package org.uberfire.ext.security.management.keycloak;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.function.Consumer;
import org.jboss.errai.security.shared.api.Group;
import org.jboss.errai.security.shared.api.Role;
import org.jboss.errai.security.shared.api.identity.User;
import org.jboss.resteasy.client.ClientResponse;
import org.jboss.resteasy.client.ClientResponseFailure;
import org.jboss.resteasy.spi.NotFoundException;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.idm.RoleRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.kie.soup.commons.util.Maps;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.uberfire.ext.security.management.api.AbstractEntityManager;
import org.uberfire.ext.security.management.api.UserManager;
import org.uberfire.ext.security.management.api.exception.ClientNotFoundException;
import org.uberfire.ext.security.management.api.exception.GroupNotFoundException;
import org.uberfire.ext.security.management.api.exception.OperationFailedException;
import org.uberfire.ext.security.management.api.exception.RealmManagementNotAuthorizedException;
import org.uberfire.ext.security.management.api.exception.SecurityManagementException;
import org.uberfire.ext.security.management.api.exception.UserNotFoundException;
import org.uberfire.ext.security.management.impl.SearchRequestImpl;
import org.uberfire.ext.security.management.impl.UserAttributeImpl;
import org.uberfire.ext.security.management.keycloak.client.ClientFactory;
import org.uberfire.ext.security.management.keycloak.client.Keycloak;
import org.uberfire.ext.security.management.keycloak.client.resource.RealmResource;
import org.uberfire.ext.security.management.keycloak.client.resource.RoleMappingResource;
import org.uberfire.ext.security.management.keycloak.client.resource.RoleResource;
import org.uberfire.ext.security.management.keycloak.client.resource.RoleScopeResource;
import org.uberfire.ext.security.management.keycloak.client.resource.RolesResource;
import org.uberfire.ext.security.management.keycloak.client.resource.UserResource;
import org.uberfire.ext.security.management.keycloak.client.resource.UsersResource;
import org.uberfire.ext.security.management.util.SecurityManagementUtils;

/* loaded from: input_file:WEB-INF/lib/uberfire-security-management-keycloak-7.65.0.Final.jar:org/uberfire/ext/security/management/keycloak/BaseKeyCloakManager.class */
public abstract class BaseKeyCloakManager {
    static final int STATUS_NOT_AUTHORIZED = 403;
    protected ClientFactory factory;
    protected static final String ATTRIBUTE_USER_ID = "user.id";
    protected static final UserManager.UserAttribute USER_ID = new UserAttributeImpl(ATTRIBUTE_USER_ID, true, false, null);
    protected static final String ATTRIBUTE_USER_FIRST_NAME = "user.firstName";
    protected static final UserManager.UserAttribute USER_FIST_NAME = new UserAttributeImpl(ATTRIBUTE_USER_FIRST_NAME, true, true, "First name");
    protected static final String ATTRIBUTE_USER_LAST_NAME = "user.lastName";
    protected static final UserManager.UserAttribute USER_LAST_NAME = new UserAttributeImpl(ATTRIBUTE_USER_LAST_NAME, true, true, "Last name");
    protected static final String ATTRIBUTE_USER_ENABLED = "user.enabled";
    protected static final UserManager.UserAttribute USER_ENABLED = new UserAttributeImpl(ATTRIBUTE_USER_ENABLED, true, true, "true");
    protected static final String ATTRIBUTE_USER_EMAIL = "user.email";
    protected static final UserManager.UserAttribute USER_EMAIL = new UserAttributeImpl(ATTRIBUTE_USER_EMAIL, false, true, "");
    protected static final String ATTRIBUTE_USER_EMAIL_VERIFIED = "user.isEmailVerified";
    protected static final UserManager.UserAttribute USER_EMAIL_VERIFIED = new UserAttributeImpl(ATTRIBUTE_USER_EMAIL_VERIFIED, false, true, "false");
    protected static final Collection<UserManager.UserAttribute> USER_ATTRIBUTES = Arrays.asList(USER_ID, USER_FIST_NAME, USER_LAST_NAME, USER_ENABLED, USER_EMAIL, USER_EMAIL_VERIFIED);
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) BaseKeyCloakManager.class);

