package org.forgerock.openam.entitlement.service;

import com.google.inject.assistedinject.Assisted;
import com.sun.identity.entitlement.Application;
import com.sun.identity.entitlement.ApplicationPrivilege;
import com.sun.identity.entitlement.ApplicationPrivilegeManager;
import com.sun.identity.entitlement.DenyOverride;
import com.sun.identity.entitlement.EntitlementConfiguration;
import com.sun.identity.entitlement.EntitlementException;
import com.sun.identity.entitlement.PrivilegeIndexStore;
import com.sun.identity.sm.DNMapper;
import java.security.Principal;
import java.util.Collections;
import java.util.Date;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.locks.ReentrantReadWriteLock;
import javax.inject.Inject;
import javax.security.auth.Subject;
import org.forgerock.openam.entitlement.PolicyConstants;
import org.forgerock.openam.utils.CollectionUtils;
import org.forgerock.openam.utils.StringUtils;
import org.forgerock.openam.utils.Time;
import org.forgerock.util.Reject;
import org.forgerock.util.query.QueryFilter;

/* loaded from: input_file:org/forgerock/openam/entitlement/service/ApplicationServiceImpl.class */
public class ApplicationServiceImpl implements ApplicationService {
    private static final Map<String, Set<Application>> applications = new ConcurrentHashMap();
    private static final ReentrantReadWriteLock readWriteLock = new ReentrantReadWriteLock();
    private final Subject subject;
    private final String realm;
    private final EntitlementConfiguration configuration;
    private final EntitlementConfiguration adminConfiguration;
    private final ResourceTypeService resourceTypeService;
    private final boolean superAdminSubject;

    @Inject
    public ApplicationServiceImpl(@Assisted Subject subject, @Assisted String str, EntitlementConfigurationFactory entitlementConfigurationFactory, ResourceTypeService resourceTypeService) {
        Reject.ifNull(subject, str);
        this.subject = subject;
        this.realm = str;
        this.configuration = entitlementConfigurationFactory.create(subject, str);
        this.adminConfiguration = entitlementConfigurationFactory.create(PolicyConstants.SUPER_ADMIN_SUBJECT, str);
        this.resourceTypeService = resourceTypeService;
        this.superAdminSubject = PolicyConstants.SUPER_ADMIN_SUBJECT.equals(subject);
    }

    public Set<Application> search(QueryFilter<String> queryFilter) throws EntitlementException {
        Set<Application> searchApplications = this.adminConfiguration.searchApplications(this.subject, queryFilter);
        return this.superAdminSubject ? searchApplications : getAccessibleApplications(this.realm, searchApplications);
    }

    public Set<String> getApplicationNames() throws EntitlementException {
        Set<Application> applications2 = getApplications(this.subject, this.realm);
        HashSet hashSet = new HashSet();
        Iterator<Application> it = applications2.iterator();
        while (it.hasNext()) {
            hashSet.add(it.next().getName());
        }
        return hashSet;
    }

    public Set<Application> getApplications() throws EntitlementException {
        return getApplications(this.subject, this.realm);
    }

    public Application getApplication(String str) throws EntitlementException {
        return getApplication(this.subject, str);
    }

    public void deleteApplication(String str) throws EntitlementException {
        boolean z = this.superAdminSubject;
        if (!z) {
            z = hasAccessToApplication(this.subject, str, ApplicationPrivilege.Action.MODIFY);
        }
        if (!z) {
            throw new EntitlementException(326);
        }
        Application application = getApplication(this.subject, str);
        if (application != null) {
            if (!application.canBeDeleted(this.realm)) {
                throw new EntitlementException(404);
            }
            this.configuration.removeApplication(str);
            clearCache();
        }
    }

    public Application saveApplication(Application application) throws EntitlementException {
        checkUserPrivileges(application);
        checkIfResourceTypeExists(application);
        setApplicationMetaData(application);
        setApplicationDefaultValues(application);
        this.configuration.storeApplication(application);
        clearCache();
        return application;
    }

    public void clearCache() {
        for (String str : applications.keySet()) {
            if (str.equalsIgnoreCase(this.realm)) {
                applications.remove(str);
                return;
            }
        }
    }

    public Set<String> getReferredResources(String str) throws EntitlementException {
        boolean z = this.superAdminSubject;
        if (!z) {
            z = hasAccessToApplication(PolicyConstants.SUPER_ADMIN_SUBJECT, str, ApplicationPrivilege.Action.READ);
        }
        return !z ? Collections.emptySet() : PrivilegeIndexStore.getInstance(this.subject, this.realm).getReferredResources(str);
    }

    private Set<Application> getAccessibleApplications(String str, Set<Application> set) {
        Set applications2 = ApplicationPrivilegeManager.getInstance(str, PolicyConstants.SUPER_ADMIN_SUBJECT).getApplications(ApplicationPrivilege.Action.READ);
        HashSet hashSet = new HashSet();
        for (Application application : set) {
            String name = application.getName();
            Application clone = application.clone();
            if (applications2.contains(name)) {
                hashSet.add(clone);
            }
        }
        return hashSet;
    }

