package com.sitewhere.microservice.user;

import com.sitewhere.microservice.lifecycle.LifecycleComponent;
import com.sitewhere.microservice.util.MarshalUtils;
import com.sitewhere.rest.model.search.Pager;
import com.sitewhere.rest.model.search.SearchResults;
import com.sitewhere.rest.model.user.GrantedAuthority;
import com.sitewhere.rest.model.user.Role;
import com.sitewhere.rest.model.user.User;
import com.sitewhere.spi.SiteWhereException;
import com.sitewhere.spi.microservice.instance.IInstanceSettings;
import com.sitewhere.spi.microservice.lifecycle.ILifecycleProgressMonitor;
import com.sitewhere.spi.microservice.lifecycle.LifecycleComponentType;
import com.sitewhere.spi.microservice.user.IUserManagement;
import com.sitewhere.spi.search.ISearchResults;
import com.sitewhere.spi.user.IGrantedAuthority;
import com.sitewhere.spi.user.IGrantedAuthoritySearchCriteria;
import com.sitewhere.spi.user.IRole;
import com.sitewhere.spi.user.IRoleSearchCriteria;
import com.sitewhere.spi.user.IUser;
import com.sitewhere.spi.user.IUserSearchCriteria;
import com.sitewhere.spi.user.request.IGrantedAuthorityCreateRequest;
import com.sitewhere.spi.user.request.IRoleCreateRequest;
import com.sitewhere.spi.user.request.IUserCreateRequest;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import javax.enterprise.context.ApplicationScoped;
import javax.ws.rs.ClientErrorException;
import javax.ws.rs.NotFoundException;
import javax.ws.rs.ProcessingException;
import javax.ws.rs.core.Response;
import org.keycloak.admin.client.Keycloak;
import org.keycloak.admin.client.KeycloakBuilder;
import org.keycloak.admin.client.resource.RealmResource;
import org.keycloak.admin.client.resource.ServerInfoResource;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.idm.CredentialRepresentation;
import org.keycloak.representations.idm.GroupRepresentation;
import org.keycloak.representations.idm.KeysMetadataRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.RoleRepresentation;
import org.keycloak.representations.idm.UserRepresentation;

@ApplicationScoped
/* loaded from: input_file:com/sitewhere/microservice/user/KeycloakUserManagement.class */
public class KeycloakUserManagement extends LifecycleComponent implements IUserManagement {
    private static final String CLIENT_ID_OPENID_CONNECT = "sitewhere-openid";
    private Keycloak keycloak;
    private String clientSecret;

    public KeycloakUserManagement() {
        super(LifecycleComponentType.DataStore);
    }

    protected String getServerUrl() {
        IInstanceSettings instanceSettings = getMicroservice().getInstanceSettings();
        return String.format("http://%s:%s/auth", instanceSettings.getKeycloakServiceName() + ".sitewhere-system", Integer.valueOf(instanceSettings.getKeycloakApiPort()));
    }

    @Override // com.sitewhere.microservice.lifecycle.LifecycleComponent, com.sitewhere.spi.microservice.lifecycle.ILifecycleComponent
    public void start(ILifecycleProgressMonitor iLifecycleProgressMonitor) throws SiteWhereException {
        IInstanceSettings instanceSettings = getMicroservice().getInstanceSettings();
        String serverUrl = getServerUrl();
        getLogger().info(String.format("Connecting to Keycloak API at '%s'.", serverUrl));
        this.keycloak = KeycloakBuilder.builder().serverUrl(serverUrl).realm(instanceSettings.getKeycloakMasterRealm()).username(instanceSettings.getKeycloakMasterUsername()).password(instanceSettings.getKeycloakMasterPassword()).clientId("admin-cli").build();
        boolean z = false;
        while (!z) {
            try {
                ServerInfoResource serverInfo = getKeycloak().serverInfo();
                if (serverInfo != null) {
                    getLogger().info(String.format("Keycloak API validated as version '%s'.", serverInfo.getInfo().getSystemInfo().getVersion()));
                    z = true;
                } else {
                    getLogger().info("Received null response to Keycloak server info request.");
                }
            } catch (ProcessingException e) {
                z = false;
            }
            if (!z) {
                try {
                    getLogger().info("Unable to connect to Keycloak. Waiting to retry...");
                    Thread.sleep(2000L);
                } catch (InterruptedException e2) {
                    getLogger().warn("Interrupted while waiting for Keycloak connection.");
                    return;
                }
            }
        }
        assureRealmExists();
        assureOpenIdClient();
    }