    /* JADX INFO: Access modifiers changed from: protected */
    public void init(ClientFactory clientFactory) {
        this.factory = clientFactory;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public synchronized Keycloak getKeyCloakInstance() {
        return this.factory.get();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void consumeRealm(Consumer<RealmResource> consumer) {
        try {
            consumer.accept(getRealmResource());
        } catch (ClientResponseFailure e) {
            if (403 != e.getResponse().getResponseStatus().getStatusCode()) {
                throw new SecurityManagementException((Throwable) e);
            }
            throw new RealmManagementNotAuthorizedException(getKeyCloakInstance().getRealm());
        }
    }

    private RealmResource getRealmResource() {
        return getKeyCloakInstance().realm();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AbstractEntityManager.SearchRequest getSearchRequest(AbstractEntityManager.SearchRequest searchRequest) {
        return searchRequest != null ? searchRequest : new SearchRequestImpl();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public User createUser(UserRepresentation userRepresentation) {
        return createUser(userRepresentation, null, null);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public User createUser(UserRepresentation userRepresentation, Set<Group> set, Set<Role> set2) {
        if (userRepresentation == null) {
            return null;
        }
        User createUser = SecurityManagementUtils.createUser(userRepresentation.getUsername(), set, set2);
        fillUserAttributes(createUser, userRepresentation);
        return createUser;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Group createGroup(RoleRepresentation roleRepresentation) {
        if (roleRepresentation != null) {
            return createGroup(roleRepresentation.getName());
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Group createGroup(String str) {
        if (str != null) {
            return SecurityManagementUtils.createGroup(str);
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Set[] getUserGroupsAndRoles(RoleMappingResource roleMappingResource) {
        List<RoleRepresentation> listEffective;
        if (roleMappingResource == null || (listEffective = getRolesScopeResource(roleMappingResource, getKeyCloakInstance().getUseRoleResourceMappings().booleanValue()).listEffective()) == null || listEffective.isEmpty()) {
            return null;
        }
        HashSet hashSet = new HashSet();
        HashSet hashSet2 = new HashSet();
        Set<String> registeredRoleNames = SecurityManagementUtils.getRegisteredRoleNames();
        for (RoleRepresentation roleRepresentation : listEffective) {
            if (roleRepresentation != null) {
                SecurityManagementUtils.populateGroupOrRoles(roleRepresentation.getName(), registeredRoleNames, hashSet, hashSet2);
            }
        }
        return new Set[]{hashSet, hashSet2};
    }

