package org.keycloak.services.managers;

import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import org.jboss.logging.Logger;
import org.keycloak.Config;
import org.keycloak.audit.log.JBossLoggingAuditListenerFactory;
import org.keycloak.enums.SslRequired;
import org.keycloak.exportimport.util.ImportUtils;
import org.keycloak.models.AccountRoles;
import org.keycloak.models.AdminRoles;
import org.keycloak.models.ApplicationModel;
import org.keycloak.models.BrowserSecurityHeaders;
import org.keycloak.models.Constants;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RealmProvider;
import org.keycloak.models.RoleModel;
import org.keycloak.models.UserFederationProviderModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.UserSessionProvider;
import org.keycloak.models.utils.KeycloakModelUtils;
import org.keycloak.models.utils.RepresentationToModel;
import org.keycloak.representations.idm.RealmAuditRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.timer.TimerProvider;

/* loaded from: input_file:WEB-INF/lib/keycloak-services-1.0-rc-1.jar:org/keycloak/services/managers/RealmManager.class */
public class RealmManager {
    protected static final Logger logger = Logger.getLogger((Class<?>) RealmManager.class);
    protected KeycloakSession session;
    protected RealmProvider model;
    protected String contextPath = "";

    public String getContextPath() {
        return this.contextPath;
    }

    public void setContextPath(String str) {
        this.contextPath = str;
    }

    public RealmManager(KeycloakSession keycloakSession) {
        this.session = keycloakSession;
        this.model = keycloakSession.realms();
    }

    public KeycloakSession getSession() {
        return this.session;
    }

    public RealmModel getKeycloakAdminstrationRealm() {
        return getRealm(Config.getAdminRealm());
    }

    public RealmModel getRealm(String str) {
        return this.model.getRealm(str);
    }

    public RealmModel getRealmByName(String str) {
        return this.model.getRealmByName(str);
    }

    public RealmModel createRealm(String str) {
        return createRealm(str, str);
    }

    public RealmModel createRealm(String str, String str2) {
        if (str == null) {
            str = KeycloakModelUtils.generateId();
        }
        RealmModel createRealm = this.model.createRealm(str, str2);
        createRealm.setName(str2);
        setupRealmDefaults(createRealm);
        setupMasterAdminManagement(createRealm);
        setupRealmAdminManagement(createRealm);
        setupAccountManagement(createRealm);
        setupAdminConsole(createRealm);
        createRealm.setAuditListeners(Collections.singleton(JBossLoggingAuditListenerFactory.ID));
        return createRealm;
    }

    protected void setupAdminConsole(RealmModel realmModel) {
        ApplicationModel applicationByName = realmModel.getApplicationByName(Constants.ADMIN_CONSOLE_APPLICATION);
        if (applicationByName == null) {
            applicationByName = new ApplicationManager(this).createApplication(realmModel, Constants.ADMIN_CONSOLE_APPLICATION);
        }
        String str = this.contextPath + "/admin/" + realmModel.getName() + "/console";
        applicationByName.setBaseUrl(str + "/index.html");
        applicationByName.setEnabled(true);
        applicationByName.setPublicClient(true);
        applicationByName.addRedirectUri(str + "/*");
        applicationByName.setFullScopeAllowed(false);
        applicationByName.addScopeMapping(realmModel.getName().equals(Config.getAdminRealm()) ? realmModel.getRole(AdminRoles.ADMIN) : realmModel.getApplicationByName(getRealmAdminApplicationName(realmModel)).getRole(AdminRoles.REALM_ADMIN));
    }

    public String getRealmAdminApplicationName(RealmModel realmModel) {
        return "realm-management";
    }

    protected void setupRealmDefaults(RealmModel realmModel) {
        realmModel.setBrowserSecurityHeaders(BrowserSecurityHeaders.defaultHeaders);
        realmModel.setBruteForceProtected(false);
        realmModel.setMaxFailureWaitSeconds(900);
        realmModel.setMinimumQuickLoginWaitSeconds(60);
        realmModel.setWaitIncrementSeconds(60);
        realmModel.setQuickLoginCheckMilliSeconds(1000L);
        realmModel.setMaxDeltaTimeSeconds(43200);
        realmModel.setFailureFactor(30);
        realmModel.setSslRequired(SslRequired.EXTERNAL);
    }

