package org.forgerock.openam.upgrade.steps.scripting;

import com.google.inject.Inject;
import com.iplanet.sso.SSOException;
import com.iplanet.sso.SSOToken;
import com.sun.identity.entitlement.opensso.SubjectUtils;
import com.sun.identity.shared.datastruct.CollectionHelper;
import com.sun.identity.sm.SMSException;
import com.sun.identity.sm.ServiceConfig;
import com.sun.identity.sm.ServiceConfigManager;
import com.sun.identity.sm.ServiceNotFoundException;
import com.sun.identity.sm.ServiceSchema;
import com.sun.identity.sm.ServiceSchemaManager;
import java.security.PrivilegedAction;
import java.text.MessageFormat;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import java.util.Set;
import java.util.UUID;
import org.forgerock.openam.scripting.ScriptConstants;
import org.forgerock.openam.scripting.SupportedScriptingLanguage;
import org.forgerock.openam.sm.datalayer.api.ConnectionFactory;
import org.forgerock.openam.sm.datalayer.api.ConnectionType;
import org.forgerock.openam.sm.datalayer.api.DataLayer;
import org.forgerock.openam.upgrade.UpgradeException;
import org.forgerock.openam.upgrade.UpgradeProgress;
import org.forgerock.openam.upgrade.UpgradeServices;
import org.forgerock.openam.upgrade.UpgradeStepInfo;
import org.forgerock.openam.upgrade.steps.AbstractUpgradeStep;
import org.forgerock.openam.utils.StringUtils;
import org.forgerock.openam.utils.Time;

@UpgradeStepInfo(dependsOn = {"org.forgerock.openam.upgrade.steps.UpgradeServiceSchemaStep"})
/* loaded from: input_file:org/forgerock/openam/upgrade/steps/scripting/ScriptingSchemaStep.class */
public class ScriptingSchemaStep extends AbstractUpgradeStep {
    private static final String AUTH_MODULE_SERVICE_NAME = "iPlanetAMAuthScriptedService";
    private static final String DEVICE_ID_SERVICE_NAME = "iPlanetAMAuthDeviceIdMatchService";
    private static final String SCRIPTING_SERVICE_NAME = "ScriptingService";
    private static final String CLIENT_SIDE_SCRIPT = "iplanet-am-auth-scripted-client-script";
    private static final String SERVER_SIDE_SCRIPT = "iplanet-am-auth-scripted-server-script";
    private static final String SERVER_SCRIPT_TYPE = "iplanet-am-auth-scripted-script-type";
    private final Map<String, String> globalSchemaKeys;
    private final Map<String, Set<String>> contextEngineConfigurations;
    private final Map<ScriptConstants.GlobalScript, Map<String, Set<String>>> globalScriptConfigurations;

    @Inject
    public ScriptingSchemaStep(PrivilegedAction<SSOToken> privilegedAction, @DataLayer(ConnectionType.DATA_LAYER) ConnectionFactory connectionFactory) {
        super(privilegedAction, connectionFactory);
        this.globalSchemaKeys = new HashMap();
        this.contextEngineConfigurations = new HashMap();
        this.globalScriptConfigurations = new HashMap();
        this.globalSchemaKeys.put("iplanet-am-auth-scripted-server-timeout", "serverTimeout");
        this.globalSchemaKeys.put("iplanet-am-auth-scripted-core-threads", "coreThreads");
        this.globalSchemaKeys.put("iplanet-am-auth-scripted-max-threads", "maxThreads");
        this.globalSchemaKeys.put("iplanet-am-auth-scripted-queue-size", "queueSize");
        this.globalSchemaKeys.put("iplanet-am-auth-scripted-idle-timeout", "idleTimeout");
        this.globalSchemaKeys.put("iplanet-am-auth-scripted-white-list", "whiteList");
        this.globalSchemaKeys.put("iplanet-am-auth-scripted-black-list", "blackList");
        this.globalSchemaKeys.put("iplanet-am-auth-scripted-use-security-manager", "useSecurityManager");
    }

