package org.keycloak.migration.migrators;

import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.function.Function;
import java.util.stream.Collectors;
import org.keycloak.authorization.AuthorizationProvider;
import org.keycloak.authorization.model.ResourceServer;
import org.keycloak.authorization.store.PolicyStore;
import org.keycloak.authorization.store.StoreFactory;
import org.keycloak.migration.ModelVersion;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RequiredActionProviderModel;
import org.keycloak.models.UserModel;
import org.keycloak.util.JsonSerialization;

/* loaded from: input_file:wildfly-10.1.0.Final/modules/system/add-ons/keycloak/org/keycloak/keycloak-server-spi-private/main/keycloak-server-spi-private-2.5.5.Final.jar:org/keycloak/migration/migrators/MigrateTo2_1_0.class */
public class MigrateTo2_1_0 implements Migration {
    public static final ModelVersion VERSION = new ModelVersion("2.1.0");

    @Override // org.keycloak.migration.migrators.Migration
    public ModelVersion getVersion() {
        return VERSION;
    }

    @Override // org.keycloak.migration.migrators.Migration
    public void migrate(KeycloakSession keycloakSession) {
        for (RealmModel realmModel : keycloakSession.realms().getRealms()) {
            migrateDefaultRequiredAction(realmModel);
            migrateRolePolicies(realmModel, keycloakSession);
        }
    }

    private void migrateDefaultRequiredAction(RealmModel realmModel) {
        RequiredActionProviderModel requiredActionProviderByAlias = realmModel.getRequiredActionProviderByAlias(UserModel.RequiredAction.CONFIGURE_TOTP.name());
        MigrationUtils.updateOTPRequiredAction(requiredActionProviderByAlias);
        realmModel.updateRequiredActionProvider(requiredActionProviderByAlias);
    }

    private void migrateRolePolicies(RealmModel realmModel, KeycloakSession keycloakSession) {
        StoreFactory storeFactory = ((AuthorizationProvider) keycloakSession.getProvider(AuthorizationProvider.class)).getStoreFactory();
        PolicyStore policyStore = storeFactory.getPolicyStore();
        realmModel.getClients().forEach(clientModel -> {
            ResourceServer findByClient = storeFactory.getResourceServerStore().findByClient(clientModel.getId());
            if (findByClient != null) {
                policyStore.findByType("role", findByClient.getId()).forEach(policy -> {
                    Map<String, String> config = policy.getConfig();
                    try {
                        List list = (List) JsonSerialization.readValue(config.get("roles"), List.class);
                        if (list.isEmpty() || !(list.get(0) instanceof String)) {
                            return;
                        }
                        try {
                            config.put("roles", JsonSerialization.writeValueAsString(list.stream().map(new Function<String, Map>() { // from class: org.keycloak.migration.migrators.MigrateTo2_1_0.1
                                @Override // java.util.function.Function
                                public Map apply(String str) {
                                    HashMap hashMap = new HashMap();
                                    hashMap.put("id", str);
                                    return hashMap;
                                }
                            }).collect(Collectors.toList())));
                            policy.setConfig(config);
                        } catch (Exception e) {
                            throw new RuntimeException("Failed to migrate role policy [" + policy.getName() + "].", e);
                        }
                    } catch (Exception e2) {
                        throw new RuntimeException("Malformed configuration for role policy [" + policy.getName() + "].", e2);
                    }
                });
            }
        });
    }
}
