package org.jboss.resteasy.skeleton.key.idm.service;

import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import javax.ws.rs.Consumes;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriInfo;
import org.jboss.resteasy.skeleton.key.idm.IdentityManager;
import org.jboss.resteasy.skeleton.key.idm.model.data.Realm;
import org.jboss.resteasy.skeleton.key.idm.model.data.RequiredCredential;
import org.jboss.resteasy.skeleton.key.idm.model.data.Resource;
import org.jboss.resteasy.skeleton.key.idm.model.data.RoleMapping;
import org.jboss.resteasy.skeleton.key.idm.model.data.ScopeMapping;
import org.jboss.resteasy.skeleton.key.idm.model.data.User;
import org.jboss.resteasy.skeleton.key.idm.model.data.UserAttribute;
import org.jboss.resteasy.skeleton.key.idm.model.data.UserCredential;
import org.jboss.resteasy.skeleton.key.representations.idm.RealmRepresentation;
import org.jboss.resteasy.skeleton.key.representations.idm.RequiredCredentialRepresentation;
import org.jboss.resteasy.skeleton.key.representations.idm.ResourceRepresentation;
import org.jboss.resteasy.skeleton.key.representations.idm.RoleMappingRepresentation;
import org.jboss.resteasy.skeleton.key.representations.idm.ScopeMappingRepresentation;
import org.jboss.resteasy.skeleton.key.representations.idm.UserRepresentation;

@Path("/realms")
/* loaded from: input_file:WEB-INF/lib/skeleton-key-idp-3.0.0.Final.jar:org/jboss/resteasy/skeleton/key/idm/service/RealmFactory.class */
public class RealmFactory {
    protected IdentityManager identityManager;

    @Context
    protected UriInfo uriInfo;

    public RealmFactory(IdentityManager identityManager) {
        this.identityManager = identityManager;
    }

    @POST
    @Consumes({"application/json"})
    public Response importDomain(RealmRepresentation realmRepresentation) {
        Realm createRealm = createRealm(realmRepresentation);
        return Response.created(this.uriInfo.getRequestUriBuilder().path(createRealm.getId()).build(new Object[0])).entity(RealmResource.realmRep(createRealm, this.uriInfo)).type(MediaType.APPLICATION_JSON_TYPE).build();
    }

