package com.sun.identity.cli.datastore;

import com.iplanet.am.util.SystemProperties;
import com.iplanet.services.util.Crypt;
import com.iplanet.sso.SSOException;
import com.iplanet.sso.SSOToken;
import com.sun.identity.cli.AuthenticatedCommand;
import com.sun.identity.cli.CLIConstants;
import com.sun.identity.cli.CLIException;
import com.sun.identity.cli.CLIUtil;
import com.sun.identity.cli.CommandManager;
import com.sun.identity.cli.IOutput;
import com.sun.identity.cli.RequestContext;
import com.sun.identity.common.DNUtils;
import com.sun.identity.common.configuration.ServerConfigXML;
import com.sun.identity.common.configuration.ServerConfiguration;
import com.sun.identity.idm.AMIdentity;
import com.sun.identity.idm.IdUtils;
import com.sun.identity.policy.PolicyManager;
import com.sun.identity.policy.PolicyUtils;
import com.sun.identity.sm.SMSEntry;
import com.sun.identity.sm.SMSException;
import com.sun.identity.sm.SMSSchema;
import com.sun.identity.sm.ServiceManager;
import com.sun.identity.sm.ServiceSchema;
import com.sun.identity.sm.ServiceSchemaManager;
import java.io.ByteArrayInputStream;
import java.io.DataInputStream;
import java.io.IOException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.concurrent.TimeUnit;
import java.util.logging.Level;
import org.forgerock.openam.ldap.LDAPRequests;
import org.forgerock.openam.ldap.LDAPUtils;
import org.forgerock.openam.ldap.LdifUtils;
import org.forgerock.opendj.ldap.Connection;
import org.forgerock.opendj.ldap.ConnectionFactory;
import org.forgerock.opendj.ldap.LDAPConnectionFactory;
import org.forgerock.opendj.ldap.SSLContextBuilder;
import org.forgerock.util.Options;
import org.forgerock.util.time.Duration;

/* loaded from: input_file:com/sun/identity/cli/datastore/AddAMSDKIdRepoPlugin.class */
public class AddAMSDKIdRepoPlugin extends AuthenticatedCommand {
    private static final String[] params = {"add-amsdk-idrepo-plugin"};
    private List directoryServers;
    private String bindDN;
    private String bindPwd;
    private String basedn;
    private String dUserPwd;
    private String pUserPwd;
    private String namingAttr = "uid";
    private String orgAttr = "o";

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/sun/identity/cli/datastore/AddAMSDKIdRepoPlugin$DSEntry.class */
    public class DSEntry {
        boolean ssl;
        String host;
        int port;

        DSEntry(String str) {
            String lowerCase = str.toLowerCase();
            this.ssl = lowerCase.startsWith("ldaps://");
            String substring = this.ssl ? str.substring(8) : lowerCase.startsWith("ldap://") ? str.substring(7) : str;
            int indexOf = substring.indexOf(58);
            this.host = substring;
            this.port = 389;
            if (indexOf != -1) {
                this.host = substring.substring(0, indexOf);
                this.port = Integer.parseInt(substring.substring(indexOf + 1));
            }
        }
    }

    private void init(RequestContext requestContext) throws Exception {
        this.directoryServers = requestContext.getOption("directory-servers");
        this.basedn = getStringOptionValue("basedn").trim();
        this.bindDN = getStringOptionValue("binddn").trim();
        this.bindPwd = CLIUtil.getFileContent(getCommandManager(), getStringOptionValue("bind-password-file"), true);
        this.dUserPwd = CLIUtil.getFileContent(getCommandManager(), getStringOptionValue("dsame-password-file"), true);
        this.pUserPwd = CLIUtil.getFileContent(getCommandManager(), getStringOptionValue("puser-password-file"), true);
        String stringOptionValue = getStringOptionValue("user");
        if (stringOptionValue != null && stringOptionValue.trim().length() > 0) {
            this.namingAttr = stringOptionValue.trim();
        }
        String stringOptionValue2 = getStringOptionValue("org");
        if (stringOptionValue2 == null || stringOptionValue2.trim().length() <= 0) {
            return;
        }
        this.orgAttr = stringOptionValue2.trim();
    }

    @Override // com.sun.identity.cli.AuthenticatedCommand, com.sun.identity.cli.CLICommandBase, com.sun.identity.cli.CLICommand
    public void handleRequest(RequestContext requestContext) throws CLIException {
        super.handleRequest(requestContext);
        ldapLogin();
        IOutput outputWriter = getOutputWriter();
        try {
            init(requestContext);
            writeLog(0, Level.INFO, "ATTEMPT_ADD_AMSDK_PLUGIN", params);
            loadLDIFs();
            String loadDAIService = loadDAIService();
            addAMSDKSubSchema(loadDAIService);
            loadDelegrationPolicies(loadDAIService);
            updateServerConfigXML();
            updateDSAMEUserPassword();
            outputWriter.printlnMessage(params[0] + ": " + getResourceString("datastore-add-amsdk-idrepo-plugin-succeeded"));
            writeLog(0, Level.INFO, "SUCCEED_ADD_AMSDK_PLUGIN", params);
        } catch (Exception e) {
            writeLog(1, Level.INFO, "FAILED_ADD_AMSDK_PLUGIN", "Adding AMSDK plugin", e.getMessage());
            outputWriter.printlnMessage(params[0] + ": " + getResourceString("datastore-add-amsdk-idrepo-plugin-failed") + ": " + e.getMessage());
        }
    }

