package org.forgerock.openam.services;

import com.iplanet.sso.SSOToken;
import com.sun.identity.security.AdminTokenAction;
import com.sun.identity.shared.debug.Debug;
import com.sun.identity.sm.DNMapper;
import com.sun.identity.sm.ServiceConfig;
import com.sun.identity.sm.ServiceConfigManager;
import com.sun.identity.sm.ServiceListener;
import com.sun.identity.sm.ServiceNotFoundException;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.Set;
import org.forgerock.openam.utils.ServiceConfigUtils;

@Deprecated
/* loaded from: input_file:org/forgerock/openam/services/RestSecurity.class */
public class RestSecurity {
    private static Debug debug = Debug.getInstance("frRest");
    private static ServiceConfigManager mgr;
    private RestSecurityConfiguration restSecurityConfiguration;
    private static final String TWO_FACTOR_AUTH_ENABLED = "forgerockRESTSecurityTwoFactorAuthEnabled";
    private static final String SELF_SERVICE = "forgerockRESTSecuritySelfServiceEnabled";
    private static final String SELF_REGISTRATION = "forgerockRESTSecuritySelfRegistrationEnabled";
    private static final String SELF_REG_CONFIRMATION_URL = "forgerockRESTSecuritySelfRegConfirmationUrl";
    private static final String FORGOT_PASSWORD = "forgerockRESTSecurityForgotPasswordEnabled";
    private static final String SELF_REG_TOKEN_LIFE_TIME = "forgerockRESTSecuritySelfRegTokenTTL";
    private static final String FORGOT_PASSWORD_TOKEN_LIFE_TIME = "forgerockRESTSecurityForgotPassTokenTTL";
    private static final String FORGOT_PASSWORD_CONFIRMATION_URL = "forgerockRESTSecurityForgotPassConfirmationUrl";
    private static final String PROTECTED_USER_ATTRIBUTES = "forgerockRESTSecurityProtectedUserAttributes";
    private static final String SUCCESSFUL_USER_REGISTRATION_DESTINATION = "forgerockRESTSecuritySuccessfulUserRegistrationDestination";
    private static final String SERVICE_NAME = "RestSecurity";
    private static final String SERVICE_VERSION = "1.0";
    private final String realm;

    /* loaded from: input_file:org/forgerock/openam/services/RestSecurity$RestSecurityChangeListener.class */
    private class RestSecurityChangeListener implements ServiceListener {
        private RestSecurityChangeListener() {
        }

        public void schemaChanged(String str, String str2) {
            RestSecurity.debug.warning("The schemaChanged ServiceListener method was invoked for service " + str + ". This is unexpected.");
        }

        public void globalConfigChanged(String str, String str2, String str3, String str4, int i) {
            RestSecurity.debug.warning("The globalConfigChanged ServiceListener method was invoked for service " + str);
        }

        public void organizationConfigChanged(String str, String str2, String str3, String str4, String str5, int i) {
            if (currentRealmTargetedByOrganizationUpdate(str, str2, str3, i)) {
                if (RestSecurity.debug.messageEnabled()) {
                    RestSecurity.debug.message("Updating RestSecurity service configuration state for realm " + RestSecurity.this.realm);
                }
                RestSecurity.this.initializeSettings(RestSecurity.mgr);
            }
            if (currentRealmTargetedByOrganizaionRemoved(str, str2, str3, i)) {
                ServiceConfigManager unused = RestSecurity.mgr = null;
            } else if (RestSecurity.debug.messageEnabled()) {
                RestSecurity.debug.message("Got service update message, but update did not target Rest Security settings in " + RestSecurity.this.realm + " realm. ServiceName: " + str + " version: " + str2 + " orgName: " + str3 + " groupName: " + str4 + " serviceComponent: " + str5 + " type (modified=4, delete=2, add=1): " + i + " realm as DN: " + DNMapper.orgNameToDN(RestSecurity.this.realm));
            }
        }

        private boolean currentRealmTargetedByOrganizaionRemoved(String str, String str2, String str3, int i) {
            return str.equalsIgnoreCase(RestSecurity.SERVICE_NAME) && str2.equalsIgnoreCase(RestSecurity.SERVICE_VERSION) && 2 == i && str3 != null && str3.equals(DNMapper.orgNameToDN(RestSecurity.this.realm));
        }

