package dk.grinn.keycloak.migration.core.migrate;

import dk.grinn.keycloak.admin.GkcadmConfiguration;
import dk.grinn.keycloak.migration.annotation.Migration;
import dk.grinn.keycloak.migration.boundary.CreateSession;
import dk.grinn.keycloak.migration.boundary.MigrationResource;
import dk.grinn.keycloak.migration.boundary.ScriptBegin;
import dk.grinn.keycloak.migration.boundary.ScriptCommit;
import dk.grinn.keycloak.migration.boundary.ScriptResource;
import dk.grinn.keycloak.migration.boundary.SessionResource;
import dk.grinn.keycloak.migration.core.BaseJavaMigration;
import dk.grinn.keycloak.migration.core.BeanWrappedMigration;
import dk.grinn.keycloak.migration.core.BeanWrappedMigrationWithRollback;
import dk.grinn.keycloak.migration.core.ClientMigrationContext;
import dk.grinn.keycloak.migration.core.JavaMigration;
import dk.grinn.keycloak.migration.core.MigrationType;
import dk.grinn.keycloak.migration.core.ModuleVersion;
import dk.grinn.keycloak.migration.core.RollbackAware;
import dk.grinn.keycloak.migration.core.ScopeMapper;
import dk.grinn.keycloak.migration.core.Version;
import dk.grinn.keycloak.migration.core.configuration.CustomRealmKey;
import dk.grinn.keycloak.migration.core.configuration.RealmConfiguration;
import dk.grinn.keycloak.migration.core.exception.ChecksumValidationFailedException;
import dk.grinn.keycloak.migration.core.exception.KeycloakMigrationException;
import dk.grinn.keycloak.migration.core.exception.KeycloakMigrationRollbackFailedException;
import dk.grinn.keycloak.migration.core.rest.Create;
import dk.grinn.keycloak.migration.entities.CreateRealmKey;
import dk.grinn.keycloak.migration.entities.ScriptHistory;
import dk.grinn.keycloak.migration.entities.ScriptHistoryKey;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.io.PrintStream;
import java.lang.annotation.Annotation;
import java.util.ArrayList;
import java.util.Comparator;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.ListIterator;
import java.util.Map;
import java.util.Optional;
import java.util.UUID;
import javax.enterprise.context.RequestScoped;
import javax.enterprise.inject.Instance;
import javax.enterprise.inject.Produces;
import javax.inject.Inject;
import javax.inject.Named;
import javax.ws.rs.NotFoundException;
import org.jboss.logging.Logger;
import org.jboss.weld.environment.se.contexts.ThreadScoped;
import org.jboss.weld.environment.se.contexts.activators.ActivateThreadScope;
import org.keycloak.admin.client.resource.AuthenticationManagementResource;
import org.keycloak.admin.client.resource.ClientScopesResource;
import org.keycloak.admin.client.resource.ClientsResource;
import org.keycloak.admin.client.resource.ComponentsResource;
import org.keycloak.admin.client.resource.GroupsResource;
import org.keycloak.admin.client.resource.IdentityProvidersResource;
import org.keycloak.admin.client.resource.RealmResource;
import org.keycloak.admin.client.resource.RolesResource;
import org.keycloak.admin.client.resource.UsersResource;
import org.keycloak.representations.idm.RealmRepresentation;

@ThreadScoped
/* loaded from: input_file:dk/grinn/keycloak/migration/core/migrate/Migrator.class */
public class Migrator {
    private static final Logger LOG = Logger.getLogger(Migrator.class);
    private Comparator<BaseJavaMigration> versionComparator = Comparator.comparing((v0) -> {
        return v0.getVersion();
    });
    private ByteArrayOutputStream resultBuffer;
    private Optional<Lock> realmLock;
    protected String realm;
    protected RealmConfiguration config;

    @Inject
    @Named("stdout")
    protected PrintStream out;

    @Inject
    protected Instance<JavaMigration> migrationBeans;

    @Inject
    protected Instance<ScopeMapper> scopeMapper;

