package de.openknowledge.authentication.domain.user;

import de.openknowledge.authentication.domain.ClientId;
import de.openknowledge.authentication.domain.KeycloakAdapter;
import de.openknowledge.authentication.domain.KeycloakServiceConfiguration;
import de.openknowledge.authentication.domain.RealmName;
import de.openknowledge.authentication.domain.error.ResponseErrorMessage;
import de.openknowledge.authentication.domain.group.GroupId;
import de.openknowledge.authentication.domain.group.GroupName;
import de.openknowledge.authentication.domain.role.RoleName;
import de.openknowledge.authentication.domain.role.RoleType;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.stream.Collectors;
import javax.annotation.PostConstruct;
import javax.enterprise.context.ApplicationScoped;
import javax.inject.Inject;
import javax.ws.rs.NotFoundException;
import javax.ws.rs.core.Response;
import org.keycloak.admin.client.resource.GroupsResource;
import org.keycloak.admin.client.resource.RolesResource;
import org.keycloak.admin.client.resource.UserResource;
import org.keycloak.representations.idm.CredentialRepresentation;
import org.keycloak.representations.idm.RoleRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@ApplicationScoped
/* loaded from: input_file:de/openknowledge/authentication/domain/user/KeycloakUserService.class */
public class KeycloakUserService {
    private static final Logger LOG = LoggerFactory.getLogger(KeycloakUserService.class);
    private KeycloakAdapter keycloakAdapter;
    private KeycloakServiceConfiguration serviceConfiguration;

    protected KeycloakUserService() {
    }

    @Inject
    public KeycloakUserService(KeycloakAdapter keycloakAdapter, KeycloakServiceConfiguration keycloakServiceConfiguration) {
        this.keycloakAdapter = keycloakAdapter;
        this.serviceConfiguration = keycloakServiceConfiguration;
    }

    @PostConstruct
    public void init() {
        LOG.debug("check configuration");
        this.serviceConfiguration.validate();
    }

    public boolean checkAlreadyExist(UserAccount userAccount) {
        List search = this.keycloakAdapter.findUserResource(getRealmName()).search(userAccount.getUsername().getValue());
        LOG.info("List size by username is: {}", search != null ? Integer.valueOf(search.size()) : "null");
        return (search == null || search.isEmpty()) ? false : true;
    }

    public UserAccount createUser(UserAccount userAccount, EmailVerifiedMode emailVerifiedMode) throws UserCreationFailedException {
        UserRepresentation extractUser = extractUser(userAccount, emailVerifiedMode);
        extractUser.setCredentials(extractCredential(userAccount));
        extractUser.setAttributes(extractAttributes(userAccount));
        Response create = this.keycloakAdapter.findUserResource(getRealmName()).create(extractUser);
        if (create.getStatus() != 201) {
            throw new UserCreationFailedException(extractUser.getUsername(), Integer.valueOf(create.getStatus()), ((ResponseErrorMessage) create.readEntity(ResponseErrorMessage.class)).getErrorMessage());
        }
        userAccount.setIdentifier(UserIdentifier.fromValue(create.getLocation().getPath().replaceAll(".*/([^/]+)$", "$1")));
        return userAccount;
    }

    public UserAccount getUser(UserIdentifier userIdentifier) throws UserNotFoundException {
        try {
            return new UserAccount(this.keycloakAdapter.findUserResource(getRealmName()).get(userIdentifier.getValue()).toRepresentation());
        } catch (NotFoundException e) {
            throw new UserNotFoundException(userIdentifier);
        }
    }

    public void updateMailVerification(UserIdentifier userIdentifier) throws UserNotFoundException {
        try {
            UserResource userResource = this.keycloakAdapter.findUserResource(getRealmName()).get(userIdentifier.getValue());
            UserRepresentation representation = userResource.toRepresentation();
            representation.setEmailVerified(true);
            userResource.update(representation);
        } catch (NotFoundException e) {
            throw new UserNotFoundException(userIdentifier);
        }
    }

    public void joinGroups(UserIdentifier userIdentifier, GroupName... groupNameArr) throws UserNotFoundException {
        List<GroupId> findGroupIds = findGroupIds(groupNameArr);
        try {
            UserResource userResource = this.keycloakAdapter.findUserResource(getRealmName()).get(userIdentifier.getValue());
            Iterator<GroupId> it = findGroupIds.iterator();
            while (it.hasNext()) {
                userResource.joinGroup(it.next().getValue());
            }
        } catch (NotFoundException e) {
            throw new UserNotFoundException(userIdentifier);
        }
    }

    public void leaveGroups(UserIdentifier userIdentifier, GroupName... groupNameArr) throws UserNotFoundException {
        List<GroupId> findGroupIds = findGroupIds(groupNameArr);
        try {
            UserResource userResource = this.keycloakAdapter.findUserResource(getRealmName()).get(userIdentifier.getValue());
            Iterator<GroupId> it = findGroupIds.iterator();
            while (it.hasNext()) {
                userResource.leaveGroup(it.next().getValue());
            }
        } catch (NotFoundException e) {
            throw new UserNotFoundException(userIdentifier);
        }
    }

