package com.iplanet.am.sdk;

import com.iplanet.am.sdk.common.IDirectoryServices;
import com.iplanet.am.util.AdminUtils;
import com.iplanet.services.ldap.DSConfigMgr;
import com.iplanet.services.ldap.LDAPServiceException;
import com.iplanet.services.ldap.LDAPUser;
import com.iplanet.services.ldap.Server;
import com.iplanet.services.ldap.ServerInstance;
import com.iplanet.sso.SSOException;
import com.iplanet.sso.SSOToken;
import com.sun.identity.authentication.modules.ldap.LDAPAuthUtils;
import com.sun.identity.authentication.modules.ldap.LDAPUtilException;
import com.sun.identity.authentication.spi.AuthLoginException;
import com.sun.identity.authentication.spi.InvalidPasswordException;
import com.sun.identity.authentication.util.ISAuthConstants;
import com.sun.identity.idm.IdOperation;
import com.sun.identity.idm.IdRepo;
import com.sun.identity.idm.IdRepoBundle;
import com.sun.identity.idm.IdRepoException;
import com.sun.identity.idm.IdRepoListener;
import com.sun.identity.idm.IdRepoUnsupportedOpException;
import com.sun.identity.idm.IdType;
import com.sun.identity.idm.IdUtils;
import com.sun.identity.idm.RepoSearchResults;
import com.sun.identity.security.AdminTokenAction;
import com.sun.identity.shared.debug.Debug;
import com.sun.identity.shared.locale.AMResourceBundleCache;
import com.sun.identity.shared.locale.Locale;
import com.sun.identity.sm.SMSEntry;
import com.sun.identity.sm.SMSException;
import com.sun.identity.sm.SchemaType;
import com.sun.identity.sm.ServiceSchema;
import com.sun.identity.sm.ServiceSchemaManager;
import java.security.AccessController;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import netscape.ldap.LDAPDN;
import netscape.ldap.LDAPException;
import netscape.ldap.util.DN;

/* loaded from: input_file:com/iplanet/am/sdk/AMSDKRepo.class */
public class AMSDKRepo extends IdRepo {
    private static final String PC_ATTR = "iplanet-am-admin-console-default-pc";
    private static final String AC_ATTR = "iplanet-am-admin-console-default-ac";
    private static final String GC_ATTR = "iplanet-am-admin-console-default-gc";
    private static final String ADMIN_SERVICE = "iPlanetAMAdminConsoleService";
    private static final String CLASS_NAME = "com.iplanet.am.sdk.AMSDKRepo";
    protected static Set listeners = new HashSet();
    private static Debug debug = Debug.getInstance("amsdkRepo");
    private static SSOToken adminToken = null;
    private static AMStoreConnection sc = null;
    private Map supportedOps = new HashMap();
    private IdRepoListener myListener = null;
    private String orgDN = "";
    private boolean dataStoreRecursive = false;
    private String pcDN = null;
    private String agentDN = null;
    protected String amAuthLDAP = ISAuthConstants.LDAP_DEBUG_NAME;

    public AMSDKRepo() {
        loadSupportedOps();
    }

    @Override // com.sun.identity.idm.IdRepo
    public int addListener(SSOToken sSOToken, IdRepoListener idRepoListener) throws IdRepoException, SSOException {
        synchronized (listeners) {
            listeners.add(idRepoListener);
        }
        this.myListener = idRepoListener;
        return 0;
    }

    @Override // com.sun.identity.idm.IdRepo
    public void removeListener() {
        synchronized (listeners) {
            listeners.remove(this.myListener);
        }
    }

    @Override // com.sun.identity.idm.IdRepo
    public String create(SSOToken sSOToken, IdType idType, String str, Map map) throws IdRepoException, SSOException {
        if (debug.messageEnabled()) {
            debug.message(new StringBuffer().append("AMSDKIdRepo: Create called on ").append(idType).append(": ").append(str).toString());
        }
        String str2 = null;
        AMStoreConnection aMStoreConnection = sc == null ? new AMStoreConnection(sSOToken) : sc;
        try {
            if (aMStoreConnection.getAMObjectType(this.orgDN) != 2) {
                debug.error(new StringBuffer().append("AMSDKRepo.create(): Incorrectly configured  plugin: Org DN is wrong = ").append(this.orgDN).toString());
                throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, "303", null);
            }
            AMOrganization organization = aMStoreConnection.getOrganization(this.orgDN);
            HashMap hashMap = new HashMap();
            hashMap.put(str, map);
            try {
                if (idType.equals(IdType.USER)) {
                    str2 = ((AMEntity) organization.createEntities(1, hashMap).iterator().next()).getDN();
                } else if (idType.equals(IdType.AGENT)) {
                    str2 = ((AMEntity) organization.createEntities(100, hashMap).iterator().next()).getDN();
                } else if (idType.equals(IdType.GROUP)) {
                    str2 = ((AMStaticGroup) aMStoreConnection.getGroupContainer(new StringBuffer().append(AMNamingAttrManager.getNamingAttr(4)).append("=").append(getDefaultGroupContainerName()).append(",").append(this.orgDN).toString()).createStaticGroups(hashMap).iterator().next()).getDN();
                } else if (idType.equals(IdType.ROLE)) {
                    str2 = ((AMRole) organization.createRoles(hashMap).iterator().next()).getDN();
                } else if (idType.equals(IdType.FILTEREDROLE)) {
                    str2 = ((AMFilteredRole) organization.createFilteredRoles(hashMap).iterator().next()).getDN();
                }
                return str2;
            } catch (AMException e) {
                debug.warning("AMSDKRepo.create(): Caught AMException..", e);
                throw IdUtils.convertAMException(e);
            }
        } catch (AMException e2) {
            debug.error("AMSDKRepo.create(): An exception occured while  initializing AM SDK ", e2);
            IdRepoException idRepoException = new IdRepoException(IdRepoBundle.BUNDLE_NAME, "304", new Object[]{"com.iplanet.am.sdk.AMSDKRepo", IdOperation.CREATE.getName()});
            idRepoException.setLDAPErrorCode(e2.getLDAPErrorCode());
            throw idRepoException;
        }
    }

    @Override // com.sun.identity.idm.IdRepo
    public void delete(SSOToken sSOToken, IdType idType, String str) throws IdRepoException, SSOException {
        if (debug.messageEnabled()) {
            debug.message(new StringBuffer().append("AMSDKIdRepo: Delete called on ").append(idType).append(": ").append(str).toString());
        }
        AMOrganization checkAndGetOrg = checkAndGetOrg(sSOToken);
        HashSet hashSet = new HashSet();
        try {
            hashSet.add(getDN(idType, str));
            if (idType.equals(IdType.USER)) {
                checkAndGetOrg.deleteUsers(hashSet);
            } else if (idType.equals(IdType.AGENT)) {
                checkAndGetOrg.deleteEntities(100, hashSet);
            } else if (idType.equals(IdType.GROUP)) {
                checkAndGetOrg.deleteStaticGroups(hashSet);
            } else if (idType.equals(IdType.ROLE)) {
                checkAndGetOrg.deleteRoles(hashSet);
            } else if (idType.equals(IdType.FILTEREDROLE)) {
                checkAndGetOrg.deleteFilteredRoles(hashSet);
            }
        } catch (AMException e) {
            debug.error("AMSDKRepo.delete(): Caught AMException...", e);
            throw IdUtils.convertAMException(e);
        }
    }

    @Override // com.sun.identity.idm.IdRepo
    public Map getAttributes(SSOToken sSOToken, IdType idType, String str, Set set) throws IdRepoException, SSOException {
        AMStoreConnection aMStoreConnection = sc == null ? new AMStoreConnection(sSOToken) : sc;
        String dn = getDN(idType, str);
        int profileType = getProfileType(idType);
        if (debug.messageEnabled()) {
            debug.message(new StringBuffer().append("AMSDKIdRepo: getAttributes called: ").append(idType).append(": ").append(str).append(" DN: '").append(dn).append("'").toString());
        }
        if (adminToken != null) {
            sSOToken = adminToken;
        }
        try {
            if (aMStoreConnection.isValidEntry(dn)) {
                return AMDirectoryAccessFactory.getDirectoryServices().getAttributes(sSOToken, dn, set, false, false, profileType);
            }
            throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, "202", new Object[]{str});
        } catch (AMException e) {
            debug.error("AMSDKRepo.getAttributes(): AMException ", e);
            throw IdUtils.convertAMException(e);
        }
    }

