package io.hyperfoil.tools.horreum.svc.user;

import io.hyperfoil.tools.horreum.api.internal.services.UserService;
import io.hyperfoil.tools.horreum.svc.Roles;
import io.hyperfoil.tools.horreum.svc.ServiceException;
import io.quarkus.arc.lookup.LookupIfProperty;
import jakarta.enterprise.context.ApplicationScoped;
import jakarta.inject.Inject;
import jakarta.ws.rs.ClientErrorException;
import jakarta.ws.rs.NotFoundException;
import jakarta.ws.rs.core.Response;
import java.text.MessageFormat;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.eclipse.microprofile.config.inject.ConfigProperty;
import org.jboss.logging.Logger;
import org.keycloak.admin.client.Keycloak;
import org.keycloak.admin.client.resource.ClientsResource;
import org.keycloak.admin.client.resource.RoleMappingResource;
import org.keycloak.admin.client.resource.RoleResource;
import org.keycloak.admin.client.resource.UsersResource;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.idm.CredentialRepresentation;
import org.keycloak.representations.idm.RoleRepresentation;
import org.keycloak.representations.idm.UserRepresentation;

@ApplicationScoped
@LookupIfProperty(name = "horreum.roles.provider", stringValue = "keycloak")
/* loaded from: input_file:io/hyperfoil/tools/horreum/svc/user/KeycloakUserBackend.class */
public class KeycloakUserBackend implements UserBackEnd {
    private static final Logger LOG = Logger.getLogger(KeycloakUserBackend.class);
    private static final String[] ROLE_TYPES = {"team", Roles.VIEWER, Roles.TESTER, Roles.UPLOADER, Roles.MANAGER};

    @ConfigProperty(name = "quarkus.keycloak.admin-client.realm", defaultValue = "horreum")
    String realm;

    @Inject
    Keycloak keycloak;

    private static UserService.UserData toUserInfo(UserRepresentation userRepresentation) {
        return new UserService.UserData(userRepresentation.getId(), userRepresentation.getUsername(), userRepresentation.getFirstName(), userRepresentation.getLastName(), userRepresentation.getEmail());
    }

    private static String getTeamPrefix(String str) {
        return str.substring(0, str.length() - 4);
    }

    private static boolean isTeam(String str) {
        return str.endsWith("-team");
    }

    @Override // io.hyperfoil.tools.horreum.svc.user.UserBackEnd
    public List<UserService.UserData> searchUsers(String str) {
        try {
            return this.keycloak.realm(this.realm).users().search(str, (Integer) null, (Integer) null).stream().map(KeycloakUserBackend::toUserInfo).toList();
        } catch (Throwable th) {
            throw ServiceException.serverError("Unable to search for users");
        }
    }

    @Override // io.hyperfoil.tools.horreum.svc.user.UserBackEnd
    public List<UserService.UserData> info(List<String> list) {
        ArrayList arrayList = new ArrayList();
        for (String str : list) {
            try {
                Stream map = this.keycloak.realm(this.realm).users().search(str).stream().filter(userRepresentation -> {
                    return str.equals(userRepresentation.getUsername());
                }).map(KeycloakUserBackend::toUserInfo);
                Objects.requireNonNull(arrayList);
                map.forEach((v1) -> {
                    r1.add(v1);
                });
            } catch (Throwable th) {
                LOG.warnv(th, "Failed to fetch info for user {0}", str);
                throw ServiceException.serverError(MessageFormat.format("Failed to fetch info for user {0}", str));
            }
        }
        return arrayList;
    }