    @Override // org.forgerock.openam.upgrade.steps.UpgradeStep
    public void initialize() throws UpgradeException {
        try {
            captureScriptedAuthModuleConfiguration();
            captureDeviceIdMatchConfiguration();
        } catch (SMSException | SSOException e) {
            DEBUG.error("An error occurred while trying to look for upgradable global Scripting settings", e);
            throw new UpgradeException("Unable to retrieve global Scripting settings", e);
        } catch (ServiceNotFoundException e2) {
            DEBUG.message("Scripted auth modules not found. Nothing to upgrade", e2);
        }
    }

    private void captureScriptedAuthModuleConfiguration() throws SSOException, SMSException {
        ServiceSchemaManager serviceSchemaManager = new ServiceSchemaManager(AUTH_MODULE_SERVICE_NAME, getAdminToken());
        ServiceSchema globalSchema = serviceSchemaManager.getGlobalSchema();
        if (globalSchema == null || globalSchema.getAttributeDefaults().isEmpty()) {
            DEBUG.message("No upgrade required for {}; no global schema found.", new Object[]{AUTH_MODULE_SERVICE_NAME});
            return;
        }
        captureEngineConfiguration(globalSchema);
        captureServerScriptConfiguration(serviceSchemaManager.getOrganizationSchema(), ScriptConstants.GlobalScript.AUTH_MODULE_SERVER_SIDE, ScriptConstants.ScriptContext.AUTHENTICATION_SERVER_SIDE, AUTH_MODULE_SERVICE_NAME);
        captureClientScriptConfiguration(serviceSchemaManager.getOrganizationSchema(), ScriptConstants.GlobalScript.AUTH_MODULE_CLIENT_SIDE, ScriptConstants.ScriptContext.AUTHENTICATION_CLIENT_SIDE, AUTH_MODULE_SERVICE_NAME);
    }

    private void captureDeviceIdMatchConfiguration() throws SSOException, SMSException {
        ServiceSchemaManager serviceSchemaManager = new ServiceSchemaManager(DEVICE_ID_SERVICE_NAME, getAdminToken());
        ServiceSchema organizationSchema = serviceSchemaManager.getOrganizationSchema();
        if (organizationSchema == null || organizationSchema.getAttributeSchema(SERVER_SCRIPT_TYPE) == null) {
            DEBUG.message("No upgrade required for {}; no script type found.", new Object[]{DEVICE_ID_SERVICE_NAME});
        } else {
            captureServerScriptConfiguration(serviceSchemaManager.getOrganizationSchema(), ScriptConstants.GlobalScript.DEVICE_ID_MATCH_SERVER_SIDE, ScriptConstants.ScriptContext.AUTHENTICATION_SERVER_SIDE, DEVICE_ID_SERVICE_NAME);
            captureClientScriptConfiguration(serviceSchemaManager.getOrganizationSchema(), ScriptConstants.GlobalScript.DEVICE_ID_MATCH_CLIENT_SIDE, ScriptConstants.ScriptContext.AUTHENTICATION_CLIENT_SIDE, DEVICE_ID_SERVICE_NAME);
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    private void captureEngineConfiguration(ServiceSchema serviceSchema) {
        DEBUG.message("Capture global schema attributes for {}", new Object[]{AUTH_MODULE_SERVICE_NAME});
        Map attributeDefaults = serviceSchema.getAttributeDefaults();
        for (Map.Entry<String, String> entry : this.globalSchemaKeys.entrySet()) {
            this.contextEngineConfigurations.put(entry.getValue(), attributeDefaults.get(entry.getKey()));
        }
    }