    @Inject
    protected MigrationResource resource;

    @Inject
    protected ClientMigrationContext context;

    @Inject
    protected RealmService realms;

    @Inject
    @Named("checksums")
    protected Map<String, Long> checksums;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:dk/grinn/keycloak/migration/core/migrate/Migrator$NullScopeMapper.class */
    public static class NullScopeMapper implements ScopeMapper {
        private NullScopeMapper() {
        }

        @Override // dk.grinn.keycloak.migration.core.ScopeMapper
        public String scopeFrom(Class<?> cls) {
            return null;
        }
    }

    @RequestScoped
    /* loaded from: input_file:dk/grinn/keycloak/migration/core/migrate/Migrator$Service.class */
    public static class Service {

        @Inject
        private Migrator migrator;

        @Inject
        @Named("stdout")
        protected PrintStream out;

        @ActivateThreadScope
        public void migrate(String str, GkcadmConfiguration gkcadmConfiguration) throws Exception {
            try {
                this.migrator.migrate(str, gkcadmConfiguration);
            } catch (KeycloakMigrationRollbackFailedException e) {
                Migrator.LOG.error("FATAL: A migration failed, AND ROLLBACK FAILED! Please check the logs and make sure your system is in a valid state");
                throw e;
            } catch (KeycloakMigrationException e2) {
                Migrator.LOG.error("A migration failed");
                throw e2;
            }
        }

        @ActivateThreadScope
        public void verify(String str, GkcadmConfiguration gkcadmConfiguration) throws Exception {
            this.migrator.verify(str, gkcadmConfiguration);
        }

        @ActivateThreadScope
        public void info(String str, GkcadmConfiguration gkcadmConfiguration, List<ScriptHistory> list) throws Exception {
            Iterator<BaseJavaMigration> it = this.migrator.scan(str, gkcadmConfiguration, JavaMigration.class).iterator();
            while (it.hasNext()) {
                BaseJavaMigration next = it.next();
                if (Migrator.migrationExecuted(next, list)) {
                    this.out.printf("[+] %s\n", next);
                } else {
                    this.out.printf("[-] %s\n", next);
                }
            }
        }
    }

    @Produces
    @ThreadScoped
    @Named("result")
    public PrintStream getMigrationResultOutput() {
        return new PrintStream((OutputStream) this.resultBuffer, true);
    }

    @Produces
    @ThreadScoped
    public RealmResource getRealmResource() {
        return this.context.keycloak().realm(this.realm);
    }

    @Produces
    @ThreadScoped
    public RolesResource getRolesResource() {
        return getRealmResource().roles();
    }

    @Produces
    @ThreadScoped
    public UsersResource getUsersResource() {
        return getRealmResource().users();
    }

    @Produces
    @ThreadScoped
    public GroupsResource getGroupsResource() {
        return getRealmResource().groups();
    }

    @Produces
    @ThreadScoped
    public ComponentsResource getComponentsResource() {
        return getRealmResource().components();
    }

    @Produces
    @ThreadScoped
    public ClientsResource getClientsResource() {
        return getRealmResource().clients();
    }

    @Produces
    @ThreadScoped
    public ClientScopesResource getClientScopesResource() {
        return getRealmResource().clientScopes();
    }

    @Produces
    @ThreadScoped
    public IdentityProvidersResource getIdentityProvidersResource() {
        return getRealmResource().identityProviders();
    }

    @Produces
    @ThreadScoped
    public AuthenticationManagementResource getFlowsResource() {
        return getRealmResource().flows();
    }

    @Produces
    @ThreadScoped
    @Named("realm")
    public String getRealm() {
        return this.realm;
    }