    private String loadDAIService() throws SMSException, SSOException, CLIException, IOException {
        SSOToken adminSSOToken = getAdminSSOToken();
        String str = null;
        if (!new ServiceManager(adminSSOToken).getServiceNames().contains("DAI")) {
            str = getResourceContent("ums.xml").replaceAll("@USER_NAMING_ATTR@", this.namingAttr).replaceAll("@ORG_NAMING_ATTR@", this.orgAttr);
            registerService(str, adminSSOToken);
        }
        return str;
    }

    private void addAMSDKSubSchema(String str) throws SMSException, SSOException, CLIException {
        ServiceSchema organizationSchema = new ServiceSchemaManager(getAdminSSOToken(), "sunIdentityRepositoryService", "1.0").getOrganizationSchema();
        if (organizationSchema.getSubSchemaNames().contains("amSDK")) {
            return;
        }
        organizationSchema.addSubSchema(new ByteArrayInputStream(getResourceContent("idRepoAmSDK.xml").replaceAll("@NORMALIZED_ORGBASE@", DNUtils.normalizeDN(this.basedn)).getBytes()));
    }

    private void loadDelegrationPolicies(String str) {
        SSOToken adminSSOToken = getAdminSSOToken();
        IOutput outputWriter = getOutputWriter();
        try {
            String resourceContent = getResourceContent("defaultDelegationPoliciesForAmSDK.xml");
            String baseDN = ServiceManager.getBaseDN();
            PolicyUtils.createPolicies(new PolicyManager(adminSSOToken, "/sunamhiddenrealmdelegationservicepermissions"), new ByteArrayInputStream(resourceContent.replaceAll("@SM_CONFIG_ROOT_SUFFIX@", baseDN).replaceAll("@SM_ROOT_SUFFIX_HAT@", baseDN.replaceAll(",", "^")).replaceAll("@ROOT_SUFFIX@", DNUtils.normalizeDN(this.basedn)).getBytes()));
        } catch (Exception e) {
            outputWriter.printlnMessage(params[0] + ": " + getResourceString("datastore-add-amsdk-idrepo-plugin-policies-failed") + ": " + e.getMessage());
        }
    }

    private void updateServerConfigXML() throws Exception {
        SSOToken adminSSOToken = getAdminSSOToken();
        Set<String> servers = ServerConfiguration.getServers(adminSSOToken);
        HashMap hashMap = new HashMap();
        hashMap.put("com.sun.am.event.connection.disable.list", "");
        for (String str : servers) {
            ServerConfigXML serverConfigXML = new ServerConfigXML(ServerConfiguration.getServerConfigXML(adminSSOToken, str));
            ServerConfigXML.ServerGroup defaultServerGroup = serverConfigXML.getDefaultServerGroup();
            if (this.directoryServers != null && !this.directoryServers.isEmpty()) {
                defaultServerGroup.hosts.clear();
                int i = 1;
                for (String str2 : this.directoryServers) {
                    String str3 = "SERVER" + i;
                    DSEntry dSEntry = new DSEntry(str2);
                    defaultServerGroup.addHost(str3, dSEntry.host, Integer.toString(dSEntry.port), dSEntry.ssl ? "SSL" : "SIMPLE");
                    i++;
                }
            }
            defaultServerGroup.dsBaseDN = this.basedn;
            for (ServerConfigXML.DirUserObject dirUserObject : defaultServerGroup.dsUsers) {
                if (dirUserObject.type.equals("proxy")) {
                    dirUserObject.dn = "cn=puser,ou=DSAME Users," + this.basedn;
                    dirUserObject.password = Crypt.encode(this.pUserPwd);
                } else if (dirUserObject.type.equals("admin")) {
                    dirUserObject.dn = "cn=dsameuser,ou=DSAME Users," + this.basedn;
                    dirUserObject.password = Crypt.encode(this.dUserPwd);
                }
            }
            ServerConfiguration.setServerConfigXML(adminSSOToken, str, serverConfigXML.toXML());
            ServerConfiguration.setServerInstance(adminSSOToken, str, hashMap);
        }
    }

    private void updateDSAMEUserPassword() throws Exception {
        AMIdentity identity = IdUtils.getIdentity(this.ssoToken, "cn=dsameuser,ou=DSAME Users," + SMSEntry.getRootSuffix());
        HashSet hashSet = new HashSet(2);
        hashSet.add(this.dUserPwd);
        HashMap hashMap = new HashMap(2);
        hashMap.put(CLIConstants.ATTR_SCHEMA_AGENT_PWD, hashSet);
        identity.setAttributes(hashMap);
        identity.store();
    }

    private String getResourceContent(String str) throws CLIException {
        return CLIUtil.getFileContent(getCommandManager(), SystemProperties.get("com.iplanet.services.configpath") + "/template/xml/" + str);
    }