    @Override // com.sun.identity.idm.IdRepo
    public Map getAttributes(SSOToken sSOToken, IdType idType, String str) throws IdRepoException, SSOException {
        AMStoreConnection aMStoreConnection = sc == null ? new AMStoreConnection(sSOToken) : sc;
        String dn = getDN(idType, str);
        int profileType = getProfileType(idType);
        if (debug.messageEnabled()) {
            debug.message(new StringBuffer().append("AMSDKIdRepo: getAttributes called: ").append(idType).append(": ").append(str).append(" DN: '").append(dn).append("'").toString());
        }
        if (adminToken != null) {
            sSOToken = adminToken;
        }
        try {
            if (aMStoreConnection.isValidEntry(dn)) {
                return AMDirectoryAccessFactory.getDirectoryServices().getAttributes(sSOToken, dn, false, false, profileType);
            }
            throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, "202", new Object[]{str});
        } catch (AMException e) {
            debug.error("AMSDKRepo.getAttributes(): AMException ", e);
            throw IdUtils.convertAMException(e);
        }
    }

    @Override // com.sun.identity.idm.IdRepo
    public Map getBinaryAttributes(SSOToken sSOToken, IdType idType, String str, Set set) throws IdRepoException, SSOException {
        if (debug.messageEnabled()) {
            debug.message(new StringBuffer().append("AMSDKIdRepo: getBinaryAttributes called: ").append(idType).append(": ").append(str).toString());
        }
        AMStoreConnection aMStoreConnection = sc == null ? new AMStoreConnection(sSOToken) : sc;
        String dn = getDN(idType, str);
        int profileType = getProfileType(idType);
        if (adminToken != null) {
            sSOToken = adminToken;
        }
        try {
            if (aMStoreConnection.isValidEntry(dn)) {
                return AMDirectoryAccessFactory.getDirectoryServices().getAttributesByteValues(sSOToken, dn, set, profileType);
            }
            throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, "202", new Object[]{str});
        } catch (AMException e) {
            debug.error("AMSDKRepo.getBinaryAttributes(): AMException ", e);
            throw IdUtils.convertAMException(e);
        }
    }

    @Override // com.sun.identity.idm.IdRepo
    public Map getConfiguration() {
        return super.getConfiguration();
    }

    @Override // com.sun.identity.idm.IdRepo
    public Set getMembers(SSOToken sSOToken, IdType idType, String str, IdType idType2) throws IdRepoException, SSOException {
        Set userDNs;
        if (debug.messageEnabled()) {
            debug.message(new StringBuffer().append("AMSDKRepo: getMembers called").append(idType).append(": ").append(str).append(": ").append(idType2).toString());
        }
        AMStoreConnection aMStoreConnection = sc == null ? new AMStoreConnection(sSOToken) : sc;
        if (idType.equals(IdType.USER) || idType.equals(IdType.AGENT)) {
            debug.error("AMSDKRepo: Membership operation is not supported  for Users or Agents");
            throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, "203", null);
        }
        if (idType.equals(IdType.GROUP)) {
            String dn = getDN(idType, str);
            AMStaticGroup staticGroup = aMStoreConnection.getStaticGroup(dn);
            if (!idType2.equals(IdType.USER)) {
                debug.error(new StringBuffer().append("AMSDKRepo: Groups do not supported membership for ").append(idType2.getName()).toString());
                throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, "204", new Object[]{"com.iplanet.am.sdk.AMSDKRepo", idType2.getName(), idType.getName()});
            }
            try {
                userDNs = staticGroup.getUserDNs();
            } catch (AMException e) {
                debug.error(new StringBuffer().append("AMSDKRepo: Unable to get user memberships for group").append(dn).toString(), e);
                IdRepoException idRepoException = new IdRepoException(IdRepoBundle.BUNDLE_NAME, "205", new Object[]{"com.iplanet.am.sdk.AMSDKRepo", idType2.getName(), idType.getName(), str});
                idRepoException.setLDAPErrorCode(e.getLDAPErrorCode());
                throw idRepoException;
            }
        } else if (idType.equals(IdType.ROLE)) {
            String dn2 = getDN(idType, str);
            AMRole role = aMStoreConnection.getRole(dn2);
            if (!idType2.equals(IdType.USER)) {
                throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, "204", new Object[]{"com.iplanet.am.sdk.AMSDKRepo", idType2.getName(), idType.getName()});
            }
            try {
                userDNs = role.getUserDNs();
            } catch (AMException e2) {
                debug.error(new StringBuffer().append("AMSDKRepo: Unable to get user memberships for role ").append(dn2).toString(), e2);
                throw IdUtils.convertAMException(e2);
            }
        } else {
            if (!idType.equals(IdType.FILTEREDROLE)) {
                throw new IdRepoUnsupportedOpException(IdRepoBundle.BUNDLE_NAME, "305", new Object[]{"com.iplanet.am.sdk.AMSDKRepo", IdOperation.READ.getName(), idType.getName()});
            }
            String dn3 = getDN(idType, str);
            AMFilteredRole filteredRole = aMStoreConnection.getFilteredRole(dn3);
            if (!idType2.equals(IdType.USER)) {
                throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, "204", new Object[]{"com.iplanet.am.sdk.AMSDKRepo", idType2.getName(), idType.getName()});
            }
            try {
                userDNs = filteredRole.getUserDNs();
            } catch (AMException e3) {
                debug.error(new StringBuffer().append("AMSDKRepo: Unable to get user memberships for role ").append(dn3).toString(), e3);
                throw IdUtils.convertAMException(e3);
            }
        }
        return userDNs;
    }

    @Override // com.sun.identity.idm.IdRepo
    public Set getMemberships(SSOToken sSOToken, IdType idType, String str, IdType idType2) throws IdRepoException, SSOException {
        Set staticGroupDNs;
        if (debug.messageEnabled()) {
            debug.message(new StringBuffer().append("AMSDKRepo: getMemberships called").append(idType).append(": ").append(str).append(": ").append(idType2).toString());
        }
        AMStoreConnection aMStoreConnection = sc == null ? new AMStoreConnection(sSOToken) : sc;
        if (!idType.equals(IdType.USER)) {
            debug.error("AMSDKRepo: Membership for identities other than  Users is not allowed ");
            throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, "206", new Object[]{"com.iplanet.am.sdk.AMSDKRepo"});
        }
        String dn = getDN(idType, str);
        AMUser user = aMStoreConnection.getUser(dn);
        if (idType2.equals(IdType.GROUP)) {
            try {
                staticGroupDNs = user.getStaticGroupDNs();
            } catch (AMException e) {
                debug.error(new StringBuffer().append("AMSDKRepo: Unable to get user's group memberships ").append(dn).toString(), e);
                IdRepoException idRepoException = new IdRepoException(IdRepoBundle.BUNDLE_NAME, "207", new Object[]{"com.iplanet.am.sdk.AMSDKRepo", idType2.getName(), idType.getName(), str});
                idRepoException.setLDAPErrorCode(e.getLDAPErrorCode());
                throw idRepoException;
            }
        } else if (idType2.equals(IdType.ROLE)) {
            try {
                staticGroupDNs = user.getRoleDNs();
            } catch (AMException e2) {
                debug.error(new StringBuffer().append("AMSDKRepo: Unable to get roles of a user ").append(dn).toString(), e2);
                throw IdUtils.convertAMException(e2);
            }
        } else {
            if (!idType2.equals(IdType.FILTEREDROLE)) {
                debug.error("AMSDKRepo: Membership for other types of entities  not supported for Users");
                throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, "204", new Object[]{"com.iplanet.am.sdk.AMSDKRepo", idType.getName(), idType2.getName()});
            }
            try {
                staticGroupDNs = user.getFilteredRoleDNs();
            } catch (AMException e3) {
                debug.error(new StringBuffer().append("AMSDKRepo: Unable to get user memberships for role ").append(dn).toString(), e3);
                throw IdUtils.convertAMException(e3);
            }
        }
        return staticGroupDNs;
    }

    @Override // com.sun.identity.idm.IdRepo
    public Set getSupportedOperations(IdType idType) {
        return (Set) this.supportedOps.get(idType);
    }

    @Override // com.sun.identity.idm.IdRepo
    public Set getSupportedTypes() {
        return this.supportedOps.keySet();
    }

