package org.keycloak.services.managers;

import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.jboss.resteasy.logging.Logger;
import org.keycloak.models.ApplicationModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.OAuthClientModel;
import org.keycloak.models.PasswordPolicy;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleModel;
import org.keycloak.models.SocialLinkModel;
import org.keycloak.models.UserCredentialModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.utils.KeycloakModelUtils;
import org.keycloak.representations.idm.ApplicationRepresentation;
import org.keycloak.representations.idm.CredentialRepresentation;
import org.keycloak.representations.idm.OAuthClientRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.RoleRepresentation;
import org.keycloak.representations.idm.ScopeMappingRepresentation;
import org.keycloak.representations.idm.SocialLinkRepresentation;
import org.keycloak.representations.idm.SocialMappingRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.representations.idm.UserRoleMappingRepresentation;

/* loaded from: input_file:org/keycloak/services/managers/RealmManager.class */
public class RealmManager {
    protected static final Logger logger = Logger.getLogger(RealmManager.class);
    protected KeycloakSession identitySession;

    public RealmManager(KeycloakSession keycloakSession) {
        this.identitySession = keycloakSession;
    }

    public RealmModel getKeycloakAdminstrationRealm() {
        return getRealm("keycloak-admin");
    }

    public RealmModel getRealm(String str) {
        return this.identitySession.getRealm(str);
    }

    public RealmModel getRealmByName(String str) {
        return this.identitySession.getRealmByName(str);
    }

    public RealmModel createRealm(String str) {
        return createRealm(str, str);
    }

    public RealmModel createRealm(String str, String str2) {
        if (str == null) {
            str = KeycloakModelUtils.generateId();
        }
        RealmModel createRealm = this.identitySession.createRealm(str, str2);
        createRealm.setName(str2);
        createRealm.addRole("KEYCLOAK__APPLICATION");
        createRealm.addRole("KEYCLOAK__IDENTITY_REQUESTER");
        setupAccountManagement(createRealm);
        createRealm.addRequiredOAuthClientCredential("secret");
        createRealm.addRequiredResourceCredential("secret");
        return createRealm;
    }

    public void generateRealmKeys(RealmModel realmModel) {
        try {
            KeyPair generateKeyPair = KeyPairGenerator.getInstance("RSA").generateKeyPair();
            realmModel.setPrivateKey(generateKeyPair.getPrivate());
            realmModel.setPublicKey(generateKeyPair.getPublic());
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException(e);
        }
    }

    public void updateRealm(RealmRepresentation realmRepresentation, RealmModel realmModel) {
        if (realmRepresentation.getRealm() != null) {
            logger.info("Updating realm name to " + realmRepresentation.getRealm());
            realmModel.setName(realmRepresentation.getRealm());
        }
        if (realmRepresentation.isEnabled() != null) {
            realmModel.setEnabled(realmRepresentation.isEnabled().booleanValue());
        }
        if (realmRepresentation.isSocial() != null) {
            realmModel.setSocial(realmRepresentation.isSocial().booleanValue());
        }
        if (realmRepresentation.isRegistrationAllowed() != null) {
            realmModel.setRegistrationAllowed(realmRepresentation.isRegistrationAllowed().booleanValue());
        }
        if (realmRepresentation.isVerifyEmail() != null) {
            realmModel.setVerifyEmail(realmRepresentation.isVerifyEmail().booleanValue());
        }
        if (realmRepresentation.isResetPasswordAllowed() != null) {
            realmModel.setResetPasswordAllowed(realmRepresentation.isResetPasswordAllowed().booleanValue());
        }
        if (realmRepresentation.isUpdateProfileOnInitialSocialLogin() != null) {
            realmModel.setUpdateProfileOnInitialSocialLogin(realmRepresentation.isUpdateProfileOnInitialSocialLogin().booleanValue());
        }
        if (realmRepresentation.isSslNotRequired() != null) {
            realmModel.setSslNotRequired(realmRepresentation.isSslNotRequired().booleanValue());
        }
        if (realmRepresentation.getAccessCodeLifespan() != null) {
            realmModel.setAccessCodeLifespan(realmRepresentation.getAccessCodeLifespan().intValue());
        }
        if (realmRepresentation.getAccessCodeLifespanUserAction() != null) {
            realmModel.setAccessCodeLifespanUserAction(realmRepresentation.getAccessCodeLifespanUserAction().intValue());
        }
        if (realmRepresentation.getTokenLifespan() != null) {
            realmModel.setTokenLifespan(realmRepresentation.getTokenLifespan().intValue());
        }
        if (realmRepresentation.getRequiredCredentials() != null) {
            realmModel.updateRequiredCredentials(realmRepresentation.getRequiredCredentials());
        }
        realmModel.setLoginTheme(realmRepresentation.getLoginTheme());
        realmModel.setAccountTheme(realmRepresentation.getAccountTheme());
        realmModel.setPasswordPolicy(new PasswordPolicy(realmRepresentation.getPasswordPolicy()));
        if (realmRepresentation.getDefaultRoles() != null) {
            realmModel.updateDefaultRoles((String[]) realmRepresentation.getDefaultRoles().toArray(new String[realmRepresentation.getDefaultRoles().size()]));
        }
        if (realmRepresentation.getSmtpServer() != null) {
            realmModel.setSmtpConfig(new HashMap(realmRepresentation.getSmtpServer()));
        }
        if (realmRepresentation.getSocialProviders() != null) {
            realmModel.setSocialConfig(new HashMap(realmRepresentation.getSocialProviders()));
        }
        if ("GENERATE".equals(realmRepresentation.getPublicKey())) {
            generateRealmKeys(realmModel);
        }
    }

