package org.keycloak.models.utils;

import java.security.Key;
import java.security.KeyPair;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.UUID;
import javax.crypto.spec.SecretKeySpec;
import javax.transaction.InvalidTransactionException;
import javax.transaction.SystemException;
import javax.transaction.Transaction;
import org.keycloak.authentication.authenticators.client.ClientIdAndSecretAuthenticator;
import org.keycloak.broker.social.SocialIdentityProvider;
import org.keycloak.broker.social.SocialIdentityProviderFactory;
import org.keycloak.common.util.Base64Url;
import org.keycloak.common.util.CertificateUtils;
import org.keycloak.common.util.KeyUtils;
import org.keycloak.common.util.PemUtils;
import org.keycloak.component.ComponentModel;
import org.keycloak.models.AuthenticationExecutionModel;
import org.keycloak.models.AuthenticationFlowModel;
import org.keycloak.models.ClientModel;
import org.keycloak.models.ClientTemplateModel;
import org.keycloak.models.Constants;
import org.keycloak.models.GroupModel;
import org.keycloak.models.IdentityProviderModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.KeycloakSessionFactory;
import org.keycloak.models.KeycloakSessionTask;
import org.keycloak.models.KeycloakTransactionManager;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleContainerModel;
import org.keycloak.models.RoleModel;
import org.keycloak.models.ScopeContainerModel;
import org.keycloak.models.UserCredentialModel;
import org.keycloak.models.UserModel;
import org.keycloak.representations.idm.CertificateRepresentation;
import org.keycloak.storage.UserStorageProviderModel;
import org.keycloak.transaction.JtaTransactionManagerLookup;

/* loaded from: input_file:wildfly-10.1.0.Final/modules/system/add-ons/keycloak/org/keycloak/keycloak-server-spi-private/main/keycloak-server-spi-private-2.5.5.Final.jar:org/keycloak/models/utils/KeycloakModelUtils.class */
public final class KeycloakModelUtils {
    private KeycloakModelUtils() {
    }

    public static String generateId() {
        return UUID.randomUUID().toString();
    }

    public static String generateSecret() {
        return generateSecret(32);
    }

    public static String generateSecret(int i) {
        byte[] bArr = new byte[i];
        new SecureRandom().nextBytes(bArr);
        return Base64Url.encode(bArr);
    }

    public static PublicKey getPublicKey(String str) {
        if (str == null) {
            return null;
        }
        try {
            return PemUtils.decodePublicKey(str);
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    public static X509Certificate getCertificate(String str) {
        if (str == null) {
            return null;
        }
        try {
            return PemUtils.decodeCertificate(str);
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    public static PrivateKey getPrivateKey(String str) {
        if (str == null) {
            return null;
        }
        try {
            return PemUtils.decodePrivateKey(str);
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    public static Key getSecretKey(String str) {
        if (str != null) {
            return new SecretKeySpec(str.getBytes(), "HmacSHA256");
        }
        return null;
    }

    public static String getPemFromKey(Key key) {
        return PemUtils.encodeKey(key);
    }

    public static String getPemFromCertificate(X509Certificate x509Certificate) {
        return PemUtils.encodeCertificate(x509Certificate);
    }

    public static CertificateRepresentation generateKeyPairCertificate(String str) {
        KeyPair generateRsaKeyPair = KeyUtils.generateRsaKeyPair(2048);
        X509Certificate generateV1SelfSignedCertificate = CertificateUtils.generateV1SelfSignedCertificate(generateRsaKeyPair, str);
        String encodeKey = PemUtils.encodeKey(generateRsaKeyPair.getPrivate());
        String encodeCertificate = PemUtils.encodeCertificate(generateV1SelfSignedCertificate);
        CertificateRepresentation certificateRepresentation = new CertificateRepresentation();
        certificateRepresentation.setPrivateKey(encodeKey);
        certificateRepresentation.setCertificate(encodeCertificate);
        return certificateRepresentation;
    }

    public static UserCredentialModel generateSecret(ClientModel clientModel) {
        UserCredentialModel generateSecret = UserCredentialModel.generateSecret();
        clientModel.setSecret(generateSecret.getValue());
        return generateSecret;
    }

    public static String getDefaultClientAuthenticatorType() {
        return ClientIdAndSecretAuthenticator.PROVIDER_ID;
    }

    public static String generateCodeSecret() {
        return UUID.randomUUID().toString();
    }

