package org.forgerock.openam.upgrade.steps;

import com.iplanet.sso.SSOException;
import com.iplanet.sso.SSOToken;
import com.sun.identity.policy.NameNotFoundException;
import com.sun.identity.policy.PolicyException;
import com.sun.identity.policy.PolicyManager;
import com.sun.identity.policy.PolicyUtils;
import com.sun.identity.setup.AMSetupServlet;
import com.sun.identity.setup.ServicesDefaultValues;
import com.sun.identity.sm.SMSException;
import com.sun.identity.sm.ServiceConfigManager;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.PrivilegedAction;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import javax.inject.Inject;
import org.forgerock.openam.sm.datalayer.api.ConnectionFactory;
import org.forgerock.openam.sm.datalayer.api.ConnectionType;
import org.forgerock.openam.sm.datalayer.api.DataLayer;
import org.forgerock.openam.upgrade.UpgradeException;
import org.forgerock.openam.upgrade.UpgradeProgress;
import org.forgerock.openam.upgrade.UpgradeServices;
import org.forgerock.openam.upgrade.UpgradeStepInfo;
import org.forgerock.openam.utils.CollectionUtils;

@UpgradeStepInfo(dependsOn = {"org.forgerock.openam.upgrade.steps.UpgradeServiceSchemaStep"})
/* loaded from: input_file:org/forgerock/openam/upgrade/steps/MigrateValidGotoSetting.class */
public class MigrateValidGotoSetting extends AbstractUpgradeStep {
    private static final String LEGACY_GOTO_DOMAINS_SETTING = "iplanet-am-auth-valid-goto-domains";
    private static final String GOTO_RESOURCES = "openam-auth-valid-goto-resources";
    private static final String VALIDATION_SERVICE = "validationService";
    private static final String HIDDEN_REALM = "/sunamhiddenrealmdelegationservicepermissions";
    private static final String DELEGATION_POLICY_NAME = "AgentAccessToValidationService";
    private static final String DELEGATION_POLICY_FILE = "/WEB-INF/template/sms/validationServiceDelegationPolicy.xml";
    private static final String GOTO_DATA = "%GOTO_DATA%";
    private final Map<String, Set<String>> changes;
    private boolean delegationPolicyFound;

    @Inject
    public MigrateValidGotoSetting(PrivilegedAction<SSOToken> privilegedAction, @DataLayer(ConnectionType.DATA_LAYER) ConnectionFactory connectionFactory) {
        super(privilegedAction, connectionFactory);
        this.changes = new HashMap();
        this.delegationPolicyFound = false;
    }

    @Override // org.forgerock.openam.upgrade.steps.UpgradeStep
    public boolean isApplicable() {
        return !this.delegationPolicyFound;
    }

    @Override // org.forgerock.openam.upgrade.steps.UpgradeStep
    public void initialize() throws UpgradeException {
        try {
            if (new PolicyManager(getAdminToken(), HIDDEN_REALM).getPolicyNames(DELEGATION_POLICY_NAME).isEmpty()) {
                if (DEBUG.messageEnabled()) {
                    DEBUG.message("Unable to find the delegation policy in the hidden realm, looking for existing goto domain values.");
                }
                ServiceConfigManager serviceConfigManager = new ServiceConfigManager("iPlanetAMAuthService", getAdminToken());
                for (String str : getRealmNames()) {
                    if (DEBUG.messageEnabled()) {
                        DEBUG.message("Looking for valid goto URLs in realm " + str);
                    }
                    Set<String> set = (Set) serviceConfigManager.getOrganizationConfig(str, (String) null).getAttributesWithoutDefaults().get(LEGACY_GOTO_DOMAINS_SETTING);
                    if (set != null && !set.isEmpty()) {
                        this.changes.put(str, set);
                    }
                }
                if (DEBUG.messageEnabled()) {
                    DEBUG.message("Found the following existing goto URL domains in realms: " + this.changes);
                }
            } else {
                this.delegationPolicyFound = true;
            }
        } catch (SSOException e) {
            throw new UpgradeException("An error occurred while checking for old valid goto domains", e);
        } catch (PolicyException e2) {
            throw new UpgradeException("Unexpected error occurred while retrieving policies from the hidden realm", e2);
        } catch (NameNotFoundException e3) {
            throw new UpgradeException("Unable to find hidden realm", e3);
        } catch (SMSException e4) {
            throw new UpgradeException("An error occurred while checking for old valid goto domains", e4);
        }
    }