    @Produces
    @ThreadScoped
    public RealmConfiguration getConfig() {
        if (this.config == null) {
            throw new IllegalStateException("Realm configuration not found");
        }
        return this.config;
    }

    protected void verify(String str, GkcadmConfiguration gkcadmConfiguration) throws IOException {
        scan(str, gkcadmConfiguration, JavaMigration.class);
        this.out.printf("\nVerify migrations on realm `%s`\n", str);
        this.out.println("-----------------------------------------------");
    }

    protected void migrate(String str, GkcadmConfiguration gkcadmConfiguration) throws IOException {
        this.realmLock = Optional.empty();
        this.resultBuffer = new ByteArrayOutputStream();
        ArrayList<BaseJavaMigration> scan = scan(str, gkcadmConfiguration, JavaMigration.class);
        createRealm();
        this.out.printf("\nExecuting migrations on realm `%s`\n", str);
        this.out.println("-----------------------------------------------");
        SessionResource sessions = this.resource.sessions();
        UUID uuid = Create.uuid(sessions.createSession(new CreateSession(str)));
        try {
            try {
                ScriptResource scripts = sessions.scripts(uuid);
                if (validateAndRunMigrations(scan, scripts.getScripts(), scripts) == 0) {
                    this.out.println("(No changes)");
                }
                this.realmLock.ifPresent(lock -> {
                    lock.release();
                });
                sessions.releaseSession(uuid);
                this.resultBuffer.writeTo(this.out);
                this.out.flush();
            } catch (ChecksumValidationFailedException e) {
                this.out.println();
                LOG.error("Migrations failed!");
                this.out.println("Checksums of a migration does not match");
                this.out.printf("Migration from history: %s\n", e.getLastExecutedMigration().toString());
                this.out.printf("Tried to execute the following migration: %s\n", e.getMigration().toString());
                this.realmLock.ifPresent(lock2 -> {
                    lock2.release();
                });
                sessions.releaseSession(uuid);
                this.resultBuffer.writeTo(this.out);
                this.out.flush();
            }
        } catch (Throwable th) {
            this.realmLock.ifPresent(lock22 -> {
                lock22.release();
            });
            sessions.releaseSession(uuid);
            this.resultBuffer.writeTo(this.out);
            this.out.flush();
            throw th;
        }
    }

    protected ArrayList<BaseJavaMigration> scan(String str, GkcadmConfiguration gkcadmConfiguration, Class cls) {
        BaseJavaMigration beanWrappedMigrationWithRollback;
        this.realm = str;
        this.config = new RealmConfiguration(gkcadmConfiguration.getLocation(), str, gkcadmConfiguration.getRootConfig());
        Map<String, ModuleVersion> hashMap = new HashMap<>();
        ScopeMapper nullScopeMapper = this.scopeMapper.isResolvable() ? (ScopeMapper) this.scopeMapper.get() : new NullScopeMapper();
        int i = 0;
        ArrayList<BaseJavaMigration> arrayList = new ArrayList<>();
        for (JavaMigration javaMigration : this.migrationBeans.select(cls, new Annotation[0])) {
            Migration migration = (Migration) javaMigration.getClass().getAnnotation(Migration.class);
            if (javaMigration instanceof BaseJavaMigration) {
                beanWrappedMigrationWithRollback = (BaseJavaMigration) javaMigration;
                beanWrappedMigrationWithRollback.setChecksum(this.checksums.get(javaMigration.getClass().getSimpleName() + ".java"));
                beanWrappedMigrationWithRollback.setScope(migration.scope().isBlank() ? nullScopeMapper.scopeFrom(javaMigration.getClass()) : migration.scope());
            } else {
                beanWrappedMigrationWithRollback = javaMigration instanceof RollbackAware ? new BeanWrappedMigrationWithRollback(javaMigration, this.checksums.get(javaMigration.getClass().getSimpleName() + ".java"), nullScopeMapper, BaseJavaMigration.getRequiresLock(javaMigration.getClass())) : new BeanWrappedMigration(javaMigration, this.checksums.get(javaMigration.getClass().getSimpleName() + ".java"), nullScopeMapper, BaseJavaMigration.getRequiresLock(javaMigration.getClass()));
            }
            if (gkcadmConfiguration.containsScopeFor(beanWrappedMigrationWithRollback)) {
                arrayList.add(beanWrappedMigrationWithRollback);
            }
            if (!migration.moduleVersion().isEmpty()) {
                String[] split = migration.moduleVersion().split("\\:");
                String str2 = split[0];
                ModuleVersion moduleVersion = new ModuleVersion(split[1]);
                hashMap.computeIfAbsent(str2, str3 -> {
                    return moduleVersion;
                });
                if (moduleVersion.compareTo(hashMap.get(str2)) > 0) {
                    hashMap.put(str2, moduleVersion);
                }
            }
            i++;
        }
        this.context.setRequiredModuleVersions(hashMap);
        if (i == 0) {
            noBeansInfo();
        }
        arrayList.sort(this.versionComparator);
        return arrayList;
    }

