package org.forgerock.openam.upgrade.steps;

import com.google.common.collect.ImmutableMap;
import com.iplanet.sso.SSOException;
import com.iplanet.sso.SSOToken;
import com.sun.identity.sm.SMSException;
import com.sun.identity.sm.ServiceConfig;
import com.sun.identity.sm.ServiceConfigManager;
import java.security.PrivilegedAction;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import javax.inject.Inject;
import org.forgerock.openam.sm.datalayer.api.ConnectionFactory;
import org.forgerock.openam.sm.datalayer.api.ConnectionType;
import org.forgerock.openam.sm.datalayer.api.DataLayer;
import org.forgerock.openam.upgrade.UpgradeException;
import org.forgerock.openam.upgrade.UpgradeServices;
import org.forgerock.openam.upgrade.UpgradeStepInfo;
import org.forgerock.openam.upgrade.UpgradeUtils;
import org.forgerock.openam.utils.CollectionUtils;
import org.forgerock.util.annotations.VisibleForTesting;

@UpgradeStepInfo
/* loaded from: input_file:org/forgerock/openam/upgrade/steps/PostAuthenticationPluginUpgradeStep.class */
public class PostAuthenticationPluginUpgradeStep extends AbstractUpgradeStep {
    private static final String CHAIN_REPORT_TAG = "%CHAIN%";
    private static final String FROM_REPORT_TAG = "%FROM%";
    private static final String TO_REPORT_TAG = "%TO%";
    private static final String REPORT_SHORT_DESCRIPTION_KEY = "upgrade.postauthenticationplugins.short";
    private static final String REPORT_FULL_DESCRIPTION_KEY = "upgrade.postauthenticationplugins.report";
    private static final String REPORT_FULL_AUTH_SETTINGS_DESCRIPTION_KEY = "upgrade.postauthenticationplugins.report.auth.settings";
    private static final String REPORT_FULL_AUTH_CHAINS_HEADING_KEY = "upgrade.postauthenticationplugins.report.auth.chains.heading";
    private static final String REPORT_FULL_AUTH_CHAINS_DESCRIPTION_KEY = "upgrade.postauthenticationplugins.report.auth.chains.entry";
    private static final String REPORT_REALM_TEXT_KEY = "upgrade.realm";
    private static final String ORIGINAL_ADAPTIVE_PAP_CLASS_NAME = "org.forgerock.openam.authentication.modules.adaptive.Adaptive";
    private static final String NEW_ADAPTIVE_PAP_CLASS_NAME = "org.forgerock.openam.authentication.modules.adaptive.AdaptivePostAuthenticationPlugin";
    private static final String ORIGINAL_PERSISTENT_COOKIE_PAP_CLASS_NAME = "org.forgerock.openam.authentication.modules.persistentcookie.PersistentCookieAuthModule";
    private static final String NEW_PERSISTENT_COOKIE_PAP_CLASS_NAME = "org.forgerock.openam.authentication.modules.persistentcookie.PersistentCookieAuthModulePostAuthenticationPlugin";
    private static final String AUTH_CHAIN_SUB_CONFIG_NAME = "Configurations";
    private final Map<String, String> postAuthPluginClassMapping;
    private final Map<String, String> realmLevelPapsToUpdate;
    private final Map<String, Set<String>> chainLevelPapsToUpdate;
    private final Map<String, Map<String, Set<String>>> chainLevelPapsUpdated;

