package de.openknowledge.authentication.domain.user;

import de.openknowledge.authentication.domain.ClientId;
import de.openknowledge.authentication.domain.KeycloakAdapter;
import de.openknowledge.authentication.domain.KeycloakServiceConfiguration;
import de.openknowledge.authentication.domain.Password;
import de.openknowledge.authentication.domain.RealmName;
import de.openknowledge.authentication.domain.UserIdentifier;
import de.openknowledge.authentication.domain.error.ResponseErrorMessage;
import de.openknowledge.authentication.domain.group.GroupId;
import de.openknowledge.authentication.domain.group.GroupName;
import de.openknowledge.authentication.domain.role.RoleName;
import de.openknowledge.authentication.domain.role.RoleType;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import java.util.stream.Collectors;
import javax.annotation.PostConstruct;
import javax.enterprise.context.ApplicationScoped;
import javax.inject.Inject;
import javax.ws.rs.NotFoundException;
import javax.ws.rs.core.Response;
import org.apache.commons.lang3.Validate;
import org.keycloak.admin.client.resource.GroupsResource;
import org.keycloak.admin.client.resource.RolesResource;
import org.keycloak.admin.client.resource.UserResource;
import org.keycloak.representations.idm.RoleRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@ApplicationScoped
/* loaded from: input_file:de/openknowledge/authentication/domain/user/KeycloakUserService.class */
public class KeycloakUserService {
    private static final Logger LOG = LoggerFactory.getLogger(KeycloakUserService.class);
    private KeycloakAdapter keycloakAdapter;
    private KeycloakServiceConfiguration serviceConfiguration;

    protected KeycloakUserService() {
    }

    @Inject
    public KeycloakUserService(KeycloakAdapter keycloakAdapter, KeycloakServiceConfiguration keycloakServiceConfiguration) {
        this.keycloakAdapter = keycloakAdapter;
        this.serviceConfiguration = keycloakServiceConfiguration;
    }

    @PostConstruct
    public void init() {
        LOG.debug("check configuration");
        this.serviceConfiguration.validate();
    }

    public boolean checkAlreadyExist(UserAccount userAccount) {
        Validate.notNull(userAccount, "account may be not null", new Object[0]);
        List search = this.keycloakAdapter.findUsersResource(getRealmName()).search(userAccount.getUsername().getValue(), 0, 1);
        LOG.debug("User already exists because result list is not empty (size is: {})", search != null ? Integer.valueOf(search.size()) : "null");
        return (search == null || search.isEmpty()) ? false : true;
    }

    public UserAccount createUser(UserAccount userAccount, EmailVerifiedMode emailVerifiedMode) throws UserCreationFailedException {
        Validate.notNull(userAccount, "account may be not null", new Object[0]);
        Validate.notNull(emailVerifiedMode, "mode may be not null", new Object[0]);
        if (EmailVerifiedMode.DEFAULT.equals(emailVerifiedMode)) {
            userAccount.emailVerified();
        }
        UserRepresentation asRepresentation = userAccount.asRepresentation(Boolean.TRUE);
        Response create = this.keycloakAdapter.findUsersResource(getRealmName()).create(asRepresentation);
        if (create.getStatus() != 201) {
            throw new UserCreationFailedException(asRepresentation.getUsername(), Integer.valueOf(create.getStatus()), ((ResponseErrorMessage) create.readEntity(ResponseErrorMessage.class)).getErrorMessage());
        }
        userAccount.bindTo(UserIdentifier.fromValue(create.getLocation().getPath().replaceAll(".*/([^/]+)$", "$1")));
        return userAccount;
    }

    public UserAccount getUser(UserIdentifier userIdentifier) throws UserNotFoundException {
        Validate.notNull(userIdentifier, "identifier may be not null", new Object[0]);
        try {
            return new UserAccount(this.keycloakAdapter.findUsersResource(getRealmName()).get(userIdentifier.getValue()).toRepresentation());
        } catch (NotFoundException e) {
            throw new UserNotFoundException(userIdentifier, e);
        }
    }

    public void updateUser(UserAccount userAccount) throws UserNotFoundException {
        Validate.notNull(userAccount, "account may be not null", new Object[0]);
        Validate.notNull(userAccount.getIdentifier(), "account identifier may be not null", new Object[0]);
        UserIdentifier identifier = userAccount.getIdentifier();
        try {
            UserResource userResource = this.keycloakAdapter.findUsersResource(getRealmName()).get(identifier.getValue());
            if (new UserAccount(userResource.toRepresentation()).isDifferent(userAccount).booleanValue()) {
                userResource.update(userAccount.asRepresentation(Boolean.FALSE));
            }
        } catch (NotFoundException e) {
            throw new UserNotFoundException(identifier, e);
        }
    }

    public void resetPassword(UserIdentifier userIdentifier, Password password) throws UserNotFoundException {
        Validate.notNull(userIdentifier, "identifier may be not null", new Object[0]);
        try {
            this.keycloakAdapter.findUsersResource(getRealmName()).get(userIdentifier.getValue()).resetPassword(password.asCredential());
        } catch (NotFoundException e) {
            throw new UserNotFoundException(userIdentifier, e);
        }
    }

