package org.forgerock.openam.upgrade.steps;

import com.fasterxml.jackson.databind.ObjectMapper;
import com.iplanet.sso.SSOToken;
import com.sun.identity.entitlement.Application;
import com.sun.identity.entitlement.EntitlementException;
import com.sun.identity.entitlement.Privilege;
import com.sun.identity.entitlement.PrivilegeManager;
import java.security.PrivilegedAction;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.inject.Inject;
import javax.inject.Named;
import org.apache.commons.lang.StringUtils;
import org.forgerock.openam.entitlement.ResourceType;
import org.forgerock.openam.entitlement.service.ApplicationService;
import org.forgerock.openam.entitlement.service.ApplicationServiceFactory;
import org.forgerock.openam.entitlement.service.PrivilegeManagerFactory;
import org.forgerock.openam.entitlement.service.ResourceTypeService;
import org.forgerock.openam.ldap.LDAPRequests;
import org.forgerock.openam.sm.datalayer.api.ConnectionFactory;
import org.forgerock.openam.sm.datalayer.api.ConnectionType;
import org.forgerock.openam.sm.datalayer.api.DataLayer;
import org.forgerock.openam.sm.datalayer.api.DataLayerException;
import org.forgerock.openam.upgrade.UpgradeException;
import org.forgerock.openam.upgrade.UpgradeProgress;
import org.forgerock.openam.upgrade.UpgradeServices;
import org.forgerock.openam.upgrade.UpgradeStepInfo;
import org.forgerock.openam.upgrade.VersionUtils;
import org.forgerock.openam.utils.CollectionUtils;
import org.forgerock.opendj.ldap.Connection;
import org.forgerock.opendj.ldap.DN;
import org.forgerock.opendj.ldap.LdapException;
import org.forgerock.opendj.ldap.SearchResultReferenceIOException;
import org.forgerock.opendj.ldap.SearchScope;
import org.forgerock.opendj.ldif.ConnectionEntryReader;
import org.forgerock.util.Pair;

@UpgradeStepInfo(dependsOn = {"org.forgerock.openam.upgrade.steps.policy.UpgradeResourceTypeStep"})
/* loaded from: input_file:org/forgerock/openam/upgrade/steps/RemoveReferralsStep.class */
public final class RemoveReferralsStep extends AbstractUpgradeStep {
    private static final String AUDIT_REFERRALS_REPORT = "upgrade.policy.referrals";
    private static final String AUDIT_CLONING_APPLICATION_START = "upgrade.policy.cloning.application.start";
    private static final String AUDIT_REMOVING_REFERRAL_START = "upgrade.policy.removing.referral.start";
    private static final String AUDIT_APPLICATIONS_CLONED = "upgrade.policy.applications.cloned";
    private static final String AUDIT_REFERRALS_REMOVED = "upgrade.policy.referrals.removed";
    private static final String AUDIT_UPGRADE_SUCCESS = "upgrade.success";
    private static final String AUDIT_UPGRADE_FAIL = "upgrade.failed";
    private static final String REFERRAL_SEARCH_FILTER = "(&(ou:dn:=sunEntitlementIndexes)(ou:dn:=referrals)(sunserviceID=indexes))";
    private static final int AM_13 = 1300;
    private final ObjectMapper mapper;
    private final ApplicationServiceFactory applicationServiceFactory;
    private final ResourceTypeService resourceTypeService;
    private final PrivilegeManagerFactory policyServiceFactory;
    private final String rootDN;
    private final Map<String, Set<String>> applicationsToClone;
    private final Map<Pair<?, ?>, String> clonedResourceTypes;
    private final Set<DN> referralsToBeRemoved;

