package com.sun.identity.delegation;

import com.iplanet.am.util.Debug;
import com.iplanet.sso.SSOException;
import com.iplanet.sso.SSOToken;
import com.sun.identity.idm.AMIdentity;
import com.sun.identity.idm.IdRepoException;
import com.sun.identity.idm.IdUtils;
import com.sun.identity.sm.DNMapper;
import com.sun.identity.sm.OrganizationConfigManager;
import com.sun.identity.sm.SMSException;
import com.sun.identity.sm.ServiceConfig;
import com.sun.identity.sm.ServiceConfigManager;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;

/* loaded from: input_file:120955-01/SUNWamsdk/reloc/SUNWam/lib/am_services.jar:com/sun/identity/delegation/DelegationUtils.class */
public class DelegationUtils {
    static final Debug debug = DelegationManager.debug;
    static final String REALM_NAME_TAG = "REALM";
    static final String SUBJECTS_IN_LEGACY_MODE = "defaultSubjectInLegacyMode";

    public static void createRealmPrivileges(SSOToken sSOToken, String str) throws SSOException, DelegationException {
        HashSet hashSet = null;
        String orgNameToDN = DNMapper.orgNameToDN(str);
        DelegationManager delegationManager = new DelegationManager(sSOToken, str);
        Set<String> configuredPrivilegeNames = delegationManager.getConfiguredPrivilegeNames();
        if (configuredPrivilegeNames == null || configuredPrivilegeNames.isEmpty()) {
            return;
        }
        if (debug.messageEnabled()) {
            debug.message("DelegationUtils:Getting global privileges");
        }
        for (String str2 : configuredPrivilegeNames) {
            Map attributes = getServiceConfig(null, str2, true).getAttributes();
            if (attributes == null || attributes.isEmpty()) {
                throw new DelegationException(ResBundleUtils.rbName, "get_privilege_attrs_failed", null, null);
            }
            Set set = (Set) attributes.get(SUBJECTS_IN_LEGACY_MODE);
            if (set != null && !set.isEmpty()) {
                Iterator it = set.iterator();
                hashSet = new HashSet();
                while (it.hasNext()) {
                    hashSet.add(swapRealmTag(orgNameToDN, (String) it.next()));
                }
            }
            delegationManager.addPrivilege(new DelegationPrivilege(str2, hashSet, str));
            if (debug.messageEnabled()) {
                debug.message(new StringBuffer().append("added ").append(str2).append(" privilege in realm ").append(str).toString());
            }
        }
    }

    public static void copyRealmPrivilegesFromParent(SSOToken sSOToken, OrganizationConfigManager organizationConfigManager, OrganizationConfigManager organizationConfigManager2) throws SSOException, DelegationException {
        if (debug.messageEnabled()) {
            debug.message(new StringBuffer().append("DelegationUtils.copyRealmPrivilegesFromParent Parent org: ").append(organizationConfigManager.getOrganizationName()).append(" Child org: ").append(organizationConfigManager2.getOrganizationName()).toString());
        }
        DelegationManager delegationManager = new DelegationManager(sSOToken, organizationConfigManager.getOrganizationName());
        DelegationManager delegationManager2 = new DelegationManager(sSOToken, organizationConfigManager2.getOrganizationName());
        String orgNameToDN = DNMapper.orgNameToDN(organizationConfigManager2.getOrganizationName());
        Set<DelegationPrivilege> privileges = delegationManager.getPrivileges();
        if (privileges == null || privileges.isEmpty()) {
            if (debug.messageEnabled()) {
                debug.message("DelegationUtils.copyRealmPrivilegesFromParent: No privilege subjects in parent");
                return;
            }
            return;
        }
        for (DelegationPrivilege delegationPrivilege : privileges) {
            Set subjects = delegationPrivilege.getSubjects();
            if (subjects != null && !subjects.isEmpty()) {
                HashSet hashSet = new HashSet();
                Iterator it = subjects.iterator();
                while (it.hasNext()) {
                    try {
                        AMIdentity identity = IdUtils.getIdentity(sSOToken, (String) it.next());
                        hashSet.add(IdUtils.getUniversalId(new AMIdentity(sSOToken, identity.getName(), identity.getType(), orgNameToDN, identity.getDN())));
                    } catch (IdRepoException e) {
                        if (debug.messageEnabled()) {
                            debug.message(new StringBuffer().append("DelegationUtils.copyRealmPrivilegesFromParent: IdRepoException for: ").append(delegationPrivilege).toString(), e);
                        }
                    }
                }
                delegationPrivilege.setSubjects(hashSet);
                delegationPrivilege.setOrganizationName(new StringBuffer().append("*").append(orgNameToDN).toString());
                delegationManager2.addPrivilege(delegationPrivilege);
                if (debug.messageEnabled()) {
                    debug.message(new StringBuffer().append("DelegationUtils.copyRealmPrivilegesFromParent: Privilege copied from parent: ").append(delegationPrivilege).toString());
                }
            } else if (debug.messageEnabled()) {
                debug.message(new StringBuffer().append("DelegationUtils.copyRealmPrivilegesFromParent: No subjects in privilege: ").append(delegationPrivilege).toString());
            }
        }
    }

    public static void deleteRealmPrivileges(SSOToken sSOToken, String str) throws SSOException, DelegationException {
        DelegationManager delegationManager = new DelegationManager(sSOToken, str);
        Set privileges = delegationManager.getPrivileges();
        if (privileges == null || privileges.isEmpty()) {
            return;
        }
        Iterator it = privileges.iterator();
        while (it.hasNext()) {
            String name = ((DelegationPrivilege) it.next()).getName();
            delegationManager.removePrivilege(name);
            if (debug.messageEnabled()) {
                debug.message(new StringBuffer().append("removed ").append(name).append(" privilege from realm ").append(str).toString());
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static ServiceConfig getServiceConfig(String str, String str2, boolean z) throws SSOException, DelegationException {
        try {
            ServiceConfigManager serviceConfigManager = new ServiceConfigManager(DelegationManager.DELEGATION_SERVICE, DelegationManager.getAdminToken());
            ServiceConfig globalConfig = z ? serviceConfigManager.getGlobalConfig(null) : serviceConfigManager.getOrganizationConfig(str, null);
            if (globalConfig == null) {
                throw new DelegationException(ResBundleUtils.rbName, "get_perms_config_failed", null, null);
            }
            try {
                try {
                    return globalConfig.getSubConfig("Permissions").getSubConfig(str2);
                } catch (SMSException e) {
                    throw new DelegationException(ResBundleUtils.rbName, "get_privilege_config_failed", null, e);
                }
            } catch (SMSException e2) {
                throw new DelegationException(ResBundleUtils.rbName, "get_perms_config_failed", null, e2);
            }
        } catch (SMSException e3) {
            throw new DelegationException(ResBundleUtils.rbName, "get_org_config_failed", null, e3);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String swapRealmTag(String str, String str2) {
        int length = REALM_NAME_TAG.length();
        int indexOf = str2.indexOf(REALM_NAME_TAG);
        while (true) {
            int i = indexOf;
            if (i < 0) {
                return str2;
            }
            String substring = str2.substring(0, i);
            str2 = new StringBuffer().append(substring).append(str).append(str2.substring(i + length)).toString();
            indexOf = str2.indexOf(REALM_NAME_TAG);
        }
    }
}