    @Override // com.sun.identity.idm.IdRepo
    public void initialize(Map map) {
        super.initialize(map);
        if (debug.messageEnabled()) {
            debug.message(new StringBuffer().append("AMSDKRepo: Initializing configuration: ").append(this.configMap.toString()).toString());
        }
        Set set = (Set) this.configMap.get("amSDKOrgName");
        if (set == null || set.isEmpty()) {
            this.orgDN = AMStoreConnection.getAMSdkBaseDN();
        } else {
            this.orgDN = (String) set.iterator().next();
        }
        if (adminToken == null) {
            adminToken = (SSOToken) AccessController.doPrivileged(AdminTokenAction.getInstance());
            try {
                sc = new AMStoreConnection(adminToken);
            } catch (SSOException e) {
                debug.error("AMSDKRepo:Initialize..Failed to initialize  AMStoreConnection...", e);
            }
        }
        Set set2 = (Set) this.configMap.get("sun-idrepo-amSDK-config-recursive-enabled");
        if (set2 != null && !set2.isEmpty() && set2.contains("true")) {
            this.dataStoreRecursive = true;
        }
        Set set3 = (Set) this.configMap.get("sun-idrepo-amSDK-config-people-container-name");
        if (set3 != null && !set3.isEmpty()) {
            String str = (String) set3.iterator().next();
            Set set4 = (Set) this.configMap.get("sun-idrepo-amSDK-config-people-container-value");
            if (str != null && set4 != null && !set4.isEmpty()) {
                this.pcDN = new StringBuffer().append(str).append("=").append((String) set4.iterator().next()).append(",").append(this.orgDN).toString();
            }
        }
        Set set5 = (Set) this.configMap.get("sun-idrepo-amSDK-config-agent-container-name");
        if (set5 == null || set5.isEmpty()) {
            return;
        }
        String str2 = (String) set5.iterator().next();
        Set set6 = (Set) this.configMap.get("sun-idrepo-amSDK-config-agent-container-value");
        if (str2 == null || set6 == null || set6.isEmpty()) {
            return;
        }
        this.agentDN = new StringBuffer().append(str2).append("=").append((String) set6.iterator().next()).append(",").append(this.orgDN).toString();
    }

    @Override // com.sun.identity.idm.IdRepo
    public boolean isExists(SSOToken sSOToken, IdType idType, String str) throws IdRepoException, SSOException {
        if (debug.messageEnabled()) {
            debug.message(new StringBuffer().append("AMSDKRepo: isExists called ").append(idType).append(": ").append(str).toString());
        }
        try {
            return (sc == null ? new AMStoreConnection(sSOToken) : sc).isValidEntry(getDN(idType, str));
        } catch (IdRepoException e) {
            return false;
        }
    }

    @Override // com.sun.identity.idm.IdRepo
    public boolean isActive(SSOToken sSOToken, IdType idType, String str) throws SSOException {
        try {
            return (sc == null ? new AMStoreConnection(sSOToken) : sc).getEntity(getDN(idType, str)).isActivated();
        } catch (AMException e) {
            return false;
        } catch (IdRepoException e2) {
            return false;
        }
    }

    @Override // com.sun.identity.idm.IdRepo
    public void setActiveStatus(SSOToken sSOToken, IdType idType, String str, boolean z) throws IdRepoException, SSOException {
        try {
            AMEntity entity = (sc == null ? new AMStoreConnection(sSOToken) : sc).getEntity(getDN(idType, str));
            if (z) {
                entity.activate();
            } else {
                entity.deactivate();
            }
        } catch (AMException e) {
            debug.error("AMSDKRepo.setActiveStatus: Caught AMException", e);
            throw IdUtils.convertAMException(e);
        }
    }

    @Override // com.sun.identity.idm.IdRepo
    public void modifyMemberShip(SSOToken sSOToken, IdType idType, String str, Set set, IdType idType2, int i) throws IdRepoException, SSOException {
        if (debug.messageEnabled()) {
            debug.message(new StringBuffer().append("AMSDKRepo: modifyMemberShip called ").append(idType).append(": ").append(str).append(": ").append(set).append(": ").append(idType2).toString());
        }
        if (set == null || set.isEmpty()) {
            debug.error("AMSDKRepo.modifyMemberShip: Members set is empty");
            throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, "201", null);
        }
        if (idType.equals(IdType.USER) || idType.equals(IdType.AGENT)) {
            debug.error("AMSDKRepo.modifyMembership: Memberhsip to users and agents is not supported");
            throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, "203", null);
        }
        if (!idType2.equals(IdType.USER)) {
            debug.error(new StringBuffer().append("AMSDKRepo.modifyMembership: A non-user type cannot  be made a member of any identity").append(idType2.getName()).toString());
            throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, "206", new Object[]{"com.iplanet.am.sdk.AMSDKRepo"});
        }
        HashSet hashSet = new HashSet();
        Iterator it = set.iterator();
        while (it.hasNext()) {
            hashSet.add(getDN(idType2, (String) it.next()));
        }
        AMStoreConnection aMStoreConnection = sc == null ? new AMStoreConnection(sSOToken) : sc;
        if (idType.equals(IdType.GROUP)) {
            AMStaticGroup staticGroup = aMStoreConnection.getStaticGroup(getDN(idType, str));
            try {
                switch (i) {
                    case 1:
                        staticGroup.addUsers(hashSet);
                        break;
                    case 2:
                        staticGroup.removeUsers(hashSet);
                        break;
                }
                return;
            } catch (AMException e) {
                debug.error("AMSDKRepo.modifyMembership: Caught exception while adding users to groups", e);
                throw IdUtils.convertAMException(e);
            }
        }
        if (!idType.equals(IdType.ROLE)) {
            debug.error(new StringBuffer().append("AMSDKRepo.modifyMembership: Memberships cannot bemodified for type= ").append(idType.getName()).toString());
            throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, "209", new Object[]{"com.iplanet.am.sdk.AMSDKRepo", idType.getName()});
        }
        AMRole role = aMStoreConnection.getRole(getDN(idType, str));
        try {
            switch (i) {
                case 1:
                    role.addUsers(hashSet);
                    break;
                case 2:
                    role.removeUsers(hashSet);
                    break;
            }
        } catch (AMException e2) {
            debug.error("AMSDKRepo.modifyMembership: Caught exception while  adding/removing users to roles", e2);
            throw IdUtils.convertAMException(e2);
        }
    }

    @Override // com.sun.identity.idm.IdRepo
    public void removeAttributes(SSOToken sSOToken, IdType idType, String str, Set set) throws IdRepoException, SSOException {
        if (debug.messageEnabled()) {
            debug.message(new StringBuffer().append("AMSDKRepo: removeAttributes called ").append(idType).append(": ").append(str).append(set).toString());
        }
    }

    public RepoSearchResults search(SSOToken sSOToken, IdType idType, String str, Map map, boolean z, int i, int i2, Set set) throws IdRepoException, SSOException {
        AMSearchResults searchFilteredRoles;
        if (debug.messageEnabled()) {
            debug.message(new StringBuffer().append("AMSDKRepo: search called").append(idType).append(": ").append(str).append(": ").append(map).toString());
        }
        String str2 = this.orgDN;
        int profileType = getProfileType(idType);
        if (idType.equals(IdType.USER)) {
            str2 = new StringBuffer().append("ou=").append(getDefaultPeopleContainerName()).append(",").append(this.orgDN).toString();
        } else if (idType.equals(IdType.AGENT)) {
            str2 = new StringBuffer().append("ou=").append(getDefaultAgentContainerName()).append(",").append(this.orgDN).toString();
        } else if (idType.equals(IdType.GROUP)) {
            str2 = new StringBuffer().append("ou=").append(getDefaultGroupContainerName()).append(",").append(this.orgDN).toString();
        }
        AMSearchControl aMSearchControl = new AMSearchControl();
        aMSearchControl.setMaxResults(i);
        aMSearchControl.setTimeOut(i2);
        aMSearchControl.setSearchScope(1);
        if (set == null || set.isEmpty()) {
            aMSearchControl.setAllReturnAttributes(true);
        } else {
            aMSearchControl.setReturnAttributes(set);
        }
        try {
            AMStoreConnection aMStoreConnection = sc == null ? new AMStoreConnection(sSOToken) : sc;
            switch (profileType) {
                case 1:
                    AMPeopleContainer peopleContainer = aMStoreConnection.getPeopleContainer(str2);
                    searchFilteredRoles = (map == null || map.isEmpty()) ? peopleContainer.searchUsers(str, map, aMSearchControl) : peopleContainer.searchUsers(str, aMSearchControl, constructFilter(0, map));
                    if (z) {
                        Set searchResults = searchFilteredRoles.getSearchResults();
                        if (searchResults == null || searchResults.isEmpty()) {
                            if (map == null || map.isEmpty()) {
                                AMOrganization organization = aMStoreConnection.getOrganization(this.orgDN);
                                aMSearchControl.setSearchScope(2);
                                searchFilteredRoles = organization.searchUsers(str, aMSearchControl);
                            } else {
                                String constructFilter = constructFilter(0, map);
                                AMOrganization organization2 = aMStoreConnection.getOrganization(this.orgDN);
                                aMSearchControl.setSearchScope(2);
                                searchFilteredRoles = organization2.searchUsers(ISAuthConstants.ASTERISK, aMSearchControl, constructFilter);
                            }
                        }
                        break;
                    }
                    break;
                case 6:
                    searchFilteredRoles = aMStoreConnection.getOrganization(str2).searchRoles(str, aMSearchControl);
                    break;
                case 8:
                    searchFilteredRoles = aMStoreConnection.getOrganization(str2).searchFilteredRoles(str, aMSearchControl);
                    break;
                case 9:
                case 10:
                    searchFilteredRoles = aMStoreConnection.getGroupContainer(str2).searchGroups(str, map, aMSearchControl);
                    break;
                case 100:
                    searchFilteredRoles = aMStoreConnection.getOrganizationalUnit(str2).searchEntities(str, map, (String) null, aMSearchControl);
                    break;
                default:
                    throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, "210", new Object[]{"com.iplanet.am.sdk.AMSDKRepo", idType.getName()});
            }
            return new RepoSearchResults(searchFilteredRoles.getSearchResults(), searchFilteredRoles.getErrorCode(), searchFilteredRoles.getResultAttributes(), idType);
        } catch (AMException e) {
            debug.error("AMSDKRepo.search: Unable to perform search operation", e);
            throw IdUtils.convertAMException(e);
        }
    }

