package org.keycloak.services.managers;

import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import org.jboss.logging.Logger;
import org.keycloak.Config;
import org.keycloak.enums.SslRequired;
import org.keycloak.events.log.JBossLoggingEventListenerProviderFactory;
import org.keycloak.exportimport.util.ImportUtils;
import org.keycloak.models.AccountRoles;
import org.keycloak.models.AdminRoles;
import org.keycloak.models.BrowserSecurityHeaders;
import org.keycloak.models.ClientModel;
import org.keycloak.models.Constants;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RealmProvider;
import org.keycloak.models.RoleModel;
import org.keycloak.models.UserFederationProviderModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.UserSessionProvider;
import org.keycloak.models.utils.KeycloakModelUtils;
import org.keycloak.models.utils.RepresentationToModel;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.idm.RealmEventsConfigRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.timer.TimerProvider;

/* loaded from: input_file:WEB-INF/lib/keycloak-services-1.2.0.Final.jar:org/keycloak/services/managers/RealmManager.class */
public class RealmManager {
    protected static final Logger logger = Logger.getLogger((Class<?>) RealmManager.class);
    protected KeycloakSession session;
    protected RealmProvider model;
    protected String contextPath = "";

    public String getContextPath() {
        return this.contextPath;
    }

    public void setContextPath(String str) {
        this.contextPath = str;
    }

    public RealmManager(KeycloakSession keycloakSession) {
        this.session = keycloakSession;
        this.model = keycloakSession.realms();
    }

    public KeycloakSession getSession() {
        return this.session;
    }

    public RealmModel getKeycloakAdminstrationRealm() {
        return getRealm(Config.getAdminRealm());
    }

    public RealmModel getRealm(String str) {
        return this.model.getRealm(str);
    }

    public RealmModel getRealmByName(String str) {
        return this.model.getRealmByName(str);
    }

    public RealmModel createRealm(String str) {
        return createRealm(str, str);
    }

    public RealmModel createRealm(String str, String str2) {
        if (str == null) {
            str = KeycloakModelUtils.generateId();
        }
        RealmModel createRealm = this.model.createRealm(str, str2);
        createRealm.setName(str2);
        setupRealmDefaults(createRealm);
        setupMasterAdminManagement(createRealm);
        setupRealmAdminManagement(createRealm);
        setupAccountManagement(createRealm);
        setupBrokerService(createRealm);
        setupAdminConsole(createRealm);
        return createRealm;
    }

    protected void setupAdminConsole(RealmModel realmModel) {
        ClientModel clientByClientId = realmModel.getClientByClientId(Constants.ADMIN_CONSOLE_CLIENT_ID);
        if (clientByClientId == null) {
            clientByClientId = new ClientManager(this).createClient(realmModel, Constants.ADMIN_CONSOLE_CLIENT_ID);
        }
        clientByClientId.setName("${client_security-admin-console}");
        String str = this.contextPath + "/admin/" + realmModel.getName() + "/console";
        clientByClientId.setBaseUrl(str + "/index.html");
        clientByClientId.setEnabled(true);
        clientByClientId.setPublicClient(true);
        clientByClientId.addRedirectUri(str + "/*");
        clientByClientId.setFullScopeAllowed(false);
        clientByClientId.addScopeMapping(realmModel.getName().equals(Config.getAdminRealm()) ? realmModel.getRole(AdminRoles.ADMIN) : realmModel.getClientByClientId(getRealmAdminClientId(realmModel)).getRole(AdminRoles.REALM_ADMIN));
    }

    public String getRealmAdminClientId(RealmModel realmModel) {
        return Constants.REALM_MANAGEMENT_CLIENT_ID;
    }

    public String getRealmAdminClientId(RealmRepresentation realmRepresentation) {
        return Constants.REALM_MANAGEMENT_CLIENT_ID;
    }