    @Inject
    public RemoveReferralsStep(ApplicationServiceFactory applicationServiceFactory, ResourceTypeService resourceTypeService, PrivilegeManagerFactory privilegeManagerFactory, @DataLayer(ConnectionType.DATA_LAYER) ConnectionFactory connectionFactory, PrivilegedAction<SSOToken> privilegedAction, @Named("root-dn-suffix") String str) {
        super(privilegedAction, connectionFactory);
        this.mapper = new ObjectMapper();
        this.applicationServiceFactory = applicationServiceFactory;
        this.resourceTypeService = resourceTypeService;
        this.policyServiceFactory = privilegeManagerFactory;
        this.rootDN = str;
        this.applicationsToClone = new HashMap();
        this.clonedResourceTypes = new HashMap();
        this.referralsToBeRemoved = new HashSet();
    }

    private ApplicationService appService(String str) {
        return this.applicationServiceFactory.create(getAdminSubject(), str);
    }

    @Override // org.forgerock.openam.upgrade.steps.UpgradeStep
    public void initialize() throws UpgradeException {
        if (VersionUtils.isCurrentVersionLessThan(AM_13, true)) {
            interrogateExistingReferrals();
        }
    }

    private void interrogateExistingReferrals() throws UpgradeException {
        try {
            Connection connection = getConnection();
            Throwable th = null;
            try {
                searchForReferrals(connection);
                if (connection != null) {
                    if (0 != 0) {
                        try {
                            connection.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        connection.close();
                    }
                }
            } finally {
            }
        } catch (DataLayerException | SearchResultReferenceIOException | LdapException e) {
            throw new UpgradeException("Unable to complete search for referrals", e);
        }
    }

    private void searchForReferrals(Connection connection) throws SearchResultReferenceIOException, LdapException, UpgradeException {
        ConnectionEntryReader search = connection.search(LDAPRequests.newSearchRequest(this.rootDN, SearchScope.WHOLE_SUBTREE, REFERRAL_SEARCH_FILTER, new String[]{"sunKeyValue"}));
        Throwable th = null;
        while (search.hasNext()) {
            try {
                try {
                    extractReferralInformation(search.readEntry());
                } catch (Throwable th2) {
                    th = th2;
                    throw th2;
                }
            } catch (Throwable th3) {
                if (search != null) {
                    if (th != null) {
                        try {
                            search.close();
                        } catch (Throwable th4) {
                            th.addSuppressed(th4);
                        }
                    } else {
                        search.close();
                    }
                }
                throw th3;
            }
        }
        if (search != null) {
            if (0 == 0) {
                search.close();
                return;
            }
            try {
                search.close();
            } catch (Throwable th5) {
                th.addSuppressed(th5);
            }
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:11:0x008a, code lost:
    
        if (r11 != null) goto L17;
     */
    /* JADX WARN: Code restructure failed: missing block: B:13:0x00a6, code lost:
    
        throw new org.forgerock.openam.upgrade.UpgradeException(java.lang.String.format("Expected referral %s to have serializable attribute", r9.getName()));
     */
    /* JADX WARN: Code restructure failed: missing block: B:15:0x00a7, code lost:
    
        r0 = r11.get("mapApplNameToResources").required().keys();
        r0 = r11.get("realms").required().asList(java.lang.String.class);
        r0 = r0.iterator();
     */
    /* JADX WARN: Code restructure failed: missing block: B:17:0x00d5, code lost:
    
        if (r0.hasNext() == false) goto L30;
     */
    /* JADX WARN: Code restructure failed: missing block: B:18:0x00d8, code lost:
    
        r0 = (java.lang.String) r0.next();
        r16 = r8.applicationsToClone.get(r0);
     */
    /* JADX WARN: Code restructure failed: missing block: B:19:0x00f6, code lost:
    
        if (r16 != null) goto L32;
     */
    /* JADX WARN: Code restructure failed: missing block: B:20:0x00f9, code lost:
    
        r16 = new java.util.HashSet();
        r8.applicationsToClone.put(r0, r16);
     */
    /* JADX WARN: Code restructure failed: missing block: B:22:0x0110, code lost:
    
        r16.addAll(r0);
     */
    /* JADX WARN: Code restructure failed: missing block: B:25:0x011d, code lost:
    
        return;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private void extractReferralInformation(org.forgerock.opendj.ldap.responses.SearchResultEntry r9) throws org.forgerock.openam.upgrade.UpgradeException {
        /*
            Method dump skipped, instructions count: 286
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.forgerock.openam.upgrade.steps.RemoveReferralsStep.extractReferralInformation(org.forgerock.opendj.ldap.responses.SearchResultEntry):void");
    }