    @Override // com.sun.identity.idm.IdRepo
    public RepoSearchResults search(SSOToken sSOToken, IdType idType, String str, int i, int i2, Set set, boolean z, int i3, Map map, boolean z2) throws IdRepoException, SSOException {
        AMSearchResults searchFilteredRoles;
        if (debug.messageEnabled()) {
            debug.message(new StringBuffer().append("AMSDKRepo: search called").append(idType).append(": ").append(str).append(": ").append(map).toString());
        }
        String str2 = this.orgDN;
        int profileType = getProfileType(idType);
        if (idType.equals(IdType.GROUP)) {
            str2 = new StringBuffer().append("ou=").append(getDefaultGroupContainerName()).append(",").append(this.orgDN).toString();
        }
        AMSearchControl aMSearchControl = new AMSearchControl();
        aMSearchControl.setMaxResults(i2);
        aMSearchControl.setTimeOut(i);
        aMSearchControl.setSearchScope(1);
        if (z) {
            aMSearchControl.setAllReturnAttributes(true);
        } else if (set != null && !set.isEmpty()) {
            aMSearchControl.setReturnAttributes(set);
        }
        try {
            AMStoreConnection aMStoreConnection = sc == null ? new AMStoreConnection(sSOToken) : sc;
            switch (profileType) {
                case 1:
                    if (this.pcDN != null) {
                        if (this.dataStoreRecursive) {
                            aMSearchControl.setSearchScope(2);
                        } else {
                            str2 = this.pcDN;
                        }
                    } else if (this.dataStoreRecursive) {
                        aMSearchControl.setSearchScope(2);
                    } else {
                        str2 = new StringBuffer().append("ou=").append(getDefaultPeopleContainerName()).append(",").append(this.orgDN).toString();
                    }
                    AMPeopleContainer peopleContainer = aMStoreConnection.getPeopleContainer(str2);
                    if (map != null && !map.isEmpty()) {
                        searchFilteredRoles = peopleContainer.searchUsers(str, aMSearchControl, constructFilter(i3, map));
                        break;
                    } else {
                        searchFilteredRoles = peopleContainer.searchUsers(str, map, aMSearchControl);
                        break;
                    }
                    break;
                case 6:
                    searchFilteredRoles = aMStoreConnection.getOrganization(str2).searchRoles(str, aMSearchControl);
                    break;
                case 8:
                    searchFilteredRoles = aMStoreConnection.getOrganization(str2).searchFilteredRoles(str, aMSearchControl);
                    break;
                case 9:
                case 10:
                    searchFilteredRoles = aMStoreConnection.getGroupContainer(str2).searchStaticGroups(str, map, aMSearchControl);
                    break;
                case 100:
                    if (this.agentDN != null) {
                        if (this.dataStoreRecursive) {
                            aMSearchControl.setSearchScope(2);
                        } else {
                            str2 = this.agentDN;
                        }
                    } else if (this.dataStoreRecursive) {
                        aMSearchControl.setSearchScope(2);
                    } else {
                        str2 = new StringBuffer().append("ou=").append(getDefaultAgentContainerName()).append(",").append(this.orgDN).toString();
                    }
                    AMOrganizationalUnit organizationalUnit = aMStoreConnection.getOrganizationalUnit(str2);
                    if (map != null && !map.isEmpty()) {
                        searchFilteredRoles = organizationalUnit.searchEntities(str, aMSearchControl, constructFilter(i3, map), (String) null);
                        break;
                    } else {
                        searchFilteredRoles = organizationalUnit.searchEntities(str, map, (String) null, aMSearchControl);
                        break;
                    }
                default:
                    throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, "210", new Object[]{"com.iplanet.am.sdk.AMSDKRepo", idType.getName()});
            }
            return new RepoSearchResults(searchFilteredRoles.getSearchResults(), searchFilteredRoles.getErrorCode(), searchFilteredRoles.getResultAttributes(), idType);
        } catch (AMException e) {
            String errorCode = e.getErrorCode();
            if (!errorCode.equals("341")) {
                debug.error("AMSDKRepo.search: Unable to perform search operation", e);
            }
            if (profileType == 100 && errorCode.equals("341")) {
                return new RepoSearchResults(new HashSet(), 0, Collections.EMPTY_MAP, idType);
            }
            throw IdUtils.convertAMException(e);
        }
    }

    @Override // com.sun.identity.idm.IdRepo
    public void setAttributes(SSOToken sSOToken, IdType idType, String str, Map map, boolean z) throws IdRepoException, SSOException {
        if (debug.messageEnabled()) {
            if (map.containsKey(AMConstants.USER_PASSWORD_ATTRIBUTE)) {
                AMHashMap aMHashMap = new AMHashMap();
                aMHashMap.copy(map);
                aMHashMap.remove(AMConstants.USER_PASSWORD_ATTRIBUTE);
                aMHashMap.put(AMConstants.USER_PASSWORD_ATTRIBUTE, "xxx...");
                debug.message(new StringBuffer().append("AMSDKRepo: setAttributes called").append(idType).append(": ").append(str).append(": ").append(aMHashMap).toString());
            } else {
                debug.message(new StringBuffer().append("AMSDKRepo: setAttributes called").append(idType).append(": ").append(str).append(": ").append(map).toString());
            }
        }
        if (map == null || map.isEmpty()) {
            throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, "201", null);
        }
        String dn = getDN(idType, str);
        int profileType = getProfileType(idType);
        try {
            if (adminToken != null) {
                sSOToken = adminToken;
            }
            AMDirectoryAccessFactory.getDirectoryServices().setAttributes(sSOToken, dn, profileType, map, null, false);
        } catch (AMException e) {
            debug.error("AMSDKRepo.setAttributes: Unable to set attributes", e);
            throw IdUtils.convertAMException(e);
        }
    }

    @Override // com.sun.identity.idm.IdRepo
    public void setBinaryAttributes(SSOToken sSOToken, IdType idType, String str, Map map, boolean z) throws IdRepoException, SSOException {
        if (debug.messageEnabled()) {
            debug.message(new StringBuffer().append("AMSDKRepo: setBinaryAttributes called").append(idType).append(": ").append(str).append(": ").append(map).toString());
        }
        if (map == null || map.isEmpty()) {
            throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, "201", null);
        }
        String dn = getDN(idType, str);
        int profileType = getProfileType(idType);
        try {
            if (adminToken != null) {
                sSOToken = adminToken;
            }
            AMDirectoryAccessFactory.getDirectoryServices().setAttributes(sSOToken, dn, profileType, new AMHashMap(false), map, false);
        } catch (AMException e) {
            debug.error("AMSDKRepo.setBinaryAttributes: Unable to set attributes", e);
            throw IdUtils.convertAMException(e);
        }
    }

    private void setMixAttributes(SSOToken sSOToken, IdType idType, String str, Map map, boolean z) throws IdRepoException, SSOException {
        HashMap hashMap = null;
        HashMap hashMap2 = null;
        boolean z2 = false;
        for (String str2 : map.keySet()) {
            if (map.get(str2) instanceof byte[][]) {
                if (!z2) {
                    hashMap2 = new HashMap(map);
                    hashMap = new HashMap();
                }
                z2 = true;
                hashMap.put(str2, map.get(str2));
                hashMap2.remove(str2);
            }
        }
        if (!z2) {
            setAttributes(sSOToken, idType, str, map, false);
        } else {
            setAttributes(sSOToken, idType, str, hashMap2, false);
            setBinaryAttributes(sSOToken, idType, str, hashMap, false);
        }
    }

    private void setTempMixAttributes(AMTemplate aMTemplate, Map map) throws IdRepoException, SSOException {
        HashMap hashMap = null;
        HashMap hashMap2 = null;
        boolean z = false;
        for (String str : map.keySet()) {
            if (map.get(str) instanceof byte[][]) {
                if (!z) {
                    hashMap2 = new HashMap(map);
                    hashMap = new HashMap();
                }
                z = true;
                hashMap.put(str, map.get(str));
                hashMap2.remove(str);
            } else {
                hashMap2 = new HashMap(map);
                hashMap = new HashMap();
            }
        }
        try {
            if (z) {
                aMTemplate.setAttributes(hashMap2);
                aMTemplate.setAttributesByteArray(hashMap);
            } else {
                aMTemplate.setAttributes(hashMap2);
            }
        } catch (AMException e) {
            throw IdUtils.convertAMException(e);
        }
    }