    @Override // io.hyperfoil.tools.horreum.svc.user.UserBackEnd
    public void createUser(UserService.NewUser newUser) {
        RoleRepresentation representation;
        UserRepresentation convertUserRepresentation = convertUserRepresentation(newUser);
        try {
            Response create = this.keycloak.realm(this.realm).users().create(convertUserRepresentation);
            try {
                if (create.getStatusInfo().getFamily() != Response.Status.Family.SUCCESSFUL) {
                    LOG.warnv("Failed to create new user {0}: {1}", convertUserRepresentation.getUsername(), create.getStatusInfo());
                    if (!this.keycloak.realm(this.realm).users().search(convertUserRepresentation.getUsername(), true).isEmpty()) {
                        throw ServiceException.badRequest("User exists with same username");
                    }
                    if (!this.keycloak.realm(this.realm).users().searchByEmail(convertUserRepresentation.getEmail(), true).isEmpty()) {
                        throw ServiceException.badRequest("User exists with same email");
                    }
                    throw ServiceException.badRequest("Failed to create new user: " + create.getStatusInfo().getReasonPhrase());
                }
                if (create != null) {
                    create.close();
                }
                try {
                    UsersResource users = this.keycloak.realm(this.realm).users();
                    List search = users.search(convertUserRepresentation.getUsername(), true);
                    if (search == null || search.isEmpty()) {
                        throw ServiceException.badRequest(MessageFormat.format("User {0} does not exist", convertUserRepresentation.getUsername()));
                    }
                    if (search.size() > 1) {
                        throw ServiceException.serverError(MessageFormat.format("More than one user with username {0}", convertUserRepresentation.getUsername()));
                    }
                    String id = ((UserRepresentation) search.get(0)).getId();
                    if (newUser.team != null) {
                        String teamPrefix = getTeamPrefix(newUser.team);
                        users.get(id).roles().realmLevel().add(newUser.roles.stream().map(str -> {
                            return ensureRole(teamPrefix + str);
                        }).toList());
                    }
                    ClientsResource clients = this.keycloak.realm(this.realm).clients();
                    ClientRepresentation clientRepresentation = (ClientRepresentation) clients.query("account").stream().filter(clientRepresentation2 -> {
                        return "account".equals(clientRepresentation2.getName());
                    }).findFirst().orElse(null);
                    if (clientRepresentation != null && (representation = clients.get(clientRepresentation.getId()).roles().get("view-profile").toRepresentation()) != null) {
                        users.get(id).roles().clientLevel(clientRepresentation.getClientId()).add(List.of(representation));
                    }
                } catch (ServiceException e) {
                    throw e;
                } catch (Throwable th) {
                    LOG.warnv(th, "Unable to assign roles to new user {0}", convertUserRepresentation.getUsername());
                    throw ServiceException.serverError(MessageFormat.format("Unable to assign roles to new user {0}", convertUserRepresentation.getUsername()));
                }
            } catch (Throwable th2) {
                if (create != null) {
                    try {
                        create.close();
                    } catch (Throwable th3) {
                        th2.addSuppressed(th3);
                    }
                }
                throw th2;
            }
        } catch (ServiceException e2) {
            throw e2;
        } catch (Throwable th4) {
            throw ServiceException.serverError(MessageFormat.format("Failed to create new user {0}", convertUserRepresentation.getUsername()));
        }
    }

    private static UserRepresentation convertUserRepresentation(UserService.NewUser newUser) {
        UserRepresentation userRepresentation = new UserRepresentation();
        userRepresentation.setUsername(newUser.user.username);
        userRepresentation.setEmail(newUser.user.email);
        userRepresentation.setFirstName(newUser.user.firstName);
        userRepresentation.setLastName(newUser.user.lastName);
        userRepresentation.setEnabled(true);
        CredentialRepresentation credentialRepresentation = new CredentialRepresentation();
        credentialRepresentation.setType("password");
        credentialRepresentation.setTemporary(true);
        credentialRepresentation.setValue(newUser.password);
        userRepresentation.setCredentials(List.of(credentialRepresentation));
        return userRepresentation;
    }

    @Override // io.hyperfoil.tools.horreum.svc.user.UserBackEnd
    public List<String> getTeams() {
        try {
            return this.keycloak.realm(this.realm).roles().list().stream().map((v0) -> {
                return v0.getName();
            }).filter(KeycloakUserBackend::isTeam).toList();
        } catch (Throwable th) {
            throw ServiceException.serverError("Unable to get list of teams");
        }
    }

    private String findMatchingUserId(String str) {
        List search = this.keycloak.realm(this.realm).users().search(str, true);
        if (search == null || search.isEmpty()) {
            LOG.warnv("Cannot find user with username {0}", str);
            throw ServiceException.badRequest(MessageFormat.format("User {0} does not exist", str));
        }
        if (search.size() <= 1) {
            return ((UserRepresentation) search.get(0)).getId();
        }
        LOG.warnv("Multiple matches for exact search for username {0}: {1}", str, search.stream().map((v0) -> {
            return v0.getId();
        }).collect(Collectors.joining(" ")));
        throw ServiceException.serverError(MessageFormat.format("More than one user with username {0}", str));
    }

