package org.forgerock.openam.upgrade.steps;

import com.iplanet.sso.SSOToken;
import com.sun.identity.shared.datastruct.CollectionHelper;
import com.sun.identity.sm.OrganizationConfigManager;
import com.sun.identity.sm.ServiceConfig;
import com.sun.identity.sm.ServiceConfigManager;
import java.security.PrivilegedAction;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import javax.inject.Inject;
import org.forgerock.openam.sm.datalayer.api.ConnectionFactory;
import org.forgerock.openam.sm.datalayer.api.ConnectionType;
import org.forgerock.openam.sm.datalayer.api.DataLayer;
import org.forgerock.openam.upgrade.UpgradeException;
import org.forgerock.openam.upgrade.UpgradeProgress;
import org.forgerock.openam.upgrade.UpgradeServices;
import org.forgerock.openam.upgrade.UpgradeStepInfo;
import org.forgerock.openam.utils.CollectionUtils;
import org.forgerock.opendj.ldap.Filter;

@UpgradeStepInfo(dependsOn = {"org.forgerock.openam.upgrade.steps.UpgradeServiceSchemaStep"})
/* loaded from: input_file:org/forgerock/openam/upgrade/steps/UpgradeIdRepoSubConfigs.class */
public class UpgradeIdRepoSubConfigs extends AbstractUpgradeStep {
    private static final String REPO_DATA = "%REPO_DATA%";
    private static final String OLD_IDREPO_CLASS = "com.sun.identity.idm.plugins.ldapv3.LDAPv3Repo";
    private static final String NEW_IDREPO_CLASS = "org.forgerock.openam.idrepo.ldap.DJLDAPv3Repo";
    private static final String PSEARCH_FILTER = "sun-idrepo-ldapv3-config-psearch-filter";
    private static final String OLD_CONNECTION_MODE = "sun-idrepo-ldapv3-config-ssl-enabled";
    private static final String NEW_CONNECTION_MODE = "sun-idrepo-ldapv3-config-connection-mode";
    private final Map<String, Set<String>> repos;
    private final Map<String, Map<String, String>> oldConnectionModeRepos;

    @Inject
    public UpgradeIdRepoSubConfigs(PrivilegedAction<SSOToken> privilegedAction, @DataLayer(ConnectionType.DATA_LAYER) ConnectionFactory connectionFactory) {
        super(privilegedAction, connectionFactory);
        this.repos = new HashMap();
        this.oldConnectionModeRepos = new HashMap();
    }

    @Override // org.forgerock.openam.upgrade.steps.UpgradeStep
    public boolean isApplicable() {
        return !this.repos.isEmpty();
    }

    @Override // org.forgerock.openam.upgrade.steps.UpgradeStep
    public void initialize() throws UpgradeException {
        Set<String> subConfigNames;
        try {
            for (String str : getRealmNames()) {
                ServiceConfig organizationConfig = new ServiceConfigManager("sunIdentityRepositoryService", getAdminToken()).getOrganizationConfig(str, (String) null);
                if (organizationConfig != null && (subConfigNames = organizationConfig.getSubConfigNames("*", "LDAPv3*")) != null) {
                    if (DEBUG.messageEnabled()) {
                        DEBUG.message("IdRepo configurations found under realm: " + str + " : " + subConfigNames);
                    }
                    for (String str2 : subConfigNames) {
                        ServiceConfig subConfig = organizationConfig.getSubConfig(str2);
                        if (subConfig != null) {
                            Map<String, Set<String>> attributes = subConfig.getAttributes();
                            String mapAttr = CollectionHelper.getMapAttr(attributes, "sunIdRepoClass");
                            String modifiedConnectionMode = getModifiedConnectionMode(attributes);
                            if (OLD_IDREPO_CLASS.equals(mapAttr) || getModifiedFilter(attributes) != null || modifiedConnectionMode != null) {
                                if (DEBUG.messageEnabled()) {
                                    DEBUG.message("Discovered IdRepo: " + str2 + " in realm: " + str);
                                }
                                Set<String> set = this.repos.get(str);
                                if (set == null) {
                                    set = new HashSet();
                                }
                                set.add(str2);
                                this.repos.put(str, set);
                                if (modifiedConnectionMode != null) {
                                    Map<String, String> map = this.oldConnectionModeRepos.get(str);
                                    if (map == null) {
                                        map = new HashMap();
                                    }
                                    if (map.get(str2) == null) {
                                        map.put(str2, modifiedConnectionMode);
                                        this.oldConnectionModeRepos.put(str, map);
                                    }
                                }
                            }
                        }
                    }
                }
            }
        } catch (Exception e) {
            DEBUG.error("Unable to identify old datastore configurations", e);
            throw new UpgradeException("An error occured while trying to identify old datastore configurations");
        }
    }

