package com.sun.identity.saml2.plugins;

import com.iplanet.am.util.Debug;
import com.iplanet.am.util.Locale;
import com.iplanet.am.util.SystemProperties;
import com.iplanet.sso.SSOException;
import com.iplanet.sso.SSOToken;
import com.sun.identity.common.DataStoreProvider;
import com.sun.identity.common.DataStoreProviderException;
import com.sun.identity.idm.AMIdentity;
import com.sun.identity.idm.AMIdentityRepository;
import com.sun.identity.idm.IdRepoException;
import com.sun.identity.idm.IdSearchOpModifier;
import com.sun.identity.idm.IdType;
import com.sun.identity.idm.IdUtils;
import com.sun.identity.saml2.common.SAML2Utils;
import com.sun.identity.saml2.install.SAML2SetupConstants;
import com.sun.identity.security.AdminTokenAction;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.HashMap;
import java.util.Map;
import java.util.ResourceBundle;
import java.util.Set;

/* loaded from: input_file:122983-01/SUNWsaml2/reloc/SUNWam/saml2/lib/saml2.jar:com/sun/identity/saml2/plugins/IdRepoDataStoreProvider.class */
public class IdRepoDataStoreProvider implements DataStoreProvider {
    private static SSOToken adminToken;
    private static String defaultOrg;
    private static ResourceBundle bundle = Locale.getInstallResourceBundle("amDataStoreProvider");
    private static Debug debug = Debug.getInstance("amDataStoreProvider");
    private static Map idRepoMap = new HashMap();

    public IdRepoDataStoreProvider() {
        debug.message("IdRepoDataStoreProvider.constructor()");
    }

    @Override // com.sun.identity.common.DataStoreProvider
    public void init(String str) throws DataStoreProviderException {
    }

    @Override // com.sun.identity.common.DataStoreProvider
    public Set getAttribute(String str, String str2) throws DataStoreProviderException {
        if (str == null) {
            throw new DataStoreProviderException(bundle.getString("nullUserId"));
        }
        if (str2 == null) {
            throw new DataStoreProviderException(bundle.getString("nullAttrName"));
        }
        try {
            return IdUtils.getIdentity(adminToken, str).getAttribute(str2);
        } catch (SSOException e) {
            debug.error("IdRepoDataStoreProvider.getAttribute(1): invalid admin SSOtoken", e);
            throw new DataStoreProviderException(e.getMessage());
        } catch (IdRepoException e2) {
            debug.error("IdRepoDataStoreProvider.getAttribute(1): IdRepo exception", e2);
            throw new DataStoreProviderException(e2.getMessage());
        }
    }

    @Override // com.sun.identity.common.DataStoreProvider
    public Map getAttributes(String str, Set set) throws DataStoreProviderException {
        if (str == null) {
            throw new DataStoreProviderException(bundle.getString("nullUserId"));
        }
        if (set == null) {
            throw new DataStoreProviderException(bundle.getString("nullAttrSet"));
        }
        try {
            return IdUtils.getIdentity(adminToken, str).getAttributes(set);
        } catch (SSOException e) {
            debug.error("IdRepoDataStoreProvider.getAttribute(2): invalid admin SSOtoken", e);
            throw new DataStoreProviderException(e.getMessage());
        } catch (IdRepoException e2) {
            debug.error("IdRepoDataStoreProvider.getAttribute(2): IdRepo exception", e2);
            throw new DataStoreProviderException(e2.getMessage());
        }
    }

    @Override // com.sun.identity.common.DataStoreProvider
    public void setAttributes(String str, Map map) throws DataStoreProviderException {
        if (str == null) {
            throw new DataStoreProviderException(bundle.getString("nullUserId"));
        }
        if (map == null) {
            throw new DataStoreProviderException(bundle.getString("nullAttrMap"));
        }
        try {
            AMIdentity identity = IdUtils.getIdentity(adminToken, str);
            identity.setAttributes(map);
            identity.store();
        } catch (SSOException e) {
            debug.error("IdRepoDataStoreProvider.setAttribute(): invalid admin SSOtoken", e);
            throw new DataStoreProviderException(e.getMessage());
        } catch (IdRepoException e2) {
            debug.error("IdRepoDataStoreProvider.setAttribute(): IdRepo exception", e2);
            throw new DataStoreProviderException(e2.getMessage());
        }
    }

