package org.forgerock.openam.upgrade.steps;

import com.iplanet.sso.SSOToken;
import com.sun.identity.entitlement.Application;
import com.sun.identity.entitlement.ApplicationType;
import com.sun.identity.entitlement.JwtClaimSubject;
import com.sun.identity.idm.AMIdentity;
import com.sun.identity.idm.IdSearchControl;
import com.sun.identity.idm.IdType;
import com.sun.identity.security.AdminTokenAction;
import com.sun.identity.shared.datastruct.CollectionHelper;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import javax.inject.Inject;
import org.forgerock.openam.entitlement.EntitlementRegistry;
import org.forgerock.openam.entitlement.rest.wrappers.ApplicationTypeManagerWrapper;
import org.forgerock.openam.entitlement.service.ApplicationService;
import org.forgerock.openam.entitlement.service.ApplicationServiceFactory;
import org.forgerock.openam.identity.idm.AMIdentityRepositoryFactory;
import org.forgerock.openam.sm.datalayer.api.ConnectionFactory;
import org.forgerock.openam.sm.datalayer.api.ConnectionType;
import org.forgerock.openam.sm.datalayer.api.DataLayer;
import org.forgerock.openam.uma.UmaUtils;
import org.forgerock.openam.upgrade.UpgradeException;
import org.forgerock.openam.upgrade.UpgradeServices;
import org.forgerock.openam.upgrade.UpgradeStepInfo;
import org.forgerock.openam.upgrade.VersionUtils;
import org.forgerock.openam.utils.CollectionUtils;

@UpgradeStepInfo(dependsOn = {"org.forgerock.openam.upgrade.steps.UpgradeEntitlementsStep"})
/* loaded from: input_file:org/forgerock/openam/upgrade/steps/UmaApplicationSubjectsStep.class */
public class UmaApplicationSubjectsStep extends AbstractUpgradeStep {
    private static final int AM_13 = 1300;
    private static final Set<String> SUBJECT_TYPES = CollectionUtils.asSet(new String[]{EntitlementRegistry.getSubjectTypeName(JwtClaimSubject.class)});
    private final Map<String, Set<Application>> needUpgrade;
    private final AMIdentityRepositoryFactory idRepoFactory;
    private final ApplicationServiceFactory applicationServiceFactory;
    private final ApplicationTypeManagerWrapper applicationTypeManagerWrapper;
    private int applicationCount;

    @Inject
    public UmaApplicationSubjectsStep(ApplicationServiceFactory applicationServiceFactory, PrivilegedAction<SSOToken> privilegedAction, ApplicationTypeManagerWrapper applicationTypeManagerWrapper, @DataLayer(ConnectionType.DATA_LAYER) ConnectionFactory connectionFactory, AMIdentityRepositoryFactory aMIdentityRepositoryFactory) {
        super(privilegedAction, connectionFactory);
        this.needUpgrade = new HashMap();
        this.applicationServiceFactory = applicationServiceFactory;
        this.applicationTypeManagerWrapper = applicationTypeManagerWrapper;
        this.idRepoFactory = aMIdentityRepositoryFactory;
    }

    @Override // org.forgerock.openam.upgrade.steps.UpgradeStep
    public void initialize() throws UpgradeException {
        if (VersionUtils.isCurrentVersionLessThan(AM_13, true)) {
            return;
        }
        ApplicationType applicationType = this.applicationTypeManagerWrapper.getApplicationType(getAdminSubject(), "iPlanetAMWebAgentService");
        try {
            for (String str : getRealmNames()) {
                HashSet hashSet = new HashSet();
                Set<AMIdentity> searchResults = this.idRepoFactory.create(str, (SSOToken) AccessController.doPrivileged((PrivilegedAction) AdminTokenAction.getInstance())).searchIdentities(IdType.AGENT, "*", new IdSearchControl()).getSearchResults();
                if (searchResults != null && !searchResults.isEmpty()) {
                    for (AMIdentity aMIdentity : searchResults) {
                        Map attributes = aMIdentity.getAttributes();
                        if ("OAuth2Client".equalsIgnoreCase(CollectionHelper.getMapAttr(attributes, "AgentType", "NO_TYPE")) && UmaUtils.isUmaResourceServerAgent(attributes)) {
                            hashSet.add(aMIdentity.getName());
                        }
                    }
                }
                ApplicationService create = this.applicationServiceFactory.create(getAdminSubject(), str);
                HashSet hashSet2 = new HashSet();
                for (Application application : create.getApplications()) {
                    if (application.getApplicationType().equals(applicationType) && hashSet.contains(application.getName()) && !application.getSubjects().containsAll(SUBJECT_TYPES)) {
                        hashSet2.add(application);
                        this.applicationCount++;
                    }
                }
                if (!hashSet2.isEmpty()) {
                    this.needUpgrade.put(str, hashSet2);
                }
            }
        } catch (Exception e) {
            DEBUG.error("An error occurred while trying to look for upgradable UMA policy applications", e);
            throw new UpgradeException("Unable to retrieve UMA policy applications", e);
        }
    }

    @Override // org.forgerock.openam.upgrade.steps.UpgradeStep
    public boolean isApplicable() {
        return !this.needUpgrade.isEmpty();
    }

    @Override // org.forgerock.openam.upgrade.steps.UpgradeStep
    public void perform() throws UpgradeException {
        try {
            for (Map.Entry<String, Set<Application>> entry : this.needUpgrade.entrySet()) {
                ApplicationService create = this.applicationServiceFactory.create(getAdminSubject(), entry.getKey());
                for (Application application : entry.getValue()) {
                    application.getSubjects().addAll(SUBJECT_TYPES);
                    create.saveApplication(application);
                }
            }
        } catch (Exception e) {
            DEBUG.error("An error occurred while trying to upgrade UMA policy applications", e);
            throw new UpgradeException("Unable to upgrade UMA policy applications", e);
        }
    }

    @Override // org.forgerock.openam.upgrade.steps.UpgradeStep
    public String getShortReport(String str) {
        StringBuilder sb = new StringBuilder();
        if (this.applicationCount != 0) {
            sb.append(BUNDLE.getString("upgrade.uma.applications")).append(" (").append(this.applicationCount).append(')').append(str);
        }
        return sb.toString();
    }

    @Override // org.forgerock.openam.upgrade.steps.UpgradeStep
    public String getDetailedReport(String str) {
        if (this.needUpgrade.isEmpty()) {
            return "";
        }
        HashMap hashMap = new HashMap();
        hashMap.put(UpgradeServices.LF, str);
        StringBuilder sb = new StringBuilder();
        for (Map.Entry<String, Set<Application>> entry : this.needUpgrade.entrySet()) {
            sb.append(BUNDLE.getString("upgrade.realm")).append(": ").append(entry.getKey()).append(str);
            Iterator<Application> it = entry.getValue().iterator();
            while (it.hasNext()) {
                sb.append("\t").append(it.next().getName()).append(str);
            }
        }
        hashMap.put("%REPORT_DATA%", sb.toString());
        return UpgradeServices.tagSwapReport(hashMap, "upgrade.uma.applicationsreport");
    }
}