    private int validateAndRunMigrations(List<BaseJavaMigration> list, List<ScriptHistory> list2, ScriptResource scriptResource) {
        int i = 0;
        ListIterator<ScriptHistory> listIterator = list2.listIterator();
        for (BaseJavaMigration baseJavaMigration : list) {
            boolean equals = baseJavaMigration.getVersion().getType().equals(MigrationType.V);
            boolean z = false;
            if (listIterator.hasNext()) {
                ScriptHistory next = listIterator.next();
                if (!next.getScript().equals(baseJavaMigration.getName())) {
                    throw new KeycloakMigrationException(this.realm, String.format("Did not expect %s to be in the list here. It should be %s", baseJavaMigration, next));
                }
                z = checksumMatch(baseJavaMigration, next);
                if (equals && !z) {
                    throw new ChecksumValidationFailedException(baseJavaMigration, next);
                }
            }
            if (!z) {
                i += runMigration(scriptResource, baseJavaMigration);
            }
        }
        return i;
    }

    public static boolean migrationExecuted(BaseJavaMigration baseJavaMigration, List<ScriptHistory> list) {
        return list.stream().anyMatch(scriptHistory -> {
            return scriptHistory.getScript().equals(baseJavaMigration.getName());
        });
    }

    /* JADX WARN: Finally extract failed */
    private int runMigration(ScriptResource scriptResource, BaseJavaMigration baseJavaMigration) throws KeycloakMigrationException {
        this.out.printf("[ ] %s", baseJavaMigration);
        Version version = baseJavaMigration.getVersion();
        ScriptHistoryKey key = Create.key(scriptResource.begin(new ScriptBegin(version.toString(), baseJavaMigration.getDescription(), "JAVA"), version.getType().equals(MigrationType.R)));
        long currentTimeMillis = System.currentTimeMillis();
        boolean z = false;
        try {
            try {
                baseJavaMigration.getRequiresLock().ifPresent(this::setLock);
                baseJavaMigration.migrate();
                z = true;
                this.out.printf("\r[+] %s\n", baseJavaMigration);
                if (1 == 0) {
                    return 1;
                }
                scriptResource.commit(key.getId(), key.getRank(), new ScriptCommit(baseJavaMigration.getName(), baseJavaMigration.getChecksum(), (int) (System.currentTimeMillis() - currentTimeMillis)));
                return 1;
            } catch (Exception e) {
                LOG.errorf("Failed to apply migration: %s", e.getMessage());
                LOG.error("Caused by", e);
                try {
                    try {
                        if (baseJavaMigration instanceof RollbackAware) {
                            ((RollbackAware) baseJavaMigration).rollback();
                        }
                        scriptResource.abort(key.getId(), key.getRank());
                        throw new KeycloakMigrationException(this.realm, String.format("Migrations failed: %s", e.getMessage()), e);
                    } catch (Throwable th) {
                        scriptResource.abort(key.getId(), key.getRank());
                        throw th;
                    }
                } catch (Exception e2) {
                    LOG.errorf("Rollback failed: %s", e2.getMessage());
                    LOG.error("Caused by", e2);
                    throw new KeycloakMigrationRollbackFailedException(this.realm, String.format("Migrations failed: %s", e.getMessage()), e);
                }
            }
        } catch (Throwable th2) {
            if (z) {
                scriptResource.commit(key.getId(), key.getRank(), new ScriptCommit(baseJavaMigration.getName(), baseJavaMigration.getChecksum(), (int) (System.currentTimeMillis() - currentTimeMillis)));
            }
            throw th2;
        }
    }

