package org.forgerock.openam.upgrade.steps.policy;

import com.iplanet.sso.SSOException;
import com.iplanet.sso.SSOToken;
import com.sun.identity.entitlement.Application;
import com.sun.identity.entitlement.EntitlementConfiguration;
import com.sun.identity.entitlement.EntitlementException;
import com.sun.identity.entitlement.Privilege;
import com.sun.identity.entitlement.PrivilegeManager;
import com.sun.identity.entitlement.opensso.DataStore;
import com.sun.identity.entitlement.util.SearchFilter;
import com.sun.identity.shared.xml.XMLUtils;
import com.sun.identity.sm.SMSException;
import com.sun.identity.sm.ServiceConfig;
import com.sun.identity.sm.ServiceConfigManager;
import java.security.PrivilegedAction;
import java.text.MessageFormat;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import javax.inject.Inject;
import javax.inject.Named;
import org.forgerock.openam.entitlement.ResourceType;
import org.forgerock.openam.entitlement.configuration.ResourceTypeSmsAttributes;
import org.forgerock.openam.entitlement.configuration.SmsAttribute;
import org.forgerock.openam.entitlement.service.ApplicationService;
import org.forgerock.openam.entitlement.service.ApplicationServiceFactory;
import org.forgerock.openam.entitlement.service.ResourceTypeService;
import org.forgerock.openam.entitlement.utils.EntitlementUtils;
import org.forgerock.openam.sm.datalayer.api.ConnectionFactory;
import org.forgerock.openam.sm.datalayer.api.ConnectionType;
import org.forgerock.openam.sm.datalayer.api.DataLayer;
import org.forgerock.openam.upgrade.UpgradeException;
import org.forgerock.openam.upgrade.UpgradeProgress;
import org.forgerock.openam.upgrade.UpgradeServices;
import org.forgerock.openam.upgrade.UpgradeStepInfo;
import org.forgerock.openam.upgrade.VersionUtils;
import org.forgerock.openam.utils.CollectionUtils;
import org.forgerock.openam.utils.StringUtils;
import org.forgerock.util.Function;
import org.forgerock.util.promise.NeverThrowsException;
import org.forgerock.util.query.QueryFilter;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;

@UpgradeStepInfo(dependsOn = {"org.forgerock.openam.upgrade.steps.UpgradeEntitlementSubConfigsStep"})
/* loaded from: input_file:org/forgerock/openam/upgrade/steps/policy/UpgradeResourceTypeStep.class */
public class UpgradeResourceTypeStep extends AbstractEntitlementUpgradeStep {
    private static final int AM_13 = 1300;
    private static final String RESOURCES_TYPE_NAME_SUFFIX = "ResourceType";
    private static final String RESOURCE_TYPE_DESCRIPTION = "This resource type was created during upgrade for ";
    private static final String AUDIT_REPORT = "upgrade.entitlement.resourcetype.report";
    private static final String AUDIT_CREATE_RESOURCE_TYPE_START = "upgrade.entitlement.create.resourcetype.start";
    private static final String AUDIT_MODIFIED_APP_UUID_START = "upgrade.entitlement.modified.applicationuuid.start";
    private static final String AUDIT_MODIFIED_POLICY_UUID_START = "upgrade.entitlement.modified.policyuuid.start";
    private static final String AUDIT_NEW_RESOURCE_TYPE = "upgrade.entitlement.new.resourcetype";
    private static final String AUDIT_MODIFIED_APPLICATION = "upgrade.entitlement.modified.application";
    private static final String AUDIT_MODIFIED_POLICIES = "upgrade.entitlement.modified.policy";
    private static final String POLICY_SEARCH = "(&(ou=application={0})(|(!(ou=resourceTypeUuid=*))(ou=resourceTypeUuid=\\00)))";
    private final ResourceTypeService resourceTypeService;
    private final ServiceConfigManager configManager;
    private final Set<String> defaultApplicationNames;
    private final Set<String> removedDefaultApplications;
    private final ApplicationServiceFactory applicationServiceFactory;
    private final Map<String, Set<ResourceTypeState>> resourceTypeStatePerRealm;
    private int upgradeableApplicationCount;
    private int upgradeablePrivilegeCount;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/forgerock/openam/upgrade/steps/policy/UpgradeResourceTypeStep$ResourceTypeState.class */
    public class ResourceTypeState {
        private boolean applicationNeedsResourceType;
        private boolean policiesNeedsResourceType;
        private String appName;
        private String resourceTypeName;
        private Set<String> actions;
        private Set<String> patterns;
        private Set<String> policyNames;

        private ResourceTypeState() {
            this.applicationNeedsResourceType = false;
            this.policiesNeedsResourceType = false;
        }
    }

