package org.keycloak.services.managers;

import java.net.URI;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.Map;
import java.util.Set;
import java.util.TreeSet;
import org.codehaus.jackson.annotate.JsonProperty;
import org.codehaus.jackson.annotate.JsonPropertyOrder;
import org.jboss.logging.Logger;
import org.keycloak.authentication.forms.RegistrationRecaptcha;
import org.keycloak.models.ClientModel;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.UserSessionProvider;
import org.keycloak.models.utils.KeycloakModelUtils;
import org.keycloak.protocol.oidc.OIDCLoginProtocol;
import org.keycloak.protocol.oidc.mappers.UserSessionNoteMapper;
import org.keycloak.representations.adapters.config.BaseRealmConfig;
import org.keycloak.util.Time;

/* loaded from: input_file:org/keycloak/services/managers/ClientManager.class */
public class ClientManager {
    protected Logger logger = Logger.getLogger(ClientManager.class);
    protected RealmManager realmManager;

    @JsonPropertyOrder({"realm", "realm-public-key", "bearer-only", "auth-server-url", "ssl-required", "resource", "public-client", "credentials", "use-resource-role-mappings"})
    /* loaded from: input_file:org/keycloak/services/managers/ClientManager$InstallationAdapterConfig.class */
    public static class InstallationAdapterConfig extends BaseRealmConfig {

        @JsonProperty("resource")
        protected String resource;

        @JsonProperty("use-resource-role-mappings")
        protected Boolean useResourceRoleMappings;

        @JsonProperty("bearer-only")
        protected Boolean bearerOnly;

        @JsonProperty("public-client")
        protected Boolean publicClient;

        @JsonProperty("credentials")
        protected Map<String, String> credentials;

        public Boolean isUseResourceRoleMappings() {
            return this.useResourceRoleMappings;
        }

        public void setUseResourceRoleMappings(Boolean bool) {
            this.useResourceRoleMappings = bool;
        }

        public String getResource() {
            return this.resource;
        }

        public void setResource(String str) {
            this.resource = str;
        }

        public Map<String, String> getCredentials() {
            return this.credentials;
        }

        public void setCredentials(Map<String, String> map) {
            this.credentials = map;
        }

        public Boolean getPublicClient() {
            return this.publicClient;
        }

        public void setPublicClient(Boolean bool) {
            this.publicClient = bool;
        }

        public Boolean getBearerOnly() {
            return this.bearerOnly;
        }

        public void setBearerOnly(Boolean bool) {
            this.bearerOnly = bool;
        }
    }

    public ClientManager(RealmManager realmManager) {
        this.realmManager = realmManager;
    }

    public ClientManager() {
    }

    public ClientModel createClient(RealmModel realmModel, String str) {
        return KeycloakModelUtils.createClient(realmModel, str);
    }

    public boolean removeClient(RealmModel realmModel, ClientModel clientModel) {
        if (!realmModel.removeClient(clientModel.getId())) {
            return false;
        }
        UserSessionProvider sessions = this.realmManager.getSession().sessions();
        if (sessions != null) {
            sessions.onClientRemoved(realmModel, clientModel);
        }
        UserModel userByServiceAccountClient = this.realmManager.getSession().users().getUserByServiceAccountClient(clientModel);
        if (userByServiceAccountClient == null) {
            return true;
        }
        this.realmManager.getSession().users().removeUser(realmModel, userByServiceAccountClient);
        return true;
    }

    public Set<String> validateRegisteredNodes(ClientModel clientModel) {
        Map registeredNodes = clientModel.getRegisteredNodes();
        if (registeredNodes == null || registeredNodes.isEmpty()) {
            return Collections.emptySet();
        }
        int currentTime = Time.currentTime();
        TreeSet treeSet = new TreeSet();
        if (clientModel.getNodeReRegistrationTimeout() > 0) {
            LinkedList linkedList = new LinkedList();
            for (Map.Entry entry : registeredNodes.entrySet()) {
                if (((Integer) entry.getValue()).intValue() + clientModel.getNodeReRegistrationTimeout() < currentTime) {
                    linkedList.add(entry.getKey());
                } else {
                    treeSet.add(entry.getKey());
                }
            }
            Iterator it = linkedList.iterator();
            while (it.hasNext()) {
                clientModel.unregisterNode((String) it.next());
            }
        } else {
            treeSet.addAll(registeredNodes.keySet());
        }
        return treeSet;
    }

