package org.forgerock.openam.upgrade.steps;

import com.iplanet.sso.SSOException;
import com.iplanet.sso.SSOToken;
import com.sun.identity.shared.datastruct.CollectionHelper;
import com.sun.identity.sm.SMSException;
import com.sun.identity.sm.ServiceConfig;
import com.sun.identity.sm.ServiceConfigManager;
import java.security.PrivilegedAction;
import java.util.Arrays;
import java.util.Collections;
import java.util.EnumMap;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.regex.Pattern;
import javax.inject.Inject;
import org.forgerock.openam.sm.datalayer.api.ConnectionFactory;
import org.forgerock.openam.sm.datalayer.api.ConnectionType;
import org.forgerock.openam.sm.datalayer.api.DataLayer;
import org.forgerock.openam.upgrade.UpgradeException;
import org.forgerock.openam.upgrade.UpgradeProgress;
import org.forgerock.openam.upgrade.UpgradeServices;
import org.forgerock.openam.upgrade.UpgradeStepInfo;
import org.forgerock.openam.upgrade.VersionUtils;

@UpgradeStepInfo(dependsOn = {"org.forgerock.openam.upgrade.steps.UpgradeServiceSchemaStep"})
/* loaded from: input_file:org/forgerock/openam/upgrade/steps/UpgradeOAuth2ClientStep.class */
public class UpgradeOAuth2ClientStep extends AbstractUpgradeStep {
    private static final String OAUTH2_DATA = "%OAUTH2_DATA%";
    public static final List<String> CHANGED_PROPERTIES = Arrays.asList("com.forgerock.openam.oauth2provider.redirectionURIs", "com.forgerock.openam.oauth2provider.scopes", "com.forgerock.openam.oauth2provider.defaultScopes", "com.forgerock.openam.oauth2provider.name", "com.forgerock.openam.oauth2provider.description", "com.forgerock.openam.oauth2provider.postLogoutRedirectURI", "com.forgerock.openam.oauth2provider.clientName");
    public static final List<String> ADDED_LIFETIME_PROPERTIES = Arrays.asList("com.forgerock.openam.oauth2provider.authorizationCodeLifeTime", "com.forgerock.openam.oauth2provider.accessTokenLifeTime", "com.forgerock.openam.oauth2provider.refreshTokenLifeTime", "com.forgerock.openam.oauth2provider.jwtTokenLifeTime");
    private static final Pattern pattern = Pattern.compile("\\[\\d+\\]=.*");
    private final Map<String, Map<AgentType, Map<String, Set<String>>>> upgradableConfigs;
    private static final int AM_13 = 1300;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/forgerock/openam/upgrade/steps/UpgradeOAuth2ClientStep$AgentType.class */
    public enum AgentType {
        AGENT("upgrade.client", null),
        GROUP("upgrade.group", "agentgroup");

        private String i18nKey;
        private String instanceName;

        AgentType(String str, String str2) {
            this.i18nKey = str;
            this.instanceName = str2;
        }

        @Override // java.lang.Enum
        public String toString() {
            return AbstractUpgradeStep.BUNDLE.getString(this.i18nKey);
        }
    }

    @Inject
    public UpgradeOAuth2ClientStep(PrivilegedAction<SSOToken> privilegedAction, @DataLayer(ConnectionType.DATA_LAYER) ConnectionFactory connectionFactory) {
        super(privilegedAction, connectionFactory);
        this.upgradableConfigs = new HashMap();
    }

    @Override // org.forgerock.openam.upgrade.steps.UpgradeStep
    public boolean isApplicable() {
        return !this.upgradableConfigs.isEmpty();
    }

    @Override // org.forgerock.openam.upgrade.steps.UpgradeStep
    public void initialize() throws UpgradeException {
        try {
            ServiceConfigManager serviceConfigManager = new ServiceConfigManager(UpgradeAgentServiceStep.AGENT_SERVICE, getAdminToken());
            for (String str : getRealmNames()) {
                findUpgradableConfigs(str, serviceConfigManager, AgentType.AGENT);
                findUpgradableConfigs(str, serviceConfigManager, AgentType.GROUP);
            }
        } catch (Exception e) {
            DEBUG.error("An error occurred while trying to look for upgradable OAuth2 client profiles", e);
            throw new UpgradeException("Unable to retrieve modified OAuth2 clients");
        }
    }

