package org.wso2.carbon.is.migration.service.v700.migrator;

import java.io.IOException;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.wso2.carbon.identity.api.resource.collection.mgt.model.APIResourceCollection;
import org.wso2.carbon.identity.api.resource.collection.mgt.util.APIResourceCollectionMgtConfigBuilder;
import org.wso2.carbon.identity.core.migrate.MigrationClientException;
import org.wso2.carbon.is.migration.internal.ISMigrationServiceDataHolder;
import org.wso2.carbon.is.migration.service.Migrator;
import org.wso2.carbon.is.migration.service.v700.constant.MigratorConstants;
import org.wso2.carbon.is.migration.service.v700.dao.ApplicationDAO;
import org.wso2.carbon.is.migration.service.v700.dao.RoleV1DAO;
import org.wso2.carbon.is.migration.service.v700.dao.RoleV2DAO;
import org.wso2.carbon.is.migration.service.v700.dao.ScopeDAO;
import org.wso2.carbon.is.migration.service.v700.model.RoleV2;
import org.wso2.carbon.is.migration.service.v700.util.Utils;
import org.wso2.carbon.is.migration.util.Constant;
import org.wso2.carbon.is.migration.util.ReportUtil;
import org.wso2.carbon.is.migration.util.Utility;
import org.wso2.carbon.user.api.Tenant;
import org.wso2.carbon.user.api.UserStoreException;

/* loaded from: input_file:org/wso2/carbon/is/migration/service/v700/migrator/ConsoleRoleMigrator.class */
public class ConsoleRoleMigrator extends Migrator {
    private static final Logger LOG = LoggerFactory.getLogger(ConsoleRoleMigrator.class);
    private final ApplicationDAO applicationDAO = new ApplicationDAO();
    private final RoleV2DAO roleV2DAO = new RoleV2DAO();
    private final RoleV1DAO roleV1DAO = new RoleV1DAO();
    private final ScopeDAO scopeDAO = new ScopeDAO();

    @Override // org.wso2.carbon.is.migration.service.Migrator
    public void dryRun() throws MigrationClientException {
        try {
            LOG.info(" WSO2 Product Migration Service Task : Executing dry run for {}", getClass().getName());
            ReportUtil reportUtil = new ReportUtil((String) getMigratorConfig().getParameters().get(Constant.REPORT_PATH));
            reportUtil.writeMessage("\n--- Summary of the report ---\n");
            LOG.info(" WSO2 Product Migration Service Task : Started the dry run for {} migration.", getClass().getName());
            reportUtil.writeMessage("Checking for a role with name Administrator.");
            LOG.info(" WSO2 Product Migration Service Task : Checking for a role with name Administrator.");
            Set<Tenant> tenants = Utility.getTenants();
            Tenant tenant = new Tenant();
            tenant.setId(-1234);
            tenants.add(tenant);
            boolean z = false;
            for (Tenant tenant2 : tenants) {
                if (this.roleV1DAO.getRoleIDByName(MigratorConstants.ADMINISTRATOR, tenant2.getId()) != null) {
                    if (!this.roleV1DAO.getRolePermissions(MigratorConstants.ADMINISTRATOR, tenant2.getId()).contains(MigratorConstants.ADMIN_PERMISSION)) {
                        z = true;
                        reportUtil.writeMessage("A role with name 'Administrator' with less permissions exist in the tenant " + tenant2.getId());
                    }
                }
            }
            if (z) {
                reportUtil.writeMessage("The role with name Administrator will be used as the default admin role in migrated tenants.");
                reportUtil.writeMessage("Take the following actions to resolve the issues");
                reportUtil.writeMessage("The users who were in the Administrator role in the previous version will get full admin access after the migration.");
            }
            reportUtil.commit();
        } catch (IOException e) {
            throw new MigrationClientException("Error while writing the dry run report.", e);
        }
    }

