package org.forgerock.openam.upgrade.steps;

import com.iplanet.sso.SSOException;
import com.iplanet.sso.SSOToken;
import com.sun.identity.entitlement.Privilege;
import com.sun.identity.entitlement.interfaces.ISaveIndex;
import com.sun.identity.policy.Policy;
import com.sun.identity.policy.PolicyManager;
import com.sun.identity.policy.Rule;
import com.sun.identity.shared.datastruct.CollectionHelper;
import com.sun.identity.sm.SMSEntry;
import com.sun.identity.sm.SMSException;
import com.sun.identity.sm.ServiceConfig;
import com.sun.identity.sm.ServiceConfigManager;
import java.security.PrivilegedAction;
import java.util.EnumMap;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.Map;
import java.util.Set;
import javax.inject.Inject;
import org.forgerock.openam.ldap.LDAPRequests;
import org.forgerock.openam.sm.datalayer.api.ConnectionFactory;
import org.forgerock.openam.sm.datalayer.api.ConnectionType;
import org.forgerock.openam.sm.datalayer.api.DataLayer;
import org.forgerock.openam.upgrade.UpgradeException;
import org.forgerock.openam.upgrade.UpgradeProgress;
import org.forgerock.openam.upgrade.UpgradeServices;
import org.forgerock.openam.upgrade.UpgradeStepInfo;
import org.forgerock.openam.utils.CollectionUtils;
import org.forgerock.openam.utils.IOUtils;
import org.forgerock.openam.utils.Time;
import org.forgerock.opendj.ldap.Connection;
import org.forgerock.opendj.ldap.ModificationType;
import org.forgerock.opendj.ldap.SearchScope;
import org.forgerock.opendj.ldap.requests.ModifyRequest;
import org.forgerock.opendj.ldap.responses.SearchResultEntry;
import org.forgerock.opendj.ldif.ConnectionEntryReader;
import org.json.JSONObject;

@UpgradeStepInfo(dependsOn = {"org.forgerock.openam.upgrade.steps.RemoveReferralsStep"})
/* loaded from: input_file:org/forgerock/openam/upgrade/steps/UpgradeEntitlementsStep.class */
public class UpgradeEntitlementsStep extends AbstractUpgradeStep {
    private static final String ENTITLEMENT_INDEX_FILTER = "(&(sunserviceID=indexes)(sunxmlKeyValue=pathindex=*)(!(o:dn:=sunamhiddenrealmdelegationservicepermissions))(!(ou:dn:=referrals)))";
    private static final String ENTITLEMENT_DATA = "%ENTITLEMENT_DATA%";
    private static final String DEFAULT_APP_TYPE = "iPlanetAMWebAgentService";
    private static final String SEARCH_INDEX_IMPL = "searchIndexImpl";
    private static final String SAVE_INDEX_IMPL = "saveIndexImpl";
    private static final String NEW_SEARCH_IMPL = "org.forgerock.openam.entitlement.indextree.TreeSearchIndex";
    private static final String NEW_SAVE_IMPL = "org.forgerock.openam.entitlement.indextree.TreeSaveIndex";
    public static final String SERIALIZABLE_PREFIX = "serializable=";
    public static final String SUN_KEY_VALUE = "sunkeyvalue";
    public static final String PATH_INDEX_PREFIX = "pathindex=";
    public static final String SUN_XML_KEY_VALUE = "sunxmlKeyValue";
    private final Map<String, Map<PolicyType, Set<String>>> upgradableConfigs;
    private int policyRuleCount;
    private boolean upgradeIndexImpls;

    /* loaded from: input_file:org/forgerock/openam/upgrade/steps/UpgradeEntitlementsStep$PolicyType.class */
    private enum PolicyType {
        REFERRAL("upgrade.referral"),
        POLICY("upgrade.policy");

        private String i18nKey;

        PolicyType(String str) {
            this.i18nKey = str;
        }

        @Override // java.lang.Enum
        public String toString() {
            return AbstractUpgradeStep.BUNDLE.getString(this.i18nKey);
        }
    }

