package org.wso2.carbon.is.migration.service.v600.migrator;

import java.io.IOException;
import java.sql.Connection;
import java.sql.SQLException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.function.Function;
import java.util.stream.Collectors;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.wso2.carbon.identity.application.common.IdentityApplicationManagementException;
import org.wso2.carbon.identity.application.common.model.InboundAuthenticationRequestConfig;
import org.wso2.carbon.identity.application.common.model.ServiceProvider;
import org.wso2.carbon.identity.base.IdentityException;
import org.wso2.carbon.identity.core.migrate.MigrationClientException;
import org.wso2.carbon.identity.core.util.IdentityTenantUtil;
import org.wso2.carbon.is.migration.service.Migrator;
import org.wso2.carbon.is.migration.service.v600.dao.ApplicationDAO;
import org.wso2.carbon.is.migration.service.v700.constant.MigratorConstants;
import org.wso2.carbon.is.migration.util.Constant;
import org.wso2.carbon.is.migration.util.ReportUtil;
import org.wso2.carbon.is.migration.util.Schema;
import org.wso2.carbon.is.migration.util.Utility;
import org.wso2.carbon.registry.core.Registry;
import org.wso2.carbon.registry.core.Resource;
import org.wso2.carbon.registry.core.exceptions.RegistryException;
import org.wso2.carbon.user.api.Tenant;

/* loaded from: input_file:org/wso2/carbon/is/migration/service/v600/migrator/ApplicationAccessURLMigrator.class */
public class ApplicationAccessURLMigrator extends Migrator {
    private static final Logger log = LoggerFactory.getLogger(ApplicationAccessURLMigrator.class);
    private static final String SP_REDIRECT_URL_RESOURCE_PATH = "/identity/config/relyingPartyRedirectUrls";
    private ReportUtil reportUtil;

    @Override // org.wso2.carbon.is.migration.service.Migrator
    public void dryRun() throws MigrationClientException {
        log.info(" WSO2 Product Migration Service Task : Executing dry run for {}", getClass().getName());
        String str = (String) getMigratorConfig().getParameters().get(Constant.REPORT_PATH);
        try {
            this.reportUtil = new ReportUtil(str);
            this.reportUtil.writeMessage("\n--- Summary of the report - Relying party Urls Migration ---\n");
            this.reportUtil.writeMessage(String.format("%40s | %40s | %40s | %40s", "Application ", "RelyingParty", "RedirectURL", "Tenant Domain"));
            log.info(" WSO2 Product Migration Service Task : Started the dry run of Relying party Urls migration.");
            migratingRelyingPartyURL(str, MigratorConstants.SUPER_TENANT_DOMAIN.toString(), true);
            for (Tenant tenant : Utility.getTenants()) {
                if (!isIgnoreForInactiveTenants() || tenant.isActive()) {
                    migratingRelyingPartyURL(str, tenant.getDomain(), true);
                } else {
                    log.info(" WSO2 Product Migration Service Task : Tenant " + tenant.getDomain() + " is inactive. Redirect URLs migration will be skipped. ");
                }
            }
            this.reportUtil.commit();
        } catch (IOException e) {
            log.error(" WSO2 Product Migration Service Task : Error while constructing the DryRun report.", e);
        }
    }

