package cz.xtf.sso.api;

import cz.xtf.keystore.XTFKeyStore;
import cz.xtf.sso.api.entity.User;
import java.security.KeyManagementException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.function.Function;
import java.util.stream.Collectors;
import javax.net.ssl.SSLContext;
import org.apache.http.conn.ssl.TrustAllStrategy;
import org.apache.http.ssl.SSLContexts;
import org.keycloak.admin.client.Keycloak;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.idm.CredentialRepresentation;
import org.keycloak.representations.idm.ProtocolMapperRepresentation;
import org.keycloak.representations.idm.RoleRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:cz/xtf/sso/api/SsoRestApi.class */
public class SsoRestApi implements SsoApi {
    private static final Logger log = LoggerFactory.getLogger(SsoRestApi.class);
    private final String realmName;
    private final String authUrl;
    private Keycloak client;

    public static SsoRestApi get(String str, String str2) {
        return new SsoRestApi(str, str2);
    }

    private SsoRestApi(String str, String str2) {
        this.realmName = str2;
        this.authUrl = str;
        initClient();
    }

    public void initClient() {
        SSLContext sSLContext = null;
        if (this.authUrl.contains("https")) {
            try {
                sSLContext = SSLContexts.custom().loadTrustMaterial(new TrustAllStrategy()).build();
            } catch (KeyManagementException | KeyStoreException | NoSuchAlgorithmException e) {
                log.warn("Failed to create naive sslContext!");
            }
        }
        this.client = Keycloak.getInstance(this.authUrl, "master", "admin", "admin", "admin-cli", (String) null, sSLContext);
    }

    public <R> R withKeycloakClient(Function<Keycloak, R> function) {
        return function.apply(this.client);
    }

    public String getRealmName() {
        return this.realmName;
    }

    @Override // cz.xtf.sso.api.SsoApi
    public String createUser(String str, String str2, String str3, String str4, String str5, List<String> list) {
        if (str.equals("user")) {
            throw new UnsupportedOperationException("Dont't do that! (Sso rest api doesn't create user with username 'user' properly)");
        }
        CredentialRepresentation credentialRepresentation = new CredentialRepresentation();
        credentialRepresentation.setType(XTFKeyStore.SIGNER_PASSWORD);
        credentialRepresentation.setValue(str2);
        credentialRepresentation.setTemporary(false);
        UserRepresentation userRepresentation = new UserRepresentation();
        userRepresentation.setUsername(str);
        userRepresentation.setCredentials(Arrays.asList(credentialRepresentation));
        userRepresentation.setFirstName(str3);
        userRepresentation.setLastName(str4);
        userRepresentation.setEmail(str5);
        userRepresentation.setEnabled(true);
        this.client.realm(this.realmName).users().create(userRepresentation).close();
        String userId = getUserId(str);
        this.client.realm(this.realmName).users().get(userId).resetPassword(credentialRepresentation);
        if (list != null && list.size() > 0) {
            addRealmRolesToUser(userId, list);
        }
        return userId;
    }

    @Override // cz.xtf.sso.api.SsoApi
    public void createRole(String str) {
        RoleRepresentation roleRepresentation = new RoleRepresentation();
        roleRepresentation.setName(str);
        this.client.realm(this.realmName).roles().create(roleRepresentation);
    }

    @Override // cz.xtf.sso.api.SsoApi
    public String createOidcBearerClient(String str) {
        ClientRepresentation clientRepresentation = new ClientRepresentation();
        clientRepresentation.setName(str);
        clientRepresentation.setClientId(str);
        clientRepresentation.setProtocol(ProtocolType.OPENID_CONNECT.getLabel());
        clientRepresentation.setBearerOnly(true);
        clientRepresentation.setPublicClient(false);
        clientRepresentation.setEnabled(true);
        createClient(clientRepresentation);
        return getClientId(str);
    }