    private void setupAccountManagement(RealmModel realmModel) {
        if (((ApplicationModel) realmModel.getApplicationNameMap().get("account")) == null) {
            ApplicationModel createApplication = new ApplicationManager(this).createApplication(realmModel, "account");
            createApplication.setEnabled(true);
            createApplication.addDefaultRole("view-profile");
            createApplication.addDefaultRole("manage-account");
        }
    }

    public RealmModel importRealm(RealmRepresentation realmRepresentation, UserModel userModel) {
        String id = realmRepresentation.getId();
        if (id == null) {
            id = KeycloakModelUtils.generateId();
        }
        RealmModel createRealm = createRealm(id, realmRepresentation.getRealm());
        importRealm(realmRepresentation, createRealm);
        return createRealm;
    }

    public void importRealm(RealmRepresentation realmRepresentation, RealmModel realmModel) {
        realmModel.setName(realmRepresentation.getRealm());
        if (realmRepresentation.isEnabled() != null) {
            realmModel.setEnabled(realmRepresentation.isEnabled().booleanValue());
        }
        if (realmRepresentation.isSocial() != null) {
            realmModel.setSocial(realmRepresentation.isSocial().booleanValue());
        }
        if (realmRepresentation.getTokenLifespan() != null) {
            realmModel.setTokenLifespan(realmRepresentation.getTokenLifespan().intValue());
        } else {
            realmModel.setTokenLifespan(300);
        }
        if (realmRepresentation.getAccessCodeLifespan() != null) {
            realmModel.setAccessCodeLifespan(realmRepresentation.getAccessCodeLifespan().intValue());
        } else {
            realmModel.setAccessCodeLifespan(60);
        }
        if (realmRepresentation.getAccessCodeLifespanUserAction() != null) {
            realmModel.setAccessCodeLifespanUserAction(realmRepresentation.getAccessCodeLifespanUserAction().intValue());
        } else {
            realmModel.setAccessCodeLifespanUserAction(300);
        }
        if (realmRepresentation.isSslNotRequired() != null) {
            realmModel.setSslNotRequired(realmRepresentation.isSslNotRequired().booleanValue());
        }
        if (realmRepresentation.isRegistrationAllowed() != null) {
            realmModel.setRegistrationAllowed(realmRepresentation.isRegistrationAllowed().booleanValue());
        }
        if (realmRepresentation.isVerifyEmail() != null) {
            realmModel.setVerifyEmail(realmRepresentation.isVerifyEmail().booleanValue());
        }
        if (realmRepresentation.isResetPasswordAllowed() != null) {
            realmModel.setResetPasswordAllowed(realmRepresentation.isResetPasswordAllowed().booleanValue());
        }
        if (realmRepresentation.isUpdateProfileOnInitialSocialLogin() != null) {
            realmModel.setUpdateProfileOnInitialSocialLogin(realmRepresentation.isUpdateProfileOnInitialSocialLogin().booleanValue());
        }
        if (realmRepresentation.getPrivateKey() == null || realmRepresentation.getPublicKey() == null) {
            generateRealmKeys(realmModel);
        } else {
            realmModel.setPrivateKeyPem(realmRepresentation.getPrivateKey());
            realmModel.setPublicKeyPem(realmRepresentation.getPublicKey());
        }
        realmModel.setLoginTheme(realmRepresentation.getLoginTheme());
        realmModel.setAccountTheme(realmRepresentation.getAccountTheme());
        HashMap hashMap = new HashMap();
        if (realmRepresentation.getRequiredCredentials() != null) {
            Iterator it = realmRepresentation.getRequiredCredentials().iterator();
            while (it.hasNext()) {
