package org.forgerock.openam.upgrade.steps.scripting;

import com.iplanet.sso.SSOException;
import com.iplanet.sso.SSOToken;
import com.sun.identity.authentication.config.AMAuthenticationInstance;
import com.sun.identity.authentication.config.AMAuthenticationManager;
import com.sun.identity.authentication.config.AMConfigurationException;
import com.sun.identity.shared.datastruct.CollectionHelper;
import com.sun.identity.sm.SMSException;
import java.security.PrivilegedAction;
import java.text.MessageFormat;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import javax.inject.Inject;
import org.forgerock.openam.scripting.ScriptConstants;
import org.forgerock.openam.scripting.ScriptException;
import org.forgerock.openam.scripting.SupportedScriptingLanguage;
import org.forgerock.openam.scripting.service.ScriptConfiguration;
import org.forgerock.openam.scripting.service.ScriptingService;
import org.forgerock.openam.scripting.service.ScriptingServiceFactory;
import org.forgerock.openam.sm.datalayer.api.ConnectionFactory;
import org.forgerock.openam.sm.datalayer.api.ConnectionType;
import org.forgerock.openam.sm.datalayer.api.DataLayer;
import org.forgerock.openam.upgrade.UpgradeException;
import org.forgerock.openam.upgrade.UpgradeProgress;
import org.forgerock.openam.upgrade.UpgradeServices;
import org.forgerock.openam.upgrade.UpgradeStepInfo;
import org.forgerock.openam.upgrade.steps.AbstractUpgradeStep;
import org.forgerock.openam.utils.StringUtils;

@UpgradeStepInfo(dependsOn = {"org.forgerock.openam.upgrade.steps.UpgradeServiceSchemaStep"})
/* loaded from: input_file:org/forgerock/openam/upgrade/steps/scripting/ScriptedAuthModulesStep.class */
public class ScriptedAuthModulesStep extends AbstractUpgradeStep {
    private static final String REPORT_DATA = "%REPORT_DATA%";
    private static final String CLIENT_SCRIPT = "iplanet-am-auth-scripted-client-script";
    private static final String SCRIPT_TYPE = "iplanet-am-auth-scripted-script-type";
    private static final String SERVER_SCRIPT = "iplanet-am-auth-scripted-server-script";
    private final Map<String, Set<ScriptData>> scriptsToMove;
    private final ScriptingServiceFactory serviceFactory;
    private int moduleCount;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/forgerock/openam/upgrade/steps/scripting/ScriptedAuthModulesStep$ScriptData.class */
    public class ScriptData {
        String moduleName;
        ScriptConfiguration clientSideScript;
        ScriptConfiguration serverSideScript;

        private ScriptData() {
        }
    }

    @Inject
    public ScriptedAuthModulesStep(PrivilegedAction<SSOToken> privilegedAction, @DataLayer(ConnectionType.DATA_LAYER) ConnectionFactory connectionFactory, ScriptingServiceFactory scriptingServiceFactory) {
        super(privilegedAction, connectionFactory);
        this.scriptsToMove = new HashMap();
        this.moduleCount = 0;
        this.serviceFactory = scriptingServiceFactory;
    }

    @Override // org.forgerock.openam.upgrade.steps.UpgradeStep
    public void initialize() throws UpgradeException {
        try {
            Iterator<String> it = getRealmNames().iterator();
            while (it.hasNext()) {
                captureScriptedModuleData(it.next());
            }
        } catch (AMConfigurationException | ScriptException e) {
            DEBUG.error("An error occurred while trying to look for upgradable Scripted auth modules", e);
            throw new UpgradeException("Unable to retrieve Scripted auth modules", e);
        }
    }

    private void captureScriptedModuleData(String str) throws AMConfigurationException, ScriptException {
        HashSet hashSet = new HashSet();
        for (AMAuthenticationInstance aMAuthenticationInstance : new AMAuthenticationManager(getAdminToken(), str).getAuthenticationInstances()) {
            String type = aMAuthenticationInstance.getType();
            if ("Scripted".equalsIgnoreCase(type) || "DeviceIdMatch".equalsIgnoreCase(type)) {
                DEBUG.message("Found Scripted Module called {}, in realm {}", new Object[]{aMAuthenticationInstance.getName(), str});
                Map<String, Set<String>> attributeValues = aMAuthenticationInstance.getAttributeValues();
                if (attributeValues.containsKey(SCRIPT_TYPE)) {
                    hashSet.add(getScriptData(aMAuthenticationInstance.getName(), attributeValues));
                    this.moduleCount++;
                }
            }
        }
        if (hashSet.isEmpty()) {
            return;
        }
        this.scriptsToMove.put(str, hashSet);
    }