    @Override // org.wso2.carbon.is.migration.service.Migrator
    public void migrate() throws MigrationClientException {
        Set<Tenant> tenants = Utility.getTenants();
        Tenant tenant = new Tenant();
        tenant.setId(-1234);
        tenants.add(tenant);
        Map<String, String> loadOauthScopeBinding = Utils.loadOauthScopeBinding();
        if (loadOauthScopeBinding == null) {
            throw new MigrationClientException("Error while loading scope binding file.");
        }
        for (Tenant tenant2 : tenants) {
            String appUUIDFromAppName = this.applicationDAO.getAppUUIDFromAppName(MigratorConstants.CONSOLE_APP, tenant2.getId());
            List<String> systemAPIAccessibleRoles = this.roleV2DAO.getSystemAPIAccessibleRoles(tenant2.getId());
            ArrayList<String> arrayList = new ArrayList();
            systemAPIAccessibleRoles.forEach(str -> {
                try {
                    Stream<String> stream = this.roleV1DAO.getRolePermissions(str, tenant2.getId()).stream();
                    String str = MigratorConstants.ADMIN_PERMISSION;
                    if (stream.anyMatch((v1) -> {
                        return r1.equals(v1);
                    })) {
                        arrayList.add(str);
                    }
                } catch (MigrationClientException e) {
                    LOG.error("Error while retrieving permissions of role: " + str, e);
                }
            });
            boolean contains = systemAPIAccessibleRoles.contains(MigratorConstants.ADMINISTRATOR);
            try {
                String replace = ISMigrationServiceDataHolder.getRealmService().getTenantUserRealm(tenant2.getId()).getRealmConfiguration().getAdminRoleName().replace("Internal/", "");
                if (!arrayList.contains(MigratorConstants.ADMINISTRATOR)) {
                    arrayList.add(MigratorConstants.ADMINISTRATOR);
                }
                arrayList.removeAll((List) this.roleV2DAO.getApplicationRolesOfApp(tenant2.getId(), appUUIDFromAppName).stream().map((v0) -> {
                    return v0.getRoleName();
                }).collect(Collectors.toList()));
                for (String str2 : arrayList) {
                    this.roleV2DAO.createV2Role(str2, MigratorConstants.APPLICATION, tenant2.getId(), appUUIDFromAppName);
                    String getRoleUUID = this.roleV2DAO.getGetRoleUUID(tenant2.getId(), str2, appUUIDFromAppName, MigratorConstants.APPLICATION);
                    this.roleV2DAO.insertSCIM2GroupId(tenant2.getId(), str2, getRoleUUID, this.roleV2DAO.getRoleAudienceByAudienceID(appUUIDFromAppName));
                    this.applicationDAO.assignRoleToApplication(appUUIDFromAppName, getRoleUUID);
                    int roleID = this.roleV2DAO.getRoleID(tenant2.getId(), str2, appUUIDFromAppName, MigratorConstants.APPLICATION);
                    if (!MigratorConstants.ADMINISTRATOR.equals(str2) || contains) {
                        this.roleV2DAO.migrateUserOfRoleToNewRole(roleID, tenant2.getId(), str2);
                    } else {
                        this.roleV2DAO.migrateUserOfRoleToNewRole(roleID, tenant2.getId(), replace);
                        if (this.roleV2DAO.isGroupExist(replace, tenant2.getId())) {
                            this.roleV2DAO.assignRoleToGroupOfPrimaryGroup(replace, roleID, tenant2.getId());
                        }
                    }
                    if (str2.startsWith("system_primary_")) {
                        String str3 = str2.split("system_primary_")[1];
                        if (!this.roleV2DAO.isGroupToRoleMapped(str3, roleID, tenant2.getId())) {
                            this.roleV2DAO.assignRoleToGroupOfPrimaryGroup(str3, roleID, tenant2.getId());
                        }
                    }
                }
                for (RoleV2 roleV2 : this.roleV2DAO.getApplicationRolesOfApp(tenant2.getId(), this.applicationDAO.getAppUUIDFromAppName(MigratorConstants.CONSOLE_APP, tenant2.getId()))) {
                    if (!MigratorConstants.ADMINISTRATOR.equals(roleV2.getRoleName())) {
                        if (roleV2.getRoleName().equals(replace)) {
                            this.roleV2DAO.assignInternalSystemScopesToRole(roleV2.getRoleUUID(), this.scopeDAO.getAllSystemScopes());
                        } else {
                            List<String> rolePermissions = this.roleV1DAO.getRolePermissions(roleV2.getRoleName(), tenant2.getId());
                            if (rolePermissions.size() != 0) {
                                ArrayList arrayList2 = new ArrayList();
                                for (Map.Entry<String, String> entry : loadOauthScopeBinding.entrySet()) {
                                    Iterator<String> it = rolePermissions.iterator();
                                    while (it.hasNext()) {
                                        if (StringUtils.containsIgnoreCase(entry.getKey(), it.next()) && !arrayList2.contains(entry.getValue())) {
                                            arrayList2.add(entry.getValue());
                                        }
                                    }
                                }
                                if (!arrayList2.isEmpty()) {
                                    for (Map.Entry entry2 : APIResourceCollectionMgtConfigBuilder.getInstance().getApiResourceCollectionMgtConfigurations().entrySet()) {
                                        String str4 = (String) ((APIResourceCollection) entry2.getValue()).getReadScopes().get(0);
                                        if (new HashSet(arrayList2).containsAll((List) ((APIResourceCollection) entry2.getValue()).getReadScopes().stream().skip(1L).collect(Collectors.toList()))) {
                                            arrayList2.add(str4);
                                        }
                                    }
                                    List<String> assignedScopesForRole = this.roleV2DAO.getAssignedScopesForRole(roleV2.getRoleUUID());
                                    List<String> list = (List) arrayList2.stream().filter(str5 -> {
                                        return !assignedScopesForRole.contains(str5);
                                    }).collect(Collectors.toList());
                                    if (!list.isEmpty()) {
                                        this.roleV2DAO.assignInternalSystemScopesToRole(roleV2.getRoleUUID(), list);
                                    }
                                }
                            }
                        }
                    }
                }
            } catch (UserStoreException e) {
                throw new MigrationClientException("Error while retrieving default admin role of super tenant.", e);
            }
        }
    }
}
