package org.forgerock.openam.upgrade.steps;

import com.iplanet.sso.SSOToken;
import java.security.PrivilegedAction;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import javax.inject.Inject;
import org.forgerock.oauth2.core.exceptions.NotFoundException;
import org.forgerock.oauth2.core.exceptions.ServerException;
import org.forgerock.oauth2.resources.ResourceSetStore;
import org.forgerock.openam.oauth2.ResourceSetDescription;
import org.forgerock.openam.oauth2.resources.ResourceSetStoreFactory;
import org.forgerock.openam.sm.datalayer.api.ConnectionFactory;
import org.forgerock.openam.sm.datalayer.api.ConnectionType;
import org.forgerock.openam.sm.datalayer.api.DataLayer;
import org.forgerock.openam.sm.datalayer.api.DataLayerException;
import org.forgerock.openam.sm.datalayer.impl.ldap.LdapDataLayerConfiguration;
import org.forgerock.openam.tokens.CoreTokenField;
import org.forgerock.openam.uma.ResourceSetAcceptAllFilter;
import org.forgerock.openam.upgrade.UpgradeException;
import org.forgerock.openam.upgrade.UpgradeServices;
import org.forgerock.openam.upgrade.UpgradeStepInfo;
import org.forgerock.openam.utils.CollectionUtils;
import org.forgerock.opendj.ldap.Connection;
import org.forgerock.opendj.ldap.DN;
import org.forgerock.opendj.ldap.EntryNotFoundException;
import org.forgerock.opendj.ldap.Filter;
import org.forgerock.opendj.ldap.LdapException;
import org.forgerock.opendj.ldap.SearchResultReferenceIOException;
import org.forgerock.opendj.ldap.SearchScope;
import org.forgerock.opendj.ldap.requests.Requests;
import org.forgerock.opendj.ldif.ConnectionEntryReader;

@UpgradeStepInfo
/* loaded from: input_file:org/forgerock/openam/upgrade/steps/ResourceSetPolicyUrlUpgradeStep.class */
public class ResourceSetPolicyUrlUpgradeStep extends AbstractUpgradeStep {
    private static final String REALM = "%REALM%";
    private static final String COUNT = "%COUNT%";
    private static final String REPORT_DATA = "%REPORT_DATA%";
    private final Map<String, Set<String>> affected;
    private final ConnectionFactory<Connection> rsConnectionFactory;
    private final ResourceSetStoreFactory rsStoreFactory;
    private final DN rootDn;
    private long affectedCount;

    @Inject
    public ResourceSetPolicyUrlUpgradeStep(PrivilegedAction<SSOToken> privilegedAction, @DataLayer(ConnectionType.DATA_LAYER) ConnectionFactory connectionFactory, @DataLayer(ConnectionType.RESOURCE_SETS) ConnectionFactory connectionFactory2, @DataLayer(ConnectionType.RESOURCE_SETS) LdapDataLayerConfiguration ldapDataLayerConfiguration, ResourceSetStoreFactory resourceSetStoreFactory) {
        super(privilegedAction, connectionFactory);
        this.affected = new HashMap();
        this.affectedCount = 0L;
        this.rsConnectionFactory = connectionFactory2;
        this.rootDn = ldapDataLayerConfiguration.getTokenStoreRootSuffix();
        this.rsStoreFactory = resourceSetStoreFactory;
    }

