package org.gcube.oidc.keycloak;

import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.TreeMap;
import javax.ws.rs.core.Response;
import org.jboss.resteasy.client.jaxrs.ResteasyClient;
import org.jboss.resteasy.client.jaxrs.ResteasyClientBuilder;
import org.keycloak.TokenVerifier;
import org.keycloak.admin.client.Keycloak;
import org.keycloak.admin.client.KeycloakBuilder;
import org.keycloak.admin.client.resource.ClientResource;
import org.keycloak.admin.client.resource.GroupResource;
import org.keycloak.admin.client.resource.PolicyResource;
import org.keycloak.admin.client.resource.RealmResource;
import org.keycloak.admin.client.resource.ResourceResource;
import org.keycloak.admin.client.resource.RoleResource;
import org.keycloak.admin.client.resource.RolesResource;
import org.keycloak.admin.client.resource.UserResource;
import org.keycloak.common.VerificationException;
import org.keycloak.jose.jwk.JSONWebKeySet;
import org.keycloak.jose.jwk.JWK;
import org.keycloak.jose.jwk.JWKParser;
import org.keycloak.representations.JsonWebToken;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.idm.GroupRepresentation;
import org.keycloak.representations.idm.RoleRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.representations.idm.authorization.DecisionStrategy;
import org.keycloak.representations.idm.authorization.Logic;
import org.keycloak.representations.idm.authorization.ResourcePermissionRepresentation;
import org.keycloak.representations.idm.authorization.ResourceRepresentation;
import org.keycloak.representations.idm.authorization.ResourceServerRepresentation;
import org.keycloak.representations.idm.authorization.RolePolicyRepresentation;
import org.keycloak.representations.idm.authorization.ScopeRepresentation;
import org.keycloak.util.JWKSUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/gcube/oidc/keycloak/KeycloakHelper.class */
public class KeycloakHelper {
    protected static Logger logger = LoggerFactory.getLogger(KeycloakHelper.class);
    private static Map<String, KeycloakHelper> instances = Collections.synchronizedMap(new TreeMap());
    private String serverUrl;
    private ResteasyClient resteasyClient = new ResteasyClientBuilder().build();

    private KeycloakHelper(String str) throws KeyManagementException, NoSuchAlgorithmException {
        this.serverUrl = str;
    }

    public static synchronized KeycloakHelper getInstance(String str) throws KeyManagementException, NoSuchAlgorithmException {
        if (!instances.containsKey(str)) {
            instances.put(str, new KeycloakHelper(str));
        }
        return instances.get(str);
    }

    public Keycloak newKeycloakAdmin(String str, String str2) throws UnsupportedEncodingException {
        return newKeycloak("master", str, str2, "admin-cli");
    }

    public Keycloak newKeycloak(String str, String str2, String str3, String str4) throws UnsupportedEncodingException {
        return KeycloakBuilder.builder().serverUrl(this.serverUrl).realm(str).username(str2).password(str3).clientId(URLEncoder.encode(str4, "UTF-8")).resteasyClient(this.resteasyClient).build();
    }

    public Keycloak newKeycloak(String str, String str2, String str3) throws UnsupportedEncodingException {
        return KeycloakBuilder.builder().serverUrl(this.serverUrl).realm(str).grantType("client_credentials").clientId(URLEncoder.encode(str2, "UTF-8")).clientSecret(str3).resteasyClient(this.resteasyClient).build();
    }

    public PublicKey getRealmSigPublicKey(String str) {
        return JWKParser.create(JWKSUtils.getKeyForUse((JSONWebKeySet) this.resteasyClient.target(this.serverUrl + "/realms/" + str + "/protocol/openid-connect/certs").request().get().readEntity(JSONWebKeySet.class), JWK.Use.SIG)).toPublicKey();
    }

    public UserResource findUser(RealmResource realmResource, String str) {
        List search = realmResource.users().search(str);
        if (search.size() > 0) {
            return realmResource.users().get(((UserRepresentation) search.get(0)).getId());
        }
        return null;
    }

    public void mapRoleTo(UserResource userResource, String str, RoleResource roleResource) {
        userResource.roles().clientLevel(str).add(Collections.singletonList(roleResource.toRepresentation()));
    }

    public void mapRoleTo(UserResource userResource, ClientResource clientResource, String str) {
        userResource.roles().clientLevel(clientResource.toRepresentation().getId()).add(Collections.singletonList(clientResource.roles().get(str).toRepresentation()));
    }

    public List<RoleRepresentation> getEffectiveClientRoles(RealmResource realmResource, UserResource userResource, String str) {
        return userResource.roles().clientLevel(((ClientRepresentation) realmResource.clients().findByClientId(str).get(0)).getId()).listEffective();
    }

