package org.gcube.oidc.keycloak.d4science;

import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.UnsupportedEncodingException;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.xml.parsers.ParserConfigurationException;
import org.apache.commons.io.IOUtils;
import org.gcube.oidc.D4ScienceMappings;
import org.gcube.oidc.keycloak.KeycloakHelper;
import org.gcube.oidc.keycloak.KeycloakResourceCreationException;
import org.keycloak.admin.client.Keycloak;
import org.keycloak.admin.client.resource.ClientResource;
import org.keycloak.admin.client.resource.RealmResource;
import org.keycloak.admin.client.resource.RoleResource;
import org.keycloak.admin.client.resource.UserResource;
import org.keycloak.representations.idm.RoleRepresentation;
import org.keycloak.representations.idm.authorization.DecisionStrategy;
import org.keycloak.representations.idm.authorization.Logic;
import org.keycloak.representations.idm.authorization.ResourceRepresentation;
import org.keycloak.representations.idm.authorization.ScopeRepresentation;
import org.xml.sax.SAXException;

/* loaded from: input_file:org/gcube/oidc/keycloak/d4science/ClientsCreatorFromExport.class */
public class ClientsCreatorFromExport {
    private static final boolean DELETE_CLIENTS = false;
    private static final boolean CREATE_CLIENTS = false;
    private static final boolean MAP_ROLES = true;
    private static final boolean DL_AVATARS = false;
    private static final boolean SHOW_STATS = true;
    private KeycloakHelper kh;
    private Keycloak keycloak;
    private ExportParser exportParser;
    private String realm;

    public ClientsCreatorFromExport(String str, String str2, String str3, String str4, FileInputStream fileInputStream) throws SAXException, IOException, ParserConfigurationException, KeyManagementException, NoSuchAlgorithmException {
        this.exportParser = new ExportParser(fileInputStream);
        this.kh = KeycloakHelper.getInstance(str);
        this.keycloak = this.kh.newKeycloakAdmin(str2, str3);
        this.realm = str4;
    }

    public void createClients() throws KeycloakResourceCreationException, UnsupportedEncodingException {
        RealmResource realm = this.keycloak.realm(this.realm);
        for (String str : getExportParser().getAllContexts()) {
            System.out.println("adding client: " + str);
            ClientResource addClient = this.kh.addClient(realm, str, str, str + "'s context", "");
            HashMap hashMap = new HashMap();
            for (D4ScienceMappings.Role role : D4ScienceMappings.Role.values()) {
                System.out.println("\tcreating role: " + role);
                hashMap.put(role, this.kh.addRole(addClient, true, role.asString(), role.asString(), role.asString() + " role", null));
            }
            HashMap hashMap2 = new HashMap();
            for (D4ScienceMappings.Scope scope : D4ScienceMappings.Scope.values()) {
                hashMap2.put(scope, new ScopeRepresentation(scope.asString()));
            }
            HashSet hashSet = new HashSet(hashMap2.values());
            String[] clientResources = getClientResources(str);
            if (clientResources.length > 0) {
                for (String str2 : clientResources) {
                    System.out.println("\t\tadding resource: " + str2);
                    configureClientResource(addClient, hashMap, this.kh.addResource(addClient, str2, "urn:" + addClient.toRepresentation().getClientId() + ":resources:service", str2, false, hashSet, null).toRepresentation());
                }
            } else {
                configureClientResource(addClient, hashMap, (ResourceRepresentation) addClient.authorization().resources().resources().get(0));
            }
            String substring = str.substring(1);
            System.out.println("\tMapping '" + substring + "' LDAP group to client's 'Member' role");
            this.kh.mapGroupToCLientRole(this.kh.findGroupByPath(realm, substring), addClient, hashMap.get(D4ScienceMappings.Role.MEMBER));
        }
    }

    private String[] getClientResources(String str) {
        return new String[0];
    }

