package de.adorsys.ledgers.keycloak.client.impl;

import de.adorsys.ledgers.keycloak.client.api.KeycloakDataService;
import de.adorsys.ledgers.keycloak.client.config.KeycloakClientConfig;
import de.adorsys.ledgers.keycloak.client.mapper.KeycloakDataMapper;
import de.adorsys.ledgers.keycloak.client.model.KeycloakClient;
import de.adorsys.ledgers.keycloak.client.model.KeycloakRealm;
import de.adorsys.ledgers.keycloak.client.model.KeycloakUser;
import de.adorsys.ledgers.keycloak.client.model.RequiredAction;
import de.adorsys.ledgers.keycloak.client.rest.KeycloakTokenRestClient;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.Optional;
import javax.ws.rs.NotFoundException;
import javax.ws.rs.core.Response;
import org.apache.commons.collections4.CollectionUtils;
import org.keycloak.admin.client.CreatedResponseUtil;
import org.keycloak.admin.client.Keycloak;
import org.keycloak.admin.client.resource.ClientResource;
import org.keycloak.admin.client.resource.ClientScopesResource;
import org.keycloak.admin.client.resource.ClientsResource;
import org.keycloak.admin.client.resource.RealmsResource;
import org.keycloak.admin.client.resource.RolesResource;
import org.keycloak.admin.client.resource.UserResource;
import org.keycloak.admin.client.resource.UsersResource;
import org.keycloak.representations.idm.ClientScopeRepresentation;
import org.keycloak.representations.idm.CredentialRepresentation;
import org.keycloak.representations.idm.RoleRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.http.HttpStatus;
import org.springframework.stereotype.Service;

@Service
/* loaded from: input_file:BOOT-INF/lib/keycloak-client-4.3.jar:de/adorsys/ledgers/keycloak/client/impl/KeycloakDataServiceImpl.class */
public class KeycloakDataServiceImpl implements KeycloakDataService {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) KeycloakDataServiceImpl.class);
    private static final String USER_NOT_FOUND_IN_KEYCLOAK = "User[login: {}] was not found in keycloak.";
    private final Keycloak keycloak;
    private final KeycloakDataMapper mapper;
    private final KeycloakClientConfig configuration;
    private final KeycloakTokenRestClient keycloakTokenRestClient;

    @Value("${local.server.port:8088}")
    private int port;

    @Value("${ledgers.token.lifetime.seconds.login:600}")
    private int loginTokenTTL;

    @Value("${ledgers.token.lifetime.seconds.full:600}")
    private int fullTokenTTL;

    @Override // de.adorsys.ledgers.keycloak.client.api.KeycloakDataService
    public void createDefaultSchema() {
        KeycloakRealm keycloakRealm = new KeycloakRealm(this.configuration.getClientRealm(), Integer.valueOf(this.loginTokenTTL), Integer.valueOf(this.fullTokenTTL), this.configuration.getSmtpServer());
        createRealm(keycloakRealm);
        createRealmScopes(keycloakRealm);
        createRealmRoles(keycloakRealm);
        createClient(keycloakRealm.getRealm());
    }

    private void createRealm(KeycloakRealm keycloakRealm) {
        RealmsResource realms = this.keycloak.realms();
        if (keycloakRealm.notPresentRealm(realms.findAll())) {
            realms.create(this.mapper.createRealmRepresentation(keycloakRealm));
            log.info("Realm [{}] was created", keycloakRealm.getRealm());
        }
    }

    private void createRealmScopes(KeycloakRealm keycloakRealm) {
        ClientScopesResource clientScopes = this.keycloak.realm(keycloakRealm.getRealm()).clientScopes();
        keycloakRealm.getScopesToAdd(clientScopes.findAll()).forEach(str -> {
            clientScopes.create(this.mapper.createClientScopeRepresentation(str));
            log.info("Client scope [{}] was added to realm [{}]", str, keycloakRealm.getRealm());
        });
    }

    private void createRealmRoles(KeycloakRealm keycloakRealm) {
        RolesResource roles = this.keycloak.realms().realm(keycloakRealm.getRealm()).roles();
        keycloakRealm.getRolesToAdd(roles.list()).forEach(str -> {
            roles.create(this.mapper.createRoleRepresentation(str));
            log.info("Realm role [{}] was created in realm [{}]", str, keycloakRealm.getRealm());
        });
    }