    private void captureServerScriptConfiguration(ServiceSchema serviceSchema, ScriptConstants.GlobalScript globalScript, ScriptConstants.ScriptContext scriptContext, String str) {
        DEBUG.message("Capture default server script attributes for {}", new Object[]{str});
        HashMap hashMap = new HashMap();
        hashMap.put("name", Collections.singleton(globalScript.getDisplayName()));
        hashMap.put("context", Collections.singleton(scriptContext.name()));
        Map attributeDefaults = serviceSchema.getAttributeDefaults();
        String mapAttr = CollectionHelper.getMapAttr(attributeDefaults, SERVER_SIDE_SCRIPT);
        if (StringUtils.isNotEmpty(mapAttr)) {
            DEBUG.message("Found default server side script for {}", new Object[]{str});
            hashMap.put("script", Collections.singleton(mapAttr));
        } else {
            DEBUG.message("No default server side script found for {}", new Object[]{str});
            hashMap.put("script", Collections.singleton(""));
        }
        String mapAttr2 = CollectionHelper.getMapAttr(attributeDefaults, SERVER_SCRIPT_TYPE);
        if (StringUtils.isBlank(mapAttr2)) {
            mapAttr2 = SupportedScriptingLanguage.JAVASCRIPT.name();
        }
        hashMap.put("language", Collections.singleton(mapAttr2.toUpperCase()));
        this.globalScriptConfigurations.put(globalScript, hashMap);
    }

    private void captureClientScriptConfiguration(ServiceSchema serviceSchema, ScriptConstants.GlobalScript globalScript, ScriptConstants.ScriptContext scriptContext, String str) {
        DEBUG.message("Capture default client script attributes for {}", new Object[]{str});
        String mapAttr = CollectionHelper.getMapAttr(serviceSchema.getAttributeDefaults(), CLIENT_SIDE_SCRIPT);
        if (StringUtils.isEmpty(mapAttr) && ScriptConstants.GlobalScript.AUTH_MODULE_CLIENT_SIDE.equals(globalScript)) {
            return;
        }
        HashMap hashMap = new HashMap();
        hashMap.put("name", Collections.singleton(globalScript.getDisplayName()));
        hashMap.put("context", Collections.singleton(scriptContext.name()));
        if (StringUtils.isNotEmpty(mapAttr)) {
            DEBUG.message("Found default client side script for {}", new Object[]{str});
            hashMap.put("script", Collections.singleton(mapAttr));
        } else {
            DEBUG.message("No default client side script found for {}", new Object[]{str});
            hashMap.put("script", Collections.singleton(""));
        }
        hashMap.put("language", Collections.singleton(SupportedScriptingLanguage.JAVASCRIPT.name()));
        this.globalScriptConfigurations.put(globalScript, hashMap);
    }

    @Override // org.forgerock.openam.upgrade.steps.UpgradeStep
    public boolean isApplicable() {
        return (this.contextEngineConfigurations.isEmpty() && this.globalScriptConfigurations.isEmpty()) ? false : true;
    }

    @Override // org.forgerock.openam.upgrade.steps.UpgradeStep
    public void perform() throws UpgradeException {
        try {
            ServiceConfig globalConfig = new ServiceConfigManager(SCRIPTING_SERVICE_NAME, getAdminToken()).getGlobalConfig((String) null);
            upgradeEngineConfiguration(globalConfig);
            upgradeScriptConfiguration(globalConfig);
        } catch (SMSException | SSOException e) {
            UpgradeProgress.reportEnd("upgrade.failed", new Object[0]);
            DEBUG.error("An error occurred while trying to upgrade the Scripting global settings", e);
            throw new UpgradeException("Unable to upgrade Scripting global settings", e);
        }
    }

    private void upgradeEngineConfiguration(ServiceConfig serviceConfig) throws SMSException, SSOException {
        replaceObsoleteWhiteListEntries();
        String name = ScriptConstants.ScriptContext.AUTHENTICATION_SERVER_SIDE.name();
        DEBUG.message("Upgrading engine configuration for script context: {}", new Object[]{name});
        UpgradeProgress.reportStart("upgrade.scripting.global.engine.start", name);
        serviceConfig.getSubConfig(name).getSubConfig("engineConfiguration").setAttributes(this.contextEngineConfigurations);
        DEBUG.message("Saved engine configuration: {}", new Object[]{this.contextEngineConfigurations.toString()});
        UpgradeProgress.reportEnd("upgrade.success", new Object[0]);
    }