    public static ClientModel createClient(RealmModel realmModel, String str) {
        ClientModel addClient = realmModel.addClient(str);
        addClient.setClientAuthenticatorType(getDefaultClientAuthenticatorType());
        generateSecret(addClient);
        addClient.setFullScopeAllowed(true);
        return addClient;
    }

    public static boolean searchFor(RoleModel roleModel, RoleModel roleModel2, Set<String> set) {
        if (set.contains(roleModel2.getId())) {
            return false;
        }
        set.add(roleModel2.getId());
        if (!roleModel2.isComposite()) {
            return false;
        }
        Set<RoleModel> composites = roleModel2.getComposites();
        return composites.contains(roleModel) || composites.stream().filter(roleModel3 -> {
            return roleModel3.isComposite() && searchFor(roleModel, roleModel3, set);
        }).findFirst().isPresent();
    }

    public static UserModel findUserByNameOrEmail(KeycloakSession keycloakSession, RealmModel realmModel, String str) {
        UserModel userByEmail;
        return (!realmModel.isLoginWithEmailAllowed() || str.indexOf(64) == -1 || (userByEmail = keycloakSession.users().getUserByEmail(str, realmModel)) == null) ? keycloakSession.users().getUserByUsername(str, realmModel) : userByEmail;
    }

    public static void runJobInTransaction(KeycloakSessionFactory keycloakSessionFactory, KeycloakSessionTask keycloakSessionTask) {
        KeycloakSession create = keycloakSessionFactory.create();
        KeycloakTransactionManager transactionManager = create.getTransactionManager();
        try {
            try {
                transactionManager.begin();
                keycloakSessionTask.run(create);
                if (transactionManager.isActive()) {
                    if (transactionManager.getRollbackOnly()) {
                        transactionManager.rollback();
                    } else {
                        transactionManager.commit();
                    }
                }
            } catch (RuntimeException e) {
                if (transactionManager.isActive()) {
                    transactionManager.rollback();
                }
                throw e;
            }
        } finally {
            create.close();
        }
    }

    public static String getMasterRealmAdminApplicationClientId(String str) {
        return str + "-realm";
    }

    public static UserStorageProviderModel findUserStorageProviderByName(String str, RealmModel realmModel) {
        if (str == null) {
            return null;
        }
        for (UserStorageProviderModel userStorageProviderModel : realmModel.getUserStorageProviders()) {
            if (str.equals(userStorageProviderModel.getName())) {
                return userStorageProviderModel;
            }
        }
        return null;
    }

    public static UserStorageProviderModel findUserStorageProviderById(String str, RealmModel realmModel) {
        for (UserStorageProviderModel userStorageProviderModel : realmModel.getUserStorageProviders()) {
            if (str.equals(userStorageProviderModel.getId())) {
                return userStorageProviderModel;
            }
        }
        return null;
    }

    public static ComponentModel createComponentModel(String str, String str2, String str3, String str4, String... strArr) {
        String str5;
        ComponentModel componentModel = new ComponentModel();
        componentModel.setParentId(str2);
        componentModel.setName(str);
        componentModel.setProviderId(str3);
        componentModel.setProviderType(str4);
        String str6 = null;
        for (String str7 : strArr) {
            if (str6 == null) {
                str5 = str7;
            } else {
                componentModel.getConfig().add(str6, str7);
                str5 = null;
            }
            str6 = str5;
        }
        if (str6 != null) {
            throw new IllegalStateException("Invalid count of arguments for config. Maybe mistake?");
        }
        return componentModel;
    }

    public static String toLowerCaseSafe(String str) {
        if (str == null) {
            return null;
        }
        return str.toLowerCase();
    }

    public static void setupOfflineTokens(RealmModel realmModel) {
        if (realmModel.getRole("offline_access") == null) {
            RoleModel addRole = realmModel.addRole("offline_access");
            addRole.setDescription("${role_offline-access}");
            addRole.setScopeParamRequired(true);
            realmModel.addDefaultRole("offline_access");
        }
    }

    public static void deepFindAuthenticationExecutions(RealmModel realmModel, AuthenticationFlowModel authenticationFlowModel, List<AuthenticationExecutionModel> list) {
        for (AuthenticationExecutionModel authenticationExecutionModel : realmModel.getAuthenticationExecutions(authenticationFlowModel.getId())) {
            if (authenticationExecutionModel.isAuthenticatorFlow()) {
                deepFindAuthenticationExecutions(realmModel, realmModel.getAuthenticationFlowById(authenticationExecutionModel.getFlowId()), list);
            } else {
                list.add(authenticationExecutionModel);
            }
        }
    }