    private ScriptData getScriptData(String str, Map<String, Set<String>> map) throws ScriptException {
        ScriptData scriptData = new ScriptData();
        scriptData.moduleName = str;
        String mapAttr = CollectionHelper.getMapAttr(map, SERVER_SCRIPT);
        scriptData.serverSideScript = ScriptConfiguration.builder().generateId().setName(str + " - Server Side").setDescription("Server side script for Scripted Module: " + str).setContext(ScriptConstants.ScriptContext.AUTHENTICATION_SERVER_SIDE).setLanguage(ScriptConstants.getLanguageFromString(CollectionHelper.getMapAttr(map, SCRIPT_TYPE))).setScript(mapAttr == null ? "" : mapAttr).build();
        DEBUG.message("Captured server script for {}", new Object[]{str});
        String mapAttr2 = CollectionHelper.getMapAttr(map, CLIENT_SCRIPT);
        if (StringUtils.isNotEmpty(mapAttr2)) {
            scriptData.clientSideScript = ScriptConfiguration.builder().generateId().setName(str + " - Client Side").setDescription("Client side script for Scripted Module: " + str).setContext(ScriptConstants.ScriptContext.AUTHENTICATION_CLIENT_SIDE).setLanguage(SupportedScriptingLanguage.JAVASCRIPT).setScript(mapAttr2).build();
            DEBUG.message("Captured client script for {}", new Object[]{str});
        }
        return scriptData;
    }

    @Override // org.forgerock.openam.upgrade.steps.UpgradeStep
    public boolean isApplicable() {
        return !this.scriptsToMove.isEmpty();
    }

    @Override // org.forgerock.openam.upgrade.steps.UpgradeStep
    public void perform() throws UpgradeException {
        try {
            for (Map.Entry<String, Set<ScriptData>> entry : this.scriptsToMove.entrySet()) {
                upgradeScriptedAuthModules(entry.getKey(), entry.getValue());
            }
        } catch (AMConfigurationException | SMSException | SSOException | ScriptException e) {
            UpgradeProgress.reportEnd("upgrade.failed", new Object[0]);
            DEBUG.error("An error occurred while trying to update Scripted auth modules", e);
            throw new UpgradeException("Unable to update Scripted auth modules", e);
        }
    }

    private void upgradeScriptedAuthModules(String str, Set<ScriptData> set) throws AMConfigurationException, ScriptException, SSOException, SMSException {
        ScriptingService create = this.serviceFactory.create(str);
        AMAuthenticationManager aMAuthenticationManager = new AMAuthenticationManager(getAdminToken(), str);
        for (ScriptData scriptData : set) {
            HashMap hashMap = new HashMap();
            UpgradeProgress.reportStart("upgrade.scripted.auth.server.script.start", scriptData.serverSideScript.getName(), str);
            create.create(scriptData.serverSideScript, getAdminSubject());
            hashMap.put(SERVER_SCRIPT, Collections.singleton(scriptData.serverSideScript.getId()));
            UpgradeProgress.reportEnd("upgrade.success", new Object[0]);
            if (scriptData.clientSideScript != null) {
                UpgradeProgress.reportStart("upgrade.scripted.auth.client.script.start", scriptData.clientSideScript.getName(), str);
                create.create(scriptData.clientSideScript, getAdminSubject());
                hashMap.put(CLIENT_SCRIPT, Collections.singleton(scriptData.clientSideScript.getId()));
                UpgradeProgress.reportEnd("upgrade.success", new Object[0]);
            } else {
                hashMap.put(CLIENT_SCRIPT, Collections.singleton("[Empty]"));
            }
            UpgradeProgress.reportStart("upgrade.scripted.auth.module.script.start", scriptData.moduleName, str);
            AMAuthenticationInstance authenticationInstance = aMAuthenticationManager.getAuthenticationInstance(scriptData.moduleName);
            if (authenticationInstance != null) {
                authenticationInstance.setAttributeValues(hashMap);
                UpgradeProgress.reportEnd("upgrade.success", new Object[0]);
            } else {
                DEBUG.error("Scripted module {} in realm {} could not be found", new Object[]{scriptData.moduleName, str});
                UpgradeProgress.reportEnd("upgrade.failed", new Object[0]);
            }
        }
    }

    @Override // org.forgerock.openam.upgrade.steps.UpgradeStep
    public String getShortReport(String str) {
        StringBuilder sb = new StringBuilder();
        if (this.moduleCount > 0) {
            sb.append(MessageFormat.format(BUNDLE.getString("upgrade.scripted.auth.modules"), Integer.valueOf(this.moduleCount)));
            sb.append(str);
        }
        return sb.toString();
    }

    @Override // org.forgerock.openam.upgrade.steps.UpgradeStep
    public String getDetailedReport(String str) {
        HashMap hashMap = new HashMap();
        hashMap.put(UpgradeServices.LF, str);
        StringBuilder sb = new StringBuilder();
        for (Map.Entry<String, Set<ScriptData>> entry : this.scriptsToMove.entrySet()) {
            sb.append(MessageFormat.format(BUNDLE.getString("upgrade.scripted.auth.realm"), entry.getKey()));
            for (ScriptData scriptData : entry.getValue()) {
                sb.append(str).append("\t");
                sb.append(MessageFormat.format(BUNDLE.getString("upgrade.scripted.auth.server.script"), scriptData.serverSideScript.getName(), scriptData.moduleName));
                if (scriptData.clientSideScript != null) {
                    sb.append(str).append("\t");
                    sb.append(MessageFormat.format(BUNDLE.getString("upgrade.scripted.auth.client.script"), scriptData.clientSideScript.getName(), scriptData.moduleName));
                }
            }
            sb.append(str);
        }
        hashMap.put(REPORT_DATA, sb.toString());
        return UpgradeServices.tagSwapReport(hashMap, "upgrade.scripted.auth.report");
    }
}