        private boolean currentRealmTargetedByOrganizationUpdate(String str, String str2, String str3, int i) {
            return str.equalsIgnoreCase(RestSecurity.SERVICE_NAME) && str2.equalsIgnoreCase(RestSecurity.SERVICE_VERSION) && (4 == i || 1 == i) && str3 != null && str3.equals(DNMapper.orgNameToDN(RestSecurity.this.realm));
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/forgerock/openam/services/RestSecurity$RestSecurityConfiguration.class */
    public static class RestSecurityConfiguration {
        final Long selfRegTokenLifeTime;
        final String selfRegistrationConfirmationUrl;
        final Long forgotPasswordTokenLifeTime;
        final String forgotPasswordConfirmationUrl;
        final Boolean selfRegistration;
        final Boolean forgotPassword;
        final Set<String> protectedUserAttributes;
        final String successfulUserRegistrationDestination;
        final Boolean twoFactorAuthEnabled;
        final Boolean selfService;

        private RestSecurityConfiguration(Long l, String str, Long l2, String str2, Boolean bool, Boolean bool2, Set<String> set, String str3, Boolean bool3, Boolean bool4) {
            this.selfRegTokenLifeTime = l;
            this.selfRegistrationConfirmationUrl = str;
            this.forgotPasswordTokenLifeTime = l2;
            this.forgotPasswordConfirmationUrl = str2;
            this.selfRegistration = bool;
            this.forgotPassword = bool2;
            this.protectedUserAttributes = set;
            this.successfulUserRegistrationDestination = str3;
            this.twoFactorAuthEnabled = bool3;
            this.selfService = bool4;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void initializeSettings(ServiceConfigManager serviceConfigManager) {
        try {
            ServiceConfig organizationConfig = serviceConfigManager.getOrganizationConfig(this.realm, (String) null);
            Boolean booleanAttribute = ServiceConfigUtils.getBooleanAttribute(organizationConfig, SELF_SERVICE);
            Boolean booleanAttribute2 = ServiceConfigUtils.getBooleanAttribute(organizationConfig, SELF_REGISTRATION);
            RestSecurityConfiguration restSecurityConfiguration = new RestSecurityConfiguration(ServiceConfigUtils.getLongAttribute(organizationConfig, SELF_REG_TOKEN_LIFE_TIME), ServiceConfigUtils.getStringAttribute(organizationConfig, SELF_REG_CONFIRMATION_URL), ServiceConfigUtils.getLongAttribute(organizationConfig, FORGOT_PASSWORD_TOKEN_LIFE_TIME), ServiceConfigUtils.getStringAttribute(organizationConfig, FORGOT_PASSWORD_CONFIRMATION_URL), booleanAttribute2, ServiceConfigUtils.getBooleanAttribute(organizationConfig, FORGOT_PASSWORD), ServiceConfigUtils.getSetAttribute(organizationConfig, PROTECTED_USER_ATTRIBUTES), ServiceConfigUtils.getStringAttribute(organizationConfig, SUCCESSFUL_USER_REGISTRATION_DESTINATION), ServiceConfigUtils.getBooleanAttribute(organizationConfig, TWO_FACTOR_AUTH_ENABLED), booleanAttribute);
            setProviderConfig(restSecurityConfiguration);
            if (debug.messageEnabled()) {
                debug.message("Successfully updated rest security service settings for realm " + this.realm + " with settings " + restSecurityConfiguration);
            }
        } catch (Exception e) {
            debug.error("Not able to initialize Rest Security service settings for realm " + this.realm + " Exception: " + e, e);
        }
    }

    private synchronized void setProviderConfig(RestSecurityConfiguration restSecurityConfiguration) {
        this.restSecurityConfiguration = restSecurityConfiguration;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public RestSecurity(String str) {
        this.realm = str;
        try {
            mgr = new ServiceConfigManager((SSOToken) AccessController.doPrivileged((PrivilegedAction) AdminTokenAction.getInstance()), SERVICE_NAME, SERVICE_VERSION);
        } catch (Exception e) {
            debug.error("Cannot get ServiceConfigManager", e);
        }
        initializeSettings(mgr);
        if (mgr.addListener(new RestSecurityChangeListener()) == null) {
            debug.error("Could not add listener to ServiceConfigManager instance. Rest Security service changes will not be dynamically updated for realm " + str);
        }
    }

