package org.forgerock.openam.upgrade.steps;

import com.iplanet.sso.SSOException;
import com.iplanet.sso.SSOToken;
import com.sun.identity.authentication.config.AMAuthenticationInstance;
import com.sun.identity.authentication.config.AMAuthenticationManager;
import com.sun.identity.authentication.config.AMConfigurationException;
import com.sun.identity.shared.datastruct.CollectionHelper;
import com.sun.identity.sm.SMSException;
import com.sun.identity.sm.ServiceConfig;
import java.security.PrivilegedAction;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import javax.inject.Inject;
import org.forgerock.openam.sm.datalayer.api.ConnectionFactory;
import org.forgerock.openam.sm.datalayer.api.ConnectionType;
import org.forgerock.openam.sm.datalayer.api.DataLayer;
import org.forgerock.openam.upgrade.UpgradeException;
import org.forgerock.openam.upgrade.UpgradeProgress;
import org.forgerock.openam.upgrade.UpgradeServices;
import org.forgerock.openam.upgrade.UpgradeStepInfo;
import org.forgerock.openam.utils.CollectionUtils;

@UpgradeStepInfo(dependsOn = {"org.forgerock.openam.upgrade.steps.UpgradeServiceSchemaStep"})
/* loaded from: input_file:org/forgerock/openam/upgrade/steps/UpgradeLDAPAuthModulesStep.class */
public class UpgradeLDAPAuthModulesStep extends AbstractUpgradeStep {
    private static final String SSL_ENABLED_PROPERTY = "iplanet-am-auth-ldap-ssl-enabled";
    private static final String CONNECTION_MODE_PROPERTY = "openam-auth-ldap-connection-mode";
    private static final String AUTH_INSTANCE_DATA = "%AUTH_INSTANCE_DATA%";
    private static final String SEPARATOR = ": ";
    private final Map<String, Map<String, Boolean>> instances;

    @Inject
    public UpgradeLDAPAuthModulesStep(PrivilegedAction<SSOToken> privilegedAction, @DataLayer(ConnectionType.DATA_LAYER) ConnectionFactory connectionFactory) {
        super(privilegedAction, connectionFactory);
        this.instances = new HashMap();
    }

    @Override // org.forgerock.openam.upgrade.steps.UpgradeStep
    public void initialize() throws UpgradeException {
        String mapAttr;
        String str = null;
        String str2 = null;
        try {
            for (String str3 : getRealmNames()) {
                str = str3;
                Set<AMAuthenticationInstance> authenticationInstances = new AMAuthenticationManager(getAdminToken(), str3).getAuthenticationInstances();
                if (authenticationInstances != null) {
                    for (AMAuthenticationInstance aMAuthenticationInstance : authenticationInstances) {
                        if (aMAuthenticationInstance.getType().equalsIgnoreCase("LDAP") || aMAuthenticationInstance.getType().equalsIgnoreCase("AD")) {
                            str2 = aMAuthenticationInstance.getName();
                            if (DEBUG.messageEnabled()) {
                                DEBUG.message("ldap/ad auth module configuration found under realm: " + str3 + " : " + str2);
                            }
                            Map attributeValues = aMAuthenticationInstance.getAttributeValues(CollectionUtils.asSet(new String[]{SSL_ENABLED_PROPERTY}));
                            if (attributeValues != null && !attributeValues.isEmpty() && (mapAttr = CollectionHelper.getMapAttr(attributeValues, SSL_ENABLED_PROPERTY)) != null) {
                                if (DEBUG.messageEnabled()) {
                                    DEBUG.message("ldap/ad auth module config " + str2 + " in realm: " + str3 + " " + SSL_ENABLED_PROPERTY + ":" + mapAttr);
                                }
                                Map<String, Boolean> map = this.instances.get(str3);
                                if (map == null) {
                                    map = new HashMap();
                                    this.instances.put(str3, map);
                                }
                                map.put(str2, Boolean.valueOf(Boolean.parseBoolean(mapAttr)));
                            }
                        }
                    }
                }
            }
        } catch (Exception e) {
            DEBUG.error("Unable to identify the configuration for the old ldap/ad auth module instance " + str2 + " in realm " + str, e);
            throw new UpgradeException("An error occurred while trying to identify the configuration for the old ldap/ad auth module instance " + str2 + " in realm " + str, e);
        }
    }

    @Override // org.forgerock.openam.upgrade.steps.UpgradeStep
    public boolean isApplicable() {
        return !this.instances.isEmpty();
    }