    protected Realm createRealm(RealmRepresentation realmRepresentation) {
        verifyRealmRepresentation(realmRepresentation);
        Realm realm = new Realm();
        try {
            KeyPair generateKeyPair = KeyPairGenerator.getInstance("RSA").generateKeyPair();
            realm.setPrivateKey(generateKeyPair.getPrivate());
            realm.setPublicKey(generateKeyPair.getPublic());
            realm.setName(realmRepresentation.getRealm());
            realm.setEnabled(realmRepresentation.isEnabled());
            realm.setTokenLifespan(realmRepresentation.getTokenLifespan());
            realm.setAccessCodeLifespan(realmRepresentation.getAccessCodeLifespan());
            realm.setSslNotRequired(realmRepresentation.isSslNotRequired());
            Realm create = this.identityManager.create(realm);
            HashMap hashMap = new HashMap();
            this.identityManager.create(create, "admin");
            for (RequiredCredentialRepresentation requiredCredentialRepresentation : realmRepresentation.getRequiredCredentials()) {
                RequiredCredential requiredCredential = new RequiredCredential();
                requiredCredential.setType(requiredCredentialRepresentation.getType());
                requiredCredential.setInput(requiredCredentialRepresentation.isInput());
                requiredCredential.setSecret(requiredCredentialRepresentation.isSecret());
                this.identityManager.create(create, requiredCredential);
            }
            for (UserRepresentation userRepresentation : realmRepresentation.getUsers()) {
                User user = new User();
                user.setUsername(userRepresentation.getUsername());
                user.setEnabled(userRepresentation.isEnabled());
                User create2 = this.identityManager.create(create, user);
                hashMap.put(create2.getUsername(), create2);
                if (userRepresentation.getCredentials() != null) {
                    for (UserRepresentation.Credential credential : userRepresentation.getCredentials()) {
                        UserCredential userCredential = new UserCredential();
                        userCredential.setType(credential.getType());
                        userCredential.setValue(credential.getValue());
                        userCredential.setHashed(credential.isHashed());
                        this.identityManager.create(create2, userCredential);
                    }
                }
                if (userRepresentation.getAttributes() != null) {
                    for (Map.Entry<String, String> entry : userRepresentation.getAttributes().entrySet()) {
                        UserAttribute userAttribute = new UserAttribute();
                        userAttribute.setName(entry.getKey());
                        userAttribute.setValue(entry.getValue());
                        this.identityManager.create(create2, userAttribute);
                    }
                }
            }
            for (RoleMappingRepresentation roleMappingRepresentation : realmRepresentation.getRoleMappings()) {
                RoleMapping createRoleMapping = createRoleMapping(hashMap, roleMappingRepresentation);
                this.identityManager.create(create, hashMap.get(roleMappingRepresentation.getUsername()), createRoleMapping);
            }
            for (ScopeMappingRepresentation scopeMappingRepresentation : realmRepresentation.getScopeMappings()) {
                ScopeMapping createScopeMapping = createScopeMapping(hashMap, scopeMappingRepresentation);
                this.identityManager.create(create, hashMap.get(scopeMappingRepresentation.getUsername()), createScopeMapping);
            }
            if (realmRepresentation.getResources() != null) {
                for (ResourceRepresentation resourceRepresentation : realmRepresentation.getResources()) {
                    Resource resource = new Resource();
                    resource.setName(resourceRepresentation.getName());
                    resource.setSurrogateAuthRequired(resourceRepresentation.isSurrogateAuthRequired());
                    Resource create3 = this.identityManager.create(create, resource);
                    if (resourceRepresentation.getRoles() != null) {
                        Iterator<String> it = resourceRepresentation.getRoles().iterator();
                        while (it.hasNext()) {
                            this.identityManager.create(create, create3, it.next());
                        }
                    }
                    if (resourceRepresentation.getRoleMappings() != null) {
                        for (RoleMappingRepresentation roleMappingRepresentation2 : resourceRepresentation.getRoleMappings()) {
                            RoleMapping createRoleMapping2 = createRoleMapping(hashMap, roleMappingRepresentation2);
                            this.identityManager.create(create, create3, hashMap.get(roleMappingRepresentation2.getUsername()), createRoleMapping2);
                        }
                    }
                    if (resourceRepresentation.getScopeMappings() != null) {
                        for (ScopeMappingRepresentation scopeMappingRepresentation2 : resourceRepresentation.getScopeMappings()) {
                            ScopeMapping createScopeMapping2 = createScopeMapping(hashMap, scopeMappingRepresentation2);
                            this.identityManager.create(create, create3, hashMap.get(scopeMappingRepresentation2.getUsername()), createScopeMapping2);
                        }
                    }
                }
            }
            return create;
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException(e);
        }
    }

    protected RoleMapping createRoleMapping(Map<String, User> map, RoleMappingRepresentation roleMappingRepresentation) {
        RoleMapping roleMapping = new RoleMapping();
        roleMapping.setUserid(map.get(roleMappingRepresentation.getUsername()).getId());
        if (roleMappingRepresentation.getSurrogates() != null) {
            Iterator<String> it = roleMappingRepresentation.getSurrogates().iterator();
            while (it.hasNext()) {
                roleMapping.getSurrogateIds().add(map.get(it.next()).getId());
            }
        }
        Iterator<String> it2 = roleMappingRepresentation.getRoles().iterator();
        while (it2.hasNext()) {
            roleMapping.getRoles().add(it2.next());
        }
        return roleMapping;
    }

    protected ScopeMapping createScopeMapping(Map<String, User> map, ScopeMappingRepresentation scopeMappingRepresentation) {
        ScopeMapping scopeMapping = new ScopeMapping();
        scopeMapping.setUserid(map.get(scopeMappingRepresentation.getUsername()).getId());
        Iterator<String> it = scopeMappingRepresentation.getRoles().iterator();
        while (it.hasNext()) {
            scopeMapping.getRoles().add(it.next());
        }
        return scopeMapping;
    }