    public boolean isTwoFactorAuthEnabled() throws ServiceNotFoundException {
        if (this.restSecurityConfiguration != null && this.restSecurityConfiguration.twoFactorAuthEnabled != null) {
            return this.restSecurityConfiguration.twoFactorAuthEnabled.booleanValue();
        }
        debug.error("RestSecurity::Unable to get provider setting for : forgerockRESTSecurityTwoFactorAuthEnabled");
        throw new ServiceNotFoundException("RestSecurity::Unable to get provider setting for : forgerockRESTSecurityTwoFactorAuthEnabled");
    }

    public boolean isSelfServiceRestEndpointEnabled() throws ServiceNotFoundException {
        if (this.restSecurityConfiguration != null && this.restSecurityConfiguration.selfService != null) {
            return this.restSecurityConfiguration.selfService.booleanValue();
        }
        debug.error("RestSecurity::Unable to get provider setting for : forgerockRESTSecuritySelfServiceEnabled");
        throw new ServiceNotFoundException("RestSecurity::Unable to get provider setting for : forgerockRESTSecuritySelfServiceEnabled");
    }

    public boolean isSelfRegistration() throws ServiceNotFoundException {
        if (this.restSecurityConfiguration != null && this.restSecurityConfiguration.selfRegistration != null) {
            return this.restSecurityConfiguration.selfRegistration.booleanValue();
        }
        debug.error("RestSecurity::Unable to get provider setting for : forgerockRESTSecuritySelfRegistrationEnabled");
        throw new ServiceNotFoundException("RestSecurity::Unable to get provider setting for : forgerockRESTSecuritySelfRegistrationEnabled");
    }

    public String getSelfRegistrationConfirmationUrl() {
        return this.restSecurityConfiguration.selfRegistrationConfirmationUrl;
    }

    public boolean isForgotPassword() throws ServiceNotFoundException {
        if (this.restSecurityConfiguration != null && this.restSecurityConfiguration.forgotPassword != null) {
            return this.restSecurityConfiguration.forgotPassword.booleanValue();
        }
        debug.error("RestSecurity::Unable to get provider setting for : forgerockRESTSecurityForgotPasswordEnabled");
        throw new ServiceNotFoundException("RestSecurity::Unable to get provider setting for : forgerockRESTSecurityForgotPasswordEnabled");
    }

    public String getForgotPasswordConfirmationUrl() {
        return this.restSecurityConfiguration.forgotPasswordConfirmationUrl;
    }

    public Long getSelfRegTLT() throws ServiceNotFoundException {
        if (this.restSecurityConfiguration != null && this.restSecurityConfiguration.selfRegTokenLifeTime != null) {
            return this.restSecurityConfiguration.selfRegTokenLifeTime;
        }
        debug.error("RestSecurity::Unable to get provider setting for : forgerockRESTSecuritySelfRegTokenTTL");
        throw new ServiceNotFoundException("RestSecurity::Unable to get provider setting for : forgerockRESTSecuritySelfRegTokenTTL");
    }

    public Set<String> getProtectedUserAttributes() {
        return this.restSecurityConfiguration.protectedUserAttributes;
    }

    public String getSuccessfulUserRegistrationDestination() {
        return this.restSecurityConfiguration.successfulUserRegistrationDestination;
    }

    public Long getForgotPassTLT() throws ServiceNotFoundException {
        if (this.restSecurityConfiguration != null && this.restSecurityConfiguration.forgotPasswordTokenLifeTime != null) {
            return this.restSecurityConfiguration.forgotPasswordTokenLifeTime;
        }
        debug.error("RestSecurity::Unable to get provider setting for : forgerockRESTSecurityForgotPassTokenTTL");
        throw new ServiceNotFoundException("RestSecurity::Unable to get provider setting for : forgerockRESTSecurityForgotPassTokenTTL");
    }
}
