package org.keycloak.connections.mongo.updater.impl.updates;

import com.mongodb.BasicDBList;
import com.mongodb.BasicDBObject;
import com.mongodb.BasicDBObjectBuilder;
import com.mongodb.DBCollection;
import com.mongodb.DBCursor;
import com.mongodb.DBObject;
import java.util.Iterator;
import java.util.Map;
import org.keycloak.Config;
import org.keycloak.broker.social.SocialProviderSpi;
import org.keycloak.common.constants.KerberosConstants;
import org.keycloak.common.constants.ServiceAccountConstants;
import org.keycloak.connections.infinispan.InfinispanConnectionProvider;
import org.keycloak.connections.mongo.impl.types.MapMapper;
import org.keycloak.migration.MigrationProvider;
import org.keycloak.models.AdminRoles;
import org.keycloak.models.Constants;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.utils.KeycloakModelUtils;
import org.keycloak.representations.idm.ProtocolMapperRepresentation;

/* loaded from: input_file:wildfly-10.1.0.Final/modules/system/add-ons/keycloak/org/keycloak/keycloak-model-mongo/main/keycloak-model-mongo-2.1.0.Final.jar:org/keycloak/connections/mongo/updater/impl/updates/Update1_2_0_Beta1.class */
public class Update1_2_0_Beta1 extends Update {
    @Override // org.keycloak.connections.mongo.updater.impl.updates.Update
    public String getId() {
        return "1.2.0.Beta1";
    }

    @Override // org.keycloak.connections.mongo.updater.impl.updates.Update
    public void update(KeycloakSession keycloakSession) {
        deleteEntries("clientSessions");
        deleteEntries(InfinispanConnectionProvider.SESSION_CACHE_NAME);
        convertSocialToIdFedRealms();
        convertSocialToIdFedUsers();
        addAccessCodeLoginTimeout();
        addNewAdminRoles();
        addDefaultProtocolMappers(keycloakSession);
    }

    private void convertSocialToIdFedRealms() {
        DBCollection collection = this.db.getCollection(InfinispanConnectionProvider.REALM_CACHE_NAME);
        DBCursor find = collection.find();
        while (find.hasNext()) {
            try {
                BasicDBObject basicDBObject = (BasicDBObject) find.next();
                boolean z = basicDBObject.getBoolean("updateProfileOnInitialSocialLogin");
                BasicDBObject basicDBObject2 = (BasicDBObject) basicDBObject.get("socialConfig");
                BasicDBList basicDBList = (BasicDBList) basicDBObject.get("identityProviders");
                if (basicDBList == null) {
                    basicDBList = new BasicDBList();
                    basicDBObject.put((Object) "identityProviders", (Object) basicDBList);
                }
                if (basicDBObject2 != null) {
                    for (Map.Entry entry : basicDBObject2.entrySet()) {
                        if (((String) entry.getKey()).endsWith("###key")) {
                            String substring = ((String) entry.getKey()).substring(0, ((String) entry.getKey()).indexOf("###"));
                            basicDBList.add(new BasicDBObjectBuilder().add("internalId", KeycloakModelUtils.generateId()).add("providerId", substring).add("alias", substring).add(KerberosConstants.UPDATE_PROFILE_FIRST_LOGIN, Boolean.valueOf(z)).add("enabled", true).add("storeToken", false).add("authenticateByDefault", false).add("config", new BasicDBObjectBuilder().add(ServiceAccountConstants.CLIENT_ID, (String) entry.getValue()).add("clientSecret", basicDBObject2.getString(substring + "###secret")).get()).get());
                            this.log.debugv("Converted social provider {0} to identity provider", substring);
                        }
                    }
                }
                basicDBObject.remove(SocialProviderSpi.SOCIAL_SPI_NAME);
                basicDBObject.remove("updateProfileOnInitialSocialLogin");
                basicDBObject.remove("socialConfig");
                collection.save(basicDBObject);
                this.log.debugv("Social providers of realm {0} converted to identity providers", basicDBObject.get(DBCollection.ID_FIELD_NAME));
            } finally {
                find.close();
            }
        }
    }