    @Inject
    public UpgradeEntitlementsStep(PrivilegedAction<SSOToken> privilegedAction, @DataLayer(ConnectionType.DATA_LAYER) ConnectionFactory connectionFactory) {
        super(privilegedAction, connectionFactory);
        this.upgradableConfigs = new LinkedHashMap();
        this.policyRuleCount = 0;
        this.upgradeIndexImpls = false;
    }

    @Override // org.forgerock.openam.upgrade.steps.UpgradeStep
    public boolean isApplicable() {
        return this.upgradeIndexImpls || !this.upgradableConfigs.isEmpty();
    }

    @Override // org.forgerock.openam.upgrade.steps.UpgradeStep
    public void initialize() throws UpgradeException {
        PolicyType policyType;
        try {
            DEBUG.message("Initializing UpgradeEntitlementsStep");
            Map attributes = getDefaultApplicationType().getAttributes();
            String mapAttr = CollectionHelper.getMapAttr(attributes, SEARCH_INDEX_IMPL);
            String mapAttr2 = CollectionHelper.getMapAttr(attributes, SAVE_INDEX_IMPL);
            if (NEW_SEARCH_IMPL.equals(mapAttr) && NEW_SAVE_IMPL.equals(mapAttr2)) {
                DEBUG.message("The entitlements framework is already using the new TreeSearchIndex/TreeSaveIndex implementations");
            } else {
                this.upgradeIndexImpls = true;
                for (String str : getRealmNames()) {
                    EnumMap enumMap = new EnumMap(PolicyType.class);
                    PolicyManager policyManager = new PolicyManager(getAdminToken(), str);
                    for (String str2 : policyManager.getPolicyNames()) {
                        Policy policy = policyManager.getPolicy(str2);
                        if (policy.isReferralPolicy()) {
                            policyType = PolicyType.REFERRAL;
                        } else {
                            this.policyRuleCount += policy.getRuleNames().size();
                            policyType = PolicyType.POLICY;
                        }
                        Set set = (Set) enumMap.get(policyType);
                        if (set == null) {
                            set = new HashSet();
                        }
                        set.add(str2);
                        enumMap.put((EnumMap) policyType, (PolicyType) set);
                        this.upgradableConfigs.put(str, enumMap);
                    }
                }
                if (DEBUG.messageEnabled()) {
                    DEBUG.message("Discovered following policies/referrals:\n" + this.upgradableConfigs);
                }
            }
        } catch (Exception e) {
            DEBUG.error("Error while trying to detect changes in entitlements", e);
            throw new UpgradeException(e);
        }
    }

    @Override // org.forgerock.openam.upgrade.steps.UpgradeStep
    public void perform() throws UpgradeException {
        try {
            ServiceConfig defaultApplicationType = getDefaultApplicationType();
            HashMap hashMap = new HashMap();
            UpgradeProgress.reportStart("upgrade.apptype.start", new Object[0]);
            hashMap.put(SEARCH_INDEX_IMPL, CollectionUtils.asSet(new String[]{NEW_SEARCH_IMPL}));
            hashMap.put(SAVE_INDEX_IMPL, CollectionUtils.asSet(new String[]{NEW_SAVE_IMPL}));
            defaultApplicationType.setAttributes(hashMap);
            UpgradeProgress.reportEnd("upgrade.success", new Object[0]);
            DEBUG.message("Entitlement service is now using the new TreeSearchIndex/TreeSaveIndex implementations");
            if (!this.upgradableConfigs.isEmpty()) {
                for (Map.Entry<String, Map<PolicyType, Set<String>>> entry : this.upgradableConfigs.entrySet()) {
                    String key = entry.getKey();
                    Map<PolicyType, Set<String>> value = entry.getValue();
                    PolicyManager policyManager = new PolicyManager(getAdminToken(), key);
                    Set<String> set = value.get(PolicyType.REFERRAL);
                    if (set != null) {
                        upgradeReferrals(policyManager, set);
                    }
                }
                upgradeEntitlementIndexes();
            }
        } catch (Exception e) {
            UpgradeProgress.reportEnd("upgrade.failed", new Object[0]);
            DEBUG.error("An error occurred while upgrading entitlements data", e);
            throw new UpgradeException(e);
        }
    }