    @Override // org.forgerock.openam.upgrade.steps.UpgradeStep
    public boolean isApplicable() {
        return (this.applicationsToClone.isEmpty() && this.referralsToBeRemoved.isEmpty()) ? false : true;
    }

    @Override // org.forgerock.openam.upgrade.steps.UpgradeStep
    public void perform() throws UpgradeException {
        instateReferredApplications();
        deleteExistingReferrals();
    }

    private void instateReferredApplications() throws UpgradeException {
        for (Map.Entry<String, Set<String>> entry : this.applicationsToClone.entrySet()) {
            try {
                instateReferredApplication(entry.getKey(), entry.getValue());
            } catch (EntitlementException e) {
                throw new UpgradeException("Application cloning failed");
            }
        }
    }

    private void instateReferredApplication(String str, Set<String> set) throws EntitlementException, UpgradeException {
        String findShallowestRealm = findShallowestRealm(set);
        String substring = findShallowestRealm.substring(0, findShallowestRealm.lastIndexOf(47) + 1);
        Application application = appService(substring).getApplication(str);
        if (application == null) {
            throw new UpgradeException(String.format("Expected application %s in realm %s", str, substring));
        }
        if (CollectionUtils.isEmpty(application.getResourceTypeUuids())) {
            throw new UpgradeException(String.format("Expected application %s to have some resource types", str));
        }
        if (application.getResourceTypeUuids().size() > 1) {
            throw new UpgradeException(String.format("Expected application %s to have a single resource type", str));
        }
        Iterator<String> it = set.iterator();
        while (it.hasNext()) {
            enactRequiredPolicyModelChanges(application, substring, it.next());
        }
    }

    private void enactRequiredPolicyModelChanges(Application application, String str, String str2) throws EntitlementException, UpgradeException {
        PrivilegeManager privilegeManager = this.policyServiceFactory.get(str2, getAdminSubject());
        List<Privilege> findAllPoliciesByApplication = privilegeManager.findAllPoliciesByApplication(application.getName());
        if (findAllPoliciesByApplication.isEmpty()) {
            return;
        }
        try {
            UpgradeProgress.reportStart(AUDIT_CLONING_APPLICATION_START, application.getName(), str2);
            String instateAssociatedResourceType = instateAssociatedResourceType((String) application.getResourceTypeUuids().iterator().next(), str, str2);
            appService(str2).saveApplication(cloneApplication(application, instateAssociatedResourceType));
            for (Privilege privilege : findAllPoliciesByApplication) {
                privilege.setResourceTypeUuid(instateAssociatedResourceType);
                privilegeManager.modify(privilege);
            }
            UpgradeProgress.reportEnd(AUDIT_UPGRADE_SUCCESS, new Object[0]);
        } catch (EntitlementException | UpgradeException e) {
            UpgradeProgress.reportEnd(AUDIT_UPGRADE_FAIL, new Object[0]);
            throw e;
        }
    }

    private String instateAssociatedResourceType(String str, String str2, String str3) throws EntitlementException, UpgradeException {
        Pair<?, ?> of = Pair.of(str3, str);
        if (this.clonedResourceTypes.containsKey(of)) {
            return this.clonedResourceTypes.get(of);
        }
        ResourceType resourceType = this.resourceTypeService.getResourceType(getAdminSubject(), str2, str);
        if (resourceType == null) {
            throw new UpgradeException(String.format("Expected resource type %s in realm %s", str, str2));
        }
        ResourceType cloneResourceType = cloneResourceType(resourceType);
        this.resourceTypeService.saveResourceType(getAdminSubject(), str3, cloneResourceType);
        this.clonedResourceTypes.put(of, cloneResourceType.getUUID());
        return cloneResourceType.getUUID();
    }