    private Set<Application> getApplications(Subject subject, String str) throws EntitlementException {
        Set<Application> applicationsFromCache = getApplicationsFromCache(str);
        return PolicyConstants.SUPER_ADMIN_SUBJECT.equals(subject) ? applicationsFromCache : getAccessibleApplications(str, applicationsFromCache);
    }

    private Application getApplication(Subject subject, String str) throws EntitlementException {
        String validateApplicationName = validateApplicationName(str);
        for (Application application : getApplications(subject, this.realm)) {
            if (application.getName().equalsIgnoreCase(validateApplicationName)) {
                return application;
            }
        }
        clearCache();
        for (Application application2 : getApplications(subject, this.realm)) {
            if (application2.getName().equalsIgnoreCase(validateApplicationName)) {
                return application2;
            }
        }
        return null;
    }

    private String validateApplicationName(String str) {
        return StringUtils.isBlank(str) ? "iPlanetAMWebAgentService" : str;
    }

    private Set<Application> getApplicationsFromCache(String str) throws EntitlementException {
        String orgNameToRealmName = DNMapper.orgNameToRealmName(str);
        Set<Application> set = applications.get(orgNameToRealmName);
        if (set != null) {
            return set;
        }
        readWriteLock.writeLock().lock();
        try {
            Set<Application> applications2 = this.adminConfiguration.getApplications();
            applications.put(orgNameToRealmName, applications2);
            readWriteLock.writeLock().unlock();
            return applications2;
        } catch (Throwable th) {
            readWriteLock.writeLock().unlock();
            throw th;
        }
    }

    private void checkUserPrivileges(Application application) throws EntitlementException {
        boolean z = this.superAdminSubject;
        if (!z) {
            ApplicationPrivilegeManager applicationPrivilegeManager = ApplicationPrivilegeManager.getInstance(this.realm, this.subject);
            z = applicationPrivilegeManager == null ? false : isNewApplication(application) ? applicationPrivilegeManager.canCreateApplication(this.realm) : hasAccessToApplication(applicationPrivilegeManager, application, ApplicationPrivilege.Action.MODIFY);
        }
        if (!z) {
            throw new EntitlementException(326);
        }
    }

    private void checkIfResourceTypeExists(Application application) throws EntitlementException {
        if (CollectionUtils.isNotEmpty(application.getResourceTypeUuids())) {
            for (String str : application.getResourceTypeUuids()) {
                if (!this.resourceTypeService.contains(this.subject, this.realm, str)) {
                    throw new EntitlementException(237, new Object[]{str});
                }
            }
        }
    }

    private void setApplicationMetaData(Application application) {
        Date newDate = Time.newDate();
        Set<Principal> principals = this.subject.getPrincipals();
        String name = CollectionUtils.isNotEmpty(principals) ? principals.iterator().next().getName() : null;
        if (application.getCreationDate() == -1) {
            long applicationCreationDate = getApplicationCreationDate(application.getName());
            if (applicationCreationDate == -1) {
                application.setCreationDate(newDate.getTime());
                if (name != null) {
                    application.setCreatedBy(name);
                }
            } else {
                application.setCreationDate(applicationCreationDate);
                if (StringUtils.isBlank(application.getCreatedBy())) {
                    String applicationCreatedBy = getApplicationCreatedBy(application.getName());
                    if (StringUtils.isBlank(applicationCreatedBy)) {
                        application.setCreatedBy(name);
                    } else {
                        application.setCreatedBy(applicationCreatedBy);
                    }
                }
            }
        }
        application.setLastModifiedDate(newDate.getTime());
        if (name != null) {
            application.setLastModifiedBy(name);
        }
    }

    private void setApplicationDefaultValues(Application application) {
        if (application.getEntitlementCombiner() == null) {
            application.setEntitlementCombiner(DenyOverride.class);
        }
    }

    private String getApplicationCreatedBy(String str) {
        try {
            Application application = getApplication(PolicyConstants.SUPER_ADMIN_SUBJECT, str);
            if (application == null) {
                return null;
            }
            return application.getCreatedBy();
        } catch (EntitlementException e) {
            return null;
        }
    }

    private long getApplicationCreationDate(String str) {
        try {
            Application application = getApplication(PolicyConstants.SUPER_ADMIN_SUBJECT, str);
            if (application == null) {
                return -1L;
            }
            return application.getCreationDate();
        } catch (EntitlementException e) {
            return -1L;
        }
    }

    private boolean hasAccessToApplication(Subject subject, String str, ApplicationPrivilege.Action action) {
        Set applications2 = ApplicationPrivilegeManager.getInstance(this.realm, subject).getApplications(action);
        return applications2.isEmpty() || applications2.contains(str);
    }

    private boolean hasAccessToApplication(ApplicationPrivilegeManager applicationPrivilegeManager, Application application, ApplicationPrivilege.Action action) {
        return applicationPrivilegeManager.getApplications(action).contains(application.getName());
    }

    private boolean isNewApplication(Application application) throws EntitlementException {
        Set<Application> applicationsFromCache = getApplicationsFromCache(this.realm);
        String name = application.getName();
        Iterator<Application> it = applicationsFromCache.iterator();
        while (it.hasNext()) {
            if (it.next().getName().equalsIgnoreCase(name)) {
                return false;
            }
        }
        return true;
    }
}