    @Override // cz.xtf.sso.api.SsoApi
    public String createOicdConfidentialClient(String str, String str2, List<String> list, String str3, String str4) {
        ClientRepresentation clientRepresentation = new ClientRepresentation();
        clientRepresentation.setName(str);
        clientRepresentation.setClientId(str);
        clientRepresentation.setProtocol(ProtocolType.OPENID_CONNECT.getLabel());
        clientRepresentation.setAdminUrl(str4);
        clientRepresentation.setRootUrl(str2);
        clientRepresentation.setBaseUrl(str3);
        clientRepresentation.setRedirectUris(list);
        clientRepresentation.setBearerOnly(false);
        clientRepresentation.setPublicClient(false);
        clientRepresentation.setEnabled(true);
        createClient(clientRepresentation);
        createClient(clientRepresentation);
        return getClientId(str);
    }

    @Override // cz.xtf.sso.api.SsoApi
    public String createInsecureSamlClient(String str, String str2, String str3, List<String> list) {
        HashMap hashMap = new HashMap();
        hashMap.put("saml.server.signature", "false");
        hashMap.put("saml.client.signature", "false");
        ClientRepresentation clientRepresentation = new ClientRepresentation();
        clientRepresentation.setName(str);
        clientRepresentation.setClientId(str);
        clientRepresentation.setProtocol(ProtocolType.SAML.getLabel());
        clientRepresentation.setEnabled(true);
        clientRepresentation.setAdminUrl(str2);
        clientRepresentation.setBaseUrl(str3);
        clientRepresentation.setRedirectUris(list);
        clientRepresentation.setAttributes(hashMap);
        createClient(clientRepresentation);
        return getClientId(str);
    }

    @Override // cz.xtf.sso.api.SsoApi
    public String createOidcPublicClient(String str, String str2, List<String> list, List<String> list2) {
        ClientRepresentation clientRepresentation = new ClientRepresentation();
        clientRepresentation.setName(str);
        clientRepresentation.setClientId(str);
        clientRepresentation.setProtocol(ProtocolType.OPENID_CONNECT.getLabel());
        clientRepresentation.setPublicClient(true);
        clientRepresentation.setEnabled(true);
        clientRepresentation.setRootUrl(str2);
        clientRepresentation.setRedirectUris(list);
        clientRepresentation.setWebOrigins(list2);
        createClient(clientRepresentation);
        return getClientId(str);
    }

    private void createClient(ClientRepresentation clientRepresentation) {
        this.client.realm(this.realmName).clients().create(clientRepresentation).close();
    }

    @Override // cz.xtf.sso.api.SsoApi
    public void addRealmRolesToUser(String str, List<String> list) {
        this.client.realm(this.realmName).users().get(str).roles().realmLevel().add((List) this.client.realm(this.realmName).users().get(str).roles().realmLevel().listAvailable().stream().filter(roleRepresentation -> {
            return list.contains(roleRepresentation.getName());
        }).collect(Collectors.toList()));
    }

    @Override // cz.xtf.sso.api.SsoApi
    public void addBultinMappersToSamlClient(String str) {
        ArrayList arrayList = new ArrayList();
        arrayList.add(getX500GivenNameMapper());
        arrayList.add(getX500SurnameMapper());
        arrayList.add(getX500EmailBuiltInMapper());
        this.client.realm(this.realmName).clients().get(str).getProtocolMappers().createMapper(arrayList);
    }

    @Override // cz.xtf.sso.api.SsoApi
    public String getUserId(String str) {
        return ((UserRepresentation) this.client.realm(this.realmName).users().search(str, 0, 1).get(0)).getId();
    }

    @Override // cz.xtf.sso.api.SsoApi
    public String getClientId(String str) {
        return ((ClientRepresentation) this.client.realm(this.realmName).clients().findAll().stream().filter(clientRepresentation -> {
            return clientRepresentation.getClientId().equals(str);
        }).findFirst().get()).getId();
    }

    @Override // cz.xtf.sso.api.SsoApi
    public String getRealmId() {
        return this.client.realm(this.realmName).toRepresentation().getId();
    }

    @Override // cz.xtf.sso.api.SsoApi
    public String getRealmPublicKey() {
        return this.client.realm(this.realmName).toRepresentation().getPublicKey();
    }

    @Override // cz.xtf.sso.api.SsoApi
    public String getOicdInstallationXmlFile(String str) {
        return this.client.realm(this.realmName).clients().get(str).getInstallationProvider(Provider.OIDC_JBOSS_XML_SUBSYSTEM.getProviderId());
    }

