package org.forgerock.openam.upgrade.steps.policy.conditions;

import com.iplanet.sso.SSOToken;
import com.sun.identity.entitlement.Application;
import com.sun.identity.entitlement.EntitlementException;
import com.sun.identity.entitlement.Privilege;
import com.sun.identity.entitlement.PrivilegeManager;
import com.sun.identity.entitlement.opensso.SubjectUtils;
import java.security.PrivilegedAction;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import javax.inject.Inject;
import org.forgerock.openam.entitlement.PolicyConstants;
import org.forgerock.openam.entitlement.utils.EntitlementUtils;
import org.forgerock.openam.sm.datalayer.api.ConnectionFactory;
import org.forgerock.openam.sm.datalayer.api.ConnectionType;
import org.forgerock.openam.sm.datalayer.api.DataLayer;
import org.forgerock.openam.upgrade.UpgradeException;
import org.forgerock.openam.upgrade.UpgradeServices;
import org.forgerock.openam.upgrade.UpgradeStepInfo;
import org.forgerock.openam.upgrade.VersionUtils;
import org.forgerock.openam.upgrade.steps.AbstractUpgradeStep;
import org.forgerock.openam.utils.CollectionUtils;

@UpgradeStepInfo(dependsOn = {"org.forgerock.openam.upgrade.steps.RemoveReferralsStep"})
/* loaded from: input_file:org/forgerock/openam/upgrade/steps/policy/conditions/OldPolicyConditionMigrationUpgradeStep.class */
public class OldPolicyConditionMigrationUpgradeStep extends AbstractUpgradeStep {
    private static final String ENTITLEMENT_DATA = "%ENTITLEMENT_DATA%";
    private final Map<String, Set<Privilege>> privilegesToUpgrade;
    private final Map<String, Set<String>> unUpgradablePolicies;
    private final Map<String, Set<MigrationReport>> migrationReports;
    private final PolicyConditionUpgrader conditionUpgrader;

    @Inject
    public OldPolicyConditionMigrationUpgradeStep(PrivilegedAction<SSOToken> privilegedAction, @DataLayer(ConnectionType.DATA_LAYER) ConnectionFactory connectionFactory) {
        super(privilegedAction, connectionFactory);
        this.privilegesToUpgrade = new HashMap();
        this.unUpgradablePolicies = new HashMap();
        this.migrationReports = new HashMap();
        this.conditionUpgrader = new PolicyConditionUpgrader(new PolicyConditionUpgradeMap());
    }

    private PrivilegeManager getPrivilegeManager(String str) {
        return PrivilegeManager.getInstance(str, SubjectUtils.createSubject(getAdminToken()));
    }

    @Override // org.forgerock.openam.upgrade.steps.UpgradeStep
    public void initialize() throws UpgradeException {
        if (VersionUtils.isCurrentVersionLessThan(1300, true)) {
            try {
                DEBUG.message("Initializing OldPolicyConditionMigrationStep");
                Iterator<String> it = getRealmNames().iterator();
                while (it.hasNext()) {
                    String next = it.next();
                    if (!next.startsWith("/")) {
                        next = "/" + next;
                    }
                    try {
                        for (Privilege privilege : getPrivilegeManager(next).findAllPolicies()) {
                            if (this.conditionUpgrader.isPolicyUpgradable(privilege)) {
                                try {
                                    addReport(next, this.conditionUpgrader.dryRunPolicyUpgrade(privilege));
                                    addUpgradablePolicy(next, privilege);
                                } catch (Exception e) {
                                    addUnupgradablePolicy(next, privilege);
                                }
                            }
                        }
                    } catch (EntitlementException e2) {
                    }
                }
            } catch (Exception e3) {
                DEBUG.error("Error while trying to detect changes in entitlements", e3);
                throw new UpgradeException(e3);
            } catch (UpgradeException e4) {
                DEBUG.error("Error while trying to detect changes in entitlements", e4);
                throw e4;
            }
        }
    }

    private void addReport(String str, MigrationReport migrationReport) {
        Set<MigrationReport> set = this.migrationReports.get(str);
        if (set == null) {
            set = new HashSet();
            this.migrationReports.put(str, set);
        }
        set.add(migrationReport);
    }

    private void addUpgradablePolicy(String str, Privilege privilege) {
        Set<Privilege> set = this.privilegesToUpgrade.get(str);
        if (set == null) {
            set = new HashSet();
            this.privilegesToUpgrade.put(str, set);
        }
        set.add(privilege);
    }

    private void addUnupgradablePolicy(String str, Privilege privilege) {
        Set<String> set = this.unUpgradablePolicies.get(str);
        if (set == null) {
            set = new HashSet();
            this.unUpgradablePolicies.put(str, set);
        }
        set.add(privilege.getName());
        if (DEBUG.warningEnabled()) {
            DEBUG.warning("Cannot upgrade policy, " + privilege.getName() + " dues to one or more subject and/or environment conditions not being able to be migrated to new Entitlement conditions. This policy will have to be manually migrated to use the new environment conditions. See documentation for more details.");
        }
    }