                addRequiredCredential(realmModel, (String) it.next());
            }
        } else {
            addRequiredCredential(realmModel, "password");
        }
        realmModel.setPasswordPolicy(new PasswordPolicy(realmRepresentation.getPasswordPolicy()));
        if (realmRepresentation.getUsers() != null) {
            Iterator it2 = realmRepresentation.getUsers().iterator();
            while (it2.hasNext()) {
                UserModel createUser = createUser(realmModel, (UserRepresentation) it2.next());
                hashMap.put(createUser.getLoginName(), createUser);
            }
        }
        if (realmRepresentation.getApplications() != null) {
            for (ApplicationModel applicationModel : createApplications(realmRepresentation, realmModel).values()) {
                hashMap.put(applicationModel.getApplicationUser().getLoginName(), applicationModel.getApplicationUser());
            }
        }
        if (realmRepresentation.getRoles() != null) {
            if (realmRepresentation.getRoles().getRealm() != null) {
                Iterator it3 = realmRepresentation.getRoles().getRealm().iterator();
                while (it3.hasNext()) {
                    createRole(realmModel, (RoleRepresentation) it3.next());
                }
            }
            if (realmRepresentation.getRoles().getApplication() != null) {
                for (Map.Entry entry : realmRepresentation.getRoles().getApplication().entrySet()) {
                    ApplicationModel applicationByName = realmModel.getApplicationByName((String) entry.getKey());
                    if (applicationByName == null) {
                        throw new RuntimeException("App doesn't exist in role definitions: " + ((String) entry.getKey()));
                    }
                    for (RoleRepresentation roleRepresentation : (List) entry.getValue()) {
                        applicationByName.addRole(roleRepresentation.getName()).setDescription(roleRepresentation.getDescription());
                    }
                }
            }
            if (realmRepresentation.getRoles().getRealm() != null) {
                for (RoleRepresentation roleRepresentation2 : realmRepresentation.getRoles().getRealm()) {
                    addComposites(realmModel.getRole(roleRepresentation2.getName()), roleRepresentation2, realmModel);
                }
            }
            if (realmRepresentation.getRoles().getApplication() != null) {
                for (Map.Entry entry2 : realmRepresentation.getRoles().getApplication().entrySet()) {
                    ApplicationModel applicationByName2 = realmModel.getApplicationByName((String) entry2.getKey());
                    if (applicationByName2 == null) {
                        throw new RuntimeException("App doesn't exist in role definitions: " + ((String) entry2.getKey()));
                    }
                    for (RoleRepresentation roleRepresentation3 : (List) entry2.getValue()) {
                        addComposites(applicationByName2.getRole(roleRepresentation3.getName()), roleRepresentation3, realmModel);
                    }
                }
            }
        }
        if (realmRepresentation.getDefaultRoles() != null) {
            Iterator it4 = realmRepresentation.getDefaultRoles().iterator();
            while (it4.hasNext()) {
                realmModel.addDefaultRole(((String) it4.next()).trim());
            }
        }
        if (realmRepresentation.getOauthClients() != null) {
            for (OAuthClientModel oAuthClientModel : createOAuthClients(realmRepresentation, realmModel).values()) {
                hashMap.put(oAuthClientModel.getOAuthAgent().getLoginName(), oAuthClientModel.getOAuthAgent());