    protected void setupRealmDefaults(RealmModel realmModel) {
        realmModel.setBrowserSecurityHeaders(BrowserSecurityHeaders.defaultHeaders);
        realmModel.setBruteForceProtected(false);
        realmModel.setMaxFailureWaitSeconds(900);
        realmModel.setMinimumQuickLoginWaitSeconds(60);
        realmModel.setWaitIncrementSeconds(60);
        realmModel.setQuickLoginCheckMilliSeconds(1000L);
        realmModel.setMaxDeltaTimeSeconds(43200);
        realmModel.setFailureFactor(30);
        realmModel.setSslRequired(SslRequired.EXTERNAL);
        realmModel.setEventsListeners(Collections.singleton(JBossLoggingEventListenerProviderFactory.ID));
    }

    public boolean removeRealm(RealmModel realmModel) {
        List<UserFederationProviderModel> userFederationProviders = realmModel.getUserFederationProviders();
        boolean removeRealm = this.model.removeRealm(realmModel.getId());
        if (removeRealm) {
            new ClientManager(this).removeClient(getKeycloakAdminstrationRealm(), realmModel.getMasterAdminClient());
            UserSessionProvider sessions = this.session.sessions();
            if (sessions != null) {
                sessions.onRealmRemoved(realmModel);
            }
            UsersSyncManager usersSyncManager = new UsersSyncManager();
            Iterator<UserFederationProviderModel> it = userFederationProviders.iterator();
            while (it.hasNext()) {
                usersSyncManager.removePeriodicSyncForProvider((TimerProvider) this.session.getProvider(TimerProvider.class), it.next());
            }
        }
        return removeRealm;
    }

    public void updateRealmEventsConfig(RealmEventsConfigRepresentation realmEventsConfigRepresentation, RealmModel realmModel) {
        realmModel.setEventsEnabled(realmEventsConfigRepresentation.isEventsEnabled());
        realmModel.setEventsExpiration(realmEventsConfigRepresentation.getEventsExpiration() != null ? realmEventsConfigRepresentation.getEventsExpiration().longValue() : 0L);
        if (realmEventsConfigRepresentation.getEventsListeners() != null) {
            realmModel.setEventsListeners(new HashSet(realmEventsConfigRepresentation.getEventsListeners()));
        }
        if (realmEventsConfigRepresentation.getEnabledEventTypes() != null) {
            realmModel.setEnabledEventTypes(new HashSet(realmEventsConfigRepresentation.getEnabledEventTypes()));
        }
    }

    private void setupMasterAdminManagement(RealmModel realmModel) {
        ImportUtils.setupMasterAdminManagement(this.model, realmModel);
    }

    private void setupRealmAdminManagement(RealmModel realmModel) {
        if (realmModel.getName().equals(Config.getAdminRealm())) {
            return;
        }
        ClientManager clientManager = new ClientManager(new RealmManager(this.session));
        String realmAdminClientId = getRealmAdminClientId(realmModel);
        ClientModel clientByClientId = realmModel.getClientByClientId(realmAdminClientId);
        if (clientByClientId == null) {
            clientByClientId = clientManager.createClient(realmModel, realmAdminClientId);
            clientByClientId.setName("${client_" + realmAdminClientId + "}");
        }
        RoleModel addRole = clientByClientId.addRole(AdminRoles.REALM_ADMIN);
        addRole.setDescription("${role_" + AdminRoles.REALM_ADMIN + "}");
        clientByClientId.setBearerOnly(true);
        clientByClientId.setFullScopeAllowed(false);
        for (String str : AdminRoles.ALL_REALM_ROLES) {
            RoleModel addRole2 = clientByClientId.addRole(str);
            addRole2.setDescription("${role_" + str + "}");
            addRole.addCompositeRole(addRole2);
        }
    }

    private void setupAccountManagement(RealmModel realmModel) {
        if (realmModel.getClientNameMap().get(Constants.ACCOUNT_MANAGEMENT_CLIENT_ID) == null) {
            ClientModel createClient = new ClientManager(this).createClient(realmModel, Constants.ACCOUNT_MANAGEMENT_CLIENT_ID);
            createClient.setName("${client_account}");
            createClient.setEnabled(true);
            createClient.setFullScopeAllowed(false);
            String str = this.contextPath + "/realms/" + realmModel.getName() + "/account";
            createClient.addRedirectUri(str + "/*");
            createClient.setBaseUrl(str);
            for (String str2 : AccountRoles.ALL) {
                createClient.addDefaultRole(str2);
                createClient.getRole(str2).setDescription("${role_" + str2 + "}");
            }
        }
    }

