package org.forgerock.openam.upgrade.steps;

import com.iplanet.sso.SSOException;
import com.iplanet.sso.SSOToken;
import com.sun.identity.shared.xml.XMLUtils;
import com.sun.identity.sm.SMSException;
import com.sun.identity.sm.ServiceConfig;
import com.sun.identity.sm.ServiceConfigManager;
import java.io.InputStream;
import java.security.PrivilegedAction;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.inject.Inject;
import javax.inject.Named;
import org.forgerock.openam.sm.datalayer.api.ConnectionFactory;
import org.forgerock.openam.sm.datalayer.api.ConnectionType;
import org.forgerock.openam.sm.datalayer.api.DataLayer;
import org.forgerock.openam.upgrade.UpgradeException;
import org.forgerock.openam.upgrade.UpgradeProgress;
import org.forgerock.openam.upgrade.UpgradeServices;
import org.forgerock.openam.upgrade.UpgradeStepInfo;
import org.forgerock.openam.upgrade.UpgradeUtils;
import org.forgerock.openam.utils.CollectionUtils;
import org.forgerock.openam.utils.IOUtils;
import org.forgerock.util.Function;
import org.forgerock.util.promise.NeverThrowsException;
import org.w3c.dom.Document;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;

@UpgradeStepInfo(dependsOn = {"org.forgerock.openam.upgrade.steps.UpgradeServiceSchemaStep"})
/* loaded from: input_file:org/forgerock/openam/upgrade/steps/DelegationConfigUpgradeStep.class */
public class DelegationConfigUpgradeStep extends AbstractUpgradeStep {
    private static final String AUDIT_REPORT = "upgrade.delegation";
    private static final String DELEGATION_PLACEHOLDER = "%DELEGATION_UPDATE_DATA%";
    private static final String AUDIT_PERM_NEW_START = "upgrade.delegation.permission.new.start";
    private static final String AUDIT_PERM_NEW = "upgrade.delegation.permission.new";
    private static final String AUDIT_PRIV_NEW_START = "upgrade.delegation.privilege.new.start";
    private static final String AUDIT_PRIV_NEW = "upgrade.delegation.privilege.new";
    private static final String AUDIT_PRIV_UPDATE_START = "upgrade.delegation.privilege.update.start";
    private static final String AUDIT_PRIV_UPDATE = "upgrade.delegation.privilege.update";
    private static final String AUDIT_UPGRADE_SUCCESS = "upgrade.success";
    private static final String AUDIT_UPGRADE_FAIL = "upgrade.failed";
    private static final String DELEGATION_XML = "amDelegation.xml";
    private static final String ID = "id";
    private static final String NAME = "name";
    private static final String PERMISSIONS = "Permissions";
    private static final String PERMISSION = "Permission";
    private static final String PRIVILEGES = "Privileges";
    private static final String PRIVILEGE = "Privilege";
    private static final String LIST_OF_PERMISSIONS = "listOfPermissions";
    private static final String RESOURCE = "resource";
    private static final int CONFIG_PRIORITY = 0;
    private final List<ChangeSet<String, Node>> newPermissions;
    private final List<ChangeSet<String, Node>> newPrivileges;
    private final List<ChangeSet<String, Set<String>>> privilegeUpdates;
    private final ServiceConfigManager configManager;
    private final Function<String, String, NeverThrowsException> tagSwapFunc;
    private ServiceConfig permissionsConfig;
    private ServiceConfig privilegesConfig;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/forgerock/openam/upgrade/steps/DelegationConfigUpgradeStep$ChangeSet.class */
    public static final class ChangeSet<T, S> {
        private final T identifier;
        private final S data;

        ChangeSet(T t, S s) {
            this.identifier = t;
            this.data = s;
        }

        T getIdentifier() {
            return this.identifier;
        }

        S getData() {
            return this.data;
        }

        static <T, S> ChangeSet<T, S> newInstance(T t, S s) {
            return new ChangeSet<>(t, s);
        }
    }

    @Inject
    public DelegationConfigUpgradeStep(@Named("sunAMDelegationService") ServiceConfigManager serviceConfigManager, @Named("tagSwapFunc") Function<String, String, NeverThrowsException> function, PrivilegedAction<SSOToken> privilegedAction, @DataLayer(ConnectionType.DATA_LAYER) ConnectionFactory connectionFactory) {
        super(privilegedAction, connectionFactory);
        this.configManager = serviceConfigManager;
        this.tagSwapFunc = function;
        this.newPermissions = new ArrayList();
        this.newPrivileges = new ArrayList();
        this.privilegeUpdates = new ArrayList();
    }