    private void createClient(String str) {
        ClientsResource clients = this.keycloak.realm(str).clients();
        KeycloakClient keycloakClient = new KeycloakClient(this.configuration, getRedirectUrls());
        if (keycloakClient.notPresent(clients.findAll())) {
            Response create = clients.create(this.mapper.createClientRepresentation(keycloakClient));
            log.info("Client [{}] was created in realm [{}]", keycloakClient.getClientId(), str);
            addClientScopes(str, keycloakClient, clients, create);
        }
    }

    private void addClientScopes(String str, KeycloakClient keycloakClient, ClientsResource clientsResource, Response response) {
        ClientResource clientResource = clientsResource.get(CreatedResponseUtil.getCreatedId(response));
        keycloakClient.getScopes().forEach(str2 -> {
            String clientScopeId = getClientScopeId(str, str2);
            if (clientScopeId != null) {
                clientResource.addOptionalClientScope(clientScopeId);
                log.info("Client scope [{}] were assigned to client [{}] in realm [{}]", str2, keycloakClient.getClientId(), str);
            }
        });
    }

    @Override // de.adorsys.ledgers.keycloak.client.api.KeycloakDataService
    public boolean clientExists() {
        try {
            return CollectionUtils.isNotEmpty(this.keycloak.realm(this.configuration.getClientRealm()).clients().findByClientId(this.configuration.getExternalClientId()));
        } catch (NotFoundException e) {
            return false;
        }
    }

    @Override // de.adorsys.ledgers.keycloak.client.api.KeycloakDataService
    public Optional<KeycloakUser> getUser(String str, String str2) {
        List<UserRepresentation> search = this.keycloak.realm(str).users().search(str2);
        return CollectionUtils.isNotEmpty(search) ? Optional.of(this.mapper.toKeycloakUser(search.get(0))) : Optional.empty();
    }

    @Override // de.adorsys.ledgers.keycloak.client.api.KeycloakDataService
    public void createUser(KeycloakUser keycloakUser) {
        Response create = this.keycloak.realm(this.configuration.getClientRealm()).users().create(this.mapper.createUserRepresentation(keycloakUser));
        try {
            if (HttpStatus.CREATED.value() == create.getStatus()) {
                String createdId = CreatedResponseUtil.getCreatedId(create);
                log.info("User[{}] is created with id: {}", keycloakUser.getLogin(), createdId);
                assignUserRoles(this.configuration.getClientRealm(), createdId, keycloakUser.getRealmRoles());
            }
            if (create != null) {
                create.close();
            }
        } catch (Throwable th) {
            if (create != null) {
                try {
                    create.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Override // de.adorsys.ledgers.keycloak.client.api.KeycloakDataService
    public void updateUser(KeycloakUser keycloakUser) {
        UsersResource users = this.keycloak.realm(this.configuration.getClientRealm()).users();
        List<UserRepresentation> search = users.search(keycloakUser.getLogin());
        if (!CollectionUtils.isNotEmpty(search)) {
            log.info(USER_NOT_FOUND_IN_KEYCLOAK, keycloakUser.getLogin());
            return;
        }
        String id = search.get(0).getId();
        UserResource userResource = users.get(id);
        userResource.update(this.mapper.toUpdateUserPresentation(userResource.toRepresentation(), keycloakUser));
        log.debug("User[{}] was updated in keycloak.", keycloakUser.getLogin());
        assignUserRoles(this.configuration.getClientRealm(), id, keycloakUser.getRealmRoles());
    }

    @Override // de.adorsys.ledgers.keycloak.client.api.KeycloakDataService
    public void deleteUser(String str) {
        UsersResource users = this.keycloak.realm(this.configuration.getClientRealm()).users();
        List<UserRepresentation> search = users.search(str);
        if (!CollectionUtils.isNotEmpty(search)) {
            log.info(USER_NOT_FOUND_IN_KEYCLOAK, str);
        } else {
            users.delete(search.get(0).getId());
            log.info("User[{}] was deleted from keycloak.", str);
        }
    }

    @Override // de.adorsys.ledgers.keycloak.client.api.KeycloakDataService
    public boolean userExists(String str) {
        return CollectionUtils.isNotEmpty(this.keycloak.realm(this.configuration.getClientRealm()).users().search(str));
    }

