str3, String str4, String str5, int i) {
        if ("AuditService".equals(str)) {
            notifyRealmConfigurationListeners(DNMapper.orgNameToRealmName(str3));
        }
    }

    public AMAuditServiceConfiguration getDefaultConfiguration() {
        return getConfiguration(getAuditGlobalConfiguration());
    }

    public AMAuditServiceConfiguration getRealmConfiguration(String str) {
        return getConfiguration(getAuditRealmConfiguration(str));
    }

    public Set<AuditEventHandlerConfiguration> getDefaultEventHandlerConfigurations() {
        return getEventHandlerConfigurations(getAuditGlobalConfiguration());
    }

    public Set<AuditEventHandlerConfiguration> getRealmEventHandlerConfigurations(String str) {
        return getEventHandlerConfigurations(getAuditRealmConfiguration(str));
    }

    public EventTopicsMetaData getEventTopicsMetaData() {
        EventTopicsMetaDataBuilder coreTopicSchemas = EventTopicsMetaDataBuilder.coreTopicSchemas();
        try {
            coreTopicSchemas.withCoreTopicSchemaExtensions(JsonValueBuilder.toJsonValue(IOUtils.readStream(AMAuditService.class.getResourceAsStream("/org/forgerock/openam/audit/events-config.json")).replaceAll("\\s", "")));
        } catch (IOException e) {
            this.debug.error("Unable to read Audit event configuration file {}", new Object[]{"/org/forgerock/openam/audit/events-config.json", e});
        }
        return coreTopicSchemas.build();
    }

    private void notifyDefaultConfigurationListeners() {
        Iterator<AuditServiceConfigurationListener> it = this.listeners.iterator();
        while (it.hasNext()) {
            it.next().globalConfigurationChanged();
        }
    }

    private void notifyRealmConfigurationListeners(String str) {
        if (SMSUtils.serviceExists(getAuditRealmConfiguration(str))) {
            Iterator<AuditServiceConfigurationListener> it = this.listeners.iterator();
            while (it.hasNext()) {
                it.next().realmConfigurationChanged(str);
            }
        } else {
            Iterator<AuditServiceConfigurationListener> it2 = this.listeners.iterator();
            while (it2.hasNext()) {
                it2.next().realmConfigurationRemoved(str);
            }
        }
    }

    private void registerServiceListener() {
        try {
            String addListener = new ServiceConfigManager("AuditService", getAdminToken()).addListener(this);
            if (addListener == null) {
                throw new SMSException("Unable to register service config listener");
            }
            this.debug.message("Registered service config listener: {}", new Object[]{addListener});
        } catch (SSOException | SMSException e) {
            this.debug.error("Unable to create ServiceConfigManager", e);
        }
    }

    private AMAuditServiceConfiguration getConfiguration(ServiceConfig serviceConfig) {
        Map emptyMap = serviceConfig == null ? Collections.emptyMap() : serviceConfig.getAttributes();
        HashSet hashSet = new HashSet();
        if (!SystemProperties.getAsBoolean("org.forgerock.openam.audit.access.attempt.enabled")) {
            hashSet.add(AuditConstants.EventName.AM_ACCESS_ATTEMPT.toString());
        }
        AMAuditServiceConfiguration aMAuditServiceConfiguration = new AMAuditServiceConfiguration(CollectionHelper.getBooleanMapAttr(emptyMap, "auditEnabled", false), hashSet);
        HashSet hashSet2 = new HashSet();
        for (String str : (Set) emptyMap.get("fieldFilterPolicy")) {
            if (StringUtils.isNotEmpty(str)) {
                hashSet2.add(str.replaceAll("%AM_COOKIE_NAME%", SystemProperties.get("com.iplanet.am.cookie.name")).replaceAll("%AM_AUTH_COOKIE_NAME%", SystemProperties.get("com.sun.identity.auth.cookieName")));
            }
        }
        HashMap hashMap = new HashMap();
        FilterPolicy filterPolicy = new FilterPolicy();
        filterPolicy.setExcludeIf(hashSet2);
        hashMap.put("field", filterPolicy);
        aMAuditServiceConfiguration.setFilterPolicies(hashMap);
        return aMAuditServiceConfiguration;
    }

    private Set<AuditEventHandlerConfiguration> getEventHandlerConfigurations(ServiceConfig serviceConfig) {
        if (!SMSUtils.serviceExists(serviceConfig)) {
            return Collections.emptySet();
        }
        HashSet hashSet = new HashSet();
        try {
            for (String str : serviceConfig.getSubConfigNames()) {
                hashSet.add(AuditEventHandlerConfiguration.builder().withName(str).withAttributes(serviceConfig.getSubConfig(str).getAttributes()).withEventTopicsMetaData(this.eventTopicsMetaData).build());
            }
        } catch (SSOException | SMSException e) {
            this.debug.error("Error accessing service {}. No audit event handlers will be registered.", new Object[]{"AuditService", e});
        }
        return hashSet;
    }

    private ServiceConfig getAuditGlobalConfiguration() {
        try {
            return new ServiceConfigManager("AuditService", getAdminToken()).getGlobalConfig("default");
        } catch (SMSException | SSOException e) {
            this.debug.error("Error accessing service {}", new Object[]{"AuditService", e});
            return null;
        }
    }

    private ServiceConfig getAuditRealmConfiguration(String str) {
        try {
            return new ServiceConfigManager("AuditService", getAdminToken()).getOrganizationConfig(str, (String) null);
        } catch (SMSException | SSOException e) {
            this.debug.error("Error accessing service {}", new Object[]{"AuditService", e});
            return null;
        }
    }

    private SSOToken getAdminToken() {
        return (SSOToken) AccessController.doPrivileged((PrivilegedAction) AdminTokenAction.getInstance());
    }

    private Set<String> getRealmNames() {
        try {
            return RealmUtils.getRealmNames(getAdminToken());
        } catch (SMSException e) {
            this.debug.error("An error occurred while trying to retrieve the list of realms", e);
            return Collections.emptySet();
        }
    }

    public void schemaChanged(String str, String str2) {
    }
}