    public ClientResource addClient(RealmResource realmResource, String str, String str2, String str3, String str4) throws KeycloakResourceCreationException, UnsupportedEncodingException {
        String encode = URLEncoder.encode(str, "UTF-8");
        if (realmResource.clients().findByClientId(encode).size() > 0) {
            throw new KeycloakResourceCreationException("Client with same clientId already exists: " + encode, null);
        }
        ClientRepresentation clientRepresentation = new ClientRepresentation();
        clientRepresentation.setClientId(encode);
        clientRepresentation.setName(str2);
        clientRepresentation.setDescription(str3);
        if (str4 != null) {
            clientRepresentation.setRootUrl(str4);
        }
        clientRepresentation.setEnabled(true);
        clientRepresentation.setServiceAccountsEnabled(true);
        clientRepresentation.setStandardFlowEnabled(true);
        clientRepresentation.setAuthorizationServicesEnabled(true);
        clientRepresentation.setPublicClient(false);
        clientRepresentation.setProtocol("openid-connect");
        clientRepresentation.setAuthorizationSettings(new ResourceServerRepresentation());
        clientRepresentation.setFullScopeAllowed(Boolean.FALSE);
        Response create = realmResource.clients().create(clientRepresentation);
        Throwable th = null;
        try {
            try {
                if (!create.getStatusInfo().equals(Response.Status.CREATED)) {
                    throw new KeycloakResourceCreationException("While creating new client: " + str, create);
                }
                if (create != null) {
                    if (0 != 0) {
                        try {
                            create.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        create.close();
                    }
                }
                return realmResource.clients().get(((ClientRepresentation) realmResource.clients().findByClientId(encode).get(0)).getId());
            } finally {
            }
        } catch (Throwable th3) {
            if (create != null) {
                if (th != null) {
                    try {
                        create.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    create.close();
                }
            }
            throw th3;
        }
    }

    public ClientResource addPublicClient(RealmResource realmResource, String str, String str2, String str3, String str4, String str5) throws KeycloakResourceCreationException, UnsupportedEncodingException {
        String encode = URLEncoder.encode(str, "UTF-8");
        if (realmResource.clients().findByClientId(encode).size() > 0) {
            throw new KeycloakResourceCreationException("Client with same clientId already exists: " + encode, null);
        }
        ClientRepresentation clientRepresentation = new ClientRepresentation();
        clientRepresentation.setClientId(encode);
        clientRepresentation.setName(str2);
        clientRepresentation.setDescription(str3);
        if (str4 != null) {
            clientRepresentation.setRootUrl(str4);
        }
        clientRepresentation.setEnabled(true);
        clientRepresentation.setServiceAccountsEnabled(true);
        clientRepresentation.setStandardFlowEnabled(true);
        clientRepresentation.setAuthorizationServicesEnabled(true);
        clientRepresentation.setPublicClient(true);
        clientRepresentation.setProtocol("openid-connect");
        if (str5 != null) {
            clientRepresentation.getAttributes().put("login_theme", str5);
        }
        clientRepresentation.setAuthorizationSettings(new ResourceServerRepresentation());
        Response create = realmResource.clients().create(clientRepresentation);
        Throwable th = null;
        try {
            try {
                if (!create.getStatusInfo().equals(Response.Status.CREATED)) {
                    throw new KeycloakResourceCreationException("While creating new public client: " + str, create);
                }
                if (create != null) {
                    if (0 != 0) {
                        try {
                            create.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        create.close();
                    }
                }
                return realmResource.clients().get(((ClientRepresentation) realmResource.clients().findByClientId(encode).get(0)).getId());
            } finally {
            }
        } catch (Throwable th3) {
            if (create != null) {
                if (th != null) {
                    try {
                        create.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    create.close();
                }
            }
            throw th3;
        }
    }

    public ClientResource findClient(RealmResource realmResource, String str) throws UnsupportedEncodingException {
        List findByClientId = realmResource.clients().findByClientId(URLEncoder.encode(str, "UTF-8"));
        if (findByClientId == null || findByClientId.size() != 1) {
            return null;
        }
        return realmResource.clients().get(((ClientRepresentation) findByClientId.get(0)).getId());
    }

    public void removeClient(RealmResource realmResource, String str) throws UnsupportedEncodingException {
        List findByClientId = realmResource.clients().findByClientId(URLEncoder.encode(str, "UTF-8"));
        if (findByClientId == null || findByClientId.isEmpty()) {
            return;
        }
        Iterator it = findByClientId.iterator();
        while (it.hasNext()) {
            realmResource.clients().get(((ClientRepresentation) it.next()).getId()).remove();
        }
    }

    public GroupResource findGroupByPath(RealmResource realmResource, String str) throws UnsupportedEncodingException {
        GroupRepresentation groupByPath = realmResource.getGroupByPath(str);
        if (groupByPath != null) {
            return realmResource.groups().group(groupByPath.getId());
        }
        return null;
    }

    public void mapGroupToCLientRole(GroupResource groupResource, ClientResource clientResource, String str) {
        mapGroupToCLientRole(groupResource, clientResource, clientResource.roles().get(str));
    }

    public void mapGroupToCLientRole(GroupResource groupResource, ClientResource clientResource, RoleResource roleResource) {
        groupResource.roles().clientLevel(clientResource.toRepresentation().getId()).add(Collections.singletonList(roleResource.toRepresentation()));
    }