    @Override // org.forgerock.openam.upgrade.steps.UpgradeStep
    public boolean isApplicable() {
        return !this.privilegesToUpgrade.isEmpty();
    }

    @Override // org.forgerock.openam.upgrade.steps.UpgradeStep
    public void perform() throws UpgradeException {
        for (Map.Entry<String, Set<Privilege>> entry : this.privilegesToUpgrade.entrySet()) {
            String key = entry.getKey();
            EntitlementUtils.getApplicationService(PolicyConstants.SUPER_ADMIN_SUBJECT, key).clearCache();
            PrivilegeManager privilegeManager = getPrivilegeManager(key);
            for (Privilege privilege : entry.getValue()) {
                privilege.getEntitlement().clearCache();
                try {
                    addResourceType(privilege, key);
                    privilegeManager.modify(privilege.getName(), privilege);
                } catch (EntitlementException e) {
                    DEBUG.error("Failed to modify privilege!", e);
                    throw new UpgradeException("Failed to modify privilege!", e);
                }
            }
        }
    }

    private void addResourceType(Privilege privilege, String str) throws UpgradeException, EntitlementException {
        Application application = privilege.getEntitlement().getApplication(getAdminSubject(), str);
        if (CollectionUtils.isNotEmpty(application.getResourceTypeUuids())) {
            privilege.setResourceTypeUuid((String) application.getResourceTypeUuids().iterator().next());
        } else {
            DEBUG.error("Failed to modify privilege {} in realm {}! Associated application has no Resource Types.", new Object[]{privilege.getName(), str});
            throw new UpgradeException("Failed to modify privilege!");
        }
    }

    @Override // org.forgerock.openam.upgrade.steps.UpgradeStep
    public String getShortReport(String str) {
        StringBuilder sb = new StringBuilder();
        if (this.privilegesToUpgrade.size() != 0) {
            sb.append(BUNDLE.getString("upgrade.entitlement.migrated")).append(" (").append(this.privilegesToUpgrade.size()).append(')').append(str);
        }
        if (this.unUpgradablePolicies.size() != 0) {
            sb.append(BUNDLE.getString("upgrade.entitlement.notmigrated")).append(" (").append(this.unUpgradablePolicies.size()).append(')').append(str);
        }
        return sb.toString();
    }

    @Override // org.forgerock.openam.upgrade.steps.UpgradeStep
    public String getDetailedReport(String str) {
        HashMap hashMap = new HashMap();
        hashMap.put(UpgradeServices.LF, str);
        StringBuilder sb = new StringBuilder();
        writeUnupgradablePoliciesReport(sb, str);
        writeUpgradedPoliciesReport(sb, str);
        hashMap.put(ENTITLEMENT_DATA, sb.toString());
        return UpgradeServices.tagSwapReport(hashMap, "upgrade.entitlementmigrationreport");
    }

    private void writeUnupgradablePoliciesReport(StringBuilder sb, String str) {
        sb.append(BUNDLE.getString("unupgradable.policies.heading")).append(str);
        for (Map.Entry<String, Set<String>> entry : this.unUpgradablePolicies.entrySet()) {
            sb.append("\t").append(BUNDLE.getString("upgrade.realm")).append(": ").append(entry.getKey()).append(str);
            Iterator<String> it = entry.getValue().iterator();
            while (it.hasNext()) {
                sb.append("\t").append("\t").append(it.next()).append(": ").append(BUNDLE.getString("upgrade.entitlement.migration.failed"));
            }
        }
    }

    private void writeUpgradedPoliciesReport(StringBuilder sb, String str) {
        sb.append(BUNDLE.getString("upgraded.policies.heading")).append(str);
        for (Map.Entry<String, Set<MigrationReport>> entry : this.migrationReports.entrySet()) {
            sb.append("\t").append(BUNDLE.getString("upgrade.realm")).append(": ").append(entry.getKey()).append(str);
            for (MigrationReport migrationReport : entry.getValue()) {
                writeUpgradedPolicySubjectConditionsReport(sb, migrationReport);
                writeUpgradedPolicyEnvironmentConditionsReport(sb, migrationReport);
            }
        }
    }

    private void writeUpgradedPolicySubjectConditionsReport(StringBuilder sb, MigrationReport migrationReport) {
        sb.append("\t").append("\t").append(migrationReport.getPolicyName()).append(": ").append("migrated subject conditions");
        for (Map.Entry<String, String> entry : migrationReport.getSubjectConditionMigration().entrySet()) {
            sb.append("\t").append("\t").append("\t").append(entry.getKey()).append(" ").append(BUNDLE.getString("upgrade.entitlement.to")).append(" ").append(entry.getValue());
        }
    }

    private void writeUpgradedPolicyEnvironmentConditionsReport(StringBuilder sb, MigrationReport migrationReport) {
        sb.append("\t").append("\t").append(migrationReport.getPolicyName()).append(": ").append("migrated environment conditions");
        for (Map.Entry<String, String> entry : migrationReport.getEnvironmentConditionMigration().entrySet()) {
            sb.append("\t").append("\t").append("\t").append(entry.getKey()).append(" ").append(BUNDLE.getString("upgrade.entitlement.to")).append(" ").append(entry.getValue());
        }
    }
}
