package io.hyperfoil.tools.horreum.server;

import io.hyperfoil.tools.horreum.entity.user.Team;
import io.hyperfoil.tools.horreum.entity.user.TeamMembership;
import io.hyperfoil.tools.horreum.entity.user.TeamRole;
import io.hyperfoil.tools.horreum.entity.user.UserInfo;
import io.hyperfoil.tools.horreum.entity.user.UserRole;
import io.hyperfoil.tools.horreum.svc.Roles;
import io.quarkus.runtime.StartupEvent;
import jakarta.enterprise.context.ApplicationScoped;
import jakarta.enterprise.event.Observes;
import jakarta.inject.Inject;
import jakarta.transaction.Transactional;
import java.util.Iterator;
import java.util.List;
import java.util.Optional;
import org.eclipse.microprofile.config.inject.ConfigProperty;
import org.jboss.logging.Logger;
import org.keycloak.admin.client.Keycloak;
import org.keycloak.representations.idm.RoleRepresentation;
import org.keycloak.representations.idm.UserRepresentation;

@ApplicationScoped
/* loaded from: input_file:io/hyperfoil/tools/horreum/server/SecurityMigration.class */
public class SecurityMigration {
    private static final Logger LOGGER = Logger.getLogger("SecurityMigration");

    @ConfigProperty(name = "quarkus.keycloak.admin-client.server-url")
    Optional<String> keycloakURL;

    @ConfigProperty(name = "quarkus.keycloak.admin-client.realm", defaultValue = "horreum")
    String realm;

    @ConfigProperty(name = "horreum.roles.provider", defaultValue = "keycloak")
    String provider;
    private static final String MIGRATION_PROVIDER = "database";

    @Inject
    RoleManager roleManager;

    void onStart(@Observes StartupEvent startupEvent, Keycloak keycloak) {
        if (this.keycloakURL.isPresent() && performRolesMigration()) {
            LOGGER.info("Perform roles migration from keycloak...");
            for (UserRepresentation userRepresentation : keycloak.realm(this.realm).users().list(0, Integer.MAX_VALUE)) {
                performUserMigration(userRepresentation, keycloak.realm(this.realm).users().get(userRepresentation.getId()).roles().getAll().getRealmMappings());
            }
            LOGGER.info("Migration from keycloak complete");
        }
    }

    private boolean performRolesMigration() {
        boolean z;
        try {
            this.roleManager.setRoles(Roles.HORREUM_SYSTEM);
            if (MIGRATION_PROVIDER.equals(this.provider)) {
                if (TeamMembership.count() == 0) {
                    z = true;
                    return z;
                }
            }
            z = false;
            return z;
        } finally {
            this.roleManager.setRoles("");
        }
    }

    @Transactional
    void performUserMigration(UserRepresentation userRepresentation, List<RoleRepresentation> list) {
        LOGGER.infov("Migration of user {0} {1} with username {2}", userRepresentation.getFirstName(), userRepresentation.getLastName(), userRepresentation.getUsername());
        String roles = this.roleManager.setRoles(userRepresentation.getUsername());
        try {
            try {
                UserInfo userInfo = (UserInfo) UserInfo.findByIdOptional(userRepresentation.getUsername()).orElseGet(() -> {
                    return new UserInfo(userRepresentation.getUsername());
                });
                userInfo.email = userRepresentation.getEmail();
                userInfo.firstName = userRepresentation.getFirstName();
                userInfo.lastName = userRepresentation.getLastName();
                Iterator<RoleRepresentation> it = list.iterator();
                while (it.hasNext()) {
                    String name = it.next().getName();
                    if (name.endsWith("-viewer")) {
                        addTeamMembership(userInfo, name.substring(0, name.length() - 7), TeamRole.TEAM_VIEWER);
                    } else if (name.endsWith("-tester")) {
                        addTeamMembership(userInfo, name.substring(0, name.length() - 7), TeamRole.TEAM_TESTER);
                    } else if (name.endsWith("-uploader")) {
                        addTeamMembership(userInfo, name.substring(0, name.length() - 9), TeamRole.TEAM_UPLOADER);
                    } else if (name.endsWith("-manager")) {
                        addTeamMembership(userInfo, name.substring(0, name.length() - 8), TeamRole.TEAM_MANAGER);
                    } else if (Roles.ADMIN.equals(name)) {
                        userInfo.roles.add(UserRole.ADMIN);
                    } else {
                        LOGGER.infov("Dropping role {0} for user {1} {2}", name, userRepresentation.getFirstName(), userRepresentation.getLastName());
                    }
                }
                userInfo.persist();
                this.roleManager.setRoles(roles);
            } catch (Exception e) {
                LOGGER.warnv("Unable to perform migration for user {0} {1} due to {2}", userRepresentation.getFirstName(), userRepresentation.getLastName(), e.getMessage());
                this.roleManager.setRoles(roles);
            }
        } catch (Throwable th) {
            this.roleManager.setRoles(roles);
            throw th;
        }
    }

    private void addTeamMembership(UserInfo userInfo, String str, TeamRole teamRole) {
        userInfo.teams.add(new TeamMembership(userInfo, (Team) Team.find("teamName", new Object[]{str}).firstResultOptional().orElseGet(() -> {
            return (Team) Team.getEntityManager().merge(new Team(str));
        }), teamRole));
    }
}