    protected void assureRealmExists() throws SiteWhereException {
        String keycloakRealm = getMicroservice().getInstanceSettings().getKeycloakRealm();
        try {
            getRealmResource().toRepresentation();
            getLogger().info(String.format("Realm for instance was found (%s).", keycloakRealm));
        } catch (NotFoundException e) {
            getLogger().info(String.format("Realm for instance was not found (%s). Creating...", keycloakRealm));
            try {
                RealmRepresentation realmRepresentation = new RealmRepresentation();
                realmRepresentation.setId(keycloakRealm);
                realmRepresentation.setRealm(keycloakRealm);
                realmRepresentation.setDisplayName("SiteWhere");
                realmRepresentation.setEnabled(true);
                getKeycloak().realms().create(realmRepresentation);
                getLogger().info(String.format("Successfully created realm for instance (%s).", keycloakRealm));
            } catch (ClientErrorException e2) {
                if (e2.getResponse().getStatus() == 409) {
                    getLogger().info(String.format("Realm for instance was found (%s).", keycloakRealm));
                }
            } catch (Exception e3) {
                throw new SiteWhereException(String.format("Unable to create realm for instance (%s).", keycloakRealm), e3);
            }
        }
    }

    protected void assureOpenIdClient() throws SiteWhereException {
        try {
            try {
                getLogger().info(String.format("OpenID Connect client was found (%s).", getRealmResource().clients().get(CLIENT_ID_OPENID_CONNECT).toRepresentation().getId()));
                this.clientSecret = getRealmResource().clients().get(CLIENT_ID_OPENID_CONNECT).getSecret().getValue();
            } catch (NotFoundException e) {
                getLogger().info(String.format("OpenID Connect client was not found (%s). Creating...", CLIENT_ID_OPENID_CONNECT));
                try {
                    ClientRepresentation clientRepresentation = new ClientRepresentation();
                    clientRepresentation.setId(CLIENT_ID_OPENID_CONNECT);
                    clientRepresentation.setName("OpenId Connect");
                    clientRepresentation.setStandardFlowEnabled(true);
                    clientRepresentation.setDirectAccessGrantsEnabled(true);
                    clientRepresentation.setProtocol("openid-connect");
                    clientRepresentation.setPublicClient(false);
                    clientRepresentation.setRedirectUris(Collections.singletonList("http://*"));
                    clientRepresentation.setSecret(getMicroservice().getInstanceSettings().getKeycloakOidcSecret());
                    clientRepresentation.setEnabled(true);
                    Response create = getRealmResource().clients().create(clientRepresentation);
                    if (create.getStatus() == 409) {
                        getLogger().info(String.format("Found existing OpenID Connect client (%s).", clientRepresentation.getId()));
                    } else {
                        if (create.getStatus() != 201) {
                            throw new SiteWhereException(create.getStatusInfo().getReasonPhrase());
                        }
                        getLogger().info(String.format("Created OpenID Connect client (%s).", clientRepresentation.getId()));
                    }
                    this.clientSecret = getRealmResource().clients().get(CLIENT_ID_OPENID_CONNECT).getSecret().getValue();
                } catch (Exception e2) {
                    throw new SiteWhereException(String.format("Unable to create realm for instance (%s).", CLIENT_ID_OPENID_CONNECT), e2);
                }
            }
        } catch (Throwable th) {
            this.clientSecret = getRealmResource().clients().get(CLIENT_ID_OPENID_CONNECT).getSecret().getValue();
            throw th;
        }
    }

    protected RealmResource getRealmResource() throws SiteWhereException {
        return getKeycloak().realm(getMicroservice().getInstanceSettings().getKeycloakRealm());
    }

    protected User convert(UserRepresentation userRepresentation, boolean z, boolean z2) throws SiteWhereException {
        User user = new User();
        user.setUsername(userRepresentation.getUsername());
        user.setFirstName(userRepresentation.getFirstName());
        user.setLastName(userRepresentation.getLastName());
        user.setEmail(userRepresentation.getEmail());
        user.setCreatedDate(new Date(userRepresentation.getCreatedTimestamp().longValue()));
        if (userRepresentation.getAttributes() != null) {
            user.setMetadata(new HashMap());
            for (String str : userRepresentation.getAttributes().keySet()) {
                List list = (List) userRepresentation.getAttributes().get(str);
                if (list.size() > 0) {
                    user.getMetadata().put(str, list.get(0));
                }
            }
        }
        if (z) {
            user.setRoles(new ArrayList());
            List groups = getRealmResource().users().get(userRepresentation.getId()).groups();
            if (groups != null) {
                Iterator it = groups.iterator();
                while (it.hasNext()) {
                    user.getRoles().add(convert((GroupRepresentation) it.next(), z2));
                }
            }
        }
        return user;
    }