    @Inject
    public UpgradeResourceTypeStep(@Named("sunEntitlementService") ServiceConfigManager serviceConfigManager, ResourceTypeService resourceTypeService, PrivilegedAction<SSOToken> privilegedAction, @DataLayer(ConnectionType.DATA_LAYER) ConnectionFactory connectionFactory, @Named("removedDefaultApplications") Set<String> set, ApplicationServiceFactory applicationServiceFactory) {
        super(privilegedAction, connectionFactory);
        this.upgradeableApplicationCount = 0;
        this.upgradeablePrivilegeCount = 0;
        this.configManager = serviceConfigManager;
        this.resourceTypeService = resourceTypeService;
        this.defaultApplicationNames = new HashSet();
        this.resourceTypeStatePerRealm = new HashMap();
        this.removedDefaultApplications = set;
        this.applicationServiceFactory = applicationServiceFactory;
    }

    @Override // org.forgerock.openam.upgrade.steps.UpgradeStep
    public void initialize() throws UpgradeException {
        if (VersionUtils.isCurrentVersionLessThan(AM_13, true)) {
            identifyApplicationsAndPoliciesRequiringUpgrade();
        }
    }

    private void identifyApplicationsAndPoliciesRequiringUpgrade() throws UpgradeException {
        DEBUG.message("Initialising the upgrade step for adding resource types to the entitlement model");
        populateDefaultApplications();
        for (String str : getRealmNamesFromParent()) {
            ServiceConfig applicationsConfig = getApplicationsConfig(str);
            if (applicationsConfig != null) {
                Set<String> applicationNames = getApplicationNames(applicationsConfig);
                HashSet hashSet = new HashSet();
                for (String str2 : applicationNames) {
                    if (!this.removedDefaultApplications.contains(str2)) {
                        hashSet.add(extractResourceTypeStateInformation(str, str2, applicationsConfig));
                    }
                }
                if (!hashSet.isEmpty()) {
                    this.resourceTypeStatePerRealm.put(str, hashSet);
                }
            }
        }
    }

    private ResourceTypeState extractResourceTypeStateInformation(String str, String str2, ServiceConfig serviceConfig) throws UpgradeException {
        ResourceTypeState resourceTypeState = new ResourceTypeState();
        Map<String, Set<String>> applicationData = getApplicationData(serviceConfig, str2);
        if (applicationEligibleForUpgrade(str, str2, applicationData)) {
            populateApplicationUpgradeState(resourceTypeState, applicationData);
        }
        resourceTypeState.appName = str2;
        resourceTypeState.policyNames = policiesEligibleForUpgrade(str2, str);
        resourceTypeState.policiesNeedsResourceType = !resourceTypeState.policyNames.isEmpty();
        this.upgradeablePrivilegeCount += resourceTypeState.policyNames.size();
        return resourceTypeState;
    }

    private void populateApplicationUpgradeState(ResourceTypeState resourceTypeState, Map<String, Set<String>> map) throws UpgradeException {
        Set<String> set = map.get("actions");
        if (CollectionUtils.isEmpty(set)) {
            set = getApplicationTypeData(map.get("applicationType").iterator().next()).get("actions");
        }
        resourceTypeState.actions = set;
        resourceTypeState.patterns = map.get("resources");
        resourceTypeState.applicationNeedsResourceType = true;
        this.upgradeableApplicationCount++;
    }

    @Override // org.forgerock.openam.upgrade.steps.UpgradeStep
    public boolean isApplicable() {
        return this.upgradeableApplicationCount > 0 || this.upgradeablePrivilegeCount > 0;
    }