    private void registerService(String str, SSOToken sSOToken) throws SSOException, SMSException, IOException {
        ServiceManager serviceManager = new ServiceManager(sSOToken);
        ByteArrayInputStream byteArrayInputStream = null;
        try {
            byteArrayInputStream = new ByteArrayInputStream(str.getBytes());
            serviceManager.registerServices(byteArrayInputStream);
            if (byteArrayInputStream != null) {
                byteArrayInputStream.close();
            }
        } catch (Throwable th) {
            if (byteArrayInputStream != null) {
                byteArrayInputStream.close();
            }
            throw th;
        }
    }

    private void loadLDIFs() throws Exception {
        CommandManager commandManager = getCommandManager();
        List lDIFs = getLDIFs();
        Iterator it = this.directoryServers.iterator();
        while (it.hasNext()) {
            ConnectionFactory lDAPConnection = getLDAPConnection(new DSEntry((String) it.next()));
            Throwable th = null;
            try {
                try {
                    Connection connection = lDAPConnection.getConnection();
                    Throwable th2 = null;
                    try {
                        try {
                            String dBName = LDAPUtils.getDBName(this.basedn, connection);
                            Iterator it2 = lDIFs.iterator();
                            while (it2.hasNext()) {
                                loadLDIF(connection, tagswap(CLIUtil.getFileContent(commandManager, (String) it2.next()), dBName));
                            }
                            if (connection != null) {
                                if (0 != 0) {
                                    try {
                                        connection.close();
                                    } catch (Throwable th3) {
                                        th2.addSuppressed(th3);
                                    }
                                } else {
                                    connection.close();
                                }
                            }
                            if (lDAPConnection != null) {
                                if (0 != 0) {
                                    try {
                                        lDAPConnection.close();
                                    } catch (Throwable th4) {
                                        th.addSuppressed(th4);
                                    }
                                } else {
                                    lDAPConnection.close();
                                }
                            }
                        } finally {
                        }
                    } finally {
                    }
                } finally {
                }
            } catch (Throwable th5) {
                if (lDAPConnection != null) {
                    if (th != null) {
                        try {
                            lDAPConnection.close();
                        } catch (Throwable th6) {
                            th.addSuppressed(th6);
                        }
                    } else {
                        lDAPConnection.close();
                    }
                }
                throw th5;
            }
        }
    }

    private void loadLDIF(Connection connection, String str) throws Exception {
        ByteArrayInputStream byteArrayInputStream = null;
        try {
            byteArrayInputStream = new ByteArrayInputStream(str.getBytes());
            LdifUtils.createSchemaFromLDIF(new DataInputStream(byteArrayInputStream), connection);
            if (byteArrayInputStream != null) {
                byteArrayInputStream.close();
            }
        } catch (Throwable th) {
            if (byteArrayInputStream != null) {
                byteArrayInputStream.close();
            }
            throw th;
        }
    }

    private List getLDIFs() {
        ArrayList arrayList = new ArrayList();
        String str = SystemProperties.get("com.iplanet.services.configpath") + "/ldif";
        arrayList.add(str + "/odsee/amsdk_plugin/amsdk_sunone_schema2.ldif");
        arrayList.add(str + "/odsee/odsee_user_schema.ldif");
        arrayList.add(str + "/odsee/odsee_plugin/amsdk_init_template.ldif");
        arrayList.add(str + "/odsee/odsee_user_index.ldif");
        return arrayList;
    }

    private String tagswap(String str, String str2) throws Exception {
        String normalizeDN = LDAPUtils.normalizeDN(this.basedn);
        return str.replaceAll("@DB_NAME@", str2).replaceAll("@NORMALIZED_RS@", SMSSchema.escapeSpecialCharacters(normalizeDN)).replaceAll("@RS_RDN@", LDAPUtils.escapeValue(LDAPUtils.rdnValueFromDn(normalizeDN))).replaceAll("@ADMIN_PWD@", this.dUserPwd).replaceAll("@SERVER_HOST@", SystemProperties.get("com.iplanet.am.server.host")).replaceAll("@ORG_NAMING_ATTR@", this.orgAttr).replaceAll("@ORG_OBJECT_CLASS@", "sunmanagedisorganization").replaceAll("@People_NM_ORG_ROOT_SUFFIX@", "People_" + this.basedn.replace(',', '_')).replaceAll("@AMLDAPUSERPASSWD@", this.pUserPwd);
    }

    private ConnectionFactory getLDAPConnection(DSEntry dSEntry) throws Exception {
        Options options = Options.defaultOptions().set(LDAPConnectionFactory.CONNECT_TIMEOUT, new Duration(300L, TimeUnit.SECONDS)).set(LDAPConnectionFactory.AUTHN_BIND_REQUEST, LDAPRequests.newSimpleBindRequest(this.bindDN, this.bindPwd.toCharArray()));
        if (dSEntry.ssl) {
            options = options.set(LDAPConnectionFactory.SSL_CONTEXT, new SSLContextBuilder().getSSLContext());
        }
        return new LDAPConnectionFactory(dSEntry.host, dSEntry.port, options);
    }
}