    protected void verifyRealmRepresentation(RealmRepresentation realmRepresentation) {
        if (realmRepresentation.getUsers() == null) {
            throw new WebApplicationException(Response.status(Response.Status.BAD_REQUEST).entity("No realm admin users defined for realm").type("text/plain").build());
        }
        if (realmRepresentation.getRequiredCredentials() == null) {
            throw new WebApplicationException(Response.status(Response.Status.BAD_REQUEST).entity("Realm credential requirements not defined").type("text/plain").build());
        }
        if (realmRepresentation.getRoleMappings() == null) {
            throw new WebApplicationException(Response.status(Response.Status.BAD_REQUEST).entity("No realm admin users defined for realm").type("text/plain").build());
        }
        HashMap hashMap = new HashMap();
        for (UserRepresentation userRepresentation : realmRepresentation.getUsers()) {
            hashMap.put(userRepresentation.getUsername(), userRepresentation);
        }
        HashSet hashSet = new HashSet();
        for (RoleMappingRepresentation roleMappingRepresentation : realmRepresentation.getRoleMappings()) {
            if (!hashMap.containsKey(roleMappingRepresentation.getUsername())) {
                throw new WebApplicationException(Response.status(Response.Status.BAD_REQUEST).entity("No users declared for role mapping").type("text/plain").build());
            }
            Iterator<String> it = roleMappingRepresentation.getRoles().iterator();
            while (it.hasNext()) {
                if (!it.next().equals("admin")) {
                    throw new WebApplicationException(Response.status(Response.Status.BAD_REQUEST).entity("There is only an 'admin' role for realms").type("text/plain").build());
                }
                hashSet.add(hashMap.get(roleMappingRepresentation.getUsername()));
            }
        }
        if (hashSet.size() == 0) {
            throw new WebApplicationException(Response.status(Response.Status.BAD_REQUEST).entity("No realm admin users defined for realm").type("text/plain").build());
        }
        for (UserRepresentation userRepresentation2 : realmRepresentation.getUsers()) {
            if (!userRepresentation2.isEnabled()) {
                hashSet.remove(userRepresentation2);
            } else if (userRepresentation2.getCredentials() == null) {
                hashSet.remove(userRepresentation2);
                userRepresentation2.setEnabled(false);
            } else {
                boolean z = true;
                Iterator<RequiredCredentialRepresentation> it2 = realmRepresentation.getRequiredCredentials().iterator();
                while (true) {
                    if (!it2.hasNext()) {
                        break;
                    }
                    RequiredCredentialRepresentation next = it2.next();
                    boolean z2 = false;
                    Iterator<UserRepresentation.Credential> it3 = userRepresentation2.getCredentials().iterator();
                    while (true) {
                        if (it3.hasNext()) {
                            if (it3.next().getType().equals(next.getType())) {
                                z2 = true;
                                break;
                            }
                        } else {
                            break;
                        }
                    }
                    if (!z2) {
                        z = false;
                        break;
                    }
                }
                if (!z) {
                    userRepresentation2.setEnabled(false);
                    hashSet.remove(userRepresentation2);
                }
            }
        }
        if (hashSet.size() == 0) {
            throw new WebApplicationException(Response.status(Response.Status.BAD_REQUEST).entity("No realm admin users are enabled or have appropriate credentials").type("text/plain").build());
        }
        if (realmRepresentation.getResources() != null) {
            for (ResourceRepresentation resourceRepresentation : realmRepresentation.getResources()) {
                if (resourceRepresentation.getRoleMappings() != null) {
                    for (RoleMappingRepresentation roleMappingRepresentation2 : resourceRepresentation.getRoleMappings()) {
                        if (!hashMap.containsKey(roleMappingRepresentation2.getUsername())) {
                            throw new WebApplicationException(Response.status(Response.Status.BAD_REQUEST).entity("No users declared for role mapping").type("text/plain").build());
                        }
                        if (roleMappingRepresentation2.getSurrogates() != null) {
                            Iterator<String> it4 = roleMappingRepresentation2.getSurrogates().iterator();
                            while (it4.hasNext()) {
                                if (!hashMap.containsKey(it4.next())) {
                                    throw new WebApplicationException(Response.status(Response.Status.BAD_REQUEST).entity("No users declared for role mapping surrogate").type("text/plain").build());
                                }
                            }
                        }
                        Iterator<String> it5 = roleMappingRepresentation2.getRoles().iterator();
                        while (it5.hasNext()) {
                            if (!resourceRepresentation.getRoles().contains(it5.next())) {
                                throw new WebApplicationException(Response.status(Response.Status.BAD_REQUEST).entity("No resource role for role mapping").type("text/plain").build());
                            }
                        }
                    }
                }
            }
        }
    }
}