    public void deleteUser(UserIdentifier userIdentifier) {
        Validate.notNull(userIdentifier, "identifier may be not null", new Object[0]);
        Response delete = this.keycloakAdapter.findUsersResource(getRealmName()).delete(userIdentifier.getValue());
        if (delete.getStatus() != 204 && delete.getStatus() != 404) {
            throw new UserDeletionFailedException(userIdentifier.getValue(), Integer.valueOf(delete.getStatus()));
        }
    }

    public void joinGroups(UserIdentifier userIdentifier, GroupName... groupNameArr) throws UserNotFoundException {
        Validate.notNull(userIdentifier, "identifier may be not null", new Object[0]);
        try {
            UserResource userResource = this.keycloakAdapter.findUsersResource(getRealmName()).get(userIdentifier.getValue());
            Iterator<GroupId> it = findGroupIds(groupNameArr).iterator();
            while (it.hasNext()) {
                userResource.joinGroup(it.next().getValue());
            }
        } catch (NotFoundException e) {
            throw new UserNotFoundException(userIdentifier, e);
        }
    }

    public void leaveGroups(UserIdentifier userIdentifier, GroupName... groupNameArr) throws UserNotFoundException {
        Validate.notNull(userIdentifier, "identifier may be not null", new Object[0]);
        try {
            UserResource userResource = this.keycloakAdapter.findUsersResource(getRealmName()).get(userIdentifier.getValue());
            Iterator<GroupId> it = findGroupIds(groupNameArr).iterator();
            while (it.hasNext()) {
                userResource.leaveGroup(it.next().getValue());
            }
        } catch (NotFoundException e) {
            throw new UserNotFoundException(userIdentifier, e);
        }
    }

    public void joinRoles(UserIdentifier userIdentifier, RoleType roleType, RoleName... roleNameArr) throws UserNotFoundException {
        Validate.notNull(userIdentifier, "identifier may be not null", new Object[0]);
        try {
            UserResource userResource = this.keycloakAdapter.findUsersResource(getRealmName()).get(userIdentifier.getValue());
            List<RoleRepresentation> findRoles = findRoles(getRolesResource(roleType), roleNameArr);
            switch (roleType) {
                case REALM:
                    userResource.roles().realmLevel().add(findRoles);
                    break;
                case CLIENT:
                    userResource.roles().clientLevel(this.keycloakAdapter.findClientUuid(getRealmName(), getClientId())).add(findRoles);
                    break;
                default:
                    throw new IllegalArgumentException("unsupported roleType " + roleType);
            }
        } catch (NotFoundException e) {
            throw new UserNotFoundException(userIdentifier, e);
        }
    }

    public void leaveRoles(UserIdentifier userIdentifier, RoleType roleType, RoleName... roleNameArr) throws UserNotFoundException {
        Validate.notNull(userIdentifier, "identifier may be not null", new Object[0]);
        try {
            UserResource userResource = this.keycloakAdapter.findUsersResource(getRealmName()).get(userIdentifier.getValue());
            List<RoleRepresentation> findRoles = findRoles(getRolesResource(roleType), roleNameArr);
            switch (roleType) {
                case REALM:
                    userResource.roles().realmLevel().remove(findRoles);
                    break;
                case CLIENT:
                    userResource.roles().clientLevel(this.keycloakAdapter.findClientUuid(getRealmName(), getClientId())).remove(findRoles);
                    break;
                default:
                    throw new IllegalArgumentException("unsupported roleType " + roleType);
            }
        } catch (NotFoundException e) {
            throw new UserNotFoundException(userIdentifier, e);
        }
    }

    private List<GroupId> findGroupIds(GroupName... groupNameArr) {
        GroupsResource findGroupsResource = this.keycloakAdapter.findGroupsResource(getRealmName());
        ArrayList arrayList = new ArrayList();
        for (GroupName groupName : groupNameArr) {
            List groups = findGroupsResource.groups(groupName.getValue(), 0, 1);
            if (groups == null || groups.isEmpty()) {
                LOG.warn("Group (name='{}') not found", groupName.getValue());
            } else {
                arrayList.addAll((Collection) groups.stream().map(groupRepresentation -> {
                    return GroupId.fromValue(groupRepresentation.getId());
                }).collect(Collectors.toList()));
            }
        }
        return arrayList;
    }

    private List<RoleRepresentation> findRoles(RolesResource rolesResource, RoleName... roleNameArr) {
        Validate.notNull(rolesResource, "roles resource identifier may be not null", new Object[0]);
        ArrayList arrayList = new ArrayList();
        for (RoleName roleName : roleNameArr) {
            RoleRepresentation representation = rolesResource.get(roleName.getValue()).toRepresentation();
            if (representation == null) {
                LOG.warn("Role (name='{}') not found", roleName.getValue());
            } else {
                arrayList.add(representation);
            }
        }
        return arrayList;
    }

    private RolesResource getRolesResource(RoleType roleType) {
        RealmName realmName = getRealmName();
        switch (roleType) {
            case REALM:
                return this.keycloakAdapter.findRealmRolesResource(realmName);
            case CLIENT:
                return this.keycloakAdapter.findClientRolesResource(realmName, getClientId());
            default:
                throw new IllegalArgumentException("unsupported roleType " + roleType);
        }
    }

    private RealmName getRealmName() {
        return RealmName.fromValue(this.serviceConfiguration.getRealm());
    }

    private ClientId getClientId() {
        return ClientId.fromValue(this.serviceConfiguration.getClientId());
    }
}