            }
        }
        Map applicationNameMap = realmModel.getApplicationNameMap();
        if (realmRepresentation.getApplicationRoleMappings() != null) {
            ApplicationManager applicationManager = new ApplicationManager(this);
            for (Map.Entry entry3 : realmRepresentation.getApplicationRoleMappings().entrySet()) {
                ApplicationModel applicationModel2 = (ApplicationModel) applicationNameMap.get(entry3.getKey());
                if (applicationModel2 == null) {
                    throw new RuntimeException("Unable to find application role mappings for app: " + ((String) entry3.getKey()));
                }
                applicationManager.createRoleMappings(realmModel, applicationModel2, (List) entry3.getValue());
            }
        }
        if (realmRepresentation.getApplicationScopeMappings() != null) {
            ApplicationManager applicationManager2 = new ApplicationManager(this);
            for (Map.Entry entry4 : realmRepresentation.getApplicationScopeMappings().entrySet()) {
                ApplicationModel applicationModel3 = (ApplicationModel) applicationNameMap.get(entry4.getKey());
                if (applicationModel3 == null) {
                    throw new RuntimeException("Unable to find application role mappings for app: " + ((String) entry4.getKey()));
                }
                applicationManager2.createScopeMappings(realmModel, applicationModel3, (List) entry4.getValue());
            }
        }
        if (realmRepresentation.getRoleMappings() != null) {
            for (UserRoleMappingRepresentation userRoleMappingRepresentation : realmRepresentation.getRoleMappings()) {
                UserModel userModel = (UserModel) hashMap.get(userRoleMappingRepresentation.getUsername());
                for (String str : userRoleMappingRepresentation.getRoles()) {
                    RoleModel role = realmModel.getRole(str.trim());
                    if (role == null) {
                        role = realmModel.addRole(str.trim());
                    }
                    realmModel.grantRole(userModel, role);
                }
            }
        }
        if (realmRepresentation.getScopeMappings() != null) {
            for (ScopeMappingRepresentation scopeMappingRepresentation : realmRepresentation.getScopeMappings()) {
                for (String str2 : scopeMappingRepresentation.getRoles()) {
                    RoleModel role2 = realmModel.getRole(str2.trim());
                    if (role2 == null) {
                        role2 = realmModel.addRole(str2.trim());
                    }
                    realmModel.addScopeMapping((UserModel) hashMap.get(scopeMappingRepresentation.getUsername()), role2);
                }
            }
        }
        if (realmRepresentation.getSocialMappings() != null) {
            for (SocialMappingRepresentation socialMappingRepresentation : realmRepresentation.getSocialMappings()) {
                UserModel userModel2 = (UserModel) hashMap.get(socialMappingRepresentation.getUsername());
                for (SocialLinkRepresentation socialLinkRepresentation : socialMappingRepresentation.getSocialLinks()) {
                    realmModel.addSocialLink(userModel2, new SocialLinkModel(socialLinkRepresentation.getSocialProvider(), socialLinkRepresentation.getSocialUsername()));
                }
            }
        }
        if (realmRepresentation.getSmtpServer() != null) {
            realmModel.setSmtpConfig(new HashMap(realmRepresentation.getSmtpServer()));
        }
        if (realmRepresentation.getSocialProviders() != null) {
            realmModel.setSocialConfig(new HashMap(realmRepresentation.getSocialProviders()));
        }
    }