    @Override // org.forgerock.openam.upgrade.steps.UpgradeStep
    public void initialize() throws UpgradeException {
        try {
            Connection connection = (Connection) this.rsConnectionFactory.create();
            Throwable th = null;
            try {
                connection.readEntry(this.rootDn, new String[0]);
                if (connection != null) {
                    if (0 != 0) {
                        try {
                            connection.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        connection.close();
                    }
                }
                for (String str : getRealmNames()) {
                    HashSet hashSet = new HashSet();
                    try {
                        Connection connection2 = (Connection) this.rsConnectionFactory.create();
                        Throwable th3 = null;
                        try {
                            try {
                                ConnectionEntryReader search = connection2.search(Requests.newSearchRequest(this.rootDn, SearchScope.SINGLE_LEVEL, Filter.and(new Filter[]{Filter.substrings(CoreTokenField.STRING_ONE.toString(), (Object) null, CollectionUtils.asSet(new String[]{"oauth2/XUI"}), (Object) null), Filter.equality(CoreTokenField.STRING_THREE.toString(), str)}), new String[]{CoreTokenField.TOKEN_ID.toString()}));
                                while (search.hasNext()) {
                                    if (search.isEntry()) {
                                        hashSet.add(search.readEntry().getAttribute(CoreTokenField.TOKEN_ID.toString()).firstValueAsString());
                                    } else {
                                        DEBUG.warning("Got an LDAP reference when expecting entries for resource sets: {}", new Object[]{search.readReference().getURIs()});
                                    }
                                }
                                if (connection2 != null) {
                                    if (0 != 0) {
                                        try {
                                            connection2.close();
                                        } catch (Throwable th4) {
                                            th3.addSuppressed(th4);
                                        }
                                    } else {
                                        connection2.close();
                                    }
                                }
                                if (!hashSet.isEmpty()) {
                                    this.affected.put(str, hashSet);
                                    this.affectedCount += hashSet.size();
                                }
                            } finally {
                            }
                        } finally {
                        }
                    } catch (SearchResultReferenceIOException e) {
                        throw new UpgradeException("Unexpected reference when already checked for entry", e);
                    } catch (DataLayerException | LdapException e2) {
                        throw new UpgradeException("Could not load resource sets for realm " + str, e2);
                    }
                }
            } finally {
            }
        } catch (EntryNotFoundException e3) {
        } catch (DataLayerException | LdapException e4) {
            throw new UpgradeException("Could not connect to LDAP resource set store", e4);
        }
    }

    @Override // org.forgerock.openam.upgrade.steps.UpgradeStep
    public boolean isApplicable() {
        return this.affectedCount > 0;
    }

    @Override // org.forgerock.openam.upgrade.steps.UpgradeStep
    public void perform() throws UpgradeException {
        for (Map.Entry<String, Set<String>> entry : this.affected.entrySet()) {
            ResourceSetStore create = this.rsStoreFactory.create(entry.getKey());
            for (String str : entry.getValue()) {
                try {
                    ResourceSetDescription read = create.read(str, ResourceSetAcceptAllFilter.INSTANCE);
                    read.setPolicyUri(read.getPolicyUri().replace("oauth2/XUI", "XUI"));
                    create.update(read);
                } catch (NotFoundException | ServerException e) {
                    throw new UpgradeException("Could not load resource set " + str + " for realm " + entry, e);
                }
            }
        }
    }

    @Override // org.forgerock.openam.upgrade.steps.UpgradeStep
    public String getShortReport(String str) {
        StringBuilder sb = new StringBuilder();
        if (this.affectedCount != 0) {
            sb.append(BUNDLE.getString("upgrade.resourcesets.short")).append(" (").append(this.affectedCount).append(')').append(str);
        }
        return sb.toString();
    }

    @Override // org.forgerock.openam.upgrade.steps.UpgradeStep
    public String getDetailedReport(String str) {
        HashMap hashMap = new HashMap();
        hashMap.put(UpgradeServices.LF, str);
        hashMap.put(REPORT_DATA, getRealmReport(str, this.affected.keySet()));
        return UpgradeServices.tagSwapReport(hashMap, "upgrade.resourcesets.report");
    }

    private String getRealmReport(String str, Set<String> set) {
        StringBuilder sb = new StringBuilder();
        for (String str2 : set) {
            HashMap hashMap = new HashMap();
            hashMap.put(UpgradeServices.LF, str);
            hashMap.put(REALM, str2);
            hashMap.put(COUNT, String.valueOf(this.affected.get(str2).size()));
            sb.append(UpgradeServices.tagSwapReport(hashMap, "upgrade.resourcesets.realmreport"));
        }
        return sb.toString();
    }
}
