package org.keycloak.connections.mongo.updater.impl.updates;

import com.mongodb.BasicDBList;
import com.mongodb.BasicDBObject;
import com.mongodb.BasicDBObjectBuilder;
import com.mongodb.DBCollection;
import com.mongodb.DBCursor;
import com.mongodb.DBObject;
import java.util.Iterator;
import java.util.Map;
import org.keycloak.Config;
import org.keycloak.connections.mongo.impl.types.MapMapper;
import org.keycloak.migration.MigrationProvider;
import org.keycloak.models.AdminRoles;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.utils.KeycloakModelUtils;
import org.keycloak.representations.idm.ProtocolMapperRepresentation;

/* loaded from: input_file:org/keycloak/connections/mongo/updater/impl/updates/Update1_2_0_Beta1.class */
public class Update1_2_0_Beta1 extends Update {
    @Override // org.keycloak.connections.mongo.updater.impl.updates.Update
    public String getId() {
        return "1.2.0.Beta1";
    }

    @Override // org.keycloak.connections.mongo.updater.impl.updates.Update
    public void update(KeycloakSession keycloakSession) {
        deleteEntries("clientSessions");
        deleteEntries("sessions");
        convertSocialToIdFedRealms();
        convertSocialToIdFedUsers();
        addAccessCodeLoginTimeout();
        addNewAdminRoles();
        addDefaultProtocolMappers(keycloakSession);
    }

    private void convertSocialToIdFedRealms() {
        DBCollection collection = this.db.getCollection("realms");
        DBCursor find = collection.find();
        while (find.hasNext()) {
            try {
                BasicDBObject next = find.next();
                boolean z = next.getBoolean("updateProfileOnInitialSocialLogin");
                BasicDBObject basicDBObject = (BasicDBObject) next.get("socialConfig");
                BasicDBList basicDBList = (BasicDBList) next.get("identityProviders");
                if (basicDBList == null) {
                    basicDBList = new BasicDBList();
                    next.put("identityProviders", basicDBList);
                }
                if (basicDBObject != null) {
                    for (Map.Entry entry : basicDBObject.entrySet()) {
                        if (((String) entry.getKey()).endsWith("###key")) {
                            String substring = ((String) entry.getKey()).substring(0, ((String) entry.getKey()).indexOf("###"));
                            basicDBList.add(new BasicDBObjectBuilder().add("internalId", KeycloakModelUtils.generateId()).add("providerId", substring).add("alias", substring).add("updateProfileFirstLogin", Boolean.valueOf(z)).add("enabled", true).add("storeToken", false).add("authenticateByDefault", false).add("config", new BasicDBObjectBuilder().add("clientId", (String) entry.getValue()).add("clientSecret", basicDBObject.getString(substring + "###secret")).get()).get());
                            this.log.debugv("Converted social provider {0} to identity provider", substring);
                        }
                    }
                }
                next.remove("social");
                next.remove("updateProfileOnInitialSocialLogin");
                next.remove("socialConfig");
                collection.save(next);
                this.log.debugv("Social providers of realm {0} converted to identity providers", next.get("_id"));
            } finally {
                find.close();
            }
        }
    }

    private void convertSocialToIdFedUsers() {
        DBCollection collection = this.db.getCollection("users");
        DBCursor find = collection.find();
        while (find.hasNext()) {
            try {
                BasicDBObject next = find.next();
                BasicDBList basicDBList = (BasicDBList) next.get("socialLinks");
                if (basicDBList != null) {
                    BasicDBList basicDBList2 = (BasicDBList) next.get("federatedIdentities");
                    if (basicDBList2 == null) {
                        basicDBList2 = new BasicDBList();
                        next.put("federatedIdentities", basicDBList2);
                    }
                    Iterator it = basicDBList.iterator();
                    while (it.hasNext()) {
                        BasicDBObject basicDBObject = (BasicDBObject) it.next();
                        BasicDBObject basicDBObject2 = new BasicDBObject();
                        basicDBObject2.put("userName", basicDBObject.get("socialUsername"));
                        basicDBObject2.put("userId", basicDBObject.get("socialUserId"));
                        basicDBObject2.put("identityProvider", basicDBObject.get("socialProvider"));
                        basicDBList2.add(basicDBObject2);
                    }
                    next.remove("socialLinks");
                    collection.save(next);
                    if (this.log.isTraceEnabled()) {
                        this.log.tracev("Social links of user {0} converted to identity links", next.get("_id"));
                    }
                }
            } finally {
                find.close();
            }
        }
        this.log.debug("Social links of users converted to identity links");
    }

    private void addAccessCodeLoginTimeout() {
        DBCollection collection = this.db.getCollection("realms");
        DBCursor find = collection.find();
        while (find.hasNext()) {
            try {
                BasicDBObject next = find.next();
                next.put("accessCodeLifespanLogin", 1800);
                collection.save(next);
            } finally {
                find.close();
            }
        }
    }

    private void addNewAdminRoles() {
        DBCollection collection = this.db.getCollection("realms");
        String adminRealm = Config.getAdminRealm();
        DBCursor find = collection.find();
        while (find.hasNext()) {
            try {
                BasicDBObject basicDBObject = (BasicDBObject) find.next();
                if (adminRealm.equals(basicDBObject.get("name"))) {
                    addNewAdminRolesToMasterRealm(basicDBObject);
                } else {
                    addNewAdminRolesToRealm(basicDBObject);
                }
            } finally {
                find.close();
            }
        }
    }

