package com.atlassian.plugins.authentication.common.upgrade;

import com.atlassian.plugin.spring.scanner.annotation.export.ExportAsService;
import com.atlassian.plugin.spring.scanner.annotation.imports.ComponentImport;
import com.atlassian.plugins.authentication.api.config.AbstractIdpConfig;
import com.atlassian.plugins.authentication.api.config.IdpConfig;
import com.atlassian.plugins.authentication.api.config.ImmutableJustInTimeConfig;
import com.atlassian.plugins.authentication.api.config.SsoType;
import com.atlassian.plugins.authentication.api.config.saml.SamlConfig;
import com.atlassian.plugins.authentication.sso.config.PluginSettingsUtil;
import com.atlassian.plugins.authentication.sso.config.SsoConfigDao;
import com.atlassian.plugins.authentication.sso.rest.model.IdpConfigEntity;
import com.atlassian.sal.api.ApplicationProperties;
import com.atlassian.sal.api.message.Message;
import com.atlassian.sal.api.pluginsettings.PluginSettings;
import com.atlassian.sal.api.pluginsettings.PluginSettingsFactory;
import com.atlassian.sal.api.upgrade.PluginUpgradeTask;
import com.google.common.collect.ImmutableList;
import java.util.Collection;
import java.util.Objects;
import javax.inject.Inject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Component;

@ExportAsService({PluginUpgradeTask.class})
@Component
/* loaded from: input_file:com/atlassian/plugins/authentication/common/upgrade/UpgradeTask06MigrateConfigurationToAo.class */
public class UpgradeTask06MigrateConfigurationToAo implements PluginUpgradeTask {
    private static final Logger log = LoggerFactory.getLogger(UpgradeTask06MigrateConfigurationToAo.class);
    private final PluginSettingsFactory pluginSettingsFactory;
    private final SsoConfigDao ssoConfigDao;
    private final LegacySettingsUtil legacySettingsUtil;
    private final ApplicationProperties applicationProperties;

    @Inject
    public UpgradeTask06MigrateConfigurationToAo(@ComponentImport PluginSettingsFactory pluginSettingsFactory, SsoConfigDao ssoConfigDao, LegacySettingsUtil legacySettingsUtil, @ComponentImport ApplicationProperties applicationProperties) {
        this.pluginSettingsFactory = pluginSettingsFactory;
        this.ssoConfigDao = ssoConfigDao;
        this.legacySettingsUtil = legacySettingsUtil;
        this.applicationProperties = applicationProperties;
    }

    public int getBuildNumber() {
        return 6;
    }

    public String getShortDescription() {
        return "Migrate existing configuration to the IDP_CONFIG table.";
    }

    public String getPluginKey() {
        return "com.atlassian.plugins.authentication.atlassian-authentication-plugin";
    }

    public Collection<Message> doUpgrade() {
        AbstractIdpConfig.Builder mapLegacySamlConfig;
        PluginSettings createGlobalSettings = this.pluginSettingsFactory.createGlobalSettings();
        SsoType legacySsoType = this.legacySettingsUtil.getLegacySsoType(createGlobalSettings);
        boolean equals = Objects.equals(this.applicationProperties.getPlatformId(), "jira");
        if (legacySsoType == SsoType.NONE) {
            log.info("No SSO is enabled, enabling login form");
            PluginSettingsUtil.setBooleanValue(createGlobalSettings, "show-login-form", true);
            if (equals) {
                PluginSettingsUtil.setBooleanValue(createGlobalSettings, "show-login-form-for-jsm", true);
            }
        } else {
            log.info("SSO is enabled, creating new IdP");
            PluginSettingsUtil.setBooleanValue(createGlobalSettings, "show-login-form", !PluginSettingsUtil.getBooleanValue(createGlobalSettings, LegacySettingsKeys.REDIRECT_ON_LOGIN, false));
            PluginSettingsUtil.setBooleanValue(createGlobalSettings, "enable-authentication-fallback", PluginSettingsUtil.getBooleanValue(createGlobalSettings, LegacySettingsKeys.ALLOW_REDIRECT_OVERRIDE, false));
            ImmutableJustInTimeConfig.Builder builder = ImmutableJustInTimeConfig.builder();
            if (legacySsoType == SsoType.OIDC) {
                log.info("Mapping OIDC config");
                mapLegacySamlConfig = this.legacySettingsUtil.mapLegacyOidcConfig(createGlobalSettings);
                builder.setAdditionalJitScopes(PluginSettingsUtil.getListValue(createGlobalSettings, LegacySettingsKeys.ADDITIONAL_JIT_SCOPES, String::valueOf));
            } else {
                log.info("Mapping SAML config");
                mapLegacySamlConfig = this.legacySettingsUtil.mapLegacySamlConfig(createGlobalSettings);
            }
            mapLegacySamlConfig.setEnabled(true);
            String resolveFriendlySsoName = resolveFriendlySsoName(legacySsoType, createGlobalSettings);
            mapLegacySamlConfig.setName(resolveFriendlySsoName + " SSO");
            String str = "Log in with " + resolveFriendlySsoName;
            mapLegacySamlConfig.setButtonText(str);
            log.info("Setting button text to {}", str);
            IdpConfig mapGenericLegacyConfig = this.legacySettingsUtil.mapGenericLegacyConfig(createGlobalSettings, mapLegacySamlConfig, builder);
            migrateJsmFields(createGlobalSettings, equals, mapGenericLegacyConfig);
            this.ssoConfigDao.saveIdpConfig(mapGenericLegacyConfig);
        }
        return ImmutableList.of();
    }

    private void migrateJsmFields(PluginSettings pluginSettings, boolean z, IdpConfig idpConfig) {
        if (!z) {
            log.info("Skipping migration of show login form in JSM as the current product does not have JSM enabled");
            return;
        }
        boolean z2 = !idpConfig.isIncludeCustomerLogins();
        log.info("Setting show login form in JSM to {}", z2 ? IdpConfigEntity.Config.ENABLED : "disabled");
        PluginSettingsUtil.setBooleanValue(pluginSettings, "show-login-form-for-jsm", z2);
    }

    private String resolveFriendlySsoName(SsoType ssoType, PluginSettings pluginSettings) {
        switch (ssoType) {
            case SAML:
                return this.legacySettingsUtil.getIdpType(pluginSettings) == SamlConfig.IdpType.CROWD ? "Crowd" : "SAML";
            case OIDC:
                return "OpenID Connect";
            default:
                throw new IllegalArgumentException("Unknown SSO type " + ssoType);
        }
    }
}