    protected void fillUserAttributes(User user, UserRepresentation userRepresentation) {
        String id = userRepresentation.getId();
        String firstName = userRepresentation.getFirstName();
        String lastName = userRepresentation.getLastName();
        String email = userRepresentation.getEmail();
        boolean booleanValue = userRepresentation.isEmailVerified().booleanValue();
        boolean booleanValue2 = userRepresentation.isEnabled().booleanValue();
        user.setProperty(ATTRIBUTE_USER_ID, id);
        user.setProperty(ATTRIBUTE_USER_FIRST_NAME, firstName);
        user.setProperty(ATTRIBUTE_USER_LAST_NAME, lastName);
        user.setProperty(ATTRIBUTE_USER_EMAIL, email);
        user.setProperty(ATTRIBUTE_USER_EMAIL_VERIFIED, Boolean.toString(booleanValue));
        user.setProperty(ATTRIBUTE_USER_ENABLED, Boolean.toString(booleanValue2));
        Map<String, List<String>> attributes = userRepresentation.getAttributes();
        if (attributes == null || attributes.isEmpty()) {
            return;
        }
        for (Map.Entry<String, List<String>> entry : attributes.entrySet()) {
            user.setProperty(entry.getKey(), entry.getValue() != null ? String.join(", ", entry.getValue()) : null);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void fillUserRepresentationAttributes(User user, UserRepresentation userRepresentation) {
        userRepresentation.setUsername(user.getIdentifier());
        Map<String, String> properties = user.getProperties();
        if (properties != null && !properties.isEmpty()) {
            for (Map.Entry<String, String> entry : properties.entrySet()) {
                String key = entry.getKey();
                String value = entry.getValue();
                if (ATTRIBUTE_USER_ID.equals(key)) {
                    userRepresentation.setId(value);
                } else if (ATTRIBUTE_USER_FIRST_NAME.equals(key)) {
                    userRepresentation.setFirstName(value);
                } else if (ATTRIBUTE_USER_LAST_NAME.equals(key)) {
                    userRepresentation.setLastName(value);
                } else if (ATTRIBUTE_USER_EMAIL.equals(key)) {
                    userRepresentation.setEmail(value);
                } else if (ATTRIBUTE_USER_EMAIL_VERIFIED.equals(key)) {
                    userRepresentation.setEmailVerified(Boolean.valueOf(value));
                } else if (ATTRIBUTE_USER_ENABLED.equals(key)) {
                    userRepresentation.setEnabled(Boolean.valueOf(value));
                } else {
                    userRepresentation.singleAttribute(key, value);
                }
            }
        }
        ArrayList arrayList = new ArrayList();
        Iterator<Group> it = user.getGroups().iterator();
        while (it.hasNext()) {
            arrayList.add(it.next().getName());
        }
        Iterator<Role> it2 = user.getRoles().iterator();
        while (it2.hasNext()) {
            arrayList.add(it2.next().getName());
        }
        if (getKeyCloakInstance().getUseRoleResourceMappings().booleanValue()) {
            userRepresentation.setClientRoles(new Maps.Builder().put(getKeyCloakInstance().getResource(), arrayList).build());
        } else {
            userRepresentation.setRealmRoles(arrayList);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public UserResource getUserResource(UsersResource usersResource, String str) {
        List<UserRepresentation> search = usersResource.search(str, null, null, null, 0, 1);
        if (search == null || search.isEmpty()) {
            throw new UserNotFoundException(str);
        }
        return usersResource.get(search.get(0).getId());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public RoleRepresentation getRoleRepresentation(String str, RoleResource roleResource) {
        if (roleResource != null) {
            try {
                return roleResource.toRepresentation();
            } catch (NotFoundException e) {
                throw new GroupNotFoundException(str);
            } catch (ClientResponseFailure e2) {
                if (404 == e2.getResponse().getResponseStatus().getStatusCode()) {
                    throw new GroupNotFoundException(str);
                }
            } catch (Exception e3) {
                throw new SecurityManagementException(e3);
            }
        }
        throw new GroupNotFoundException(str);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void handleResponse(ClientResponse clientResponse) {
        if (clientResponse != null) {
            int status = clientResponse.getStatus();
            clientResponse.releaseConnection();
            if (status >= 400) {
                throw new OperationFailedException(status, "Operation failed. See server log messages.");
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public RolesResource getRolesResource(RealmResource realmResource, boolean z) {
        return z ? realmResource.clients().get(getClientIdByName(realmResource)).roles() : realmResource.roles();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public RoleScopeResource getRolesScopeResource(RoleMappingResource roleMappingResource, boolean z) {
        return z ? roleMappingResource.clientLevel(getClientIdByName(getRealmResource())) : roleMappingResource.realmLevel();
    }

    protected String getClientIdByName(RealmResource realmResource) {
        List<ClientRepresentation> findByClientId = realmResource.clients().findByClientId(getKeyCloakInstance().getResource());
        if (findByClientId.isEmpty()) {
            throw new ClientNotFoundException(getKeyCloakInstance().getResource());
        }
        return findByClientId.get(0).getId();
    }
}