    @Override // org.forgerock.openam.upgrade.steps.UpgradeStep
    public void perform() throws UpgradeException {
        UpgradeProgress.reportStart("upgrade.auth.instances.ldap.start", new Object[0]);
        for (Map.Entry<String, Map<String, Boolean>> entry : this.instances.entrySet()) {
            String key = entry.getKey();
            try {
                updateAttributes(key, entry.getValue());
            } catch (Exception e) {
                UpgradeProgress.reportEnd("upgrade.failed", new Object[0]);
                DEBUG.error("An error occurred while upgrading service configs for auth module instances  in realm " + key, e);
                throw new UpgradeException("Unable to upgrade ldap/ad auth module instance configurations  in realm " + key, e);
            }
        }
        UpgradeProgress.reportEnd("upgrade.success", new Object[0]);
    }

    private void updateAttributes(String str, Map<String, Boolean> map) throws SMSException, AMConfigurationException, SSOException {
        AMAuthenticationManager aMAuthenticationManager = new AMAuthenticationManager(getAdminToken(), str);
        for (Map.Entry<String, Boolean> entry : map.entrySet()) {
            String key = entry.getKey();
            String newValue = getNewValue(entry.getValue().booleanValue());
            AMAuthenticationInstance authenticationInstance = aMAuthenticationManager.getAuthenticationInstance(key);
            Map attributeValues = authenticationInstance.getAttributeValues();
            ServiceConfig serviceConfig = authenticationInstance.getServiceConfig();
            Set set = (Set) attributeValues.get(SSL_ENABLED_PROPERTY);
            if (set != null && !set.isEmpty()) {
                if (DEBUG.messageEnabled()) {
                    DEBUG.message("Removing attribute iplanet-am-auth-ldap-ssl-enabled from ldap/ad auth module instance <" + key + "> in realm: " + str);
                }
                serviceConfig.removeAttribute(SSL_ENABLED_PROPERTY);
            }
            Set set2 = (Set) attributeValues.get(CONNECTION_MODE_PROPERTY);
            if (set2 != null && !set2.isEmpty()) {
                if (DEBUG.messageEnabled()) {
                    DEBUG.message("Upgrading attribute openam-auth-ldap-connection-mode for ldap/ad auth module instance <" + key + "> to <" + newValue + "> in realm: " + str);
                }
                HashMap hashMap = new HashMap();
                hashMap.put(CONNECTION_MODE_PROPERTY, CollectionUtils.asSet(new String[]{newValue}));
                serviceConfig.setAttributes(hashMap);
            }
        }
    }

    private String getNewValue(boolean z) {
        return z ? "LDAPS" : "LDAP";
    }

    @Override // org.forgerock.openam.upgrade.steps.UpgradeStep
    public String getShortReport(String str) {
        int i = 0;
        Iterator<Map<String, Boolean>> it = this.instances.values().iterator();
        while (it.hasNext()) {
            i += it.next().size();
        }
        return BUNDLE.getString("upgrade.auth.instances.ldap") + " (" + i + ')' + str;
    }

    @Override // org.forgerock.openam.upgrade.steps.UpgradeStep
    public String getDetailedReport(String str) {
        HashMap hashMap = new HashMap();
        hashMap.put(UpgradeServices.LF, str);
        StringBuilder sb = new StringBuilder();
        for (Map.Entry<String, Map<String, Boolean>> entry : this.instances.entrySet()) {
            sb.append(BUNDLE.getString("upgrade.realm")).append(SEPARATOR).append(entry.getKey()).append(str);
            for (Map.Entry<String, Boolean> entry2 : entry.getValue().entrySet()) {
                String key = entry2.getKey();
                sb.append("\t").append(BUNDLE.getString("upgrade.auth.instance")).append(SEPARATOR);
                sb.append(key.substring(key.lastIndexOf(47) + 1));
                sb.append(str);
                sb.append("\t").append(BUNDLE.getString("upgrade.delattr")).append(SEPARATOR);
                sb.append(SSL_ENABLED_PROPERTY).append(str);
                sb.append("\t").append(BUNDLE.getString("upgrade.addattr")).append(SEPARATOR);
                sb.append(CONNECTION_MODE_PROPERTY).append("=");
                sb.append(getNewValue(entry2.getValue().booleanValue())).append(str);
                sb.append(str);
            }
        }
        hashMap.put(AUTH_INSTANCE_DATA, sb.toString());
        return UpgradeServices.tagSwapReport(hashMap, "upgrade.auth.instances.ldap.report");
    }
}