    private void migratingRelyingPartyURL(String str, String str2, boolean z) throws MigrationClientException {
        ArrayList arrayList = new ArrayList();
        HashMap hashMap = new HashMap();
        log.info("............................................................................................");
        if (z) {
            log.info(" WSO2 Product Migration Service Task : Started dry run of migrating redirect URLs for tenant: " + str2);
        } else {
            log.info(" WSO2 Product Migration Service Task : Started migrating redirect URLs for tenant: " + str2);
        }
        Properties relyingPartyRedirectUrlValues = getRelyingPartyRedirectUrlValues(str2);
        if (relyingPartyRedirectUrlValues == null) {
            log.info(" WSO2 Product Migration Service Task : There are no relying party redirect URLs configured for the tenant: " + str2);
            return;
        }
        Iterator it = relyingPartyRedirectUrlValues.keySet().iterator();
        while (it.hasNext()) {
            String obj = it.next().toString();
            ArrayList arrayList2 = (ArrayList) relyingPartyRedirectUrlValues.get(obj);
            if (StringUtils.isNotEmpty(obj) && CollectionUtils.isNotEmpty(arrayList2) && arrayList2.get(0) != null) {
                String obj2 = arrayList2.get(0).toString();
                if (StringUtils.isEmpty(obj2)) {
                    continue;
                } else {
                    ServiceProvider serviceProviderByRelyingParty = getServiceProviderByRelyingParty(obj, str2, MigratorConstants.INBOUND_AUTH2_TYPE);
                    if (serviceProviderByRelyingParty == null) {
                        serviceProviderByRelyingParty = getServiceProviderByRelyingParty(obj, str2, "samlsso");
                    }
                    if (serviceProviderByRelyingParty != null) {
                        String applicationName = serviceProviderByRelyingParty.getApplicationName();
                        if (StringUtils.isEmpty(serviceProviderByRelyingParty.getAccessUrl())) {
                            arrayList.add(serviceProviderByRelyingParty);
                            if (z) {
                                this.reportUtil.writeMessage(String.format("%40s | %40s | %40s | %40s ", applicationName, obj, obj2, str2));
                            } else {
                                hashMap.put(applicationName, obj2);
                                migrateRedirectURLFromRegistryToApplication(obj, str2, serviceProviderByRelyingParty, obj2);
                            }
                        } else if (obj2.equals(serviceProviderByRelyingParty.getAccessUrl())) {
                            continue;
                        } else {
                            arrayList.add(serviceProviderByRelyingParty);
                            String format = String.format("Conflicting relying-party redirect URL: %s, found for the application: %s, where the access URL is already set to: %s by default or by another relying-party configuration. Please resolve the conflict and re-run the migration.", obj2, applicationName, serviceProviderByRelyingParty.getAccessUrl());
                            log.error(format);
                            if (!z) {
                                throw new MigrationClientException(format);
                            }
                            this.reportUtil.writeMessage(String.format("%40s | %40s | %40s | %40s ", applicationName, obj, obj2, str2));
                        }
                    } else {
                        continue;
                    }
                }
            }
        }
        if (CollectionUtils.isNotEmpty(arrayList)) {
            ((List) ((Map) arrayList.stream().collect(Collectors.groupingBy(Function.identity(), Collectors.counting()))).entrySet().stream().filter(entry -> {
                return ((Long) entry.getValue()).longValue() > 1;
            }).map(entry2 -> {
                return (ServiceProvider) entry2.getKey();
            }).collect(Collectors.toList())).forEach(serviceProvider -> {
                reportIssues(serviceProvider, str, z);
            });
        }
        if (z) {
            return;
        }
        removeRelyingPartyRedirectUrlsFRomRegistry(str2);
    }

    private void reportIssues(ServiceProvider serviceProvider, String str, boolean z) {
        if (z) {
            log.error(Constant.MIGRATION_LOG + ("There are multiple relyingParty values defined for the application: " + serviceProvider.getApplicationName() + " Refer the report at " + str + " to get more details and find duplicates and resolve the issues by deleting duplicates from the config registry at path: " + SP_REDIRECT_URL_RESOURCE_PATH));
        } else {
            log.warn(Constant.MIGRATION_LOG + ("There were multiple relyingParty values defined for the application: " + serviceProvider.getApplicationName() + ". As the application access URL is set to the last occurrence. Please manually verify the access url of this application."));
        }
    }

    @Override // org.wso2.carbon.is.migration.service.Migrator
    public void migrate() throws MigrationClientException {
        migratingRelyingPartyURL(null, MigratorConstants.SUPER_TENANT_DOMAIN.toString(), false);
        for (Tenant tenant : Utility.getTenants()) {
            log.info(" WSO2 Product Migration Service Task : Started to migrate redirect URLs for tenant: " + tenant.getDomain());
            if (!isIgnoreForInactiveTenants() || tenant.isActive()) {
                migratingRelyingPartyURL(null, tenant.getDomain(), false);
            } else {
                log.info(" WSO2 Product Migration Service Task : Tenant " + tenant.getDomain() + " is inactive. Skipping redirect URLs migration. ");
            }
        }
    }