    @Override // org.forgerock.openam.upgrade.steps.UpgradeStep
    public void initialize() throws UpgradeException {
        NodeList elementsByTagName = getDelegationDocument().getElementsByTagName("SubConfiguration");
        try {
            initConfig();
            for (int i = CONFIG_PRIORITY; i < elementsByTagName.getLength(); i++) {
                Node item = elementsByTagName.item(i);
                String nodeAttributeValue = XMLUtils.getNodeAttributeValue(item, ID);
                String nodeAttributeValue2 = XMLUtils.getNodeAttributeValue(item, NAME);
                if (PERMISSION.equals(nodeAttributeValue)) {
                    checkPermission(nodeAttributeValue2, item, this.permissionsConfig);
                } else if (PRIVILEGE.equals(nodeAttributeValue)) {
                    checkPrivilege(nodeAttributeValue2, item, this.privilegesConfig);
                }
            }
        } catch (SMSException e) {
            throw new UpgradeException("Failed analysing the delegation delta", e);
        } catch (SSOException e2) {
            throw new UpgradeException("Failed analysing the delegation delta", e2);
        }
    }

    private void initConfig() throws SMSException, SSOException {
        ServiceConfig globalConfig = this.configManager.getGlobalConfig((String) null);
        this.permissionsConfig = globalConfig.getSubConfig(PERMISSIONS);
        this.privilegesConfig = globalConfig.getSubConfig(PRIVILEGES);
    }

    private void checkPermission(String str, Node node, ServiceConfig serviceConfig) throws SMSException, SSOException {
        if (serviceConfig.getSubConfig(str) == null) {
            this.newPermissions.add(ChangeSet.newInstance(str, node));
        }
    }

    private void checkPrivilege(String str, Node node, ServiceConfig serviceConfig) throws SMSException, SSOException {
        ServiceConfig subConfig = serviceConfig.getSubConfig(str);
        if (subConfig == null) {
            this.newPrivileges.add(ChangeSet.newInstance(str, node));
            return;
        }
        Map attributes = subConfig.getAttributes();
        Map parseAttributeValuePairTags = XMLUtils.parseAttributeValuePairTags(node);
        Set set = (Set) attributes.get(LIST_OF_PERMISSIONS);
        Set<String> set2 = (Set) parseAttributeValuePairTags.get(LIST_OF_PERMISSIONS);
        HashSet hashSet = new HashSet();
        for (String str2 : set2) {
            if (!set.contains(str2)) {
                hashSet.add(str2);
            }
        }
        if (hashSet.isEmpty()) {
            return;
        }
        this.privilegeUpdates.add(ChangeSet.newInstance(str, hashSet));
    }

    @Override // org.forgerock.openam.upgrade.steps.UpgradeStep
    public boolean isApplicable() {
        return (this.newPrivileges.isEmpty() && this.privilegeUpdates.isEmpty() && this.newPermissions.isEmpty()) ? false : true;
    }

    @Override // org.forgerock.openam.upgrade.steps.UpgradeStep
    public void perform() throws UpgradeException {
        try {
            initConfig();
            if (!this.newPermissions.isEmpty()) {
                UpgradeProgress.reportStart(AUDIT_PERM_NEW_START, new Object[CONFIG_PRIORITY]);
                handleNewPermissions();
                UpgradeProgress.reportEnd(AUDIT_UPGRADE_SUCCESS, new Object[CONFIG_PRIORITY]);
            }
            if (!this.newPrivileges.isEmpty()) {
                UpgradeProgress.reportStart(AUDIT_PRIV_NEW_START, new Object[CONFIG_PRIORITY]);
                handleNewPrivileges();
                UpgradeProgress.reportEnd(AUDIT_UPGRADE_SUCCESS, new Object[CONFIG_PRIORITY]);
            }
            if (!this.privilegeUpdates.isEmpty()) {
                UpgradeProgress.reportStart(AUDIT_PRIV_UPDATE_START, new Object[CONFIG_PRIORITY]);
                handlePrivilegeUpdates();
                UpgradeProgress.reportEnd(AUDIT_UPGRADE_SUCCESS, new Object[CONFIG_PRIORITY]);
            }
        } catch (SSOException e) {
            UpgradeProgress.reportEnd(AUDIT_UPGRADE_FAIL, new Object[CONFIG_PRIORITY]);
            throw new UpgradeException("Failed performing the upgrade of delegation", e);
        } catch (SMSException e2) {
            UpgradeProgress.reportEnd(AUDIT_UPGRADE_FAIL, new Object[CONFIG_PRIORITY]);
            throw new UpgradeException("Failed performing the upgrade of delegation", e2);
        }
    }