    public void joinRoles(UserIdentifier userIdentifier, RoleType roleType, RoleName... roleNameArr) throws UserNotFoundException {
        List<RoleRepresentation> findRoles = findRoles(getRolesResource(roleType), roleNameArr);
        try {
            UserResource userResource = this.keycloakAdapter.findUserResource(getRealmName()).get(userIdentifier.getValue());
            switch (roleType) {
                case REALM:
                    userResource.roles().realmLevel().add(findRoles);
                    break;
                case CLIENT:
                    userResource.roles().clientLevel(getClientId().getValue()).add(findRoles);
                    break;
                default:
                    throw new IllegalArgumentException("unsupported roleType " + roleType);
            }
        } catch (NotFoundException e) {
            throw new UserNotFoundException(userIdentifier);
        }
    }

    public void leaveRoles(UserIdentifier userIdentifier, RoleType roleType, RoleName... roleNameArr) throws UserNotFoundException {
        List<RoleRepresentation> findRoles = findRoles(getRolesResource(roleType), roleNameArr);
        try {
            UserResource userResource = this.keycloakAdapter.findUserResource(getRealmName()).get(userIdentifier.getValue());
            switch (roleType) {
                case REALM:
                    userResource.roles().realmLevel().remove(findRoles);
                    break;
                case CLIENT:
                    userResource.roles().clientLevel(getClientId().getValue()).remove(findRoles);
                    break;
                default:
                    throw new IllegalArgumentException("unsupported roleType " + roleType);
            }
        } catch (NotFoundException e) {
            throw new UserNotFoundException(userIdentifier);
        }
    }

    private UserRepresentation extractUser(UserAccount userAccount, EmailVerifiedMode emailVerifiedMode) {
        UserRepresentation userRepresentation = new UserRepresentation();
        userRepresentation.setUsername(userAccount.getUsername().getValue());
        userRepresentation.setEmail(userAccount.getEmailAddress().getValue());
        userRepresentation.setEnabled(true);
        if (userAccount.getName() != null && userAccount.getName().getFirstName() != null) {
            userRepresentation.setFirstName(userAccount.getName().getFirstName().getValue());
        }
        if (userAccount.getName() != null && userAccount.getName().getLastName() != null) {
            userRepresentation.setLastName(userAccount.getName().getLastName().getValue());
        }
        if (EmailVerifiedMode.REQUIRED.equals(emailVerifiedMode)) {
            userRepresentation.setEmailVerified(false);
        } else if (EmailVerifiedMode.DEFAULT.equals(emailVerifiedMode)) {
            userRepresentation.setEmailVerified(true);
            userAccount.emailVerified();
        }
        return userRepresentation;
    }

    private List<CredentialRepresentation> extractCredential(UserAccount userAccount) {
        if (userAccount.getPassword() == null) {
            return null;
        }
        CredentialRepresentation credentialRepresentation = new CredentialRepresentation();
        credentialRepresentation.setValue(userAccount.getPassword().getValue());
        credentialRepresentation.setType("password");
        credentialRepresentation.setTemporary(false);
        return Collections.singletonList(credentialRepresentation);
    }

    private Map<String, List<String>> extractAttributes(UserAccount userAccount) {
        HashMap hashMap = new HashMap();
        for (Attribute attribute : userAccount.getAttributes()) {
            List arrayList = hashMap.containsKey(attribute.getKey()) ? (List) hashMap.get(attribute.getKey()) : new ArrayList();
            arrayList.add(attribute.getValue());
            hashMap.put(attribute.getKey(), arrayList);
        }
        return hashMap;
    }

    private List<GroupId> findGroupIds(GroupName... groupNameArr) {
        GroupsResource findGroupResource = this.keycloakAdapter.findGroupResource(getRealmName());
        ArrayList arrayList = new ArrayList();
        for (GroupName groupName : groupNameArr) {
            List groups = findGroupResource.groups(groupName.getValue(), 0, 1);
            if (groups == null || groups.isEmpty()) {
                LOG.warn("Group (name='{}') not found", groupName.getValue());
            } else {
                arrayList.addAll((Collection) groups.stream().map(groupRepresentation -> {
                    return GroupId.fromValue(groupRepresentation.getId());
                }).collect(Collectors.toList()));
            }
        }
        return arrayList;
    }

    private List<RoleRepresentation> findRoles(RolesResource rolesResource, RoleName... roleNameArr) {
        ArrayList arrayList = new ArrayList();
        for (RoleName roleName : roleNameArr) {
            List list = rolesResource.list(roleName.getValue(), 0, 1);
            if (list == null || list.isEmpty()) {
                LOG.warn("Role (name='{}') not found", roleName.getValue());
            } else {
                arrayList.addAll(list);
            }
        }
        return arrayList;
    }

    private RolesResource getRolesResource(RoleType roleType) {
        RealmName realmName = getRealmName();
        switch (roleType) {
            case REALM:
                return this.keycloakAdapter.findRealmRolesResource(realmName);
            case CLIENT:
                return this.keycloakAdapter.findClientRolesResource(realmName, getClientId());
            default:
                throw new IllegalArgumentException("unsupported roleType " + roleType);
        }
    }

    private RealmName getRealmName() {
        return RealmName.fromValue(this.serviceConfiguration.getRealm());
    }

    private ClientId getClientId() {
        return ClientId.fromValue(this.serviceConfiguration.getClientId());
    }
}