    @Override // com.sun.identity.idm.IdRepo
    public void assignService(SSOToken sSOToken, IdType idType, String str, String str2, SchemaType schemaType, Map map) throws IdRepoException, SSOException {
        if (idType.equals(IdType.AGENT) || idType.equals(IdType.GROUP)) {
            throw new IdRepoUnsupportedOpException(IdRepoBundle.BUNDLE_NAME, "213", new Object[]{getClass().getName()});
        }
        if (adminToken != null) {
            sSOToken = adminToken;
        }
        if (idType.equals(IdType.USER)) {
            Set set = (Set) map.get(SMSEntry.ATTR_OBJECTCLASS);
            HashSet hashSet = new HashSet(1);
            hashSet.add(SMSEntry.ATTR_OBJECTCLASS);
            map.put(SMSEntry.ATTR_OBJECTCLASS, AMCommonUtils.combineOCs(set, (Set) getAttributes(sSOToken, idType, str, hashSet).get(SMSEntry.ATTR_OBJECTCLASS)));
            if (schemaType.equals(SchemaType.USER)) {
                setMixAttributes(sSOToken, idType, str, map, false);
                return;
            } else {
                if (schemaType.equals(SchemaType.DYNAMIC)) {
                    setMixAttributes(sSOToken, idType, str, map, false);
                    return;
                }
                return;
            }
        }
        if (idType.equals(IdType.ROLE) || idType.equals(IdType.FILTEREDROLE) || idType.equals(IdType.REALM)) {
            IDirectoryServices directoryServices = AMDirectoryAccessFactory.getDirectoryServices();
            try {
                AMOrganization organization = (sc == null ? new AMStoreConnection(sSOToken) : sc).getOrganization(this.orgDN);
                if (!organization.getRegisteredServiceNames().contains(str2)) {
                    organization.registerService(str2, false, false);
                }
            } catch (AMException e) {
                if (!e.getErrorCode().equals("464")) {
                    throw IdUtils.convertAMException(e);
                }
            }
            String dn = getDN(idType, str);
            try {
                map.remove(SMSEntry.ATTR_OBJECTCLASS);
                directoryServices.createAMTemplate(sSOToken, dn, getProfileType(idType), str2, map, 0);
            } catch (AMException e2) {
                debug.error("AMSDKRepo.assignService: Caught AMException", e2);
                throw IdUtils.convertAMException(e2);
            }
        }
    }

    @Override // com.sun.identity.idm.IdRepo
    public void unassignService(SSOToken sSOToken, IdType idType, String str, String str2, Map map) throws IdRepoException, SSOException {
        if (idType.equals(IdType.AGENT) || idType.equals(IdType.GROUP)) {
            throw new IdRepoUnsupportedOpException(IdRepoBundle.BUNDLE_NAME, "213", new Object[]{getClass().getName()});
        }
        if (adminToken != null) {
            sSOToken = adminToken;
        }
        if (!idType.equals(IdType.USER)) {
            if (idType.equals(IdType.ROLE)) {
                try {
                    AMTemplate template = (sc == null ? new AMStoreConnection(sSOToken) : sc).getRole(getDN(idType, str)).getTemplate(str2, AMTemplate.DYNAMIC_TEMPLATE);
                    if (template != null && template.isExists()) {
                        template.delete();
                    }
                    return;
                } catch (AMException e) {
                    debug.error("AMSDKRepo.unassignService: Caught AMException", e);
                    throw IdUtils.convertAMException(e);
                }
            }
            if (!idType.equals(IdType.FILTEREDROLE) && !idType.equals(IdType.REALM)) {
                throw new IdRepoUnsupportedOpException(IdRepoBundle.BUNDLE_NAME, "213", new Object[]{getClass().getName()});
            }
            try {
                AMTemplate template2 = (sc == null ? new AMStoreConnection(sSOToken) : sc).getFilteredRole(getDN(idType, str)).getTemplate(str2, AMTemplate.DYNAMIC_TEMPLATE);
                if (template2 != null && template2.isExists()) {
                    template2.delete();
                }
                return;
            } catch (AMException e2) {
                debug.error("AMSDKRepo.unassignService: Caught AMException", e2);
                throw IdUtils.convertAMException(e2);
            }
        }
        Set set = (Set) map.get(SMSEntry.ATTR_OBJECTCLASS);
        HashSet hashSet = new HashSet();
        hashSet.add(SMSEntry.ATTR_OBJECTCLASS);
        Set set2 = (Set) getAttributes(sSOToken, idType, str, hashSet).get(SMSEntry.ATTR_OBJECTCLASS);
        Set updateAndGetRemovableOCs = AMCommonUtils.updateAndGetRemovableOCs(set2, set);
        HashSet hashSet2 = new HashSet();
        Iterator it = updateAndGetRemovableOCs.iterator();
        while (it.hasNext()) {
            Iterator it2 = AMDirectoryAccessFactory.getDirectoryServices().getAttributesForSchema((String) it.next()).iterator();
            while (it2.hasNext()) {
                hashSet2.add(((String) it2.next()).toLowerCase());
            }
        }
        for (String str3 : getAttributes(sSOToken, idType, str).keySet()) {
            if (hashSet2.contains(str3)) {
                try {
                    AMHashMap aMHashMap = new AMHashMap();
                    aMHashMap.put(str3, Collections.EMPTY_SET);
                    setAttributes(sSOToken, idType, str, aMHashMap, false);
                } catch (Exception e3) {
                    if (debug.messageEnabled()) {
                        debug.message(new StringBuffer().append("AMUserImpl.unassignServices()Error occured while removing attribute: ").append(str3).toString());
                    }
                }
            }
        }
        AMHashMap aMHashMap2 = new AMHashMap();
        aMHashMap2.put(SMSEntry.ATTR_OBJECTCLASS, set2);
        setAttributes(sSOToken, idType, str, aMHashMap2, false);
    }

    @Override // com.sun.identity.idm.IdRepo
    public Set getAssignedServices(SSOToken sSOToken, IdType idType, String str, Map map) throws IdRepoException, SSOException {
        HashSet hashSet = new HashSet();
        if (idType.equals(IdType.AGENT) || idType.equals(IdType.GROUP)) {
            throw new IdRepoUnsupportedOpException(IdRepoBundle.BUNDLE_NAME, "213", new Object[]{getClass().getName()});
        }
        if (map == null || map.isEmpty()) {
            return hashSet;
        }
        if (idType.equals(IdType.USER)) {
            Set convertToLowerCase = convertToLowerCase(readObjectClass(sSOToken, idType, str));
            for (String str2 : map.keySet()) {
                if (convertToLowerCase.containsAll(convertToLowerCase((Set) map.get(str2)))) {
                    hashSet.add(str2);
                }
            }
        } else if (idType.equals(IdType.ROLE)) {
            for (String str3 : map.keySet()) {
                try {
                    AMTemplate template = (sc == null ? new AMStoreConnection(sSOToken) : sc).getRole(getDN(idType, str)).getTemplate(str3, AMTemplate.DYNAMIC_TEMPLATE);
                    if (template != null && template.isExists()) {
                        hashSet.add(str3);
                    }
                } catch (AMException e) {
                }
            }
        } else {
            if (!idType.equals(IdType.FILTEREDROLE) && !idType.equals(IdType.REALM)) {
                throw new IdRepoUnsupportedOpException(IdRepoBundle.BUNDLE_NAME, "213", new Object[]{getClass().getName()});
            }
            for (String str4 : map.keySet()) {
                try {
                    AMTemplate template2 = (sc == null ? new AMStoreConnection(sSOToken) : sc).getFilteredRole(getDN(idType, str)).getTemplate(str4, AMTemplate.DYNAMIC_TEMPLATE);
                    if (template2 != null && template2.isExists()) {
                        hashSet.add(str4);
                    }
                } catch (AMException e2) {
                }
            }
        }
        return hashSet;
    }