    private void handleNewPermissions() throws SSOException, SMSException {
        for (ChangeSet<String, Node> changeSet : this.newPermissions) {
            String identifier = changeSet.getIdentifier();
            Map parseAttributeValuePairTags = XMLUtils.parseAttributeValuePairTags(changeSet.getData());
            parseAttributeValuePairTags.put(RESOURCE, CollectionUtils.transformSet((Collection) parseAttributeValuePairTags.get(RESOURCE), this.tagSwapFunc));
            this.permissionsConfig.addSubConfig(identifier, PERMISSION, CONFIG_PRIORITY, parseAttributeValuePairTags);
        }
    }

    private void handleNewPrivileges() throws SSOException, SMSException {
        for (ChangeSet<String, Node> changeSet : this.newPrivileges) {
            this.privilegesConfig.addSubConfig(changeSet.getIdentifier(), PRIVILEGE, CONFIG_PRIORITY, XMLUtils.parseAttributeValuePairTags(changeSet.getData()));
        }
    }

    private void handlePrivilegeUpdates() throws SSOException, SMSException {
        for (ChangeSet<String, Set<String>> changeSet : this.privilegeUpdates) {
            String identifier = changeSet.getIdentifier();
            this.privilegesConfig.getSubConfig(identifier).addAttribute(LIST_OF_PERMISSIONS, changeSet.getData());
        }
    }

    @Override // org.forgerock.openam.upgrade.steps.UpgradeStep
    public String getShortReport(String str) {
        StringBuilder sb = new StringBuilder();
        if (!this.newPermissions.isEmpty()) {
            sb.append(BUNDLE.getString(AUDIT_PERM_NEW)).append(str);
        }
        if (!this.newPrivileges.isEmpty()) {
            sb.append(BUNDLE.getString(AUDIT_PRIV_NEW)).append(str);
        }
        if (!this.privilegeUpdates.isEmpty()) {
            sb.append(BUNDLE.getString(AUDIT_PRIV_UPDATE)).append(str);
        }
        return sb.toString();
    }

    @Override // org.forgerock.openam.upgrade.steps.UpgradeStep
    public String getDetailedReport(String str) {
        StringBuilder sb = new StringBuilder();
        if (!this.newPermissions.isEmpty()) {
            sb.append(BUNDLE.getString(AUDIT_PERM_NEW)).append(':').append(str).append(flattenChangeIdentifiers(this.newPermissions)).append(str);
        }
        if (!this.newPrivileges.isEmpty()) {
            sb.append(BUNDLE.getString(AUDIT_PRIV_NEW)).append(':').append(str).append(flattenChangeIdentifiers(this.newPrivileges)).append(str);
        }
        if (!this.privilegeUpdates.isEmpty()) {
            sb.append(BUNDLE.getString(AUDIT_PRIV_UPDATE)).append(':').append(str).append(flattenChangeIdentifiers(this.privilegeUpdates)).append(str);
        }
        HashMap hashMap = new HashMap();
        hashMap.put(DELEGATION_PLACEHOLDER, sb.toString());
        hashMap.put(UpgradeServices.LF, str);
        return UpgradeServices.tagSwapReport(hashMap, AUDIT_REPORT);
    }

    private <T, S> String flattenChangeIdentifiers(List<ChangeSet<T, S>> list) {
        StringBuilder sb = new StringBuilder();
        Iterator<ChangeSet<T, S>> it = list.iterator();
        while (it.hasNext()) {
            sb.append(it.next().getIdentifier().toString()).append("\t");
        }
        return sb.toString();
    }

    protected Document getDelegationDocument() throws UpgradeException {
        InputStream inputStream = CONFIG_PRIORITY;
        try {
            DEBUG.message("Reading delegation configuration file: amDelegation.xml");
            inputStream = getClass().getClassLoader().getResourceAsStream(DELEGATION_XML);
            Document parseServiceFile = UpgradeUtils.parseServiceFile(inputStream, getAdminToken());
            IOUtils.closeIfNotNull(inputStream);
            return parseServiceFile;
        } catch (Throwable th) {
            IOUtils.closeIfNotNull(inputStream);
            throw th;
        }
    }
}
