package io.fabric8.quickstarts.camel.bridge.security;

import java.net.URI;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import javax.net.ssl.HostnameVerifier;
import org.apache.cxf.rt.security.claims.Claim;
import org.apache.cxf.rt.security.claims.ClaimCollection;
import org.apache.cxf.sts.claims.ClaimsHandler;
import org.apache.cxf.sts.claims.ClaimsParameters;
import org.apache.cxf.sts.claims.ProcessedClaim;
import org.apache.cxf.sts.claims.ProcessedClaimCollection;
import org.jboss.resteasy.client.jaxrs.ResteasyClientBuilder;
import org.keycloak.adapters.authorization.util.KeycloakSecurityContextPlaceHolderResolver;
import org.keycloak.admin.client.Keycloak;
import org.keycloak.admin.client.KeycloakBuilder;
import org.keycloak.representations.idm.RoleRepresentation;
import org.keycloak.representations.idm.UserRepresentation;

/* loaded from: input_file:BOOT-INF/classes/io/fabric8/quickstarts/camel/bridge/security/KeycloakRolesClaimsHandler.class */
public class KeycloakRolesClaimsHandler implements ClaimsHandler {
    public static final URI ROLE = URI.create("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role");
    private String address;
    private String realm;
    private String adminUser;
    private String adminPassword;

    @Override // org.apache.cxf.sts.claims.ClaimsHandler
    public ProcessedClaimCollection retrieveClaimValues(ClaimCollection claimCollection, ClaimsParameters claimsParameters) {
        if (claimCollection == null || claimCollection.size() <= 0) {
            return null;
        }
        ProcessedClaimCollection processedClaimCollection = new ProcessedClaimCollection();
        Iterator<Claim> it = claimCollection.iterator();
        while (it.hasNext()) {
            Claim next = it.next();
            ProcessedClaim processedClaim = new ProcessedClaim();
            processedClaim.setClaimType(next.getClaimType());
            if (ROLE.equals(next.getClaimType())) {
                Keycloak build = KeycloakBuilder.builder().serverUrl(this.address).realm(this.realm).username(this.adminUser).password(this.adminPassword).clientId("admin-cli").resteasyClient(new ResteasyClientBuilder().hostnameVerifier((HostnameVerifier) new AllowAllHostnameVerifier()).connectionPoolSize(10).build()).build();
                processedClaim.setIssuer(KeycloakSecurityContextPlaceHolderResolver.NAME);
                List<UserRepresentation> search = build.realm(this.realm).users().search(claimsParameters.getPrincipal().getName());
                if (search != null) {
                    Iterator<UserRepresentation> it2 = search.iterator();
                    while (it2.hasNext()) {
                        Iterator<RoleRepresentation> it3 = build.realm(this.realm).users().get(it2.next().getId()).roles().realmLevel().listEffective().iterator();
                        while (it3.hasNext()) {
                            processedClaim.addValue(it3.next().getName());
                        }
                    }
                }
            }
            processedClaimCollection.add(processedClaim);
        }
        return processedClaimCollection;
    }

    @Override // org.apache.cxf.sts.claims.ClaimsHandler
    public List<URI> getSupportedClaimTypes() {
        ArrayList arrayList = new ArrayList();
        arrayList.add(ROLE);
        return arrayList;
    }

    public void setAddress(String str) {
        this.address = str;
    }

    public String getAddress() {
        return this.address;
    }

    public String getRealm() {
        return this.realm;
    }

    public void setRealm(String str) {
        this.realm = str;
    }

    public String getAdminUser() {
        return this.adminUser;
    }

    public void setAdminUser(String str) {
        this.adminUser = str;
    }

    public String getAdminPassword() {
        return this.adminPassword;
    }

    public void setAdminPassword(String str) {
        this.adminPassword = str;
    }
}