    public void addComposites(RoleModel roleModel, RoleRepresentation roleRepresentation, RealmModel realmModel) {
        if (roleRepresentation.getComposites() == null) {
            return;
        }
        if (roleRepresentation.getComposites().getRealm() != null) {
            for (String str : roleRepresentation.getComposites().getRealm()) {
                RoleModel role = realmModel.getRole(str);
                if (role == null) {
                    throw new RuntimeException("Unable to find composite realm role: " + str);
                }
                roleModel.addCompositeRole(role);
            }
        }
        if (roleRepresentation.getComposites().getApplication() != null) {
            for (Map.Entry entry : roleRepresentation.getComposites().getApplication().entrySet()) {
                ApplicationModel applicationByName = realmModel.getApplicationByName((String) entry.getKey());
                if (applicationByName == null) {
                    throw new RuntimeException("App doesn't exist in role definitions: " + roleRepresentation.getName());
                }
                for (String str2 : (List) entry.getValue()) {
                    RoleModel role2 = applicationByName.getRole(str2);
                    if (role2 == null) {
                        throw new RuntimeException("Unable to find composite app role: " + str2);
                    }
                    roleModel.addCompositeRole(role2);
                }
            }
        }
    }

    public void createRole(RealmModel realmModel, RoleRepresentation roleRepresentation) {
        RoleModel addRole = realmModel.addRole(roleRepresentation.getName());
        if (roleRepresentation.getDescription() != null) {
            addRole.setDescription(roleRepresentation.getDescription());
        }
    }

    public void createRole(RealmModel realmModel, ApplicationModel applicationModel, RoleRepresentation roleRepresentation) {
        RoleModel addRole = applicationModel.addRole(roleRepresentation.getName());
        if (roleRepresentation.getDescription() != null) {
            addRole.setDescription(roleRepresentation.getDescription());
        }
    }

    public UserModel createUser(RealmModel realmModel, UserRepresentation userRepresentation) {
        UserModel addUser = realmModel.addUser(userRepresentation.getUsername());
        addUser.setEnabled(userRepresentation.isEnabled());
        addUser.setEmail(userRepresentation.getEmail());
        if (userRepresentation.getAttributes() != null) {
            for (Map.Entry entry : userRepresentation.getAttributes().entrySet()) {
                addUser.setAttribute((String) entry.getKey(), (String) entry.getValue());
            }
        }
        if (userRepresentation.getRequiredActions() != null) {
            Iterator it = userRepresentation.getRequiredActions().iterator();
            while (it.hasNext()) {
                addUser.addRequiredAction(UserModel.RequiredAction.valueOf((String) it.next()));
            }
        }
        if (userRepresentation.getCredentials() != null) {
            Iterator it2 = userRepresentation.getCredentials().iterator();
            while (it2.hasNext()) {
                realmModel.updateCredential(addUser, fromRepresentation((CredentialRepresentation) it2.next()));
            }
        }
        return addUser;
    }

    public static UserCredentialModel fromRepresentation(CredentialRepresentation credentialRepresentation) {
        UserCredentialModel userCredentialModel = new UserCredentialModel();
        userCredentialModel.setType(credentialRepresentation.getType());
        userCredentialModel.setValue(credentialRepresentation.getValue());
        return userCredentialModel;
    }

    public List<UserModel> searchUsers(String str, RealmModel realmModel) {
        return str == null ? Collections.emptyList() : realmModel.searchForUser(str.trim());
    }

    public void addRequiredCredential(RealmModel realmModel, String str) {
        realmModel.addRequiredCredential(str);
    }

    public void addResourceRequiredCredential(RealmModel realmModel, String str) {
        realmModel.addRequiredResourceCredential(str);
    }

    public void addOAuthClientRequiredCredential(RealmModel realmModel, String str) {
        realmModel.addRequiredOAuthClientCredential(str);
    }

    protected Map<String, ApplicationModel> createApplications(RealmRepresentation realmRepresentation, RealmModel realmModel) {
        HashMap hashMap = new HashMap();
        RoleModel role = realmModel.getRole("KEYCLOAK__APPLICATION");
        ApplicationManager applicationManager = new ApplicationManager(this);
        Iterator it = realmRepresentation.getApplications().iterator();
        while (it.hasNext()) {
            ApplicationModel createApplication = applicationManager.createApplication(realmModel, role, (ApplicationRepresentation) it.next());
            hashMap.put(createApplication.getName(), createApplication);
        }
        return hashMap;
    }

    protected Map<String, OAuthClientModel> createOAuthClients(RealmRepresentation realmRepresentation, RealmModel realmModel) {
        HashMap hashMap = new HashMap();
        OAuthClientManager oAuthClientManager = new OAuthClientManager(realmModel);
        Iterator it = realmRepresentation.getOauthClients().iterator();
        while (it.hasNext()) {
            OAuthClientModel create = oAuthClientManager.create((OAuthClientRepresentation) it.next());
            hashMap.put(create.getOAuthAgent().getLoginName(), create);
        }
        return hashMap;
    }
}