    @Override // org.forgerock.openam.upgrade.steps.UpgradeStep
    public void perform() throws UpgradeException {
        for (Map.Entry<String, Set<ResourceTypeState>> entry : this.resourceTypeStatePerRealm.entrySet()) {
            String key = entry.getKey();
            EntitlementConfiguration entitlementConfiguration = EntitlementUtils.getEntitlementConfiguration(getAdminSubject(), key);
            PrivilegeManager privilegeManager = PrivilegeManager.getInstance(key, getAdminSubject());
            ApplicationService create = this.applicationServiceFactory.create(getAdminSubject(), key);
            for (ResourceTypeState resourceTypeState : entry.getValue()) {
                if (resourceTypeState.applicationNeedsResourceType) {
                    upgradeApplication(entitlementConfiguration, resourceTypeState.appName, createResourceType(resourceTypeState, key).getUUID());
                    create.clearCache();
                }
                if (resourceTypeState.policiesNeedsResourceType) {
                    Set resourceTypeUuids = entitlementConfiguration.getApplication(resourceTypeState.appName).getResourceTypeUuids();
                    if (!resourceTypeUuids.isEmpty()) {
                        upgradePrivileges(privilegeManager, resourceTypeState.appName, (String) resourceTypeUuids.iterator().next());
                    }
                }
            }
        }
    }

    private void populateDefaultApplications() throws UpgradeException {
        NodeList elementsByTagName = getEntitlementXML().getElementsByTagName("SubConfiguration");
        for (int i = 0; i < elementsByTagName.getLength(); i++) {
            Node item = elementsByTagName.item(i);
            String nodeAttributeValue = XMLUtils.getNodeAttributeValue(item, "id");
            String nodeAttributeValue2 = XMLUtils.getNodeAttributeValue(item, "name");
            if ("application".equals(nodeAttributeValue)) {
                this.defaultApplicationNames.add(nodeAttributeValue2);
            }
        }
    }

    private boolean applicationEligibleForUpgrade(String str, String str2, Map<String, Set<String>> map) {
        return "/".equals(str) ? (this.defaultApplicationNames.contains(str2) || CollectionUtils.isNotEmpty(map.get("resourceTypeUuids"))) ? false : true : !CollectionUtils.isNotEmpty(map.get("resourceTypeUuids"));
    }

    protected Set<String> policiesEligibleForUpgrade(String str, String str2) throws UpgradeException {
        try {
            return DataStore.getInstance().search(getAdminSubject(), str2, MessageFormat.format(POLICY_SEARCH, str), 0, false, false);
        } catch (EntitlementException e) {
            throw new UpgradeException("Policy search failed for application " + str + " in realm " + str2, e);
        }
    }

    private ResourceType createResourceType(ResourceTypeState resourceTypeState, String str) throws UpgradeException {
        try {
            Set resourceTypes = this.resourceTypeService.getResourceTypes(QueryFilter.and(new QueryFilter[]{QueryFilter.and(CollectionUtils.transformSet(resourceTypeState.actions, new Function<String, QueryFilter<SmsAttribute>, NeverThrowsException>() { // from class: org.forgerock.openam.upgrade.steps.policy.UpgradeResourceTypeStep.1
                public QueryFilter<SmsAttribute> apply(String str2) {
                    return QueryFilter.equalTo(ResourceTypeSmsAttributes.ACTIONS, str2);
                }
            })), QueryFilter.and(CollectionUtils.transformSet(resourceTypeState.patterns, new Function<String, QueryFilter<SmsAttribute>, NeverThrowsException>() { // from class: org.forgerock.openam.upgrade.steps.policy.UpgradeResourceTypeStep.2
                public QueryFilter<SmsAttribute> apply(String str2) {
                    return QueryFilter.equalTo(ResourceTypeSmsAttributes.PATTERNS, str2);
                }
            }))}), getAdminSubject(), str);
            if (!resourceTypes.isEmpty()) {
                return (ResourceType) resourceTypes.iterator().next();
            }
            ResourceType build = ResourceType.builder().setName(resourceTypeState.appName + RESOURCES_TYPE_NAME_SUFFIX).addActions(EntitlementUtils.getActions(resourceTypeState.actions)).addPatterns(resourceTypeState.patterns).setDescription(RESOURCE_TYPE_DESCRIPTION + resourceTypeState.appName).generateUUID().build();
            saveResourceType(build, str);
            resourceTypeState.resourceTypeName = build.getName();
            return build;
        } catch (EntitlementException e) {
            throw new UpgradeException("Failed to retrieve resource type for " + resourceTypeState.appName, e);
        }
    }

