package org.forgerock.openam.upgrade.steps;

import com.iplanet.sso.SSOException;
import com.iplanet.sso.SSOToken;
import com.sun.identity.policy.PolicyException;
import com.sun.identity.policy.PolicyManager;
import com.sun.identity.policy.PolicyUtils;
import com.sun.identity.setup.AMSetupServlet;
import com.sun.identity.setup.ServicesDefaultValues;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.PrivilegedAction;
import java.util.HashMap;
import javax.inject.Inject;
import org.forgerock.openam.sm.datalayer.api.ConnectionFactory;
import org.forgerock.openam.sm.datalayer.api.ConnectionType;
import org.forgerock.openam.sm.datalayer.api.DataLayer;
import org.forgerock.openam.upgrade.UpgradeException;
import org.forgerock.openam.upgrade.UpgradeProgress;
import org.forgerock.openam.upgrade.UpgradeServices;
import org.forgerock.openam.upgrade.UpgradeStepInfo;

@UpgradeStepInfo(dependsOn = {"org.forgerock.openam.upgrade.steps.UpgradeServiceSchemaStep"})
/* loaded from: input_file:org/forgerock/openam/upgrade/steps/TwoStepVerificationSettingUpgrade.class */
public class TwoStepVerificationSettingUpgrade extends AbstractUpgradeStep {
    private static final String DELEGATION_POLICY_FILE = "/WEB-INF/template/sms/2faDelegationPolicies.xml";
    private static final String HIDDEN_REALM = "/sunamhiddenrealmdelegationservicepermissions";
    private static final String EVALUATE_POLICY = "UserUpdate2FAField";
    private static final String AUDIT_NEW_POLICY_START = "upgrade.privileges.new.oath2.start";
    private static final String AUDIT_NEW_POLICY = "upgrade.privileges.new.oath2";
    private static final String AUDIT_UPGRADE_SUCCESS = "upgrade.success";
    private static final String AUDIT_UPGRADE_FAIL = "upgrade.failed";
    private static final String DATA_PLACEHOLDER = "%DATA_PLACEHOLDER%";
    private static final String AUDIT_REPORT = "upgrade.privileges";
    private PolicyManager manager;
    private boolean applicable;

    @Inject
    public TwoStepVerificationSettingUpgrade(PrivilegedAction<SSOToken> privilegedAction, @DataLayer(ConnectionType.DATA_LAYER) ConnectionFactory connectionFactory) {
        super(privilegedAction, connectionFactory);
    }

    @Override // org.forgerock.openam.upgrade.steps.UpgradeStep
    public void initialize() throws UpgradeException {
        try {
            this.manager = new PolicyManager(getAdminToken(), HIDDEN_REALM);
            this.applicable = this.manager.getPolicyNames(EVALUATE_POLICY).isEmpty();
        } catch (PolicyException e) {
            throw new UpgradeException("Failed to identify existing privileges", e);
        } catch (SSOException e2) {
            throw new UpgradeException("Failed to identify existing privileges", e2);
        }
    }

    @Override // org.forgerock.openam.upgrade.steps.UpgradeStep
    public boolean isApplicable() {
        return this.applicable;
    }

    @Override // org.forgerock.openam.upgrade.steps.UpgradeStep
    public void perform() throws UpgradeException {
        try {
            UpgradeProgress.reportStart(AUDIT_NEW_POLICY_START, new Object[0]);
            DEBUG.message("Creating new 2FA privilege for users called UserUpdate2FAField");
            PolicyUtils.createPolicies(this.manager, new ByteArrayInputStream(ServicesDefaultValues.tagSwap(AMSetupServlet.readFile(DELEGATION_POLICY_FILE), true).getBytes()));
            UpgradeProgress.reportEnd(AUDIT_UPGRADE_SUCCESS, new Object[0]);
        } catch (IOException e) {
            UpgradeProgress.reportEnd(AUDIT_UPGRADE_FAIL, new Object[0]);
            throw new UpgradeException("Failed during the creation of a new privilege for agents", e);
        } catch (PolicyException e2) {
            UpgradeProgress.reportEnd(AUDIT_UPGRADE_FAIL, new Object[0]);
            throw new UpgradeException("Failed during the creation of a new privilege for agents", e2);
        } catch (SSOException e3) {
            UpgradeProgress.reportEnd(AUDIT_UPGRADE_FAIL, new Object[0]);
            throw new UpgradeException("Failed during the creation of a new privilege for agents", e3);
        }
    }

    @Override // org.forgerock.openam.upgrade.steps.UpgradeStep
    public String getShortReport(String str) {
        StringBuilder sb = new StringBuilder();
        sb.append(BUNDLE.getString(AUDIT_NEW_POLICY)).append(str);
        return sb.toString();
    }

    @Override // org.forgerock.openam.upgrade.steps.UpgradeStep
    public String getDetailedReport(String str) {
        StringBuilder sb = new StringBuilder();
        sb.append(BUNDLE.getString(AUDIT_NEW_POLICY)).append(':').append(str).append(EVALUATE_POLICY);
        HashMap hashMap = new HashMap();
        hashMap.put(DATA_PLACEHOLDER, sb.toString());
        hashMap.put(UpgradeServices.LF, str);
        return UpgradeServices.tagSwapReport(hashMap, AUDIT_REPORT);
    }
}