    public void enableServiceAccount(ClientModel clientModel) {
        clientModel.setServiceAccountsEnabled(true);
        if (this.realmManager.getSession().users().getUserByServiceAccountClient(clientModel) == null) {
            String str = "service-account-" + clientModel.getClientId();
            this.logger.infof("Creating service account user '%s'", str);
            UserModel addUser = this.realmManager.getSession().userStorage().addUser(clientModel.getRealm(), str);
            addUser.setEnabled(true);
            addUser.setEmail(str + "@placeholder.org");
            addUser.setServiceAccountClientLink(clientModel.getId());
        }
        if (clientModel.getProtocolMapperByName(OIDCLoginProtocol.LOGIN_PROTOCOL, "Client ID") == null) {
            this.logger.debugf("Creating service account protocol mapper '%s' for client '%s'", "Client ID", clientModel.getClientId());
            clientModel.addProtocolMapper(UserSessionNoteMapper.createClaimMapper("Client ID", "clientId", "clientId", "String", false, "", true, true));
        }
        if (clientModel.getProtocolMapperByName(OIDCLoginProtocol.LOGIN_PROTOCOL, "Client Host") == null) {
            this.logger.debugf("Creating service account protocol mapper '%s' for client '%s'", "Client Host", clientModel.getClientId());
            clientModel.addProtocolMapper(UserSessionNoteMapper.createClaimMapper("Client Host", "clientHost", "clientHost", "String", false, "", true, true));
        }
        if (clientModel.getProtocolMapperByName(OIDCLoginProtocol.LOGIN_PROTOCOL, "Client IP Address") == null) {
            this.logger.debugf("Creating service account protocol mapper '%s' for client '%s'", "Client IP Address", clientModel.getClientId());
            clientModel.addProtocolMapper(UserSessionNoteMapper.createClaimMapper("Client IP Address", "clientAddress", "clientAddress", "String", false, "", true, true));
        }
    }

    public InstallationAdapterConfig toInstallationRepresentation(RealmModel realmModel, ClientModel clientModel, URI uri) {
        InstallationAdapterConfig installationAdapterConfig = new InstallationAdapterConfig();
        installationAdapterConfig.setAuthServerUrl(uri.toString());
        installationAdapterConfig.setRealm(realmModel.getName());
        installationAdapterConfig.setRealmKey(realmModel.getPublicKeyPem());
        installationAdapterConfig.setSslRequired(realmModel.getSslRequired().name().toLowerCase());
        if (clientModel.isPublicClient() && !clientModel.isBearerOnly()) {
            installationAdapterConfig.setPublicClient(true);
        }
        if (clientModel.isBearerOnly()) {
            installationAdapterConfig.setBearerOnly(true);
        }
        if (clientModel.getRoles().size() > 0) {
            installationAdapterConfig.setUseResourceRoleMappings(true);
        }
        installationAdapterConfig.setResource(clientModel.getClientId());
        if (!clientModel.isBearerOnly() && !clientModel.isPublicClient()) {
            HashMap hashMap = new HashMap();
            hashMap.put(RegistrationRecaptcha.SITE_SECRET, clientModel.getSecret());
            installationAdapterConfig.setCredentials(hashMap);
        }
        return installationAdapterConfig;
    }

    public String toJBossSubsystemConfig(RealmModel realmModel, ClientModel clientModel, URI uri) {
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append("<secure-deployment name=\"WAR MODULE NAME.war\">\n");
        stringBuffer.append("    <realm>").append(realmModel.getName()).append("</realm>\n");
        stringBuffer.append("    <realm-public-key>").append(realmModel.getPublicKeyPem()).append("</realm-public-key>\n");
        stringBuffer.append("    <auth-server-url>").append(uri.toString()).append("</auth-server-url>\n");
        if (clientModel.isBearerOnly()) {
            stringBuffer.append("    <bearer-only>true</bearer-only>\n");
        } else if (clientModel.isPublicClient()) {
            stringBuffer.append("    <public-client>true</public-client>\n");
        }
        stringBuffer.append("    <ssl-required>").append(realmModel.getSslRequired().name()).append("</ssl-required>\n");
        stringBuffer.append("    <resource>").append(clientModel.getClientId()).append("</resource>\n");
        String secret = clientModel.getSecret();
        if (!clientModel.isBearerOnly() && !clientModel.isPublicClient()) {
            stringBuffer.append("    <credential name=\"secret\">").append(secret).append("</credential>\n");
        }
        if (clientModel.getRoles().size() > 0) {
            stringBuffer.append("    <use-resource-role-mappings>true</use-resource-role-mappings>\n");
        }
        stringBuffer.append("</secure-deployment>\n");
        return stringBuffer.toString();
    }
}