    @Override // org.forgerock.openam.upgrade.steps.UpgradeStep
    public String getShortReport(String str) {
        int i = 0;
        Iterator<Map<PolicyType, Set<String>>> it = this.upgradableConfigs.values().iterator();
        while (it.hasNext()) {
            Set<String> set = it.next().get(PolicyType.REFERRAL);
            if (set != null) {
                i += set.size();
            }
        }
        StringBuilder sb = new StringBuilder();
        if (i != 0) {
            sb.append(BUNDLE.getString("upgrade.entitlement.referrals")).append(" (").append(i).append(')').append(str);
        }
        if (this.policyRuleCount != 0) {
            sb.append(BUNDLE.getString("upgrade.entitlement.policies")).append(" (").append(this.policyRuleCount).append(')').append(str);
        }
        return sb.toString();
    }

    @Override // org.forgerock.openam.upgrade.steps.UpgradeStep
    public String getDetailedReport(String str) {
        HashMap hashMap = new HashMap();
        hashMap.put(UpgradeServices.LF, str);
        StringBuilder sb = new StringBuilder();
        for (Map.Entry<String, Map<PolicyType, Set<String>>> entry : this.upgradableConfigs.entrySet()) {
            sb.append(BUNDLE.getString("upgrade.realm")).append(": ").append(entry.getKey()).append(str);
            for (Map.Entry<PolicyType, Set<String>> entry2 : entry.getValue().entrySet()) {
                sb.append("\t").append(entry2.getKey()).append(str);
                Iterator<String> it = entry2.getValue().iterator();
                while (it.hasNext()) {
                    sb.append("\t").append("\t").append(it.next()).append(str);
                }
            }
        }
        hashMap.put(ENTITLEMENT_DATA, sb.toString());
        return UpgradeServices.tagSwapReport(hashMap, "upgrade.entitlementreport");
    }

    private ServiceConfig getDefaultApplicationType() throws SMSException, SSOException {
        return new ServiceConfigManager("sunEntitlementService", getAdminToken()).getGlobalConfig((String) null).getSubConfig("applicationTypes").getSubConfig(DEFAULT_APP_TYPE);
    }

    private Set<String> getResourceNames(Policy policy) throws Exception {
        Set ruleNames = policy.getRuleNames();
        HashSet hashSet = new HashSet(ruleNames.size());
        Iterator it = ruleNames.iterator();
        while (it.hasNext()) {
            hashSet.addAll(policy.getRule((String) it.next()).getResourceNames());
        }
        return hashSet;
    }

    private void addSimilarPolicyRule(Policy policy, Rule rule, Set<String> set, String str) throws Exception {
        if (set.contains(str)) {
            return;
        }
        Rule rule2 = (Rule) rule.clone();
        rule2.setResourceNames(CollectionUtils.asSet(new String[]{str}));
        int i = 1;
        String name = rule2.getName();
        String str2 = name;
        while (true) {
            String str3 = str2;
            if (!policy.getRuleNames().contains(str3)) {
                rule2.setName(str3);
                policy.addRule(rule2);
                return;
            } else {
                int i2 = i;
                i++;
                str2 = name + "_" + i2;
            }
        }
    }

    private void upgradeReferrals(PolicyManager policyManager, Set<String> set) throws Exception {
        for (String str : set) {
            if (DEBUG.messageEnabled()) {
                DEBUG.message("Upgrading referral: " + str);
            }
            Policy policy = policyManager.getPolicy(str);
            Set<String> resourceNames = getResourceNames(policy);
            Iterator it = new HashSet(policy.getRuleNames()).iterator();
            while (it.hasNext()) {
                Rule rule = policy.getRule((String) it.next());
                for (String str2 : rule.getResourceNames()) {
                    if (!str2.endsWith("*?*")) {
                        if (str2.endsWith("*")) {
                            addSimilarPolicyRule(policy, rule, resourceNames, str2 + "?*");
                        } else {
                            addSimilarPolicyRule(policy, rule, resourceNames, str2 + "*");
                            addSimilarPolicyRule(policy, rule, resourceNames, str2 + "*?*");
                        }
                    }
                }
            }
            UpgradeProgress.reportStart("upgrade.entitlement.referral", policy.getName());
            policyManager.replacePolicy(policy);
            UpgradeProgress.reportEnd("upgrade.success", new Object[0]);
        }
    }