    @Override // com.sun.identity.idm.IdRepo
    public Map getServiceAttributes(SSOToken sSOToken, IdType idType, String str, String str2, Set set) throws IdRepoException, SSOException {
        if (idType.equals(IdType.AGENT) || idType.equals(IdType.GROUP)) {
            throw new IdRepoUnsupportedOpException(IdRepoBundle.BUNDLE_NAME, "213", new Object[]{getClass().getName()});
        }
        return getServiceAttributes(sSOToken, idType, str, str2, set, true);
    }

    @Override // com.sun.identity.idm.IdRepo
    public Map getBinaryServiceAttributes(SSOToken sSOToken, IdType idType, String str, String str2, Set set) throws IdRepoException, SSOException {
        return getServiceAttributes(sSOToken, idType, str, str2, set, false);
    }

    private Map getServiceAttributes(SSOToken sSOToken, IdType idType, String str, String str2, Set set, boolean z) throws IdRepoException, SSOException {
        if (idType.equals(IdType.AGENT) || idType.equals(IdType.GROUP)) {
            throw new IdRepoUnsupportedOpException(IdRepoBundle.BUNDLE_NAME, "213", new Object[]{getClass().getName()});
        }
        if (idType.equals(IdType.USER)) {
            return z ? getAttributes(sSOToken, idType, str, set) : getBinaryAttributes(sSOToken, idType, str, set);
        }
        if (!idType.equals(IdType.ROLE)) {
            if (!idType.equals(IdType.FILTEREDROLE) && !idType.equals(IdType.REALM)) {
                throw new IdRepoUnsupportedOpException(IdRepoBundle.BUNDLE_NAME, "213", new Object[]{getClass().getName()});
            }
            try {
                AMTemplate template = (sc == null ? new AMStoreConnection(sSOToken) : sc).getFilteredRole(getDN(idType, str)).getTemplate(str2, AMTemplate.DYNAMIC_TEMPLATE);
                if (template == null || !template.isExists()) {
                    throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, "101", new Object[]{str2});
                }
                return z ? template.getAttributes(set) : template.getAttributesByteArray(set);
            } catch (AMException e) {
                throw IdUtils.convertAMException(e);
            }
        }
        try {
            AMStoreConnection aMStoreConnection = sc == null ? new AMStoreConnection(sSOToken) : sc;
            String dn = getDN(idType, str);
            AMTemplate template2 = aMStoreConnection.getRole(dn).getTemplate(str2, AMTemplate.DYNAMIC_TEMPLATE);
            if (template2 != null && template2.isExists()) {
                return z ? template2.getAttributes(set) : template2.getAttributesByteArray(set);
            }
            if (debug.messageEnabled()) {
                debug.message(new StringBuffer().append("AMSDKRepo::getServiceAttributes Service: ").append(str2).append(" is not assigned to DN: ").append(dn).toString());
            }
            return Collections.EMPTY_MAP;
        } catch (AMException e2) {
            throw IdUtils.convertAMException(e2);
        }
    }

    @Override // com.sun.identity.idm.IdRepo
    public void modifyService(SSOToken sSOToken, IdType idType, String str, String str2, SchemaType schemaType, Map map) throws IdRepoException, SSOException {
        if (idType.equals(IdType.AGENT) || idType.equals(IdType.GROUP)) {
            throw new IdRepoUnsupportedOpException(IdRepoBundle.BUNDLE_NAME, "213", new Object[]{getClass().getName()});
        }
        if (idType.equals(IdType.USER)) {
            if (schemaType.equals(SchemaType.DYNAMIC)) {
                throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, "214", new Object[]{getClass().getName(), schemaType.toString(), idType.getName()});
            }
            setMixAttributes(sSOToken, idType, str, map, false);
            return;
        }
        if (idType.equals(IdType.ROLE)) {
            if (schemaType.equals(SchemaType.USER)) {
                throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, "214", new Object[]{getClass().getName(), schemaType.toString(), idType.getName()});
            }
            try {
                AMTemplate template = (sc == null ? new AMStoreConnection(sSOToken) : sc).getRole(getDN(idType, str)).getTemplate(str2, AMTemplate.DYNAMIC_TEMPLATE);
                if (template == null || !template.isExists()) {
                    throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, "101", new Object[]{str2});
                }
                setTempMixAttributes(template, map);
                template.store();
                return;
            } catch (AMException e) {
                throw IdUtils.convertAMException(e);
            }
        }
        if (idType.equals(IdType.FILTEREDROLE) || idType.equals(IdType.REALM)) {
            if (schemaType.equals(SchemaType.USER)) {
                throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, "214", new Object[]{getClass().getName(), schemaType.toString(), idType.getName()});
            }
            try {
                AMTemplate template2 = (sc == null ? new AMStoreConnection(sSOToken) : sc).getFilteredRole(getDN(idType, str)).getTemplate(str2, AMTemplate.DYNAMIC_TEMPLATE);
                if (template2 == null || !template2.isExists()) {
                    throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, "101", new Object[]{str2});
                }
                setTempMixAttributes(template2, map);
                template2.store();
            } catch (AMException e2) {
                throw IdUtils.convertAMException(e2);
            }
        }
    }

    public static void notifyObjectChangedEvent(String str, int i) {
        if (debug.messageEnabled()) {
            debug.message("AMSDKRepo.notifyObjectChangedEvent - Sending event to listeners.");
        }
        synchronized (listeners) {
            for (IdRepoListener idRepoListener : listeners) {
                idRepoListener.objectChanged(str, i, idRepoListener.getConfigMap());
            }
        }
    }

    public static void notifyAllObjectsChangedEvent() {
        if (debug.messageEnabled()) {
            debug.message("AMSDKRepo.notifyAllObjectsChangedEvent -  Sending event to listeners.");
        }
        synchronized (listeners) {
            Iterator it = listeners.iterator();
            while (it.hasNext()) {
                ((IdRepoListener) it.next()).allObjectsChanged();
            }
        }
    }

    private void loadSupportedOps() {
        HashSet hashSet = new HashSet();
        hashSet.add(IdOperation.CREATE);
        hashSet.add(IdOperation.DELETE);
        hashSet.add(IdOperation.EDIT);
        hashSet.add(IdOperation.READ);
        hashSet.add(IdOperation.SERVICE);
        this.supportedOps.put(IdType.USER, Collections.unmodifiableSet(hashSet));
        this.supportedOps.put(IdType.ROLE, Collections.unmodifiableSet(hashSet));
        this.supportedOps.put(IdType.FILTEREDROLE, Collections.unmodifiableSet(hashSet));
        HashSet hashSet2 = new HashSet(hashSet);
        hashSet2.remove(IdOperation.SERVICE);
        this.supportedOps.put(IdType.GROUP, Collections.unmodifiableSet(hashSet2));
        this.supportedOps.put(IdType.AGENT, Collections.unmodifiableSet(hashSet2));
        HashSet hashSet3 = new HashSet(hashSet);
        hashSet3.remove(IdOperation.CREATE);
        hashSet3.remove(IdOperation.DELETE);
        hashSet3.remove(IdOperation.EDIT);
        this.supportedOps.put(IdType.REALM, Collections.unmodifiableSet(hashSet3));
    }

    private String getDefaultPeopleContainerName() {
        ServiceSchema globalSchema;
        Set set;
        String str = "People";
        try {
            ServiceSchemaManager serviceSchemaManager = new ServiceSchemaManager("iPlanetAMAdminConsoleService", adminToken);
            if (serviceSchemaManager != null && (globalSchema = serviceSchemaManager.getGlobalSchema()) != null && (set = (Set) globalSchema.getAttributeDefaults().get(PC_ATTR)) != null && !set.isEmpty()) {
                str = (String) set.iterator().next();
            }
        } catch (SSOException e) {
            debug.error("AMSDKRepo.getDefaultGC: SSOException", e);
        } catch (SMSException e2) {
            debug.error("AMSDKRepo.getDefaultGC: SMSException: ", e2);
        }
        return str;
    }