    public static String resolveFirstAttribute(GroupModel groupModel, String str) {
        String firstAttribute = groupModel.getFirstAttribute(str);
        if (firstAttribute != null) {
            return firstAttribute;
        }
        if (groupModel.getParentId() == null) {
            return null;
        }
        return resolveFirstAttribute(groupModel.getParent(), str);
    }

    public static String resolveFirstAttribute(UserModel userModel, String str) {
        String firstAttribute = userModel.getFirstAttribute(str);
        if (firstAttribute != null) {
            return firstAttribute;
        }
        Iterator<GroupModel> it = userModel.getGroups().iterator();
        while (it.hasNext()) {
            String resolveFirstAttribute = resolveFirstAttribute(it.next(), str);
            if (resolveFirstAttribute != null) {
                return resolveFirstAttribute;
            }
        }
        return null;
    }

    public static List<String> resolveAttribute(GroupModel groupModel, String str) {
        List<String> attribute = groupModel.getAttribute(str);
        if (attribute != null && !attribute.isEmpty()) {
            return attribute;
        }
        if (groupModel.getParentId() == null) {
            return null;
        }
        return resolveAttribute(groupModel.getParent(), str);
    }

    public static List<String> resolveAttribute(UserModel userModel, String str) {
        List<String> attribute = userModel.getAttribute(str);
        if (!attribute.isEmpty()) {
            return attribute;
        }
        Iterator<GroupModel> it = userModel.getGroups().iterator();
        while (it.hasNext()) {
            List<String> resolveAttribute = resolveAttribute(it.next(), str);
            if (resolveAttribute != null) {
                return resolveAttribute;
            }
        }
        return Collections.emptyList();
    }

    private static GroupModel findSubGroup(String[] strArr, int i, GroupModel groupModel) {
        for (GroupModel groupModel2 : groupModel.getSubGroups()) {
            if (groupModel2.getName().equals(strArr[i])) {
                if (strArr.length == i + 1) {
                    return groupModel2;
                }
                if (i + 1 >= strArr.length) {
                    return null;
                }
                GroupModel findSubGroup = findSubGroup(strArr, i + 1, groupModel2);
                if (findSubGroup != null) {
                    return findSubGroup;
                }
            }
        }
        return null;
    }

    public static GroupModel findGroupByPath(RealmModel realmModel, String str) {
        if (str == null) {
            return null;
        }
        if (str.startsWith("/")) {
            str = str.substring(1);
        }
        if (str.endsWith("/")) {
            str = str.substring(0, str.length() - 1);
        }
        String[] split = str.split("/");
        if (split.length == 0) {
            return null;
        }
        GroupModel groupModel = null;
        Iterator<GroupModel> it = realmModel.getTopLevelGroups().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            GroupModel next = it.next();
            if (next.getName().equals(split[0])) {
                if (split.length == 1) {
                    groupModel = next;
                    break;
                }
                if (split.length > 1) {
                    groupModel = findSubGroup(split, 1, next);
                    if (groupModel != null) {
                        break;
                    }
                } else {
                    continue;
                }
            }
        }
        return groupModel;
    }

    public static Set<RoleModel> getClientScopeMappings(ClientModel clientModel, ScopeContainerModel scopeContainerModel) {
        Set<RoleModel> scopeMappings = scopeContainerModel.getScopeMappings();
        HashSet hashSet = new HashSet();
        for (RoleModel roleModel : scopeMappings) {
            RoleContainerModel container = roleModel.getContainer();
            if ((container instanceof ClientModel) && clientModel.getId().equals(((ClientModel) container).getId())) {
                hashSet.add(roleModel);
            }
        }
        return hashSet;
    }

    public static RoleModel getRoleFromString(RealmModel realmModel, String str) {
        String[] parseRole = parseRole(str);
        RoleModel roleModel = null;
        if (parseRole[0] == null) {
            roleModel = realmModel.getRole(parseRole[1]);
        } else {
            ClientModel clientByClientId = realmModel.getClientByClientId(parseRole[0]);
            if (clientByClientId != null) {
                roleModel = clientByClientId.getRole(parseRole[1]);
            }
        }
        return roleModel;
    }

    public static String[] parseRole(String str) {
        int lastIndexOf = str.lastIndexOf(46);
        return lastIndexOf > -1 ? new String[]{str.substring(0, lastIndexOf), str.substring(lastIndexOf + 1)} : new String[]{null, str};
    }