    private void findUpgradableConfigs(String str, ServiceConfigManager serviceConfigManager, AgentType agentType) throws SMSException, SSOException {
        try {
            ServiceConfig organizationConfig = serviceConfigManager.getOrganizationConfig(str, agentType.instanceName);
            Set<String> subConfigNames = organizationConfig.getSubConfigNames("*", "OAuth2Client");
            Map<AgentType, Map<String, Set<String>>> map = this.upgradableConfigs.get(str);
            if (map == null) {
                map = new EnumMap(AgentType.class);
            }
            if (DEBUG.messageEnabled()) {
                DEBUG.message("OAuth2 " + agentType.name() + " configurations found under realm: " + str + " : " + subConfigNames);
            }
            for (String str2 : subConfigNames) {
                ServiceConfig subConfig = organizationConfig.getSubConfig(str2);
                Map attributesWithoutDefaults = subConfig.getAttributesWithoutDefaults();
                Iterator it = attributesWithoutDefaults.entrySet().iterator();
                while (it.hasNext()) {
                    String str3 = (String) ((Map.Entry) it.next()).getKey();
                    if (CHANGED_PROPERTIES.contains(str3)) {
                        Set set = (Set) attributesWithoutDefaults.get(str3);
                        if (VersionUtils.isCurrentVersionLessThan(AM_13, true) && ("com.forgerock.openam.oauth2provider.scopes".equals(str3) || "com.forgerock.openam.oauth2provider.defaultScopes".equals(str3))) {
                            Iterator it2 = set.iterator();
                            while (true) {
                                if (it2.hasNext()) {
                                    if (!((String) it2.next()).contains("|")) {
                                        addAttributeToMap(map, agentType, str2, str3, str);
                                        break;
                                    }
                                } else {
                                    break;
                                }
                            }
                        }
                        String mapAttr = CollectionHelper.getMapAttr(attributesWithoutDefaults, str3);
                        if (mapAttr != null && !pattern.matcher(mapAttr).matches()) {
                            if (DEBUG.messageEnabled()) {
                                DEBUG.message("Discovered OAuth2 " + agentType.name() + ": " + str2 + " in realm: " + str);
                            }
                            addAttributeToMap(map, agentType, str2, str3, str);
                        }
                    } else if ("com.forgerock.openam.oauth2provider.idTokenSignedResponseAlg".equals(str3)) {
                        if (UpgradeOAuth2ProviderStep.ALGORITHM_NAMES.containsKey(CollectionHelper.getMapAttr(attributesWithoutDefaults, str3))) {
                            addAttributeToMap(map, agentType, str2, str3, str);
                        }
                    }
                }
                Map attributes = subConfig.getAttributes();
                for (String str4 : ADDED_LIFETIME_PROPERTIES) {
                    if (!attributes.containsKey(str4)) {
                        addAttributeToMap(map, agentType, str2, str4, str);
                    }
                }
                if (!attributes.containsKey("com.forgerock.openam.oauth2provider.subjectType")) {
                    addAttributeToMap(map, agentType, str2, "com.forgerock.openam.oauth2provider.subjectType", str);
                }
            }
        } catch (SMSException e) {
            if (!"sms-no-such-instance".equals(e.getErrorCode()) || !AgentType.GROUP.equals(agentType)) {
                throw e;
            }
            DEBUG.message("Unable to find agentgroup in the configuration: " + e.getMessage());
        }
    }

    private void addAttributeToMap(Map<AgentType, Map<String, Set<String>>> map, AgentType agentType, String str, String str2, String str3) {
        Map<String, Set<String>> map2 = map.get(agentType);
        if (map2 == null) {
            map2 = new HashMap();
            map2.put(str, new HashSet());
            map.put(agentType, map2);
        } else if (!map2.containsKey(str)) {
            map2.put(str, new HashSet());
        }
        map2.get(str).add(str2);
        this.upgradableConfigs.put(str3, map);
    }