    @Override // cz.xtf.sso.api.SsoApi
    public String getSamlInstallationXmlFile(String str) {
        return this.client.realm(this.realmName).clients().get(str).getInstallationProvider(Provider.SAML_JBOSS_XML_SUBSYSTEM.getProviderId());
    }

    @Override // cz.xtf.sso.api.SsoApi
    public String getJsonInstallationFile(String str) {
        return this.client.realm(this.realmName).clients().get(str).getInstallationProvider(Provider.OIDC_KEYCLOAK_JSON.getProviderId());
    }

    @Override // cz.xtf.sso.api.SsoApi
    public void updateUserDetails(User user) {
        UserRepresentation representation = this.client.realm(this.realmName).users().get(user.id).toRepresentation();
        representation.setFirstName(user.firstName);
        representation.setLastName(user.lastName);
        representation.setEmail(user.email);
        this.client.realm(this.realmName).users().get(user.id).update(representation);
    }

    @Override // cz.xtf.sso.api.SsoApi
    public void deleteUser(String str) {
        this.client.realm(this.realmName).users().delete(str).close();
    }

    @Override // cz.xtf.sso.api.SsoApi
    public void forceNameIdFormat(String str) {
        ClientRepresentation representation = this.client.realm(this.realmName).clients().get(str).toRepresentation();
        representation.getAttributes().put("saml_force_name_id_format", "true");
        this.client.realm(this.realmName).clients().get(str).update(representation);
    }

    @Override // cz.xtf.sso.api.SsoApi
    public void updateClientRedirectUri(String str, List<String> list) {
        ClientRepresentation clientRepresentation = new ClientRepresentation();
        clientRepresentation.setRedirectUris(list);
        this.client.realm(this.realmName).clients().get(str).update(clientRepresentation);
    }

    private ProtocolMapperRepresentation getX500GivenNameMapper() {
        HashMap hashMap = new HashMap();
        hashMap.put("attribute.nameformat", "urn:oasis:names:tc:SAML:2.0:attrname-format:uri");
        hashMap.put("user.attribute", "firstName");
        hashMap.put("friendly.name", "givenName");
        hashMap.put("attribute.name", "urn:oid:2.5.4.42");
        ProtocolMapperRepresentation protocolMapperRepresentation = new ProtocolMapperRepresentation();
        protocolMapperRepresentation.setProtocol("saml");
        protocolMapperRepresentation.setName("X500 givenName");
        protocolMapperRepresentation.setProtocolMapper("saml-user-property-mapper");
        protocolMapperRepresentation.setConfig(hashMap);
        return protocolMapperRepresentation;
    }

    private ProtocolMapperRepresentation getX500SurnameMapper() {
        HashMap hashMap = new HashMap();
        hashMap.put("attribute.nameformat", "urn:oasis:names:tc:SAML:2.0:attrname-format:uri");
        hashMap.put("user.attribute", "lastName");
        hashMap.put("friendly.name", "surname");
        hashMap.put("attribute.name", "urn:oid:2.5.4.4");
        ProtocolMapperRepresentation protocolMapperRepresentation = new ProtocolMapperRepresentation();
        protocolMapperRepresentation.setProtocol("saml");
        protocolMapperRepresentation.setName("X500 surname");
        protocolMapperRepresentation.setProtocolMapper("saml-user-property-mapper");
        protocolMapperRepresentation.setConfig(hashMap);
        return protocolMapperRepresentation;
    }

    private ProtocolMapperRepresentation getX500EmailBuiltInMapper() {
        HashMap hashMap = new HashMap();
        hashMap.put("attribute.nameformat", "urn:oasis:names:tc:SAML:2.0:attrname-format:uri");
        hashMap.put("user.attribute", "email");
        hashMap.put("friendly.name", "email");
        hashMap.put("attribute.name", "urn:oid:1.2.840.113549.1.9.1");
        ProtocolMapperRepresentation protocolMapperRepresentation = new ProtocolMapperRepresentation();
        protocolMapperRepresentation.setProtocol("saml");
        protocolMapperRepresentation.setName("X500 email");
        protocolMapperRepresentation.setProtocolMapper("saml-user-property-mapper");
        protocolMapperRepresentation.setConfig(hashMap);
        return protocolMapperRepresentation;
    }
}