    private String getDefaultGroupContainerName() {
        ServiceSchema globalSchema;
        Set set;
        String str = "Groups";
        try {
            ServiceSchemaManager serviceSchemaManager = new ServiceSchemaManager("iPlanetAMAdminConsoleService", adminToken);
            if (serviceSchemaManager != null && (globalSchema = serviceSchemaManager.getGlobalSchema()) != null && (set = (Set) globalSchema.getAttributeDefaults().get(GC_ATTR)) != null && !set.isEmpty()) {
                str = (String) set.iterator().next();
            }
        } catch (SSOException e) {
            debug.error("AMSDKRepo.getDefaultAC: SSOException", e);
        } catch (SMSException e2) {
            debug.error("AMSDKRepo.getDefaultAC: SMSException: ", e2);
        }
        return str;
    }

    private String getDefaultAgentContainerName() {
        ServiceSchema globalSchema;
        Set set;
        String str = "Agent";
        try {
            ServiceSchemaManager serviceSchemaManager = new ServiceSchemaManager("iPlanetAMAdminConsoleService", adminToken);
            if (serviceSchemaManager != null && (globalSchema = serviceSchemaManager.getGlobalSchema()) != null && (set = (Set) globalSchema.getAttributeDefaults().get(AC_ATTR)) != null && !set.isEmpty()) {
                str = (String) set.iterator().next();
            }
        } catch (SSOException e) {
            debug.error("AMSDKRepo.getDefaultAC: SSOException", e);
        } catch (SMSException e2) {
            debug.error("AMSDKRepo.getDefaultAC: SMSException: ", e2);
        }
        return str;
    }

    private AMOrganization checkAndGetOrg(SSOToken sSOToken) throws IdRepoException, SSOException {
        AMStoreConnection aMStoreConnection = sc == null ? new AMStoreConnection(sSOToken) : sc;
        try {
            if (aMStoreConnection.getAMObjectType(this.orgDN) == 2) {
                return aMStoreConnection.getOrganization(this.orgDN);
            }
            debug.error(new StringBuffer().append("AMSDKRepo.create(): Incorrectly configured  plugin: Org DN is wrong = ").append(this.orgDN).toString());
            throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, "303", null);
        } catch (AMException e) {
            debug.error("AMSDKRepo.create(): An exception occured while  initializing AM SDK ", e);
            IdRepoException idRepoException = new IdRepoException(IdRepoBundle.BUNDLE_NAME, "304", new Object[]{"com.iplanet.am.sdk.AMSDKRepo", IdOperation.CREATE.getName()});
            idRepoException.setLDAPErrorCode(e.getLDAPErrorCode());
            throw idRepoException;
        }
    }

    private String getDN(IdType idType, String str) throws IdRepoException, SSOException {
        String stringBuffer;
        if (!idType.equals(IdType.REALM) && DN.isDN(str) && str.indexOf(",") > -1) {
            return str;
        }
        if (sc == null) {
            throw new IdRepoException(AMSDKBundle.BUNDLE_NAME, "301", null);
        }
        if (idType.equals(IdType.USER)) {
            stringBuffer = this.pcDN != null ? new StringBuffer().append(AMNamingAttrManager.getNamingAttr(1)).append("=").append(str).append(",").append(this.pcDN).toString() : new StringBuffer().append(AMNamingAttrManager.getNamingAttr(1)).append("=").append(str).append(",ou=").append(getDefaultPeopleContainerName()).append(",").append(this.orgDN).toString();
            try {
                int aMObjectType = sc.getAMObjectType(stringBuffer);
                if (aMObjectType != 1) {
                    throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, "217", new Object[]{sc.getAMObjectName(aMObjectType)});
                }
            } catch (AMException e) {
                throw IdUtils.convertAMException(e);
            }
        } else if (idType.equals(IdType.AGENT)) {
            stringBuffer = this.agentDN != null ? new StringBuffer().append(AMNamingAttrManager.getNamingAttr(100)).append("=").append(str).append(",").append(this.agentDN).toString() : new StringBuffer().append(AMNamingAttrManager.getNamingAttr(100)).append("=").append(str).append(",ou=").append(getDefaultAgentContainerName()).append(",").append(this.orgDN).toString();
            try {
                int aMObjectType2 = sc.getAMObjectType(stringBuffer);
                if (aMObjectType2 != 100) {
                    throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, "217", new Object[]{sc.getAMObjectName(aMObjectType2)});
                }
            } catch (AMException e2) {
                throw IdUtils.convertAMException(e2);
            }
        } else if (idType.equals(IdType.GROUP)) {
            stringBuffer = new StringBuffer().append(AMNamingAttrManager.getNamingAttr(9)).append("=").append(str).append(",ou=").append(getDefaultGroupContainerName()).append(",").append(this.orgDN).toString();
            try {
                int aMObjectType3 = sc.getAMObjectType(stringBuffer);
                if (aMObjectType3 != 9 && aMObjectType3 != 10) {
                    throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, "217", new Object[]{sc.getAMObjectName(aMObjectType3)});
                }
            } catch (AMException e3) {
                throw IdUtils.convertAMException(e3);
            }
        } else if (idType.equals(IdType.ROLE)) {
            stringBuffer = new StringBuffer().append(AMNamingAttrManager.getNamingAttr(6)).append("=").append(str).append(",").append(this.orgDN).toString();
            try {
                int aMObjectType4 = sc.getAMObjectType(stringBuffer);
                if (aMObjectType4 != 6) {
                    throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, "217", new Object[]{sc.getAMObjectName(aMObjectType4)});
                }
            } catch (AMException e4) {
                throw IdUtils.convertAMException(e4);
            }
        } else if (idType.equals(IdType.FILTEREDROLE)) {
            stringBuffer = new StringBuffer().append(AMNamingAttrManager.getNamingAttr(8)).append("=").append(str).append(",").append(this.orgDN).toString();
            try {
                int aMObjectType5 = sc.getAMObjectType(stringBuffer);
                if (aMObjectType5 != 8) {
                    throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, "217", new Object[]{sc.getAMObjectName(aMObjectType5)});
                }
            } catch (AMException e5) {
                throw IdUtils.convertAMException(e5);
            }
        } else {
            if (!idType.equals(IdType.REALM)) {
                throw new IdRepoUnsupportedOpException(IdRepoBundle.BUNDLE_NAME, "305", new Object[]{"com.iplanet.am.sdk.AMSDKRepo", IdOperation.READ.getName(), idType.getName()});
            }
            stringBuffer = new StringBuffer().append(AMNamingAttrManager.getNamingAttr(8)).append("=").append(AMConstants.CONTAINER_DEFAULT_TEMPLATE_ROLE).append(",").append(this.orgDN).toString();
        }
        return stringBuffer;
    }

    private int getProfileType(IdType idType) throws IdRepoException {
        int i;
        if (idType.equals(IdType.USER)) {
            i = 1;
        } else if (idType.equals(IdType.AGENT)) {
            i = 100;
        } else if (idType.equals(IdType.GROUP)) {
            i = 9;
        } else if (idType.equals(IdType.ROLE)) {
            i = 6;
        } else if (idType.equals(IdType.FILTEREDROLE)) {
            i = 8;
        } else {
            if (!idType.equals(IdType.REALM) && !idType.equals(IdType.REALM)) {
                throw new IdRepoUnsupportedOpException(IdRepoBundle.BUNDLE_NAME, "305", new Object[]{"com.iplanet.am.sdk.AMSDKRepo", IdOperation.READ.getName(), idType.getName()});
            }
            i = 8;
        }
        return i;
    }

    private Set readObjectClass(SSOToken sSOToken, IdType idType, String str) throws IdRepoException, SSOException {
        HashSet hashSet = new HashSet();
        hashSet.add(SMSEntry.ATTR_OBJECTCLASS);
        return (Set) getAttributes(sSOToken, idType, str, hashSet).get(SMSEntry.ATTR_OBJECTCLASS);
    }

    private Set convertToLowerCase(Set set) {
        if (set == null || set.isEmpty()) {
            return set;
        }
        HashSet hashSet = new HashSet();
        Iterator it = set.iterator();
        while (it.hasNext()) {
            hashSet.add(((String) it.next()).toLowerCase());
        }
        return hashSet;
    }

    protected static String constructFilter(int i, Map map) {
        StringBuffer stringBuffer = new StringBuffer();
        if (i == -1) {
            return null;
        }
        if (i == 0) {
            stringBuffer.append("(|");
        } else if (i == 1) {
            stringBuffer.append("(&");
        }
        for (String str : map.keySet()) {
            Iterator it = ((Set) map.get(str)).iterator();
            while (it.hasNext()) {
                stringBuffer.append("(").append(str).append("=").append((String) it.next()).append(")");
            }
        }
        stringBuffer.append(")");
        return stringBuffer.toString();
    }

    private ServerInstance getDsSvrCfg(LDAPUser.Type type) throws IdRepoException {
        try {
            return DSConfigMgr.getDSConfigMgr().getServerInstance(type);
        } catch (LDAPServiceException e) {
            if (debug.messageEnabled()) {
                debug.message(new StringBuffer().append("AMSDKRepo: getFullyQualifiedName LDAPServiceException: ").append(e.getMessage()).toString());
            }
            throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, "219", new Object[]{"com.iplanet.am.sdk.AMSDKRepo"});
        }
    }