    public void setupBrokerService(RealmModel realmModel) {
        if (realmModel.getClientNameMap().get(Constants.BROKER_SERVICE_CLIENT_ID) == null) {
            ClientModel createClient = new ClientManager(this).createClient(realmModel, Constants.BROKER_SERVICE_CLIENT_ID);
            createClient.setEnabled(true);
            createClient.setName("${client_broker}");
            createClient.setFullScopeAllowed(false);
            for (String str : Constants.BROKER_SERVICE_ROLES) {
                createClient.addRole(str).setDescription("${role_" + str.toLowerCase().replaceAll("_", "-") + "}");
            }
        }
    }

    public RealmModel importRealm(RealmRepresentation realmRepresentation) {
        String id = realmRepresentation.getId();
        if (id == null) {
            id = KeycloakModelUtils.generateId();
        }
        RealmModel createRealm = this.model.createRealm(id, realmRepresentation.getRealm());
        createRealm.setName(realmRepresentation.getRealm());
        setupRealmDefaults(createRealm);
        setupMasterAdminManagement(createRealm);
        if (!hasRealmAdminManagementClient(realmRepresentation)) {
            setupRealmAdminManagement(createRealm);
        }
        if (!hasAccountManagementClient(realmRepresentation)) {
            setupAccountManagement(createRealm);
        }
        if (!hasBrokerClient(realmRepresentation)) {
            setupBrokerService(createRealm);
        }
        if (!hasAdminConsoleClient(realmRepresentation)) {
            setupAdminConsole(createRealm);
        }
        RepresentationToModel.importRealm(this.session, realmRepresentation, createRealm);
        List<UserFederationProviderModel> userFederationProviders = createRealm.getUserFederationProviders();
        UsersSyncManager usersSyncManager = new UsersSyncManager();
        Iterator<UserFederationProviderModel> it = userFederationProviders.iterator();
        while (it.hasNext()) {
            usersSyncManager.refreshPeriodicSyncForProvider(this.session.getKeycloakSessionFactory(), (TimerProvider) this.session.getProvider(TimerProvider.class), it.next(), createRealm.getId());
        }
        return createRealm;
    }

    private boolean hasRealmAdminManagementClient(RealmRepresentation realmRepresentation) {
        if (realmRepresentation.getClients() == null) {
            return false;
        }
        Iterator<ClientRepresentation> it = realmRepresentation.getClients().iterator();
        while (it.hasNext()) {
            if (it.next().getClientId().equals(getRealmAdminClientId(realmRepresentation))) {
                return true;
            }
        }
        return false;
    }

    private boolean hasAccountManagementClient(RealmRepresentation realmRepresentation) {
        if (realmRepresentation.getClients() == null) {
            return false;
        }
        Iterator<ClientRepresentation> it = realmRepresentation.getClients().iterator();
        while (it.hasNext()) {
            if (it.next().getClientId().equals(Constants.ACCOUNT_MANAGEMENT_CLIENT_ID)) {
                return true;
            }
        }
        return false;
    }

    private boolean hasBrokerClient(RealmRepresentation realmRepresentation) {
        if (realmRepresentation.getClients() == null) {
            return false;
        }
        Iterator<ClientRepresentation> it = realmRepresentation.getClients().iterator();
        while (it.hasNext()) {
            if (it.next().getClientId().equals(Constants.BROKER_SERVICE_CLIENT_ID)) {
                return true;
            }
        }
        return false;
    }

    private boolean hasAdminConsoleClient(RealmRepresentation realmRepresentation) {
        if (realmRepresentation.getClients() == null) {
            return false;
        }
        Iterator<ClientRepresentation> it = realmRepresentation.getClients().iterator();
        while (it.hasNext()) {
            if (it.next().getClientId().equals(Constants.ADMIN_CONSOLE_CLIENT_ID)) {
                return true;
            }
        }
        return false;
    }

    public List<UserModel> searchUsers(String str, RealmModel realmModel) {
        return str == null ? Collections.emptyList() : this.session.users().searchForUser(str.trim(), realmModel);
    }
}