    private void setLock(String str) {
        if (!str.equals("realm")) {
            throw new RuntimeException("Unknown lock type: '" + str + "'");
        }
        if (this.realmLock.isEmpty()) {
            this.realmLock = Optional.of(this.realms.lock());
        }
    }

    private boolean checksumMatch(BaseJavaMigration baseJavaMigration, ScriptHistory scriptHistory) {
        if (scriptHistory == null) {
            return false;
        }
        if (scriptHistory.getChecksum() == null) {
            if (baseJavaMigration.getVersion().getType().equals(MigrationType.V)) {
                if (baseJavaMigration.getChecksum() != null) {
                    throw new KeycloakMigrationException(this.realm, String.format("Checksum verification failed. It looks like you are trying to runa migration that previously had no checksum but now has. Original migration: %s, new migration: %s", scriptHistory, baseJavaMigration));
                }
                return true;
            }
            if (baseJavaMigration.getVersion().getType().equals(MigrationType.R)) {
                return false;
            }
        }
        return scriptHistory.getChecksum().equals(baseJavaMigration.getChecksum());
    }

    private void createRealm() {
        try {
            this.context.adminKeycloak().realm(this.realm).toRepresentation();
        } catch (NotFoundException e) {
            RealmRepresentation realmRepresentation = new RealmRepresentation();
            realmRepresentation.setRealm(this.realm);
            this.context.adminKeycloak().realms().create(realmRepresentation);
            CustomRealmKey customRealmKey = this.config.getCustomRealmKey();
            if (customRealmKey.isEnabled()) {
                PrintStream printStream = this.out;
                Object[] objArr = new Object[1];
                objArr[0] = customRealmKey.isReuseEnabled() ? "- set to resuse key from a possible previous run." : "";
                printStream.printf("Using custom realm key %s\n", objArr);
                setRealmKey();
            }
        }
    }

    private void setRealmKey() {
        SessionResource sessions = this.context.migrations().sessions();
        UUID uuid = Create.uuid(sessions.createSession(new CreateSession(this.realm)));
        try {
            String id = this.context.adminKeycloak().realm(this.realm).toRepresentation().getId();
            CustomRealmKey customRealmKey = this.config.getCustomRealmKey();
            sessions.setRealmKey(uuid, new CreateRealmKey(id, (String) coalesce(customRealmKey.getName(), "rsa"), (String) coalesce(customRealmKey.getSubject(), "CN=" + this.realm), ((Long) coalesce(customRealmKey.getPriority(), 100L)).longValue(), (String) coalesce(customRealmKey.getPrivateKey(), null), (String) coalesce(customRealmKey.getCertificate(), null), (String) coalesce(customRealmKey.getCertificatePath(), null), (char[]) coalesce(customRealmKey.getCertificatePassword(), null), (String) coalesce(customRealmKey.getCertificateAlias(), null), customRealmKey.isEnabled()));
            sessions.disableRsaGeneratedKey(uuid, id);
            sessions.removeSession(uuid);
        } catch (Throwable th) {
            sessions.removeSession(uuid);
            throw th;
        }
    }

    private <T> T coalesce(T t, T t2) {
        return t != null ? t : t2;
    }

    private void noBeansInfo() {
        System.err.println("\n########          NO MIGRATIONS DISCOVERED IN THE CLASSPATH          ########");
        System.err.println("########  If you have implementated a migration class and still see  ########");
        System.err.println("########  this message then it's properly caused by a missing        ########");
        System.err.println("########  META-INF/beans.xml file. See the following link for more   ########");
        System.err.println("########  https://  ########");
        System.err.println("");
    }
}
