package org.keycloak.adapters.config;

import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.KeyStore;
import java.security.PublicKey;
import java.util.Map;
import javax.ws.rs.core.UriBuilder;
import org.codehaus.jackson.map.ObjectMapper;
import org.codehaus.jackson.map.annotate.JsonSerialize;
import org.jboss.resteasy.client.jaxrs.ResteasyClient;
import org.jboss.resteasy.client.jaxrs.ResteasyClientBuilder;
import org.jboss.resteasy.plugins.providers.RegisterBuiltin;
import org.jboss.resteasy.spi.ResteasyProviderFactory;
import org.keycloak.EnvUtil;
import org.keycloak.PemUtils;
import org.keycloak.RealmConfiguration;
import org.keycloak.ResourceMetadata;
import org.keycloak.representations.idm.PublishedRealmRepresentation;

/* loaded from: input_file:org/keycloak/adapters/config/ManagedResourceConfigLoader.class */
public class ManagedResourceConfigLoader {
    protected ManagedResourceConfig remoteSkeletonKeyConfig;
    protected ResourceMetadata resourceMetadata;
    protected KeyStore clientCertKeystore;
    protected KeyStore truststore;
    protected ResteasyClient client;
    protected RealmConfiguration realmConfiguration;

    public ManagedResourceConfigLoader() {
    }

    public ManagedResourceConfigLoader(InputStream inputStream) {
        loadConfig(inputStream);
    }

    public static KeyStore loadKeyStore(String str, String str2) throws Exception {
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        FileInputStream fileInputStream = new FileInputStream(new File(str));
        keyStore.load(fileInputStream, str2.toCharArray());
        fileInputStream.close();
        return keyStore;
    }

    public void init(boolean z) {
        String truststore = this.remoteSkeletonKeyConfig.getTruststore();
        if (truststore != null) {
            EnvUtil.replace(truststore);
            try {
                this.truststore = loadKeyStore(null, this.remoteSkeletonKeyConfig.getTruststorePassword());
            } catch (Exception e) {
                throw new RuntimeException("Failed to load truststore", e);
            }
        }
        String clientKeystore = this.remoteSkeletonKeyConfig.getClientKeystore();
        if (clientKeystore != null) {
            String replace = EnvUtil.replace(clientKeystore);
            String clientKeystorePassword = this.remoteSkeletonKeyConfig.getClientKeystorePassword();
            this.clientCertKeystore = null;
            try {
                this.clientCertKeystore = loadKeyStore(replace, clientKeystorePassword);
            } catch (Exception e2) {
                throw new RuntimeException("Failed to load keystore", e2);
            }
        }
        initClient();
        if (this.remoteSkeletonKeyConfig.getRealmUrl() != null) {
            try {
                PublishedRealmRepresentation publishedRealmRepresentation = (PublishedRealmRepresentation) this.client.target(this.remoteSkeletonKeyConfig.getRealmUrl()).request().get(PublishedRealmRepresentation.class);
                if (!z) {
                    this.client.close();
                }
                this.remoteSkeletonKeyConfig.setRealm(publishedRealmRepresentation.getRealm());
                this.remoteSkeletonKeyConfig.setAuthUrl(publishedRealmRepresentation.getAuthorizationUrl());
                this.remoteSkeletonKeyConfig.setCodeUrl(publishedRealmRepresentation.getCodeUrl());
                this.remoteSkeletonKeyConfig.setRealmKey(publishedRealmRepresentation.getPublicKeyPem());
                this.remoteSkeletonKeyConfig.setAdminRole(publishedRealmRepresentation.getAdminRole());
            } catch (Throwable th) {
                if (!z) {
                    this.client.close();
                }
                throw th;
            }
        }
        if (this.remoteSkeletonKeyConfig.getAdminRole() == null) {
            this.remoteSkeletonKeyConfig.setAdminRole("$REALM-ADMIN$");
        }
        String realm = this.remoteSkeletonKeyConfig.getRealm();
        if (realm == null) {
            throw new RuntimeException("Must set 'realm' in config");
        }
        String resource = this.remoteSkeletonKeyConfig.getResource();
        if (resource == null) {
            throw new RuntimeException("Must set 'resource' in config");
        }
        String realmKey = this.remoteSkeletonKeyConfig.getRealmKey();
        if (realmKey == null) {
            throw new IllegalArgumentException("You must set the realm-public-key");
        }
        try {
            PublicKey decodePublicKey = PemUtils.decodePublicKey(realmKey);
            this.resourceMetadata = new ResourceMetadata();
            this.resourceMetadata.setRealm(realm);
            this.resourceMetadata.setResourceName(resource);
            this.resourceMetadata.setRealmKey(decodePublicKey);
            this.resourceMetadata.setClientKeystore(this.clientCertKeystore);
            this.resourceMetadata.setClientKeyPassword(this.remoteSkeletonKeyConfig.getClientKeyPassword());
            this.resourceMetadata.setTruststore(this.truststore);
            if (!z || this.remoteSkeletonKeyConfig.isBearerOnly()) {
                return;
            }
            this.realmConfiguration = new RealmConfiguration();
            String authUrl = this.remoteSkeletonKeyConfig.getAuthUrl();
            if (authUrl == null) {
                throw new RuntimeException("You must specify auth-url");
            }
            String codeUrl = this.remoteSkeletonKeyConfig.getCodeUrl();
            if (codeUrl == null) {
                throw new RuntimeException("You mut specify code-url");
            }
            this.realmConfiguration.setMetadata(this.resourceMetadata);
            this.realmConfiguration.setSslRequired(!this.remoteSkeletonKeyConfig.isSslNotRequired());
            for (Map.Entry<String, String> entry : getRemoteSkeletonKeyConfig().getCredentials().entrySet()) {
                this.realmConfiguration.getResourceCredentials().param(entry.getKey(), entry.getValue());
            }
            ResteasyClient client = getClient();
            this.realmConfiguration.setClient(client);
            this.realmConfiguration.setAuthUrl(UriBuilder.fromUri(authUrl).queryParam("client_id", new Object[]{this.resourceMetadata.getResourceName()}));
            this.realmConfiguration.setCodeUrl(client.target(codeUrl));
        } catch (Exception e3) {
            throw new RuntimeException(e3);
        }
    }