    public boolean removeRealm(RealmModel realmModel) {
        List<UserFederationProviderModel> userFederationProviders = realmModel.getUserFederationProviders();
        boolean removeRealm = this.model.removeRealm(realmModel.getId());
        if (removeRealm) {
            new ApplicationManager(this).removeApplication(getKeycloakAdminstrationRealm(), realmModel.getMasterAdminApp());
            UserSessionProvider sessions = this.session.sessions();
            if (sessions != null) {
                sessions.onRealmRemoved(realmModel);
            }
            UsersSyncManager usersSyncManager = new UsersSyncManager();
            Iterator<UserFederationProviderModel> it = userFederationProviders.iterator();
            while (it.hasNext()) {
                usersSyncManager.removePeriodicSyncForProvider((TimerProvider) this.session.getProvider(TimerProvider.class), it.next());
            }
        }
        return removeRealm;
    }

    public void updateRealmAudit(RealmAuditRepresentation realmAuditRepresentation, RealmModel realmModel) {
        realmModel.setAuditEnabled(realmAuditRepresentation.isAuditEnabled());
        realmModel.setAuditExpiration(realmAuditRepresentation.getAuditExpiration() != null ? realmAuditRepresentation.getAuditExpiration().longValue() : 0L);
        if (realmAuditRepresentation.getAuditListeners() != null) {
            realmModel.setAuditListeners(new HashSet(realmAuditRepresentation.getAuditListeners()));
        }
    }

    private void setupMasterAdminManagement(RealmModel realmModel) {
        ImportUtils.setupMasterAdminManagement(this.model, realmModel);
    }

    private void setupRealmAdminManagement(RealmModel realmModel) {
        if (realmModel.getName().equals(Config.getAdminRealm())) {
            return;
        }
        ApplicationManager applicationManager = new ApplicationManager(new RealmManager(this.session));
        String realmAdminApplicationName = getRealmAdminApplicationName(realmModel);
        ApplicationModel applicationByName = realmModel.getApplicationByName(realmAdminApplicationName);
        if (applicationByName == null) {
            applicationByName = applicationManager.createApplication(realmModel, realmAdminApplicationName);
        }
        RoleModel addRole = applicationByName.addRole(AdminRoles.REALM_ADMIN);
        applicationByName.setBearerOnly(true);
        applicationByName.setFullScopeAllowed(false);
        for (String str : AdminRoles.ALL_REALM_ROLES) {
            addRole.addCompositeRole(applicationByName.addRole(str));
        }
    }

    private void setupAccountManagement(RealmModel realmModel) {
        if (realmModel.getApplicationNameMap().get(Constants.ACCOUNT_MANAGEMENT_APP) == null) {
            ApplicationModel createApplication = new ApplicationManager(this).createApplication(realmModel, Constants.ACCOUNT_MANAGEMENT_APP);
            createApplication.setEnabled(true);
            createApplication.setFullScopeAllowed(false);
            String str = this.contextPath + "/realms/" + realmModel.getName() + "/account";
            createApplication.addRedirectUri(str + "/*");
            createApplication.setBaseUrl(str);
            for (String str2 : AccountRoles.ALL) {
                createApplication.addDefaultRole(str2);
            }
        }
    }

    public RealmModel importRealm(RealmRepresentation realmRepresentation) {
        String id = realmRepresentation.getId();
        if (id == null) {
            id = KeycloakModelUtils.generateId();
        }
        RealmModel createRealm = createRealm(id, realmRepresentation.getRealm());
        importRealm(realmRepresentation, createRealm);
        return createRealm;
    }

    public void importRealm(RealmRepresentation realmRepresentation, RealmModel realmModel) {
        RepresentationToModel.importRealm(this.session, realmRepresentation, realmModel);
        List<UserFederationProviderModel> userFederationProviders = realmModel.getUserFederationProviders();
        UsersSyncManager usersSyncManager = new UsersSyncManager();
        Iterator<UserFederationProviderModel> it = userFederationProviders.iterator();
        while (it.hasNext()) {
            usersSyncManager.refreshPeriodicSyncForProvider(this.session.getKeycloakSessionFactory(), (TimerProvider) this.session.getProvider(TimerProvider.class), it.next(), realmModel.getId());
        }
    }

    public List<UserModel> searchUsers(String str, RealmModel realmModel) {
        return str == null ? Collections.emptyList() : this.session.users().searchForUser(str.trim(), realmModel);
    }
}