    public RoleResource addRole(ClientResource clientResource, boolean z, String str, String str2, String str3, String str4) {
        RolesResource roles = clientResource.roles();
        RoleRepresentation roleRepresentation = new RoleRepresentation();
        roleRepresentation.setClientRole(Boolean.valueOf(z));
        roleRepresentation.setId(str);
        roleRepresentation.setName(str2);
        roleRepresentation.setDescription(str3);
        if (str4 != null) {
            roleRepresentation.setContainerId(str4);
        }
        roles.create(roleRepresentation);
        return roles.get(str2);
    }

    public ResourceResource addResource(ClientResource clientResource, String str, String str2, String str3, boolean z, Set<ScopeRepresentation> set, Set<String> set2) throws KeycloakResourceCreationException {
        ResourceRepresentation resourceRepresentation = new ResourceRepresentation();
        resourceRepresentation.setName(str);
        resourceRepresentation.setType(str2);
        resourceRepresentation.setDisplayName(str3);
        if (set != null && !set.isEmpty()) {
            resourceRepresentation.setScopes(set);
        }
        if (set2 != null && !set2.isEmpty()) {
            resourceRepresentation.setUris(set2);
        }
        Response create = clientResource.authorization().resources().create(resourceRepresentation);
        Throwable th = null;
        try {
            if (!create.getStatusInfo().equals(Response.Status.CREATED)) {
                throw new KeycloakResourceCreationException("While creating new client resource: " + str, create);
            }
            ResourceResource resource = clientResource.authorization().resources().resource(((ResourceRepresentation) clientResource.authorization().resources().findByName(str).get(0)).getId());
            if (create != null) {
                if (0 != 0) {
                    try {
                        create.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                } else {
                    create.close();
                }
            }
            return resource;
        } catch (Throwable th3) {
            if (create != null) {
                if (0 != 0) {
                    try {
                        create.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    create.close();
                }
            }
            throw th3;
        }
    }

    public PolicyResource addRoleResourcePolicy(ClientResource clientResource, Set<String> set, Set<String> set2, String str, Logic logic, Map<String, Set<String>> map) throws KeycloakResourceCreationException {
        RolePolicyRepresentation rolePolicyRepresentation = new RolePolicyRepresentation();
        rolePolicyRepresentation.setName(str);
        rolePolicyRepresentation.setLogic(logic);
        rolePolicyRepresentation.setResources(set);
        if (set2 != null && !set2.isEmpty()) {
            rolePolicyRepresentation.setScopes(set2);
        }
        map.keySet().stream().forEach(str2 -> {
            ((Set) map.get(str2)).stream().forEach(str2 -> {
                rolePolicyRepresentation.addClientRole(str2, str2, true);
            });
        });
        Response create = clientResource.authorization().policies().role().create(rolePolicyRepresentation);
        Throwable th = null;
        try {
            if (!create.getStatusInfo().equals(Response.Status.CREATED)) {
                throw new KeycloakResourceCreationException("While creating client's role resource policy", create);
            }
            PolicyResource policy = clientResource.authorization().policies().policy(clientResource.authorization().policies().role().findByName(str).getId());
            if (create != null) {
                if (0 != 0) {
                    try {
                        create.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                } else {
                    create.close();
                }
            }
            return policy;
        } catch (Throwable th3) {
            if (create != null) {
                if (0 != 0) {
                    try {
                        create.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    create.close();
                }
            }
            throw th3;
        }
    }

    public ResourcePermissionRepresentation addResourcePermission(ClientResource clientResource, Set<String> set, String str, DecisionStrategy decisionStrategy, Set<String> set2) throws KeycloakResourceCreationException {
        ResourcePermissionRepresentation resourcePermissionRepresentation = new ResourcePermissionRepresentation();
        resourcePermissionRepresentation.setName(str);
        resourcePermissionRepresentation.setResources(set);
        resourcePermissionRepresentation.setDecisionStrategy(decisionStrategy);
        resourcePermissionRepresentation.setPolicies(set2);
        Response create = clientResource.authorization().permissions().resource().create(resourcePermissionRepresentation);
        Throwable th = null;
        try {
            if (!create.getStatusInfo().equals(Response.Status.CREATED)) {
                throw new KeycloakResourceCreationException("While creating client's resource permission", create);
            }
            ResourcePermissionRepresentation findByName = clientResource.authorization().permissions().resource().findByName(str);
            if (create != null) {
                if (0 != 0) {
                    try {
                        create.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                } else {
                    create.close();
                }
            }
            return findByName;
        } catch (Throwable th3) {
            if (create != null) {
                if (0 != 0) {
                    try {
                        create.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    create.close();
                }
            }
            throw th3;
        }
    }

    public <T extends JsonWebToken> T verifyAndGetToken(Class<T> cls, String str, PublicKey publicKey) throws VerificationException {
        return (T) TokenVerifier.create(str, cls).publicKey(publicKey).verify().getToken();
    }
}