    @Override // de.adorsys.ledgers.keycloak.client.api.KeycloakDataService
    public void resetPassword(String str, String str2) {
        CredentialRepresentation credentialRepresentation = new CredentialRepresentation();
        credentialRepresentation.setTemporary(false);
        credentialRepresentation.setType("password");
        credentialRepresentation.setValue(str2);
        UsersResource users = this.keycloak.realm(this.configuration.getClientRealm()).users();
        List<UserRepresentation> search = users.search(str);
        if (CollectionUtils.isNotEmpty(search)) {
            users.get(search.get(0).getId()).resetPassword(credentialRepresentation);
            log.info("User[{}] was password reset.", str);
        }
        log.info(USER_NOT_FOUND_IN_KEYCLOAK, str);
    }

    @Override // de.adorsys.ledgers.keycloak.client.api.KeycloakDataService
    public void resetPasswordViaEmail(String str) {
        Optional<KeycloakUser> user = getUser(this.configuration.getClientRealm(), str);
        if (user.isPresent()) {
            this.keycloakTokenRestClient.executeActionsEmail("Bearer " + this.keycloak.tokenManager().getAccessToken().getToken(), user.get().getId(), Collections.singletonList(RequiredAction.UPDATE_PASSWORD.name()));
            log.info("User[{}] email for updating password was sent", str);
        }
        log.info(USER_NOT_FOUND_IN_KEYCLOAK, str);
    }

    @Override // de.adorsys.ledgers.keycloak.client.api.KeycloakDataService
    public void assignRealmRoleToUser(String str, List<String> list) {
        List<UserRepresentation> search = this.keycloak.realm(this.configuration.getClientRealm()).users().search(str);
        if (!CollectionUtils.isNotEmpty(search)) {
            log.info(USER_NOT_FOUND_IN_KEYCLOAK, str);
        } else {
            assignUserRoles(this.configuration.getClientRealm(), search.get(0).getId(), list);
            log.info("Realm roles {} were assigned to User[realm: {}, login: {}] ", list, this.configuration.getClientRealm(), str);
        }
    }

    @Override // de.adorsys.ledgers.keycloak.client.api.KeycloakDataService
    public void removeRealmRoleFromUser(String str, List<String> list) {
        UsersResource users = this.keycloak.realm(this.configuration.getClientRealm()).users();
        List<UserRepresentation> search = users.search(str);
        if (!CollectionUtils.isNotEmpty(search)) {
            log.info(USER_NOT_FOUND_IN_KEYCLOAK, str);
            return;
        }
        UserResource userResource = users.get(search.get(0).getId());
        list.forEach(str2 -> {
            userResource.roles().realmLevel().remove(Collections.singletonList(getRealmRole(this.configuration.getClientRealm(), str2)));
        });
        log.info("Realm roles {} were assigned to User[realm: {}, login: {}] ", list, this.configuration.getClientRealm(), str);
    }

    private RoleRepresentation getRealmRole(String str, String str2) {
        return this.keycloak.realm(str).roles().get(str2).toRepresentation();
    }

    private String getClientScopeId(String str, String str2) {
        for (ClientScopeRepresentation clientScopeRepresentation : this.keycloak.realm(str).clientScopes().findAll()) {
            if (clientScopeRepresentation.getName().equals(str2)) {
                return clientScopeRepresentation.getId();
            }
        }
        return null;
    }

    private void assignUserRoles(String str, String str2, List<String> list) {
        UserResource userResource = this.keycloak.realm(str).users().get(str2);
        list.forEach(str3 -> {
            userResource.roles().realmLevel().add(Collections.singletonList(getRealmRole(str, str3)));
        });
    }

    private List<String> getRedirectUrls() {
        ArrayList arrayList = new ArrayList();
        try {
            arrayList.add(InetAddress.getLocalHost().getHostAddress() + ":" + this.port);
        } catch (UnknownHostException e) {
            log.error("Could not retrieve host! Fallback to http://localhost:8088 setup!");
        }
        arrayList.add("http://localhost:8088");
        arrayList.add("*");
        return arrayList;
    }

    public KeycloakDataServiceImpl(Keycloak keycloak, KeycloakDataMapper keycloakDataMapper, KeycloakClientConfig keycloakClientConfig, KeycloakTokenRestClient keycloakTokenRestClient) {
        this.keycloak = keycloak;
        this.mapper = keycloakDataMapper;
        this.configuration = keycloakClientConfig;
        this.keycloakTokenRestClient = keycloakTokenRestClient;
    }
}