    @Override // io.hyperfoil.tools.horreum.svc.user.UserBackEnd
    public Map<String, List<String>> teamMembers(String str) {
        String teamPrefix = getTeamPrefix(str);
        HashMap hashMap = new HashMap();
        for (String str2 : ROLE_TYPES) {
            try {
                this.keycloak.realm(this.realm).roles().get(teamPrefix + str2).getUserMembers(0, Integer.MAX_VALUE).forEach(userRepresentation -> {
                    ((List) hashMap.computeIfAbsent(userRepresentation.getUsername(), str3 -> {
                        return new ArrayList();
                    })).add(str2);
                });
            } catch (NotFoundException e) {
                LOG.warnv("Cannot find role {0}{1} in Keycloak", teamPrefix, str2);
            } catch (Throwable th) {
                LOG.warnv("Error querying keycloak: {0}", th.getMessage());
                throw ServiceException.serverError("Failed to retrieve role users from Keycloak");
            }
        }
        return hashMap;
    }

    @Override // io.hyperfoil.tools.horreum.svc.user.UserBackEnd
    public void updateTeamMembers(String str, Map<String, List<String>> map) {
        String teamPrefix = getTeamPrefix(str);
        for (Map.Entry<String, List<String>> entry : map.entrySet()) {
            try {
                RoleMappingResource roles = this.keycloak.realm(this.realm).users().get(findMatchingUserId(entry.getKey())).roles();
                List list = roles.getAll().getRealmMappings().stream().map((v0) -> {
                    return v0.getName();
                }).toList();
                try {
                    List list2 = entry.getValue().stream().filter(str2 -> {
                        return !list.contains(teamPrefix + str2);
                    }).map(str3 -> {
                        return ensureRole(teamPrefix + str3);
                    }).toList();
                    if (!list2.isEmpty()) {
                        roles.realmLevel().add(list2);
                    }
                    List list3 = list.stream().filter(str4 -> {
                        return str4.startsWith(teamPrefix) && !((List) entry.getValue()).contains(str4.substring(teamPrefix.length()));
                    }).map(this::ensureRole).toList();
                    if (!list3.isEmpty()) {
                        roles.realmLevel().remove(list3);
                    }
                } catch (Throwable th) {
                    LOG.warnv(th, "Failed to modify roles of user {0}", entry.getKey());
                    throw ServiceException.serverError(MessageFormat.format("Failed to modify roles of user {0}", entry.getKey()));
                }
            } catch (Throwable th2) {
                LOG.warnv(th2, "Failed to retrieve current roles of user {0} from Keycloak", entry.getKey());
                throw ServiceException.serverError(MessageFormat.format("Failed to retrieve current roles of user {0} from Keycloak", entry.getKey()));
            }
        }
        try {
            UsersResource users = this.keycloak.realm(this.realm).users();
            for (String str5 : ROLE_TYPES) {
                RoleResource roleResource = this.keycloak.realm(this.realm).roles().get(teamPrefix + str5);
                RoleRepresentation representation = roleResource.toRepresentation();
                for (UserRepresentation userRepresentation : roleResource.getUserMembers(0, Integer.MAX_VALUE)) {
                    if (!map.containsKey(userRepresentation.getUsername())) {
                        users.get(userRepresentation.getId()).roles().realmLevel().remove(List.of(representation));
                    }
                }
            }
        } catch (Throwable th3) {
            LOG.warnv(th3, "Failed to remove all roles of team {0}", str);
            throw ServiceException.serverError(MessageFormat.format("Failed to remove all roles of team {0}", str));
        }
    }

    private RoleRepresentation ensureRole(String str) {
        try {
            return this.keycloak.realm(this.realm).roles().get(str).toRepresentation();
        } catch (NotFoundException e) {
            this.keycloak.realm(this.realm).roles().create(new RoleRepresentation(str, (String) null, false));
            return this.keycloak.realm(this.realm).roles().get(str).toRepresentation();
        } catch (Throwable th) {
            throw ServiceException.serverError(MessageFormat.format("Unable to fetch role {0}", str));
        }
    }

    @Override // io.hyperfoil.tools.horreum.svc.user.UserBackEnd
    public List<String> getAllTeams() {
        try {
            return this.keycloak.realm(this.realm).roles().list().stream().map((v0) -> {
                return v0.getName();
            }).filter(KeycloakUserBackend::isTeam).toList();
        } catch (Exception e) {
            throw ServiceException.serverError("Please check with the System Administrators that you have the correct permissions");
        }
    }