    private void convertSocialToIdFedUsers() {
        DBCollection collection = this.db.getCollection("users");
        DBCursor find = collection.find();
        while (find.hasNext()) {
            try {
                BasicDBObject basicDBObject = (BasicDBObject) find.next();
                BasicDBList basicDBList = (BasicDBList) basicDBObject.get("socialLinks");
                if (basicDBList != null) {
                    BasicDBList basicDBList2 = (BasicDBList) basicDBObject.get("federatedIdentities");
                    if (basicDBList2 == null) {
                        basicDBList2 = new BasicDBList();
                        basicDBObject.put((Object) "federatedIdentities", (Object) basicDBList2);
                    }
                    Iterator it = basicDBList.iterator();
                    while (it.hasNext()) {
                        BasicDBObject basicDBObject2 = (BasicDBObject) it.next();
                        BasicDBObject basicDBObject3 = new BasicDBObject();
                        basicDBObject3.put((Object) "userName", basicDBObject2.get("socialUsername"));
                        basicDBObject3.put((Object) "userId", basicDBObject2.get("socialUserId"));
                        basicDBObject3.put((Object) "identityProvider", basicDBObject2.get("socialProvider"));
                        basicDBList2.add(basicDBObject3);
                    }
                    basicDBObject.remove("socialLinks");
                    collection.save(basicDBObject);
                    if (this.log.isTraceEnabled()) {
                        this.log.tracev("Social links of user {0} converted to identity links", basicDBObject.get(DBCollection.ID_FIELD_NAME));
                    }
                }
            } finally {
                find.close();
            }
        }
        this.log.debug("Social links of users converted to identity links");
    }

    private void addAccessCodeLoginTimeout() {
        DBCollection collection = this.db.getCollection(InfinispanConnectionProvider.REALM_CACHE_NAME);
        DBCursor find = collection.find();
        while (find.hasNext()) {
            try {
                BasicDBObject basicDBObject = (BasicDBObject) find.next();
                basicDBObject.put((Object) "accessCodeLifespanLogin", (Object) 1800);
                collection.save(basicDBObject);
            } finally {
                find.close();
            }
        }
    }

    private void addNewAdminRoles() {
        DBCollection collection = this.db.getCollection(InfinispanConnectionProvider.REALM_CACHE_NAME);
        String adminRealm = Config.getAdminRealm();
        DBCursor find = collection.find();
        while (find.hasNext()) {
            try {
                BasicDBObject basicDBObject = (BasicDBObject) find.next();
                if (adminRealm.equals(basicDBObject.get("name"))) {
                    addNewAdminRolesToMasterRealm(basicDBObject);
                } else {
                    addNewAdminRolesToRealm(basicDBObject);
                }
            } finally {
                find.close();
            }
        }
    }

    private void addNewAdminRolesToMasterRealm(BasicDBObject basicDBObject) {
        DBCollection collection = this.db.getCollection(InfinispanConnectionProvider.REALM_CACHE_NAME);
        DBCollection collection2 = this.db.getCollection("applications");
        DBCollection collection3 = this.db.getCollection("roles");
        DBCursor find = collection.find();
        while (find.hasNext()) {
            try {
                String str = ((BasicDBObject) find.next()).getString("name") + "-realm";
                BasicDBObject basicDBObject2 = (BasicDBObject) collection2.findOne((DBObject) new BasicDBObject().append("realmId", basicDBObject.get(DBCollection.ID_FIELD_NAME)).append("name", (Object) str));
                String insertApplicationRole = insertApplicationRole(collection3, AdminRoles.VIEW_IDENTITY_PROVIDERS, basicDBObject2.getString(DBCollection.ID_FIELD_NAME));
                String insertApplicationRole2 = insertApplicationRole(collection3, AdminRoles.MANAGE_IDENTITY_PROVIDERS, basicDBObject2.getString(DBCollection.ID_FIELD_NAME));
                BasicDBObject basicDBObject3 = (BasicDBObject) collection3.findOne((DBObject) new BasicDBObject().append("realmId", basicDBObject.get(DBCollection.ID_FIELD_NAME)).append("name", (Object) AdminRoles.ADMIN));
                BasicDBList basicDBList = (BasicDBList) basicDBObject3.get("compositeRoleIds");
                basicDBList.add(insertApplicationRole);
                basicDBList.add(insertApplicationRole2);
                collection3.save(basicDBObject3);
                this.log.debugv("Added roles {0} and {1} to application {2}", AdminRoles.VIEW_IDENTITY_PROVIDERS, AdminRoles.MANAGE_IDENTITY_PROVIDERS, str);
            } finally {
                find.close();
            }
        }
    }