    private void addNewAdminRolesToMasterRealm(BasicDBObject basicDBObject) {
        DBCollection collection = this.db.getCollection("realms");
        DBCollection collection2 = this.db.getCollection("applications");
        DBCollection collection3 = this.db.getCollection("roles");
        DBCursor find = collection.find();
        while (find.hasNext()) {
            try {
                String str = find.next().getString("name") + "-realm";
                BasicDBObject findOne = collection2.findOne(new BasicDBObject().append("realmId", basicDBObject.get("_id")).append("name", str));
                String insertApplicationRole = insertApplicationRole(collection3, AdminRoles.VIEW_IDENTITY_PROVIDERS, findOne.getString("_id"));
                String insertApplicationRole2 = insertApplicationRole(collection3, AdminRoles.MANAGE_IDENTITY_PROVIDERS, findOne.getString("_id"));
                BasicDBObject findOne2 = collection3.findOne(new BasicDBObject().append("realmId", basicDBObject.get("_id")).append("name", AdminRoles.ADMIN));
                BasicDBList basicDBList = (BasicDBList) findOne2.get("compositeRoleIds");
                basicDBList.add(insertApplicationRole);
                basicDBList.add(insertApplicationRole2);
                collection3.save(findOne2);
                this.log.debugv("Added roles {0} and {1} to application {2}", AdminRoles.VIEW_IDENTITY_PROVIDERS, AdminRoles.MANAGE_IDENTITY_PROVIDERS, str);
            } finally {
                find.close();
            }
        }
    }

    private void addNewAdminRolesToRealm(BasicDBObject basicDBObject) {
        DBCollection collection = this.db.getCollection("applications");
        DBCollection collection2 = this.db.getCollection("roles");
        BasicDBObject findOne = collection.findOne(new BasicDBObject().append("realmId", basicDBObject.get("_id")).append("name", "realm-management"));
        String insertApplicationRole = insertApplicationRole(collection2, AdminRoles.VIEW_IDENTITY_PROVIDERS, findOne.getString("_id"));
        String insertApplicationRole2 = insertApplicationRole(collection2, AdminRoles.MANAGE_IDENTITY_PROVIDERS, findOne.getString("_id"));
        BasicDBObject findOne2 = collection2.findOne(new BasicDBObject().append("applicationId", findOne.get("_id")).append("name", AdminRoles.REALM_ADMIN));
        BasicDBList basicDBList = (BasicDBList) findOne2.get("compositeRoleIds");
        basicDBList.add(insertApplicationRole);
        basicDBList.add(insertApplicationRole2);
        collection2.save(findOne2);
        this.log.debugv("Added roles {0} and {1} to application realm-management of realm {2}", AdminRoles.VIEW_IDENTITY_PROVIDERS, AdminRoles.MANAGE_IDENTITY_PROVIDERS, basicDBObject.get("name"));
    }

    private void addDefaultProtocolMappers(KeycloakSession keycloakSession) {
        addDefaultMappers(keycloakSession, this.db.getCollection("applications"));
        addDefaultMappers(keycloakSession, this.db.getCollection("oauthClients"));
    }

    private void addDefaultMappers(KeycloakSession keycloakSession, DBCollection dBCollection) {
        DBCursor find = dBCollection.find();
        while (find.hasNext()) {
            try {
                BasicDBObject next = find.next();
                BasicDBList basicDBList = new BasicDBList();
                next.put("protocolMappers", basicDBList);
                for (ProtocolMapperRepresentation protocolMapperRepresentation : keycloakSession.getProvider(MigrationProvider.class).getMappersForClaimMask((Long) next.get("allowedClaimsMask"))) {
                    BasicDBObject basicDBObject = new BasicDBObject();
                    basicDBObject.put("id", KeycloakModelUtils.generateId());
                    basicDBObject.put("protocol", protocolMapperRepresentation.getProtocol());
                    basicDBObject.put("name", protocolMapperRepresentation.getName());
                    basicDBObject.put("consentRequired", Boolean.valueOf(protocolMapperRepresentation.isConsentRequired()));
                    basicDBObject.put("consentText", protocolMapperRepresentation.getConsentText());
                    basicDBObject.put("protocolMapper", protocolMapperRepresentation.getProtocolMapper());
                    basicDBObject.put("config", MapMapper.convertMap(protocolMapperRepresentation.getConfig()));
                    basicDBList.add(basicDBObject);
                }
                next.remove("allowedClaimsMask");
                this.log.debugv("Added default mappers to application {1}", next.get("name"));
                dBCollection.save(next);
            } finally {
                find.close();
            }
        }
    }

    private String insertApplicationRole(DBCollection dBCollection, String str, String str2) {
        DBObject basicDBObject = new BasicDBObject();
        String generateId = KeycloakModelUtils.generateId();
        basicDBObject.append("_id", generateId);
        basicDBObject.append("name", str);
        basicDBObject.append("applicationId", str2);
        basicDBObject.append("nameIndex", str2 + "//" + str);
        dBCollection.insert(new DBObject[]{basicDBObject});
        return generateId;
    }
}