    @Override // org.forgerock.openam.upgrade.steps.UpgradeStep
    public void perform() throws UpgradeException {
        for (Map.Entry<String, Map<AgentType, Map<String, Set<String>>>> entry : this.upgradableConfigs.entrySet()) {
            String key = entry.getKey();
            try {
                ServiceConfigManager serviceConfigManager = new ServiceConfigManager(UpgradeAgentServiceStep.AGENT_SERVICE, getAdminToken());
                for (Map.Entry<AgentType, Map<String, Set<String>>> entry2 : entry.getValue().entrySet()) {
                    ServiceConfig organizationConfig = serviceConfigManager.getOrganizationConfig(key, entry2.getKey().instanceName);
                    for (Map.Entry<String, Set<String>> entry3 : entry2.getValue().entrySet()) {
                        UpgradeProgress.reportStart("upgrade.oauth2.start", entry3.getKey());
                        ServiceConfig subConfig = organizationConfig.getSubConfig(entry3.getKey());
                        Map<String, Set<String>> attributesWithoutDefaults = subConfig.getAttributesWithoutDefaults();
                        for (String str : entry3.getValue()) {
                            if (CHANGED_PROPERTIES.contains(str)) {
                                Set<String> set = attributesWithoutDefaults.get(str);
                                if (VersionUtils.isCurrentVersionLessThan(AM_13, true) && ("com.forgerock.openam.oauth2provider.scopes".equals(str) || "com.forgerock.openam.oauth2provider.defaultScopes".equals(str))) {
                                    addScopesWithPipe(attributesWithoutDefaults, str, set);
                                }
                                String mapAttr = CollectionHelper.getMapAttr(attributesWithoutDefaults, str);
                                if (mapAttr != null && !pattern.matcher(mapAttr).matches() && set != null) {
                                    attributesWithoutDefaults.put(str, convertValues(set));
                                }
                            } else if ("com.forgerock.openam.oauth2provider.idTokenSignedResponseAlg".equals(str)) {
                                String mapAttr2 = CollectionHelper.getMapAttr(attributesWithoutDefaults, str);
                                if (UpgradeOAuth2ProviderStep.ALGORITHM_NAMES.containsKey(mapAttr2)) {
                                    attributesWithoutDefaults.put(str, Collections.singleton(UpgradeOAuth2ProviderStep.ALGORITHM_NAMES.get(mapAttr2)));
                                }
                            } else if (ADDED_LIFETIME_PROPERTIES.contains(str)) {
                                attributesWithoutDefaults.put(str, Collections.singleton("0"));
                            } else if ("com.forgerock.openam.oauth2provider.subjectType".contains(str)) {
                                attributesWithoutDefaults.put(str, Collections.singleton("Public"));
                            }
                        }
                        subConfig.setAttributes(attributesWithoutDefaults);
                        UpgradeProgress.reportEnd("upgrade.success", new Object[0]);
                    }
                }
            } catch (Exception e) {
                UpgradeProgress.reportEnd("upgrade.failed", new Object[0]);
                DEBUG.error("An error occurred while trying to upgrade an OAuth2 client", e);
                throw new UpgradeException("Unable to upgrade OAuth2 client");
            }
        }
    }

    private void addScopesWithPipe(Map<String, Set<String>> map, String str, Set<String> set) {
        boolean z = false;
        HashSet hashSet = new HashSet();
        for (String str2 : set) {
            if (!str2.contains("|")) {
                str2 = str2 + "|";
                z = true;
            }
            hashSet.add(str2);
        }
        if (z) {
            map.put(str, hashSet);
        }
    }

    private Set<String> convertValues(Set<String> set) {
        int i = 0;
        HashSet hashSet = new HashSet(set.size());
        Iterator<String> it = set.iterator();
        while (it.hasNext()) {
            int i2 = i;
            i++;
            hashSet.add("[" + i2 + "]=" + it.next());
        }
        return hashSet;
    }

    @Override // org.forgerock.openam.upgrade.steps.UpgradeStep
    public String getShortReport(String str) {
        int i = 0;
        int i2 = 0;
        for (Map<AgentType, Map<String, Set<String>>> map : this.upgradableConfigs.values()) {
            Map<String, Set<String>> map2 = map.get(AgentType.AGENT);
            if (map2 != null) {
                i += map2.size();
            }
            Map<String, Set<String>> map3 = map.get(AgentType.GROUP);
            if (map3 != null) {
                i2 += map3.size();
            }
        }
        StringBuilder sb = new StringBuilder();
        if (i != 0) {
            sb.append(BUNDLE.getString("upgrade.oauth2.clients")).append(" (").append(i).append(')').append(str);
        }
        if (i2 != 0) {
            sb.append(BUNDLE.getString("upgrade.oauth2.groups")).append(" (").append(i2).append(')').append(str);
        }
        return sb.toString();
    }

    @Override // org.forgerock.openam.upgrade.steps.UpgradeStep
    public String getDetailedReport(String str) {
        HashMap hashMap = new HashMap();
        hashMap.put(UpgradeServices.LF, str);
        StringBuilder sb = new StringBuilder();
        for (Map.Entry<String, Map<AgentType, Map<String, Set<String>>>> entry : this.upgradableConfigs.entrySet()) {
            sb.append(BUNDLE.getString("upgrade.realm")).append(": ").append(entry.getKey()).append(str);
            for (Map.Entry<AgentType, Map<String, Set<String>>> entry2 : entry.getValue().entrySet()) {
                sb.append("\t").append(entry2.getKey()).append(str);
                Iterator<String> it = entry2.getValue().keySet().iterator();
                while (it.hasNext()) {
                    sb.append("\t").append("\t").append(it.next()).append(str);
                }
            }
        }
        hashMap.put(OAUTH2_DATA, sb.toString());
        return UpgradeServices.tagSwapReport(hashMap, "upgrade.oauth2report");
    }
}