    private D4ScienceMappings.Role[] getInvolvedRoles(String str) {
        return D4ScienceMappings.Role.values();
    }

    private Set<String> getRoleResourceScopes(String str, D4ScienceMappings.Role role) {
        return Collections.emptySet();
    }

    protected void configureClientResource(ClientResource clientResource, Map<D4ScienceMappings.Role, RoleResource> map, ResourceRepresentation resourceRepresentation) throws KeycloakResourceCreationException {
        String name = resourceRepresentation.getName();
        HashSet hashSet = new HashSet();
        for (D4ScienceMappings.Role role : getInvolvedRoles(name)) {
            HashMap hashMap = new HashMap();
            hashMap.put(clientResource.toRepresentation().getClientId(), Collections.singleton(map.get(role).toRepresentation().getName()));
            System.out.println("\t\t\tadding role resource policy for role: " + role);
            hashSet.add(this.kh.addRoleResourcePolicy(clientResource, Collections.singleton(name), getRoleResourceScopes(name, role), role.asString() + "_policy", Logic.POSITIVE, hashMap).toRepresentation().getName());
        }
        System.out.println("\t\t\tdeleting default js policy that is no more needed");
        clientResource.authorization().policies().policy(clientResource.authorization().policies().findByName("Default Policy").getId()).remove();
        System.out.println("\t\t\tcreating new permission for role policies with affirmative strategy");
        this.kh.addResourcePermission(clientResource, Collections.singleton(name), "Default Permission", DecisionStrategy.AFFIRMATIVE, hashSet);
        System.out.println("\t\t\tupdating the default permission on server");
    }

    public void deleteClients() {
        RealmResource realm = this.keycloak.realm(this.realm);
        for (String str : getExportParser().getAllContexts()) {
            System.out.println("- deleting: " + str);
            try {
                this.kh.removeClient(realm, str);
            } catch (UnsupportedEncodingException e) {
                e.printStackTrace();
            }
        }
    }

    public void mapUsersWithRolesToClients() throws UnsupportedEncodingException {
        RealmResource realm = this.keycloak.realm(this.realm);
        Map<String, Map<String, Set<String>>> allUserContextsAndRoles = getExportParser().getAllUserContextsAndRoles();
        for (String str : allUserContextsAndRoles.keySet()) {
            System.out.println("- user: " + str);
            UserResource findUser = this.kh.findUser(realm, str);
            if (findUser != null) {
                Map<String, Set<String>> map = allUserContextsAndRoles.get(str);
                for (String str2 : map.keySet()) {
                    System.out.println("\tcontext: " + str2);
                    ClientResource findClient = this.kh.findClient(realm, str2);
                    if (findClient != null) {
                        List<RoleRepresentation> listAll = findUser.roles().clientLevel(findClient.toRepresentation().getId()).listAll();
                        RoleRepresentation roleRepresentation = null;
                        for (RoleRepresentation roleRepresentation2 : listAll) {
                            if (roleRepresentation2.getName().equals(D4ScienceMappings.Role.MEMBER.asString())) {
                                roleRepresentation = roleRepresentation2;
                            }
                        }
                        listAll.remove(roleRepresentation);
                        if (listAll.size() > 0) {
                            System.out.println("\t\tremoving old roles [" + listAll + "]");
                            findUser.roles().clientLevel(findClient.toRepresentation().getId()).remove(listAll);
                        }
                        for (String str3 : map.get(str2)) {
                            System.out.println("\t\tmapping role: " + str3);
                            if (D4ScienceMappings.Role.exists(str3)) {
                                this.kh.mapRoleTo(findUser, findClient, str3);
                            } else {
                                System.err.println("Found not standard role: " + str3);
                            }
                        }
                    } else {
                        System.err.println("Client not found on keycloak: " + str2);
                    }
                }
            } else {
                System.err.println("User not found on keycloak: " + str);
            }
            System.out.println();
        }
    }