    private void addNewAdminRolesToRealm(BasicDBObject basicDBObject) {
        DBCollection collection = this.db.getCollection("applications");
        DBCollection collection2 = this.db.getCollection("roles");
        BasicDBObject basicDBObject2 = (BasicDBObject) collection.findOne((DBObject) new BasicDBObject().append("realmId", basicDBObject.get(DBCollection.ID_FIELD_NAME)).append("name", (Object) Constants.REALM_MANAGEMENT_CLIENT_ID));
        String insertApplicationRole = insertApplicationRole(collection2, AdminRoles.VIEW_IDENTITY_PROVIDERS, basicDBObject2.getString(DBCollection.ID_FIELD_NAME));
        String insertApplicationRole2 = insertApplicationRole(collection2, AdminRoles.MANAGE_IDENTITY_PROVIDERS, basicDBObject2.getString(DBCollection.ID_FIELD_NAME));
        BasicDBObject basicDBObject3 = (BasicDBObject) collection2.findOne((DBObject) new BasicDBObject().append("applicationId", basicDBObject2.get(DBCollection.ID_FIELD_NAME)).append("name", (Object) AdminRoles.REALM_ADMIN));
        BasicDBList basicDBList = (BasicDBList) basicDBObject3.get("compositeRoleIds");
        basicDBList.add(insertApplicationRole);
        basicDBList.add(insertApplicationRole2);
        collection2.save(basicDBObject3);
        this.log.debugv("Added roles {0} and {1} to application realm-management of realm {2}", AdminRoles.VIEW_IDENTITY_PROVIDERS, AdminRoles.MANAGE_IDENTITY_PROVIDERS, basicDBObject.get("name"));
    }

    private void addDefaultProtocolMappers(KeycloakSession keycloakSession) {
        addDefaultMappers(keycloakSession, this.db.getCollection("applications"));
        addDefaultMappers(keycloakSession, this.db.getCollection("oauthClients"));
    }

    private void addDefaultMappers(KeycloakSession keycloakSession, DBCollection dBCollection) {
        DBCursor find = dBCollection.find();
        while (find.hasNext()) {
            try {
                BasicDBObject basicDBObject = (BasicDBObject) find.next();
                BasicDBList basicDBList = new BasicDBList();
                basicDBObject.put("protocolMappers", basicDBList);
                for (ProtocolMapperRepresentation protocolMapperRepresentation : ((MigrationProvider) keycloakSession.getProvider(MigrationProvider.class)).getMappersForClaimMask((Long) basicDBObject.get("allowedClaimsMask"))) {
                    BasicDBObject basicDBObject2 = new BasicDBObject();
                    basicDBObject2.put((Object) "id", (Object) KeycloakModelUtils.generateId());
                    basicDBObject2.put((Object) "protocol", (Object) protocolMapperRepresentation.getProtocol());
                    basicDBObject2.put((Object) "name", (Object) protocolMapperRepresentation.getName());
                    basicDBObject2.put((Object) "consentRequired", (Object) Boolean.valueOf(protocolMapperRepresentation.isConsentRequired()));
                    basicDBObject2.put((Object) "consentText", (Object) protocolMapperRepresentation.getConsentText());
                    basicDBObject2.put((Object) "protocolMapper", (Object) protocolMapperRepresentation.getProtocolMapper());
                    basicDBObject2.put((Object) "config", (Object) MapMapper.convertMap(protocolMapperRepresentation.getConfig(), null));
                    basicDBList.add(basicDBObject2);
                }
                basicDBObject.remove("allowedClaimsMask");
                this.log.debugv("Added default mappers to application {1}", basicDBObject.get("name"));
                dBCollection.save(basicDBObject);
            } finally {
                find.close();
            }
        }
    }

    private String insertApplicationRole(DBCollection dBCollection, String str, String str2) {
        BasicDBObject basicDBObject = new BasicDBObject();
        String generateId = KeycloakModelUtils.generateId();
        basicDBObject.append(DBCollection.ID_FIELD_NAME, (Object) generateId);
        basicDBObject.append("name", (Object) str);
        basicDBObject.append("applicationId", (Object) str2);
        basicDBObject.append("nameIndex", (Object) (str2 + "//" + str));
        dBCollection.insert(basicDBObject);
        return generateId;
    }
}