    @Override // com.sun.identity.idm.IdRepo
    public String getFullyQualifiedName(SSOToken sSOToken, IdType idType, String str) throws IdRepoException, SSOException {
        if (debug.messageEnabled()) {
            debug.message(new StringBuffer().append("AMSDKRepo: getFullyQualifiedName. type=").append(idType).append("; name=").append(str).toString());
        }
        if (str == null || str.length() == 0) {
            throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, "220", new Object[]{"com.iplanet.am.sdk.AMSDKRepo", ""});
        }
        if (idType != IdType.USER && idType != IdType.AGENT && idType != IdType.GROUP) {
            throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, "210", new Object[]{"com.iplanet.am.sdk.AMSDKRepo", idType});
        }
        String dn = getDN(idType, str);
        ServerInstance dsSvrCfg = getDsSvrCfg(LDAPUser.Type.AUTH_ADMIN);
        return new StringBuffer().append("amsdk://").append(dsSvrCfg.getServerName()).append(ISAuthConstants.COLON).append(dsSvrCfg.getPort()).append("/").append(dn).toString();
    }

    @Override // com.sun.identity.idm.IdRepo
    public boolean supportsAuthentication() {
        if (!debug.messageEnabled()) {
            return true;
        }
        debug.message("AMSDKRepo: supportsAuthentication. authenticationEnabled=true");
        return true;
    }

    @Override // com.sun.identity.idm.IdRepo
    public boolean authenticate(Callback[] callbackArr) throws IdRepoException, AuthLoginException {
        char[] password;
        debug.message("AMSDKRepo: authenticate. ");
        String str = null;
        String str2 = null;
        for (int i = 0; i < callbackArr.length; i++) {
            if (callbackArr[i] instanceof NameCallback) {
                str = ((NameCallback) callbackArr[i]).getName();
                if (debug.messageEnabled()) {
                    debug.message(new StringBuffer().append("LDPv3Repo:authenticate username: ").append(str).toString());
                }
            } else if ((callbackArr[i] instanceof PasswordCallback) && (password = ((PasswordCallback) callbackArr[i]).getPassword()) != null) {
                str2 = new String(password);
                debug.message("AMSDKRepo: authenticate passwd XXX.");
            }
        }
        if (str == null || str.length() == 0 || str2 == null) {
            throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, "221", new Object[]{"com.iplanet.am.sdk.AMSDKRepo"});
        }
        ServerInstance dsSvrCfg = getDsSvrCfg(LDAPUser.Type.AUTH_ADMIN);
        try {
            LDAPAuthUtils lDAPAuthUtils = new LDAPAuthUtils(dsSvrCfg.getServerName(), dsSvrCfg.getPort(), dsSvrCfg.getConnectionType() == Server.Type.CONN_SSL, AMResourceBundleCache.getInstance().getResBundle("amAuth", Locale.getDefaultLocale()), debug);
            lDAPAuthUtils.setAuthDN(AdminUtils.getAdminDN());
            lDAPAuthUtils.setAuthPassword(new String(AdminUtils.getAdminPassword()));
            lDAPAuthUtils.setScope(1);
            if (authenticateIt(lDAPAuthUtils, IdType.USER, str, str2)) {
                if (!debug.messageEnabled()) {
                    return true;
                }
                debug.message("AMSDKRepo: IdType.USER authenticateIt=true");
                return true;
            }
            if (!authenticateIt(lDAPAuthUtils, IdType.AGENT, str, str2)) {
                return false;
            }
            if (!debug.messageEnabled()) {
                return true;
            }
            debug.message("AMSDKRepo: IdType.AGENT authenticateIt=true");
            return true;
        } catch (LDAPUtilException e) {
            if (debug.messageEnabled()) {
                debug.message(new StringBuffer().append("AMSDKRepo: authenticate LDAPUtilException: ").append(e.getMessage()).toString());
            }
            throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, "211", new Object[]{"com.iplanet.am.sdk.AMSDKRepo", str});
        }
    }

    private boolean authenticateIt(LDAPAuthUtils lDAPAuthUtils, IdType idType, String str, String str2) throws IdRepoException, AuthLoginException {
        String stringBuffer;
        String namingAttribute;
        String str3 = str;
        try {
            if (idType.equals(IdType.USER)) {
                stringBuffer = new StringBuffer().append(AMStoreConnection.getNamingAttribute(5)).append("=").append(getDefaultPeopleContainerName()).append(",").append(this.orgDN).toString();
                namingAttribute = AMStoreConnection.getNamingAttribute(1);
            } else {
                if (!idType.equals(IdType.AGENT)) {
                    return false;
                }
                stringBuffer = new StringBuffer().append("ou=").append(getDefaultAgentContainerName()).append(",").append(this.orgDN).toString();
                namingAttribute = AMStoreConnection.getNamingAttribute(100);
            }
            try {
                lDAPAuthUtils.setUserNamingAttribute(namingAttribute);
                HashSet hashSet = new HashSet();
                hashSet.add(namingAttribute);
                lDAPAuthUtils.setUserSearchAttribute(hashSet);
                lDAPAuthUtils.setBase(stringBuffer);
                lDAPAuthUtils.setFilter("");
                lDAPAuthUtils.setUserAttrs(new String[]{"dn", namingAttribute});
                if (DN.isDN(str)) {
                    str3 = LDAPDN.explodeDN(str, true)[0];
                }
                lDAPAuthUtils.authenticateUser(str3, str2);
                return lDAPAuthUtils.getState() == 26;
            } catch (LDAPUtilException e) {
                switch (e.getLDAPResultCode()) {
                    case 19:
                        if (debug.messageEnabled()) {
                            debug.message(new StringBuffer().append("AMSDKRepo:authenticateIt. Exceed password retry limit. username").append(str).toString());
                        }
                        throw new AuthLoginException(this.amAuthLDAP, "ExceedRetryLimit", null);
                    case LDAPException.NO_SUCH_OBJECT /* 32 */:
                        if (debug.messageEnabled()) {
                            debug.message(new StringBuffer().append("AMSDKRepo:authenticateIt. The specified user does not exist. username=").append(str).toString());
                        }
                        throw new AuthLoginException(this.amAuthLDAP, "NoUser", null);
                    case LDAPException.INAPPROPRIATE_AUTHENTICATION /* 48 */:
                        if (debug.messageEnabled()) {
                            debug.message(new StringBuffer().append("AMSDKRepo:authenticateIt. Inappropriate authentication. username=").append(str).toString());
                        }
                        throw new AuthLoginException(this.amAuthLDAP, "InappAuth", null);
                    case LDAPException.INVALID_CREDENTIALS /* 49 */:
                        if (debug.messageEnabled()) {
                            debug.message(new StringBuffer().append("AMSDKRepo:authenticateIt. Invalid password. username=").append(str).toString());
                        }
                        throw new InvalidPasswordException(this.amAuthLDAP, "InvalidUP", null, lDAPAuthUtils.getUserId(), null);
                    case LDAPException.UNWILLING_TO_PERFORM /* 53 */:
                        if (debug.messageEnabled()) {
                            debug.message(new StringBuffer().append("AMSDKRepo:authenticateIt. Unwilling to perform. Account inactivated. username").append(str).toString());
                        }
                        throw new AuthLoginException(this.amAuthLDAP, "AcctInactive", null);
                    default:
                        if (debug.messageEnabled()) {
                            debug.message(new StringBuffer().append("AMSDKRepo:authenticateIt. default exception. username=").append(str).toString());
                        }
                        throw new AuthLoginException(this.amAuthLDAP, "LDAPex", null);
                }
            }
        } catch (AMException e2) {
            if (!debug.messageEnabled()) {
                return false;
            }
            debug.message(new StringBuffer().append("AMSDKRepo: authenticateItAMException : ").append(e2.getMessage()).toString());
            debug.message(new StringBuffer().append("   type=").append(idType).append("; username=").append(str).toString());
            return false;
        }
    }
}