    private void upgradeEntitlementIndexes() throws UpgradeException {
        Connection connection = null;
        Connection connection2 = null;
        try {
            try {
                connection = getConnection();
                connection2 = getConnection();
                ConnectionEntryReader search = connection.search(LDAPRequests.newSearchRequest(SMSEntry.getRootSuffix(), SearchScope.WHOLE_SUBTREE, ENTITLEMENT_INDEX_FILTER, new String[]{SUN_KEY_VALUE, SUN_XML_KEY_VALUE}));
                int i = 0;
                long currentTimeMillis = Time.currentTimeMillis();
                while (search.hasNext()) {
                    if (search.isEntry()) {
                        if (Time.currentTimeMillis() - currentTimeMillis > 3000) {
                            UpgradeProgress.reportEnd("upgrade.entitlement.privilege", Integer.valueOf(i), Integer.valueOf(this.policyRuleCount));
                            currentTimeMillis = Time.currentTimeMillis();
                        }
                        SearchResultEntry readEntry = search.readEntry();
                        Set<String> processEntry = processEntry(readEntry);
                        ModifyRequest newModifyRequest = LDAPRequests.newModifyRequest(readEntry.getName());
                        newModifyRequest.addModification(ModificationType.REPLACE, SUN_XML_KEY_VALUE, processEntry.toArray());
                        if (DEBUG.messageEnabled()) {
                            DEBUG.message("Upgrading entitlements index for: " + readEntry.getName());
                        }
                        connection2.modify(newModifyRequest);
                        i++;
                    } else {
                        search.readReference();
                    }
                }
                UpgradeProgress.reportEnd("upgrade.entitlement.privilege", Integer.valueOf(this.policyRuleCount), Integer.valueOf(this.policyRuleCount));
                IOUtils.closeIfNotNull(connection);
                IOUtils.closeIfNotNull(connection2);
            } catch (Exception e) {
                DEBUG.error("An error occurred while upgrading the entitlement indexes", e);
                throw new UpgradeException(e);
            }
        } catch (Throwable th) {
            IOUtils.closeIfNotNull(connection);
            IOUtils.closeIfNotNull(connection2);
            throw th;
        }
    }

    private Set<String> processEntry(SearchResultEntry searchResultEntry) throws Exception {
        Set<String> asSetOfString = searchResultEntry.parseAttribute(SUN_KEY_VALUE).asSetOfString(new String[0]);
        HashSet hashSet = new HashSet(1);
        ISaveIndex iSaveIndex = (ISaveIndex) Class.forName(NEW_SAVE_IMPL).asSubclass(ISaveIndex.class).newInstance();
        for (String str : asSetOfString) {
            if (str.startsWith(SERIALIZABLE_PREFIX)) {
                Iterator<String> it = generatePathIndexes(iSaveIndex, Privilege.getInstance(new JSONObject(str.substring(SERIALIZABLE_PREFIX.length()))).getEntitlement().getResourceNames()).iterator();
                while (it.hasNext()) {
                    hashSet.add(PATH_INDEX_PREFIX + it.next());
                }
            }
        }
        Set<String> asSetOfString2 = searchResultEntry.parseAttribute(SUN_XML_KEY_VALUE).asSetOfString(new String[0]);
        Iterator<String> it2 = asSetOfString2.iterator();
        while (it2.hasNext()) {
            if (it2.next().startsWith(PATH_INDEX_PREFIX)) {
                it2.remove();
            }
        }
        asSetOfString2.addAll(hashSet);
        return asSetOfString2;
    }

    private Set<String> generatePathIndexes(ISaveIndex iSaveIndex, Set<String> set) throws Exception {
        HashSet hashSet = new HashSet(1);
        if (set != null) {
            Iterator<String> it = set.iterator();
            while (it.hasNext()) {
                hashSet.addAll(iSaveIndex.getIndexes(it.next()).getPathIndexes());
            }
        }
        return hashSet;
    }
}