    protected void initClient() {
        int i = 10;
        if (this.remoteSkeletonKeyConfig.getConnectionPoolSize() > 0) {
            i = this.remoteSkeletonKeyConfig.getConnectionPoolSize();
        }
        ResteasyClientBuilder.HostnameVerificationPolicy hostnameVerificationPolicy = ResteasyClientBuilder.HostnameVerificationPolicy.WILDCARD;
        if (this.remoteSkeletonKeyConfig.isAllowAnyHostname()) {
            hostnameVerificationPolicy = ResteasyClientBuilder.HostnameVerificationPolicy.ANY;
        }
        ResteasyProviderFactory resteasyProviderFactory = new ResteasyProviderFactory();
        ClassLoader contextClassLoader = Thread.currentThread().getContextClassLoader();
        Thread.currentThread().setContextClassLoader(ManagedResourceConfigLoader.class.getClassLoader());
        try {
            ResteasyProviderFactory.getInstance();
            RegisterBuiltin.register(resteasyProviderFactory);
            Thread.currentThread().setContextClassLoader(contextClassLoader);
            ResteasyClientBuilder keyStore = new ResteasyClientBuilder().providerFactory(resteasyProviderFactory).connectionPoolSize(i).hostnameVerification(hostnameVerificationPolicy).keyStore(this.clientCertKeystore, this.remoteSkeletonKeyConfig.getClientKeyPassword());
            if (this.remoteSkeletonKeyConfig.isDisableTrustManager()) {
                keyStore.disableTrustManager();
            } else {
                keyStore.trustStore(this.truststore);
            }
            this.client = keyStore.build();
        } catch (Throwable th) {
            Thread.currentThread().setContextClassLoader(contextClassLoader);
            throw th;
        }
    }

    public ManagedResourceConfig getRemoteSkeletonKeyConfig() {
        return this.remoteSkeletonKeyConfig;
    }

    public ResourceMetadata getResourceMetadata() {
        return this.resourceMetadata;
    }

    public ResteasyClient getClient() {
        return this.client;
    }

    public KeyStore getClientCertKeystore() {
        return this.clientCertKeystore;
    }

    public KeyStore getTruststore() {
        return this.truststore;
    }

    public RealmConfiguration getRealmConfiguration() {
        return this.realmConfiguration;
    }

    protected void loadConfig(InputStream inputStream) {
        ObjectMapper objectMapper = new ObjectMapper();
        objectMapper.setSerializationInclusion(JsonSerialize.Inclusion.NON_DEFAULT);
        this.remoteSkeletonKeyConfig = null;
        try {
            this.remoteSkeletonKeyConfig = (ManagedResourceConfig) objectMapper.readValue(inputStream, ManagedResourceConfig.class);
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }
}