    @Override // org.forgerock.openam.upgrade.steps.UpgradeStep
    public void perform() throws UpgradeException {
        for (Map.Entry<String, Set<String>> entry : this.repos.entrySet()) {
            try {
                String key = entry.getKey();
                OrganizationConfigManager organizationConfigManager = new OrganizationConfigManager(getAdminToken(), key);
                for (String str : entry.getValue()) {
                    UpgradeProgress.reportStart("upgrade.data.store.start", str);
                    HashMap hashMap = new HashMap(2);
                    ServiceConfig subConfig = organizationConfigManager.getServiceConfig("sunIdentityRepositoryService").getSubConfig(str);
                    Map<String, Set<String>> attributes = subConfig.getAttributes();
                    if (OLD_IDREPO_CLASS.equals(CollectionHelper.getMapAttr(attributes, "sunIdRepoClass"))) {
                        hashMap.put("sunIdRepoClass", CollectionUtils.asSet(new String[]{NEW_IDREPO_CLASS}));
                    }
                    String modifiedFilter = getModifiedFilter(attributes);
                    if (modifiedFilter != null) {
                        if (DEBUG.messageEnabled()) {
                            DEBUG.message("Upgrading psearch filter for datastore: " + str + " to: " + modifiedFilter);
                        }
                        hashMap.put(PSEARCH_FILTER, CollectionUtils.asSet(new String[]{modifiedFilter}));
                    }
                    Map<String, String> map = this.oldConnectionModeRepos.get(key);
                    String str2 = map == null ? null : map.get(str);
                    if (str2 != null) {
                        if (DEBUG.messageEnabled()) {
                            DEBUG.message("Upgrading connection mode for datastore: " + str + " to: " + str2);
                        }
                        hashMap.put(NEW_CONNECTION_MODE, CollectionUtils.asSet(new String[]{str2}));
                        subConfig.removeAttribute(OLD_CONNECTION_MODE);
                    }
                    subConfig.setAttributes(hashMap);
                    UpgradeProgress.reportEnd("upgrade.success", new Object[0]);
                }
            } catch (Exception e) {
                UpgradeProgress.reportEnd("upgrade.failed", new Object[0]);
                DEBUG.error("An error occurred while upgrading service config ", e);
                throw new UpgradeException("Unable to upgrade IdRepo configuration");
            }
        }
    }

    private String getModifiedFilter(Map<String, Set<String>> map) {
        String mapAttr = CollectionHelper.getMapAttr(map, PSEARCH_FILTER, "");
        if (!mapAttr.contains("(!(ou:dn:=services))") || mapAttr.contains("(!(ou:dn:=tokens))")) {
            return null;
        }
        return Filter.and(new Filter[]{Filter.valueOf(mapAttr), Filter.not(Filter.extensible((String) null, "ou", "tokens", true))}).toString();
    }

    private String getModifiedConnectionMode(Map<String, Set<String>> map) {
        String mapAttr = CollectionHelper.getMapAttr(map, OLD_CONNECTION_MODE);
        if (mapAttr != null) {
            return Boolean.parseBoolean(mapAttr) ? "LDAPS" : "LDAP";
        }
        return null;
    }

    @Override // org.forgerock.openam.upgrade.steps.UpgradeStep
    public String getShortReport(String str) {
        int i = 0;
        Iterator<Set<String>> it = this.repos.values().iterator();
        while (it.hasNext()) {
            i += it.next().size();
        }
        return BUNDLE.getString("upgrade.data.store") + " (" + i + ')' + str;
    }

    @Override // org.forgerock.openam.upgrade.steps.UpgradeStep
    public String getDetailedReport(String str) {
        HashMap hashMap = new HashMap();
        hashMap.put(UpgradeServices.LF, str);
        StringBuilder sb = new StringBuilder();
        for (Map.Entry<String, Set<String>> entry : this.repos.entrySet()) {
            sb.append(BUNDLE.getString("upgrade.realm")).append(": ").append(entry.getKey()).append(str);
            for (String str2 : entry.getValue()) {
                sb.append("\t").append(str2.substring(str2.lastIndexOf(47) + 1)).append(str);
            }
            sb.append(str);
        }
        hashMap.put(REPO_DATA, sb.toString());
        return UpgradeServices.tagSwapReport(hashMap, "upgrade.idreporeport");
    }
}
