package org.wso2.carbon.is.migration.service.v700.service;

import java.util.List;
import java.util.Map;
import java.util.UUID;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.wso2.carbon.identity.application.common.model.Scope;
import org.wso2.carbon.identity.core.migrate.MigrationClientException;
import org.wso2.carbon.identity.core.util.IdentityTenantUtil;
import org.wso2.carbon.is.migration.service.v700.constant.MigratorConstants;
import org.wso2.carbon.is.migration.service.v700.dao.APIResourceDAO;
import org.wso2.carbon.is.migration.service.v700.dao.ApplicationDAO;
import org.wso2.carbon.is.migration.service.v700.dao.OAuth2ScopeDAO;
import org.wso2.carbon.is.migration.service.v700.dao.RoleV2DAO;
import org.wso2.carbon.is.migration.service.v700.dao.ScopeDAO;
import org.wso2.carbon.is.migration.service.v700.model.Application;
import org.wso2.carbon.is.migration.util.Utility;
import org.wso2.carbon.user.api.Tenant;

/* loaded from: input_file:org/wso2/carbon/is/migration/service/v700/service/OAuth2ScopeMigrationService.class */
public class OAuth2ScopeMigrationService {
    private static final Logger LOG = LoggerFactory.getLogger(OAuth2ScopeMigrationService.class);
    private static final APIResourceDAO apiResourceDAO = new APIResourceDAO();
    private static final ScopeDAO scopeDAO = new ScopeDAO();
    private static final OAuth2ScopeDAO oAuth2ScopeDAO = new OAuth2ScopeDAO();
    private static final ApplicationDAO applicationDAO = new ApplicationDAO();
    private static final RoleV2DAO roleV2DAO = new RoleV2DAO();
    public static final String DEFAULT_OAUTH_2_RESOURCE = "User-defined-oauth2-resource";

    public void execute() throws MigrationClientException {
        LOG.info("......... Started OAuth2 Scopes Migration .........");
        try {
            if (apiResourceDAO.getAPIResourceIDByIdentifier(DEFAULT_OAUTH_2_RESOURCE, -1234) == null) {
                migrateOAuth2Scopes(MigratorConstants.SUPER_TENANT_DOMAIN);
                authorizeToApplications(MigratorConstants.SUPER_TENANT_DOMAIN);
                updateRoles(MigratorConstants.SUPER_TENANT_DOMAIN);
            }
        } catch (Exception e) {
            LOG.error("Error while migrating OAuth2 scopes, hence rolling back OAuth2 scope migration for tenant: carbon.super", e);
            deleteAPIResourceWithAuthorizations(-1234);
        }
        for (Tenant tenant : Utility.getTenants()) {
            try {
                if (apiResourceDAO.getAPIResourceIDByIdentifier(DEFAULT_OAUTH_2_RESOURCE, tenant.getId()) == null) {
                    migrateOAuth2Scopes(tenant.getDomain());
                    authorizeToApplications(tenant.getDomain());
                    updateRoles(tenant.getDomain());
                }
            } catch (Exception e2) {
                LOG.error("Error while migrating OAuth2 scopes, hence rolling back OAuth2 scope migration for tenant: " + tenant.getDomain(), e2);
                deleteAPIResourceWithAuthorizations(tenant.getId());
            }
        }
    }

    private void migrateOAuth2Scopes(String str) throws MigrationClientException {
        LOG.info("Started migrating OAuth2 scopes in an API resource for tenant: " + str);
        int tenantId = IdentityTenantUtil.getTenantId(str);
        try {
            List<Scope> oAuth2Scopes = oAuth2ScopeDAO.getOAuth2Scopes(tenantId);
            if (oAuth2Scopes.isEmpty()) {
                LOG.info("No OAuth2 scopes found for tenant: " + str + ", hence skipping OAuth2 scope migration for the tenant.");
                return;
            }
            String uuid = UUID.randomUUID().toString();
            apiResourceDAO.createAPIResource(uuid, "User-defined OAuth2 Resource", DEFAULT_OAUTH_2_RESOURCE, Integer.valueOf(tenantId), "This is Default OAuth2 Resource Representation", "BUSINESS", true);
            scopeDAO.insertScopes(uuid, oAuth2Scopes, Integer.valueOf(tenantId));
            LOG.info("Completed migrating OAuth2 scopes for tenant: " + str);
        } catch (Throwable th) {
            LOG.error("Error while migrating OAuth2 scopes, hence rolling back OAuth2 scope migration for tenant: " + str, th);
            apiResourceDAO.deleteAPIResourceByIdentifier(DEFAULT_OAUTH_2_RESOURCE, tenantId);
        }
    }

    private void authorizeToApplications(String str) throws MigrationClientException {
        LOG.info("Started authorizing OAuth2 scopes for applications in tenant: " + str);
        int tenantId = IdentityTenantUtil.getTenantId(str);
        try {
            String aPIResourceIDByIdentifier = apiResourceDAO.getAPIResourceIDByIdentifier(DEFAULT_OAUTH_2_RESOURCE, tenantId);
            if (aPIResourceIDByIdentifier != null) {
                for (Application application : applicationDAO.getApplicationsExceptSystemApps(tenantId)) {
                    applicationDAO.authorizeAPIToApplication(application.getUUID(), aPIResourceIDByIdentifier, "RBAC");
                    applicationDAO.authorizeScopesToApplication(application.getUUID(), aPIResourceIDByIdentifier, apiResourceDAO.getScopeIDsByAPIId(aPIResourceIDByIdentifier));
                }
            } else {
                LOG.info("OAuth2 API resource not found in tenant: " + str);
            }
        } catch (MigrationClientException e) {
            LOG.error("Error while authorizing OAuth2 scopes for applications, hence rolling back OAuth2 scope migration in tenant: " + str, e);
            applicationDAO.deleteAuthorizedAPI(apiResourceDAO.getAPIResourceIDByIdentifier(DEFAULT_OAUTH_2_RESOURCE, tenantId));
            applicationDAO.deleteAuthorizedScope(apiResourceDAO.getAPIResourceIDByIdentifier(DEFAULT_OAUTH_2_RESOURCE, tenantId));
        }
    }

    private void deleteAPIResourceWithAuthorizations(int i) {
        try {
            String aPIResourceIDByIdentifier = apiResourceDAO.getAPIResourceIDByIdentifier(DEFAULT_OAUTH_2_RESOURCE, i);
            if (aPIResourceIDByIdentifier != null) {
                applicationDAO.deleteAuthorizedScope(aPIResourceIDByIdentifier);
                applicationDAO.deleteAuthorizedAPI(aPIResourceIDByIdentifier);
                apiResourceDAO.deleteAPIResourceByIdentifier(DEFAULT_OAUTH_2_RESOURCE, i);
            }
        } catch (MigrationClientException e) {
            LOG.error("Error while deleting API resource: User-defined-oauth2-resource for tenant: " + i, e);
        }
    }

    private void updateRoles(String str) {
        int tenantId = IdentityTenantUtil.getTenantId(str);
        try {
            List<String> v2Roles = roleV2DAO.getV2Roles(tenantId);
            Map<String, List<String>> scopeBindings = oAuth2ScopeDAO.getScopeBindings(tenantId);
            for (String str2 : v2Roles) {
                if (scopeBindings.containsKey(str2)) {
                    roleV2DAO.assignPermissionToRole(roleV2DAO.getRoleUUIDByName(str2, tenantId), scopeBindings.get(str2), tenantId);
                }
            }
        } catch (MigrationClientException e) {
            LOG.error("Error while migrating SCIM role v1 to role v2.", e);
        }
    }
}