    private Application cloneApplication(Application application, String str) throws UpgradeException {
        try {
            Application application2 = new Application(application.getName(), application.getApplicationType());
            application2.setDescription(application.getDescription());
            application2.setSubjects(application.getSubjects());
            application2.setConditions(application.getConditions());
            application2.setResourceComparator(application.getResourceComparatorClass());
            application2.setSearchIndex(application.getSearchIndexClass());
            application2.setSaveIndex(application.getSaveIndexClass());
            application2.setEntitlementCombiner(application.getEntitlementCombinerClass());
            application2.setAttributeNames(application.getAttributeNames());
            application2.addAllResourceTypeUuids(Collections.singleton(str));
            return application2;
        } catch (IllegalAccessException | InstantiationException e) {
            throw new UpgradeException(String.format("Failed to clone application %s", application.getName()), e);
        }
    }

    private ResourceType cloneResourceType(ResourceType resourceType) {
        return ResourceType.builder().generateUUID().setName(resourceType.getName()).setDescription(resourceType.getDescription()).setActions(resourceType.getActions()).setPatterns(resourceType.getPatterns()).build();
    }

    private String findShallowestRealm(Set<String> set) {
        int i = Integer.MAX_VALUE;
        String str = "/";
        for (String str2 : set) {
            int countMatches = StringUtils.countMatches(str2, "/");
            if (countMatches < i) {
                str = str2;
                i = countMatches;
            }
        }
        return str;
    }

    private void deleteExistingReferrals() throws UpgradeException {
        try {
            Connection connection = getConnection();
            Throwable th = null;
            try {
                for (DN dn : this.referralsToBeRemoved) {
                    UpgradeProgress.reportStart(AUDIT_REMOVING_REFERRAL_START, dn);
                    connection.delete(LDAPRequests.newDeleteRequest(dn));
                    UpgradeProgress.reportEnd(AUDIT_UPGRADE_SUCCESS, new Object[0]);
                }
                if (connection != null) {
                    if (0 != 0) {
                        try {
                            connection.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        connection.close();
                    }
                }
            } finally {
            }
        } catch (DataLayerException | LdapException e) {
            UpgradeProgress.reportEnd(AUDIT_UPGRADE_FAIL, new Object[0]);
            throw new UpgradeException("Failed to delete referrals", e);
        }
    }

    @Override // org.forgerock.openam.upgrade.steps.UpgradeStep
    public String getShortReport(String str) {
        StringBuilder sb = new StringBuilder();
        if (!this.applicationsToClone.isEmpty()) {
            sb.append(BUNDLE.getString(AUDIT_APPLICATIONS_CLONED)).append(str);
        }
        if (!this.referralsToBeRemoved.isEmpty()) {
            sb.append(BUNDLE.getString(AUDIT_REFERRALS_REMOVED)).append(str);
        }
        return sb.toString();
    }

    @Override // org.forgerock.openam.upgrade.steps.UpgradeStep
    public String getDetailedReport(String str) {
        StringBuilder sb = new StringBuilder();
        if (!this.applicationsToClone.isEmpty()) {
            sb.append(BUNDLE.getString(AUDIT_APPLICATIONS_CLONED)).append(':').append(str);
            Iterator<String> it = this.applicationsToClone.keySet().iterator();
            while (it.hasNext()) {
                sb.append(it.next()).append(str);
            }
        }
        if (!this.referralsToBeRemoved.isEmpty()) {
            sb.append(BUNDLE.getString(AUDIT_REFERRALS_REMOVED)).append(':').append(str);
            Iterator<DN> it2 = this.referralsToBeRemoved.iterator();
            while (it2.hasNext()) {
                sb.append(it2.next()).append(str);
            }
        }
        HashMap hashMap = new HashMap();
        hashMap.put("%REPORT_TEXT%", sb.toString());
        hashMap.put(UpgradeServices.LF, str);
        return UpgradeServices.tagSwapReport(hashMap, AUDIT_REFERRALS_REPORT);
    }
}
