package org.forgerock.openam.upgrade.steps.policy.policysets;

import com.iplanet.sso.SSOToken;
import com.sun.identity.entitlement.Application;
import com.sun.identity.entitlement.EntitlementException;
import java.security.PrivilegedAction;
import java.text.MessageFormat;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import javax.inject.Inject;
import org.forgerock.openam.entitlement.service.ApplicationService;
import org.forgerock.openam.entitlement.service.ApplicationServiceFactory;
import org.forgerock.openam.entitlement.utils.EntitlementUtils;
import org.forgerock.openam.sm.datalayer.api.ConnectionFactory;
import org.forgerock.openam.sm.datalayer.api.ConnectionType;
import org.forgerock.openam.sm.datalayer.api.DataLayer;
import org.forgerock.openam.upgrade.UpgradeException;
import org.forgerock.openam.upgrade.UpgradeProgress;
import org.forgerock.openam.upgrade.UpgradeServices;
import org.forgerock.openam.upgrade.UpgradeStepInfo;
import org.forgerock.openam.upgrade.steps.AbstractUpgradeStep;
import org.forgerock.openam.utils.CollectionUtils;

@UpgradeStepInfo(dependsOn = {"org.forgerock.openam.upgrade.steps.UpgradeServiceSchemaStep"})
/* loaded from: input_file:org/forgerock/openam/upgrade/steps/policy/policysets/UpdateOAuth2PolicySetsStep.class */
public class UpdateOAuth2PolicySetsStep extends AbstractUpgradeStep {
    private static final String OAUTH2_POLICY_SET_NAME = "OAuth2";
    private static final String REPORT_TEXT = "%REPORT_TEXT%";
    private final ApplicationServiceFactory applicationServiceFactory;
    private final Set<String> affectedRealms;

    @Inject
    public UpdateOAuth2PolicySetsStep(PrivilegedAction<SSOToken> privilegedAction, @DataLayer(ConnectionType.DATA_LAYER) ConnectionFactory connectionFactory, ApplicationServiceFactory applicationServiceFactory) {
        super(privilegedAction, connectionFactory);
        this.affectedRealms = new HashSet();
        this.applicationServiceFactory = applicationServiceFactory;
    }

    @Override // org.forgerock.openam.upgrade.steps.UpgradeStep
    public boolean isApplicable() {
        return CollectionUtils.isNotEmpty(this.affectedRealms);
    }

    @Override // org.forgerock.openam.upgrade.steps.UpgradeStep
    public void initialize() throws UpgradeException {
        for (String str : getRealmNames()) {
            try {
                DEBUG.message("Looking for OAuth2 policy sets under realm {}", new Object[]{str});
                Application application = this.applicationServiceFactory.create(getAdminSubject(), str).getApplication(OAUTH2_POLICY_SET_NAME);
                if (application != null && (CollectionUtils.isEmpty(application.getSubjects()) || CollectionUtils.isEmpty(application.getConditions()))) {
                    this.affectedRealms.add(str);
                }
            } catch (EntitlementException e) {
                DEBUG.error("An error occurred while initializing OAuth2 policy set upgrade step", e);
                throw new UpgradeException(e);
            }
        }
        DEBUG.message("Realms found with OAuth2 policy sets having incorrect subjects/conditions configuration: {}", new Object[]{this.affectedRealms});
    }

    @Override // org.forgerock.openam.upgrade.steps.UpgradeStep
    public void perform() throws UpgradeException {
        for (String str : this.affectedRealms) {
            try {
                ApplicationService create = this.applicationServiceFactory.create(getAdminSubject(), str);
                Application application = create.getApplication(OAUTH2_POLICY_SET_NAME);
                UpgradeProgress.reportStart("upgrade.policy.oauth2.policyset.progress", str);
                if (CollectionUtils.isEmpty(application.getSubjects())) {
                    DEBUG.message("Updating list of allowed subjects for OAuth2 under realm: {}", new Object[]{str});
                    application.setSubjects(EntitlementUtils.getSubjectsShortNames());
                }
                if (CollectionUtils.isEmpty(application.getConditions())) {
                    DEBUG.message("Updating list of allowed conditions for OAuth2 under realm: {}", new Object[]{str});
                    application.setConditions(EntitlementUtils.getConditionsShortNames());
                }
                create.saveApplication(application);
                UpgradeProgress.reportEnd("upgrade.success", new Object[0]);
                DEBUG.message("OAuth2 Policy Set successfully updated in realm: {}", new Object[]{str});
                create.clearCache();
            } catch (EntitlementException e) {
                DEBUG.error("An error occurred while upgrading the OAuth2 Policy Set in realm: {}", new Object[]{str, e});
                throw new UpgradeException(e);
            }
        }
    }

    @Override // org.forgerock.openam.upgrade.steps.UpgradeStep
    public String getShortReport(String str) {
        return MessageFormat.format(BUNDLE.getString("upgrade.policy.oauth2.policyset.short"), Integer.valueOf(this.affectedRealms.size())) + str;
    }

    @Override // org.forgerock.openam.upgrade.steps.UpgradeStep
    public String getDetailedReport(String str) {
        HashMap hashMap = new HashMap();
        hashMap.put(UpgradeServices.LF, str);
        StringBuilder sb = new StringBuilder();
        sb.append(BUNDLE.getString("upgrade.policy.oauth2.policyset.detailed")).append(str);
        Iterator<String> it = this.affectedRealms.iterator();
        while (it.hasNext()) {
            sb.append("\t").append(it.next()).append(str);
        }
        sb.append(str);
        hashMap.put(REPORT_TEXT, sb.toString());
        return UpgradeServices.tagSwapReport(hashMap, "upgrade.policy.oauth2.policyset.report");
    }
}