    public static boolean isFlowUsed(RealmModel realmModel, AuthenticationFlowModel authenticationFlowModel) {
        AuthenticationFlowModel browserFlow = realmModel.getBrowserFlow();
        if (browserFlow != null && browserFlow.getId().equals(authenticationFlowModel.getId())) {
            return true;
        }
        AuthenticationFlowModel registrationFlow = realmModel.getRegistrationFlow();
        if (registrationFlow != null && registrationFlow.getId().equals(authenticationFlowModel.getId())) {
            return true;
        }
        AuthenticationFlowModel clientAuthenticationFlow = realmModel.getClientAuthenticationFlow();
        if (clientAuthenticationFlow != null && clientAuthenticationFlow.getId().equals(authenticationFlowModel.getId())) {
            return true;
        }
        AuthenticationFlowModel directGrantFlow = realmModel.getDirectGrantFlow();
        if (directGrantFlow != null && directGrantFlow.getId().equals(authenticationFlowModel.getId())) {
            return true;
        }
        AuthenticationFlowModel resetCredentialsFlow = realmModel.getResetCredentialsFlow();
        if (resetCredentialsFlow != null && resetCredentialsFlow.getId().equals(authenticationFlowModel.getId())) {
            return true;
        }
        for (IdentityProviderModel identityProviderModel : realmModel.getIdentityProviders()) {
            if (authenticationFlowModel.getId().equals(identityProviderModel.getFirstBrokerLoginFlowId()) || authenticationFlowModel.getId().equals(identityProviderModel.getPostBrokerLoginFlowId())) {
                return true;
            }
        }
        return false;
    }

    public static boolean isClientTemplateUsed(RealmModel realmModel, ClientTemplateModel clientTemplateModel) {
        for (ClientModel clientModel : realmModel.getClients()) {
            if (clientModel.getClientTemplate() != null && clientModel.getClientTemplate().getId().equals(clientTemplateModel.getId())) {
                return true;
            }
        }
        return false;
    }

    public static ClientTemplateModel getClientTemplateByName(RealmModel realmModel, String str) {
        for (ClientTemplateModel clientTemplateModel : realmModel.getClientTemplates()) {
            if (str.equals(clientTemplateModel.getName())) {
                return clientTemplateModel;
            }
        }
        return null;
    }

    public static void setupAuthorizationServices(RealmModel realmModel) {
        for (String str : Constants.AUTHZ_DEFAULT_AUTHORIZATION_ROLES) {
            if (realmModel.getRole(str) == null) {
                RoleModel addRole = realmModel.addRole(str);
                addRole.setDescription("${role_" + str + "}");
                addRole.setScopeParamRequired(false);
                realmModel.addDefaultRole(str);
            }
        }
    }

    public static void suspendJtaTransaction(KeycloakSessionFactory keycloakSessionFactory, Runnable runnable) {
        JtaTransactionManagerLookup jtaTransactionManagerLookup = (JtaTransactionManagerLookup) keycloakSessionFactory.getProviderFactory(JtaTransactionManagerLookup.class);
        Transaction transaction = null;
        if (jtaTransactionManagerLookup != null) {
            try {
                if (jtaTransactionManagerLookup.getTransactionManager() != null) {
                    try {
                        transaction = jtaTransactionManagerLookup.getTransactionManager().suspend();
                    } catch (SystemException e) {
                        throw new RuntimeException(e);
                    }
                }
            } catch (Throwable th) {
                if (transaction != null) {
                    try {
                        jtaTransactionManagerLookup.getTransactionManager().resume(transaction);
                    } catch (InvalidTransactionException e2) {
                        throw new RuntimeException((Throwable) e2);
                    } catch (SystemException e3) {
                        throw new RuntimeException(e3);
                    }
                }
                throw th;
            }
        }
        runnable.run();
        if (transaction != null) {
            try {
                jtaTransactionManagerLookup.getTransactionManager().resume(transaction);
            } catch (InvalidTransactionException e4) {
                throw new RuntimeException((Throwable) e4);
            } catch (SystemException e5) {
                throw new RuntimeException(e5);
            }
        }
    }

    public static String getIdentityProviderDisplayName(KeycloakSession keycloakSession, IdentityProviderModel identityProviderModel) {
        String displayName = identityProviderModel.getDisplayName();
        if (displayName != null && !displayName.isEmpty()) {
            return displayName;
        }
        SocialIdentityProviderFactory socialIdentityProviderFactory = (SocialIdentityProviderFactory) keycloakSession.getKeycloakSessionFactory().getProviderFactory(SocialIdentityProvider.class, identityProviderModel.getProviderId());
        return socialIdentityProviderFactory != null ? socialIdentityProviderFactory.getName() : identityProviderModel.getAlias();
    }
}