    @Override // com.sun.identity.common.DataStoreProvider
    public String getUserID(String str, Map map, Map map2) throws DataStoreProviderException {
        if (str == null) {
            str = defaultOrg;
        }
        if (map == null || map.size() == 0) {
            throw new DataStoreProviderException(bundle.getString("nullAvPair"));
        }
        try {
            Set searchResults = getAMIdentityRepository(str).searchIdentities(IdType.USER, "*", SAML2Utils.getIdSearchControl(map, IdSearchOpModifier.AND)).getSearchResults();
            if (searchResults == null || searchResults.isEmpty()) {
                debug.message("IdRepoDataStoreProvider.getUserID : user not found");
                return null;
            }
            if (searchResults.size() > 1) {
                debug.message("IdRepoDataStoreProvider.getUserID : multiple match");
                throw new DataStoreProviderException(bundle.getString("multipleMatches"));
            }
            AMIdentity aMIdentity = (AMIdentity) searchResults.iterator().next();
            if (debug.messageEnabled()) {
                debug.message(new StringBuffer().append("IdRepoDataStoreProvider.getUserID() Name=: ").append(aMIdentity.getName()).append(" DN=: ").append(aMIdentity.getDN()).append(" univId=: ").append(IdUtils.getUniversalId(aMIdentity)).toString());
            }
            return IdUtils.getUniversalId(aMIdentity);
        } catch (SSOException e) {
            debug.error("IdRepoDataStoreProvider.getUserID() : SSOException", e);
            throw new DataStoreProviderException(e.getMessage());
        } catch (IdRepoException e2) {
            debug.error("IdRepoDataStoreProvider.getUserID(): IdRepoException", e2);
            throw new DataStoreProviderException(e2.getMessage());
        }
    }

    @Override // com.sun.identity.common.DataStoreProvider
    public boolean isUserExists(String str) throws DataStoreProviderException {
        if (str == null) {
            throw new DataStoreProviderException(bundle.getString("nullUserId"));
        }
        try {
            return IdUtils.getIdentity(adminToken, str).isActive();
        } catch (SSOException e) {
            debug.error("IdRepoDataStoreProvider.isUserExists() : SSOException", e);
            throw new DataStoreProviderException(e.getMessage());
        } catch (IdRepoException e2) {
            debug.message("IdRepoDataStoreProvider.isUserExists()", e2);
            return false;
        }
    }

    private synchronized AMIdentityRepository getAMIdentityRepository(String str) throws DataStoreProviderException {
        try {
            AMIdentityRepository aMIdentityRepository = (AMIdentityRepository) idRepoMap.get(str);
            if (aMIdentityRepository == null) {
                aMIdentityRepository = new AMIdentityRepository(adminToken, str);
                idRepoMap.put(str, aMIdentityRepository);
                if (debug.messageEnabled()) {
                    debug.message(new StringBuffer().append("IdRepoDataStoreProvider.getAMIdRepo :  create IdRepo for realm ").append(str).toString());
                }
            }
            return aMIdentityRepository;
        } catch (IdRepoException e) {
            debug.error("IdRepoDataStoreProvider.getAMIdRepo : IdRepoException: ", e);
            throw new DataStoreProviderException(e.getMessage());
        } catch (SSOException e2) {
            debug.error("IdRepoDataStoreProvider.getAMIdRepo : SSOException: ", e2);
            throw new DataStoreProviderException(e2.getMessage());
        }
    }

    static {
        adminToken = null;
        try {
            adminToken = (SSOToken) AccessController.doPrivileged((PrivilegedAction) AdminTokenAction.getInstance());
            defaultOrg = SystemProperties.get(SAML2SetupConstants.PROP_DEFAULT_ORG);
            adminToken.setProperty("Organization", defaultOrg);
        } catch (SSOException e) {
            debug.error("IdRepoDataStoreProvider.static: can't create token", e);
        }
    }
}