    private void saveResourceType(ResourceType resourceType, String str) throws UpgradeException {
        try {
            UpgradeProgress.reportStart(AUDIT_CREATE_RESOURCE_TYPE_START, resourceType.getName());
            this.resourceTypeService.saveResourceType(getAdminSubject(), str, resourceType);
            UpgradeProgress.reportEnd("upgrade.success", new Object[0]);
        } catch (EntitlementException e) {
            UpgradeProgress.reportEnd("upgrade.failed", new Object[0]);
            throw new UpgradeException("Failed to create resource type " + resourceType.getName(), e);
        }
    }

    private void upgradeApplication(EntitlementConfiguration entitlementConfiguration, String str, String str2) throws UpgradeException {
        try {
            UpgradeProgress.reportStart(AUDIT_MODIFIED_APP_UUID_START, str);
            Application application = entitlementConfiguration.getApplication(str);
            application.addAllResourceTypeUuids(Collections.singleton(str2));
            entitlementConfiguration.storeApplication(application);
            UpgradeProgress.reportEnd("upgrade.success", new Object[0]);
        } catch (EntitlementException e) {
            UpgradeProgress.reportEnd("upgrade.failed", new Object[0]);
            throw new UpgradeException("Failed to add resource type uuid to application " + str, e);
        }
    }

    private void upgradePrivileges(PrivilegeManager privilegeManager, String str, String str2) throws UpgradeException {
        try {
            for (Privilege privilege : privilegeManager.search(Collections.singleton(new SearchFilter(Privilege.APPLICATION_SEARCH_ATTRIBUTE, str)))) {
                if (StringUtils.isEmpty(privilege.getResourceTypeUuid())) {
                    upgradePrivilege(privilegeManager, privilege, str2);
                }
            }
        } catch (EntitlementException e) {
            throw new UpgradeException("Failed to gather policies for application " + str, e);
        }
    }

    private void upgradePrivilege(PrivilegeManager privilegeManager, Privilege privilege, String str) throws UpgradeException {
        try {
            UpgradeProgress.reportStart(AUDIT_MODIFIED_POLICY_UUID_START, privilege.getName());
            if (privilege != null) {
                privilege.setResourceTypeUuid(str);
                privilegeManager.modify(privilege);
            }
            UpgradeProgress.reportEnd("upgrade.success", new Object[0]);
        } catch (EntitlementException e) {
            UpgradeProgress.reportEnd("upgrade.failed", new Object[0]);
            throw new UpgradeException("Failed to add resource type uuid to privilege " + privilege.getName(), e);
        }
    }

    private ServiceConfig getApplicationsConfig(String str) throws UpgradeException {
        try {
            return this.configManager.getOrganizationConfig(str, (String) null).getSubConfig("registeredApplications");
        } catch (SMSException e) {
            throw new UpgradeException("Failed to retrieve registered applications in realm " + str, e);
        } catch (SSOException e2) {
            throw new UpgradeException("Failed to retrieve registered applications in realm " + str, e2);
        }
    }

    private Set<String> getApplicationNames(ServiceConfig serviceConfig) throws UpgradeException {
        try {
            return serviceConfig.getSubConfigNames();
        } catch (SMSException e) {
            throw new UpgradeException("Failed to retrieve application names.", e);
        }
    }

    private Map<String, Set<String>> getApplicationData(ServiceConfig serviceConfig, String str) throws UpgradeException {
        try {
            return serviceConfig.getSubConfig(str).getAttributes();
        } catch (SMSException e) {
            throw new UpgradeException("Failed to retrieve application data for " + str, e);
        } catch (SSOException e2) {
            throw new UpgradeException("Failed to retrieve application data for " + str, e2);
        }
    }