    @Override // io.hyperfoil.tools.horreum.svc.user.UserBackEnd
    public void addTeam(String str) {
        String teamPrefix = getTeamPrefix(str);
        createRole(str, null);
        for (String str2 : List.of(Roles.MANAGER, Roles.TESTER, Roles.VIEWER, Roles.UPLOADER)) {
            createRole(teamPrefix + str2, Set.of(str2, str));
        }
    }

    private void createRole(String str, Set<String> set) {
        RoleRepresentation roleRepresentation = new RoleRepresentation(str, (String) null, false);
        if (set != null) {
            roleRepresentation.setComposite(true);
            RoleRepresentation.Composites composites = new RoleRepresentation.Composites();
            composites.setRealm(set);
            roleRepresentation.setComposites(composites);
        }
        try {
            this.keycloak.realm(this.realm).roles().create(roleRepresentation);
        } catch (ClientErrorException e) {
            if (e.getResponse().getStatus() != Response.Status.CONFLICT.getStatusCode()) {
                throw ServiceException.serverError(MessageFormat.format("Unable to create role {0}", str));
            }
            LOG.warnv("Registration of role {0} failed because it already exists", str);
        } catch (Throwable th) {
            throw ServiceException.serverError(MessageFormat.format("Unable to create role {0}", str));
        }
    }

    @Override // io.hyperfoil.tools.horreum.svc.user.UserBackEnd
    public void deleteTeam(String str) {
        String teamPrefix = getTeamPrefix(str);
        for (String str2 : ROLE_TYPES) {
            try {
                this.keycloak.realm(this.realm).roles().deleteRole(teamPrefix + str2);
            } catch (NotFoundException e) {
                LOG.warnv("Role {0}{1} was not found when deleting it", teamPrefix, str2);
                throw ServiceException.notFound(MessageFormat.format("Team {0} not found", str));
            } catch (Throwable th) {
                LOG.warnv(th, "Unable to delete team {0}", str);
                throw ServiceException.serverError(MessageFormat.format("Unable to delete team {0}", str));
            }
        }
    }

    @Override // io.hyperfoil.tools.horreum.svc.user.UserBackEnd
    public List<UserService.UserData> administrators() {
        try {
            return this.keycloak.realm(this.realm).roles().get(Roles.ADMIN).getUserMembers(0, Integer.MAX_VALUE).stream().map(KeycloakUserBackend::toUserInfo).toList();
        } catch (Throwable th) {
            LOG.warnv(th, "Unable to list administrators", new Object[0]);
            throw ServiceException.serverError("Please verify with the System Administrators that you have the correct permissions");
        }
    }

    @Override // io.hyperfoil.tools.horreum.svc.user.UserBackEnd
    public void updateAdministrators(List<String> list) {
        try {
            UsersResource users = this.keycloak.realm(this.realm).users();
            RoleResource roleResource = this.keycloak.realm(this.realm).roles().get(Roles.ADMIN);
            RoleRepresentation representation = roleResource.toRepresentation();
            List<UserRepresentation> userMembers = roleResource.getUserMembers(0, Integer.MAX_VALUE);
            for (UserRepresentation userRepresentation : userMembers) {
                if (!list.contains(userRepresentation.getUsername())) {
                    try {
                        users.get(userRepresentation.getId()).roles().realmLevel().remove(List.of(representation));
                        LOG.infov("Removed administrator role from user {0}", userRepresentation.getUsername());
                    } catch (Throwable th) {
                        LOG.warnv("Could not remove admin role from user {0} due to {1}", userRepresentation.getUsername(), th.getMessage());
                    }
                }
            }
            for (String str : list) {
                if (userMembers.stream().noneMatch(userRepresentation2 -> {
                    return str.equals(userRepresentation2.getUsername());
                })) {
                    try {
                        users.get(findMatchingUserId(str)).roles().realmLevel().add(List.of(representation));
                        LOG.infov("Added administrator role to user {0}", str);
                    } catch (Throwable th2) {
                        LOG.warnv("Could not add admin role to user {0} due to {1}", str, th2.getMessage());
                    }
                }
            }
        } catch (ServiceException e) {
            throw e;
        } catch (Throwable th3) {
            LOG.warnv(th3, "Cannot fetch representation for admin role", new Object[0]);
            throw ServiceException.serverError("Cannot find admin role");
        }
    }
}