    @Inject
    public PostAuthenticationPluginUpgradeStep(PrivilegedAction<SSOToken> privilegedAction, @DataLayer(ConnectionType.DATA_LAYER) ConnectionFactory connectionFactory) {
        super(privilegedAction, connectionFactory);
        this.postAuthPluginClassMapping = ImmutableMap.of(ORIGINAL_ADAPTIVE_PAP_CLASS_NAME, NEW_ADAPTIVE_PAP_CLASS_NAME, ORIGINAL_PERSISTENT_COOKIE_PAP_CLASS_NAME, NEW_PERSISTENT_COOKIE_PAP_CLASS_NAME);
        this.realmLevelPapsToUpdate = new HashMap();
        this.chainLevelPapsToUpdate = new HashMap();
        this.chainLevelPapsUpdated = new HashMap();
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // org.forgerock.openam.upgrade.steps.UpgradeStep
    public void initialize() throws UpgradeException {
        try {
            for (String str : getRealmNames()) {
                Set<String> postAuthPluginClasses = getPostAuthPluginClasses(getAuthSettingsServiceConfig(str));
                if (postAuthPluginClasses != null && !Collections.disjoint(this.postAuthPluginClassMapping.keySet(), postAuthPluginClasses)) {
                    this.realmLevelPapsToUpdate.put(str, CollectionUtils.getFirstItem(postAuthPluginClasses));
                }
            }
            for (String str2 : getRealmNames()) {
                ServiceConfig subConfig = getAuthChainServiceConfig(str2).getSubConfig(AUTH_CHAIN_SUB_CONFIG_NAME);
                Set<String> set = this.chainLevelPapsToUpdate.get(str2);
                for (String str3 : subConfig.getSubConfigNames()) {
                    Set<String> postAuthPluginClasses2 = getPostAuthPluginClasses(subConfig.getSubConfig(str3));
                    if (postAuthPluginClasses2 != null && !Collections.disjoint(this.postAuthPluginClassMapping.keySet(), postAuthPluginClasses2)) {
                        if (set == null) {
                            set = new HashSet();
                            this.chainLevelPapsToUpdate.put(str2, set);
                        }
                        set.add(str3);
                    }
                }
            }
        } catch (SMSException | SSOException e) {
            throw new UpgradeException(e);
        }
    }

    @Override // org.forgerock.openam.upgrade.steps.UpgradeStep
    public boolean isApplicable() {
        return (this.realmLevelPapsToUpdate.isEmpty() && this.chainLevelPapsToUpdate.isEmpty()) ? false : true;
    }

    @Override // org.forgerock.openam.upgrade.steps.UpgradeStep
    public void perform() throws UpgradeException {
        try {
            Iterator<String> it = this.realmLevelPapsToUpdate.keySet().iterator();
            while (it.hasNext()) {
                ServiceConfig authSettingsServiceConfig = getAuthSettingsServiceConfig(it.next());
                authSettingsServiceConfig.setAttributes(Collections.singletonMap(UpgradeUtils.ATTR_AUTH_POST_CLASS, mapPostAuthPluginClasses(getPostAuthPluginClasses(authSettingsServiceConfig))));
            }
            for (Map.Entry<String, Set<String>> entry : this.chainLevelPapsToUpdate.entrySet()) {
                ServiceConfig subConfig = getAuthChainServiceConfig(entry.getKey()).getSubConfig(AUTH_CHAIN_SUB_CONFIG_NAME);
                Map<String, Set<String>> map = this.chainLevelPapsUpdated.get(entry.getKey());
                if (map == null) {
                    map = new HashMap();
                    this.chainLevelPapsUpdated.put(entry.getKey(), map);
                }
                for (String str : entry.getValue()) {
                    ServiceConfig subConfig2 = subConfig.getSubConfig(str);
                    Set<String> postAuthPluginClasses = getPostAuthPluginClasses(subConfig2);
                    subConfig2.setAttributes(Collections.singletonMap(UpgradeUtils.ATTR_AUTH_POST_CLASS, mapPostAuthPluginClasses(postAuthPluginClasses)));
                    map.put(str, postAuthPluginClasses);
                }
            }
        } catch (SMSException | SSOException e) {
            throw new UpgradeException(e);
        }
    }

    @VisibleForTesting
    ServiceConfig getAuthSettingsServiceConfig(String str) throws SSOException, SMSException {
        return new ServiceConfigManager("iPlanetAMAuthService", getAdminToken()).getOrganizationConfig(str, (String) null);
    }