    private Map<String, Set<String>> getApplicationTypeData(String str) throws UpgradeException {
        try {
            ServiceConfig subConfig = this.configManager.getGlobalConfig((String) null).getSubConfig("applicationTypes");
            if (subConfig == null) {
                throw new UpgradeException("Expected sub config applicationTypes under service sunEntitlementService");
            }
            ServiceConfig subConfig2 = subConfig.getSubConfig(str);
            if (subConfig2 == null) {
                throw new UpgradeException("Expected to find application type " + str);
            }
            return subConfig2.getAttributes();
        } catch (SSOException | SMSException e) {
            throw new UpgradeException("Failed to retrieve application type data for " + str, e);
        }
    }

    protected Set<String> getRealmNamesFromParent() throws UpgradeException {
        return getRealmNames();
    }

    @Override // org.forgerock.openam.upgrade.steps.UpgradeStep
    public String getShortReport(String str) {
        StringBuilder sb = new StringBuilder();
        if (this.upgradeableApplicationCount > 0) {
            sb.append(BUNDLE.getString(AUDIT_NEW_RESOURCE_TYPE));
            sb.append(" (").append(this.upgradeableApplicationCount).append(")").append(str);
            sb.append(BUNDLE.getString(AUDIT_MODIFIED_APPLICATION));
            sb.append(" (").append(this.upgradeableApplicationCount).append(")").append(str);
        }
        if (this.upgradeablePrivilegeCount > 0) {
            sb.append(BUNDLE.getString(AUDIT_MODIFIED_POLICIES));
            sb.append(" (").append(this.upgradeablePrivilegeCount).append(")").append(str);
        }
        return sb.toString();
    }

    @Override // org.forgerock.openam.upgrade.steps.UpgradeStep
    public String getDetailedReport(String str) {
        StringBuilder sb = new StringBuilder();
        StringBuilder sb2 = new StringBuilder();
        StringBuilder sb3 = new StringBuilder();
        StringBuilder sb4 = new StringBuilder();
        HashMap hashMap = new HashMap();
        String string = BUNDLE.getString("upgrade.realm");
        if (this.upgradeableApplicationCount > 0 || this.upgradeablePrivilegeCount > 0) {
            for (Map.Entry<String, Set<ResourceTypeState>> entry : this.resourceTypeStatePerRealm.entrySet()) {
                sb2.append("\t").append(string).append(": ").append(entry.getKey()).append(str);
                sb3.append("\t").append(string).append(": ").append(entry.getKey()).append(str);
                sb4.append("\t").append(string).append(": ").append(entry.getKey()).append(str);
                for (ResourceTypeState resourceTypeState : entry.getValue()) {
                    if (resourceTypeState.applicationNeedsResourceType) {
                        sb2.append("\t").append("\t").append(resourceTypeState.resourceTypeName).append(str);
                        sb3.append("\t").append("\t").append(resourceTypeState.appName).append(str);
                    }
                    if (resourceTypeState.policiesNeedsResourceType) {
                        Iterator it = resourceTypeState.policyNames.iterator();
                        while (it.hasNext()) {
                            sb4.append("\t").append("\t").append((String) it.next()).append(str);
                        }
                    }
                }
            }
            sb.append(BUNDLE.getString(AUDIT_NEW_RESOURCE_TYPE)).append(str);
            sb.append((CharSequence) sb2).append(str);
            sb.append(BUNDLE.getString(AUDIT_MODIFIED_APPLICATION)).append(str);
            sb.append((CharSequence) sb3).append(str);
            sb.append(BUNDLE.getString(AUDIT_MODIFIED_POLICIES)).append(str);
            sb.append((CharSequence) sb4).append(str);
        }
        hashMap.put("%ENTITLEMENT_DATA%", sb.toString());
        hashMap.put(UpgradeServices.LF, str);
        return UpgradeServices.tagSwapReport(hashMap, AUDIT_REPORT);
    }
}