    @Override // org.forgerock.openam.upgrade.steps.UpgradeStep
    public void perform() throws UpgradeException {
        try {
            UpgradeProgress.reportStart("upgrade.goto.migrate.start", new Object[0]);
            if (CollectionUtils.isNotEmpty(this.changes)) {
                ServiceConfigManager serviceConfigManager = new ServiceConfigManager(VALIDATION_SERVICE, getAdminToken());
                ServiceConfigManager serviceConfigManager2 = new ServiceConfigManager("iPlanetAMAuthService", getAdminToken());
                for (Map.Entry<String, Set<String>> entry : this.changes.entrySet()) {
                    String key = entry.getKey();
                    if (DEBUG.messageEnabled()) {
                        DEBUG.message("Starting to migrate goto domains for realm: " + key);
                    }
                    serviceConfigManager.createOrganizationConfig(key, getAttrMap(GOTO_RESOURCES, entry.getValue()));
                    if (DEBUG.messageEnabled()) {
                        DEBUG.message("Removing old goto domains from iPlanetAMAuthService");
                    }
                    serviceConfigManager2.getOrganizationConfig(key, (String) null).setAttributes(getAttrMap(LEGACY_GOTO_DOMAINS_SETTING, Collections.EMPTY_SET));
                }
            } else if (DEBUG.messageEnabled()) {
                DEBUG.message("No goto domains to migrate.");
            }
            UpgradeProgress.reportEnd("upgrade.success", new Object[0]);
            if (DEBUG.messageEnabled()) {
                DEBUG.message("Attempting to create the delegation policy in the hidden realm");
            }
            UpgradeProgress.reportStart("upgrade.goto.policy.start", new Object[0]);
            PolicyUtils.createPolicies(new PolicyManager(getAdminToken(), HIDDEN_REALM), new ByteArrayInputStream(ServicesDefaultValues.tagSwap(AMSetupServlet.readFile(DELEGATION_POLICY_FILE), true).getBytes()));
            if (DEBUG.messageEnabled()) {
                DEBUG.message("Delegation policy successfully created under the hidden realm");
            }
            UpgradeProgress.reportEnd("upgrade.success", new Object[0]);
        } catch (PolicyException e) {
            UpgradeProgress.reportEnd("upgrade.failed", new Object[0]);
            throw new UpgradeException("An unexpected error occurred while importing the delegation policy", e);
        } catch (SMSException e2) {
            UpgradeProgress.reportEnd("upgrade.failed", new Object[0]);
            throw new UpgradeException("An error occurred while migrating the valid goto domain setting", e2);
        } catch (SSOException e3) {
            UpgradeProgress.reportEnd("upgrade.failed", new Object[0]);
            throw new UpgradeException("An error occurred while migrating the valid goto domain setting", e3);
        } catch (IOException e4) {
            UpgradeProgress.reportEnd("upgrade.failed", new Object[0]);
            throw new UpgradeException("An IO error occurred while reading the delegation policy", e4);
        }
    }

    private Map<String, Set<String>> getAttrMap(String str, Set<String> set) {
        HashMap hashMap = new HashMap(1);
        hashMap.put(str, set);
        return hashMap;
    }

    @Override // org.forgerock.openam.upgrade.steps.UpgradeStep
    public String getShortReport(String str) {
        return BUNDLE.getString("upgrade.goto.migrate.short") + str;
    }

    @Override // org.forgerock.openam.upgrade.steps.UpgradeStep
    public String getDetailedReport(String str) {
        HashMap hashMap = new HashMap(2);
        hashMap.put(UpgradeServices.LF, str);
        StringBuilder sb = new StringBuilder();
        if (CollectionUtils.isNotEmpty(this.changes)) {
            for (Map.Entry<String, Set<String>> entry : this.changes.entrySet()) {
                sb.append(BUNDLE.getString("upgrade.realm")).append(": ").append(entry.getKey()).append(str);
                Iterator<String> it = entry.getValue().iterator();
                while (it.hasNext()) {
                    sb.append("\t").append(it.next()).append(str);
                }
            }
        } else {
            sb.append(BUNDLE.getString("upgrade.goto.migrate.nogoto"));
        }
        hashMap.put(GOTO_DATA, sb.toString());
        return UpgradeServices.tagSwapReport(hashMap, "upgrade.gotoreport");
    }
}