    @VisibleForTesting
    ServiceConfig getAuthChainServiceConfig(String str) throws SSOException, SMSException {
        return new ServiceConfigManager("iPlanetAMAuthConfiguration", getAdminToken()).getOrganizationConfig(str, (String) null);
    }

    private Set<String> getPostAuthPluginClasses(ServiceConfig serviceConfig) {
        return (Set) serviceConfig.getAttributesWithoutDefaults().get(UpgradeUtils.ATTR_AUTH_POST_CLASS);
    }

    private Set<String> mapPostAuthPluginClasses(Set<String> set) {
        if (set.isEmpty()) {
            return set;
        }
        HashSet hashSet = new HashSet();
        for (String str : set) {
            String str2 = this.postAuthPluginClassMapping.get(str);
            if (str2 != null) {
                hashSet.add(str2);
            } else {
                hashSet.add(str);
            }
        }
        return hashSet;
    }

    @Override // org.forgerock.openam.upgrade.steps.UpgradeStep
    public String getShortReport(String str) {
        int size = this.realmLevelPapsToUpdate.size();
        Iterator<Map.Entry<String, Set<String>>> it = this.chainLevelPapsToUpdate.entrySet().iterator();
        while (it.hasNext()) {
            size += it.next().getValue().size();
        }
        return BUNDLE.getString(REPORT_SHORT_DESCRIPTION_KEY) + " (" + size + ")" + str;
    }

    @Override // org.forgerock.openam.upgrade.steps.UpgradeStep
    public String getDetailedReport(String str) {
        StringBuilder sb = new StringBuilder();
        HashMap hashMap = new HashMap();
        hashMap.put(UpgradeServices.LF, str);
        return sb.append(UpgradeServices.tagSwapReport(hashMap, REPORT_FULL_DESCRIPTION_KEY)).append(authSettingsReport(str)).append(authChainReport(str)).append(str).toString();
    }

    private String authSettingsReport(String str) {
        StringBuilder sb = new StringBuilder();
        for (Map.Entry<String, String> entry : this.realmLevelPapsToUpdate.entrySet()) {
            sb.append(BUNDLE.getString(REPORT_REALM_TEXT_KEY)).append(": ").append(entry.getKey()).append(str);
            HashMap hashMap = new HashMap();
            hashMap.put(UpgradeServices.LF, str);
            hashMap.put(FROM_REPORT_TAG, entry.getValue());
            hashMap.put(TO_REPORT_TAG, this.postAuthPluginClassMapping.get(entry.getValue()));
            sb.append("\t").append(UpgradeServices.tagSwapReport(hashMap, REPORT_FULL_AUTH_SETTINGS_DESCRIPTION_KEY)).append(str);
        }
        return sb.toString();
    }

    private String authChainReport(String str) {
        StringBuilder sb = new StringBuilder();
        for (Map.Entry<String, Map<String, Set<String>>> entry : this.chainLevelPapsUpdated.entrySet()) {
            sb.append(BUNDLE.getString(REPORT_REALM_TEXT_KEY)).append(": ").append(entry.getKey()).append(str);
            for (Map.Entry<String, Set<String>> entry2 : entry.getValue().entrySet()) {
                HashMap hashMap = new HashMap();
                hashMap.put(UpgradeServices.LF, str);
                hashMap.put(CHAIN_REPORT_TAG, entry2.getKey());
                sb.append("\t").append(UpgradeServices.tagSwapReport(hashMap, REPORT_FULL_AUTH_CHAINS_HEADING_KEY)).append(str);
                Iterator<String> it = entry2.getValue().iterator();
                while (it.hasNext()) {
                    sb.append(authChainEntryReport(str, it.next()));
                }
            }
            sb.append(str);
        }
        return sb.toString();
    }

    private String authChainEntryReport(String str, String str2) {
        StringBuilder sb = new StringBuilder();
        HashMap hashMap = new HashMap();
        hashMap.put(UpgradeServices.LF, str);
        hashMap.put(FROM_REPORT_TAG, str2);
        hashMap.put(TO_REPORT_TAG, this.postAuthPluginClassMapping.get(str2));
        sb.append("\t").append(UpgradeServices.tagSwapReport(hashMap, REPORT_FULL_AUTH_CHAINS_DESCRIPTION_KEY));
        return sb.toString();
    }
}