    public void saveAvatarsLocally(String str, String str2) {
        try {
            URL url = new URL(str);
            Map<String, String> allUsersAndAvatars = getExportParser().getAllUsersAndAvatars();
            File file = str2 != null ? new File(str2) : new File(".");
            if (!file.exists()) {
                System.out.println("- Creating destination folder: " + file.getAbsolutePath());
                file.mkdir();
            } else if (!file.isDirectory()) {
                System.err.println("Provided destination is not a folder: " + file.getAbsolutePath());
            }
            for (String str3 : allUsersAndAvatars.keySet()) {
                String str4 = allUsersAndAvatars.get(str3);
                if (str4 != null) {
                    System.out.println("- Saving avatar of user: " + str3);
                    try {
                        InputStream openStream = new URL(url, str4).openStream();
                        File file2 = new File(str2, str3);
                        FileOutputStream fileOutputStream = new FileOutputStream(file2);
                        IOUtils.copy(openStream, fileOutputStream);
                        fileOutputStream.close();
                        if (file2.exists() && file2.length() == 0) {
                            System.out.println(" -- Deleting zero bytes length avatar for user: " + str3);
                            file2.delete();
                        }
                    } catch (IOException e) {
                        e.printStackTrace();
                    }
                } else {
                    System.out.println("--- Avatar URL not provided for user: " + str3);
                }
            }
        } catch (MalformedURLException e2) {
            System.err.println("Bad avatar base URL provided: " + e2.getMessage());
        }
    }

    public ExportParser getExportParser() {
        return this.exportParser;
    }

    public static void main(String[] strArr) throws Exception {
        if (strArr.length < 5) {
            System.err.println("Missing params.\n\nUsage: " + ClientsCreatorFromExport.class.getName() + " [keycloak_serverURL] [username] [password] [realm] [export_file] [[avatar_base_url] [avatar_export_folder]]");
            return;
        }
        String str = strArr[0];
        String str2 = strArr[1];
        String str3 = strArr[2];
        String str4 = strArr[3];
        try {
            FileInputStream fileInputStream = new FileInputStream(strArr[4]);
            if (strArr.length > 5) {
                String str5 = strArr[5];
            }
            if (strArr.length == 7) {
                String str6 = strArr[6];
            }
            ClientsCreatorFromExport clientsCreatorFromExport = new ClientsCreatorFromExport(str, str2, str3, str4, fileInputStream);
            Date date = new Date();
            System.out.println("Start at " + date);
            System.out.println("\n\n * * * Mapping users to client's roles * * *");
            clientsCreatorFromExport.mapUsersWithRolesToClients();
            System.out.println("[lap seconds: " + (new Long(new Date().getTime() - date.getTime()).floatValue() / 1000.0f) + "]");
            System.out.println("Total elapsed seconds: " + (new Long(new Date().getTime() - date.getTime()).floatValue() / 1000.0f));
            System.out.println("\nClients: " + clientsCreatorFromExport.getExportParser().getAllContexts().size());
            System.out.println("Users: " + clientsCreatorFromExport.getExportParser().getAllUsersAndAvatars().size());
            Map<String, Map<String, Set<String>>> allUserContextsAndRoles = clientsCreatorFromExport.getExportParser().getAllUserContextsAndRoles();
            float f = 0.0f;
            Iterator<String> it = allUserContextsAndRoles.keySet().iterator();
            while (it.hasNext()) {
                while (allUserContextsAndRoles.get(it.next()).keySet().iterator().hasNext()) {
                    f += allUserContextsAndRoles.get(r0).get(r0.next()).size() + 1;
                }
            }
            System.out.println("Roles per user: " + (f / clientsCreatorFromExport.getExportParser().getAllUsersAndAvatars().size()));
        } catch (FileNotFoundException e) {
            System.err.println("Export file not found: " + strArr[4]);
        }
    }
}