    private static Properties getRelyingPartyRedirectUrlValues(String str) {
        int tenantId;
        Resource resource;
        if (log.isDebugEnabled()) {
            log.debug("Retrieving configured url against relying parties for tenant domain : " + str);
        }
        if (StringUtils.isEmpty(str)) {
            if (log.isDebugEnabled()) {
                log.debug("Tenant domain is not available. Hence using super tenant domain");
            }
            str = MigratorConstants.SUPER_TENANT_DOMAIN;
            tenantId = -1234;
        } else {
            tenantId = IdentityTenantUtil.getTenantId(str);
        }
        try {
            IdentityTenantUtil.initializeRegistry(tenantId, str);
            Registry configRegistry = IdentityTenantUtil.getConfigRegistry(tenantId);
            if (!configRegistry.resourceExists(SP_REDIRECT_URL_RESOURCE_PATH) || (resource = configRegistry.get(SP_REDIRECT_URL_RESOURCE_PATH)) == null) {
                return null;
            }
            return resource.getProperties();
        } catch (RegistryException e) {
            log.error(" WSO2 Product Migration Service Task : Error while getting data from the registry.", e);
            return null;
        } catch (IdentityException e2) {
            log.error(" WSO2 Product Migration Service Task : Error while initializing the registry for : " + str, e2);
            return null;
        }
    }

    private static void removeRelyingPartyRedirectUrlsFRomRegistry(String str) {
        int tenantId;
        if (log.isDebugEnabled()) {
            log.debug("Removing configured redirect url against relying parties for tenant domain : " + str);
        }
        if (StringUtils.isEmpty(str)) {
            if (log.isDebugEnabled()) {
                log.debug("Tenant domain is not available. Hence using super tenant domain");
            }
            str = MigratorConstants.SUPER_TENANT_DOMAIN;
            tenantId = -1234;
        } else {
            tenantId = IdentityTenantUtil.getTenantId(str);
        }
        try {
            IdentityTenantUtil.initializeRegistry(tenantId, str);
            Registry configRegistry = IdentityTenantUtil.getConfigRegistry(tenantId);
            if (configRegistry.resourceExists(SP_REDIRECT_URL_RESOURCE_PATH)) {
                configRegistry.delete(SP_REDIRECT_URL_RESOURCE_PATH);
            }
        } catch (IdentityException e) {
            log.error(" WSO2 Product Migration Service Task : Error while initializing the registry for : " + str, e);
        } catch (RegistryException e2) {
            log.error(" WSO2 Product Migration Service Task : Error while removing data from the registry.", e2);
        }
    }

    private void migrateRedirectURLFromRegistryToApplication(String str, String str2, ServiceProvider serviceProvider, String str3) {
        for (InboundAuthenticationRequestConfig inboundAuthenticationRequestConfig : serviceProvider.getInboundAuthenticationConfig().getInboundAuthenticationRequestConfigs()) {
            if (str.equals(inboundAuthenticationRequestConfig.getInboundAuthKey())) {
                log.info("Updating the application: " + serviceProvider.getApplicationName() + " access URL with redirect URL: " + str3 + " configured for relyingParty: " + str);
                serviceProvider.setAccessUrl(str3);
                try {
                    Connection connection = getDataSource(Schema.IDENTITY.getName()).getConnection();
                    Throwable th = null;
                    try {
                        try {
                            new ApplicationDAO().updateAccessURL(connection, serviceProvider.getApplicationName(), str3, IdentityTenantUtil.getTenantId(str2));
                            if (connection != null) {
                                if (0 != 0) {
                                    try {
                                        connection.close();
                                    } catch (Throwable th2) {
                                        th.addSuppressed(th2);
                                    }
                                } else {
                                    connection.close();
                                }
                            }
                            return;
                        } catch (Throwable th3) {
                            th = th3;
                            throw th3;
                        }
                    } finally {
                    }
                } catch (SQLException e) {
                    log.error(" WSO2 Product Migration Service Task : Unable to update the application: " + serviceProvider.getApplicationName() + " with accessURL:" + str, e);
                    return;
                } catch (MigrationClientException e2) {
                    log.error(" WSO2 Product Migration Service Task : Unable to update the application: " + serviceProvider.getApplicationName() + " with accessURL:" + str, e2);
                    return;
                }
            }
        }
    }

    private static ServiceProvider getServiceProviderByRelyingParty(String str, String str2, String str3) {
        ServiceProvider serviceProvider = null;
        try {
            serviceProvider = new ApplicationDAO().getServiceProviderByClientId(str, str3, str2);
            if (serviceProvider != null) {
                if ("default".equals(serviceProvider.getApplicationName())) {
                    return null;
                }
            }
        } catch (IdentityApplicationManagementException e) {
            log.warn("Unable to retrieve an application for the relying party: " + str + " of type: " + str3 + " in the tenant: " + str2);
        }
        return serviceProvider;
    }
}