    private void replaceObsoleteWhiteListEntries() {
        Set<String> set = this.contextEngineConfigurations.get("whiteList");
        if (set != null) {
            if (set.remove("org.forgerock.openam.authentication.modules.scripted.http.*")) {
                set.add("org.forgerock.openam.scripting.api.http.GroovyHttpClient");
                set.add("org.forgerock.openam.scripting.api.http.JavaScriptHttpClient");
            }
            if (set.contains("org.forgerock.openam.authentication.modules.scripted.*")) {
                set.add("org.forgerock.openam.scripting.api.ScriptedIdentity");
                set.add("org.forgerock.openam.scripting.api.ScriptedSession");
            }
        }
    }

    private void upgradeScriptConfiguration(ServiceConfig serviceConfig) throws SMSException, SSOException {
        for (Map.Entry<ScriptConstants.GlobalScript, Map<String, Set<String>>> entry : this.globalScriptConfigurations.entrySet()) {
            Map<String, Set<String>> value = entry.getValue();
            updateMetaData(value);
            String mapAttr = CollectionHelper.getMapAttr(value, "name");
            DEBUG.message("Upgrading default script to global script: {}", new Object[]{mapAttr});
            UpgradeProgress.reportStart("upgrade.scripting.global.script.start", mapAttr);
            ScriptConstants.GlobalScript key = entry.getKey();
            ServiceConfig subConfig = serviceConfig.getSubConfig("globalScripts");
            ServiceConfig subConfig2 = subConfig.getSubConfig(key.getId());
            if (ScriptConstants.GlobalScript.AUTH_MODULE_CLIENT_SIDE.equals(key)) {
                value.put("description", Collections.singleton("Default global script created during upgrade."));
                subConfig.addSubConfig(UUID.randomUUID().toString(), "globalScript", 0, value);
                DEBUG.message("Created script configuration: {}", new Object[]{value.toString()});
            } else if (subConfig2 == null) {
                value.put("description", Collections.singleton("Default global script created during upgrade."));
                subConfig.addSubConfig(key.getId(), "globalScript", 0, value);
                DEBUG.message("Created script configuration: {}", new Object[]{value.toString()});
            } else {
                subConfig2.setAttributes(value);
                DEBUG.message("Upgraded script configuration: {}", new Object[]{value.toString()});
            }
            UpgradeProgress.reportEnd("upgrade.success", new Object[0]);
        }
    }

    private void updateMetaData(Map<String, Set<String>> map) {
        long currentTimeMillis = Time.currentTimeMillis();
        String principalId = SubjectUtils.getPrincipalId(getAdminSubject());
        if (!map.containsKey("createdBy")) {
            map.put("createdBy", Collections.singleton(principalId));
            map.put("creationDate", Collections.singleton(String.valueOf(currentTimeMillis)));
        }
        map.put("lastModifiedBy", Collections.singleton(principalId));
        map.put("lastModifiedDate", Collections.singleton(String.valueOf(currentTimeMillis)));
    }

    @Override // org.forgerock.openam.upgrade.steps.UpgradeStep
    public String getShortReport(String str) {
        StringBuilder sb = new StringBuilder();
        if (this.globalScriptConfigurations.size() > 0) {
            sb.append(MessageFormat.format(BUNDLE.getString("upgrade.scripting.global.settings"), Integer.valueOf(this.globalScriptConfigurations.size())));
            sb.append(str);
        }
        return sb.toString();
    }

    @Override // org.forgerock.openam.upgrade.steps.UpgradeStep
    public String getDetailedReport(String str) {
        HashMap hashMap = new HashMap();
        hashMap.put(UpgradeServices.LF, str);
        hashMap.put("%REPORT_DATA%", "\t" + MessageFormat.format(BUNDLE.getString("upgrade.scripting.global.context"), AUTH_MODULE_SERVICE_NAME, SCRIPTING_SERVICE_NAME) + str + "\t" + MessageFormat.format(BUNDLE.getString("upgrade.scripting.global.context"), DEVICE_ID_SERVICE_NAME, SCRIPTING_SERVICE_NAME) + str);
        return UpgradeServices.tagSwapReport(hashMap, "upgrade.scripting.global.report");
    }
}