    protected GrantedAuthority convert(RoleRepresentation roleRepresentation) {
        GrantedAuthority grantedAuthority = new GrantedAuthority();
        grantedAuthority.setAuthority(roleRepresentation.getName());
        grantedAuthority.setDescription(roleRepresentation.getDescription());
        return grantedAuthority;
    }

    protected Role convert(GroupRepresentation groupRepresentation, boolean z) throws SiteWhereException {
        Role role = new Role();
        role.setRole(groupRepresentation.getName());
        role.setDescription(groupRepresentation.getPath());
        if (z) {
            role.setAuthorities(new ArrayList());
            List listEffective = getRealmResource().groups().group(groupRepresentation.getId()).roles().realmLevel().listEffective();
            if (listEffective != null) {
                Iterator it = listEffective.iterator();
                while (it.hasNext()) {
                    role.getAuthorities().add(convert((RoleRepresentation) it.next()));
                }
            }
        }
        return role;
    }

    protected UserRepresentation createUserFromRequest(IUserCreateRequest iUserCreateRequest) {
        UserRepresentation userRepresentation = new UserRepresentation();
        userRepresentation.setUsername(iUserCreateRequest.getUsername());
        userRepresentation.setFirstName(iUserCreateRequest.getFirstName());
        userRepresentation.setLastName(iUserCreateRequest.getLastName());
        userRepresentation.setEmail(iUserCreateRequest.getEmail());
        userRepresentation.setEnabled(Boolean.valueOf(iUserCreateRequest.isEnabled()));
        if (iUserCreateRequest.getPassword() != null) {
            CredentialRepresentation credentialRepresentation = new CredentialRepresentation();
            credentialRepresentation.setType("password");
            credentialRepresentation.setValue(iUserCreateRequest.getPassword());
            userRepresentation.setCredentials(Arrays.asList(credentialRepresentation));
        }
        if (iUserCreateRequest.getMetadata() != null && iUserCreateRequest.getMetadata().size() > 0) {
            HashMap hashMap = new HashMap();
            for (String str : iUserCreateRequest.getMetadata().keySet()) {
                hashMap.put(str, Collections.singletonList((String) iUserCreateRequest.getMetadata().get(str)));
            }
            userRepresentation.setAttributes(hashMap);
        }
        return userRepresentation;
    }

    @Override // com.sitewhere.spi.microservice.user.IUserManagement
    public IUser createUser(IUserCreateRequest iUserCreateRequest) throws SiteWhereException {
        Response create = getRealmResource().users().create(createUserFromRequest(iUserCreateRequest));
        if (create.getStatus() != 201) {
            throw new SiteWhereException(create.getStatusInfo().getReasonPhrase());
        }
        UserRepresentation findSingleUserByUsername = findSingleUserByUsername(iUserCreateRequest.getUsername());
        if (findSingleUserByUsername != null && iUserCreateRequest.getRoles() != null) {
            Iterator it = iUserCreateRequest.getRoles().iterator();
            while (it.hasNext()) {
                GroupRepresentation findSingleGroupByName = findSingleGroupByName((String) it.next());
                if (findSingleGroupByName != null) {
                    getRealmResource().users().get(findSingleUserByUsername.getId()).joinGroup(findSingleGroupByName.getId());
                }
            }
        }
        return getUserByUsername(iUserCreateRequest.getUsername());
    }

    @Override // com.sitewhere.spi.microservice.user.IUserManagement
    public String getAccessToken(String str, String str2) throws SiteWhereException {
        return new String(MarshalUtils.marshalJson(Keycloak.getInstance(getServerUrl(), getMicroservice().getInstanceSettings().getKeycloakRealm(), str, str2, CLIENT_ID_OPENID_CONNECT, getClientSecret()).tokenManager().getAccessToken()));
    }

    @Override // com.sitewhere.spi.microservice.user.IUserManagement
    public String getPublicKey() throws SiteWhereException {
        for (KeysMetadataRepresentation.KeyMetadataRepresentation keyMetadataRepresentation : getRealmResource().keys().getKeyMetadata().getKeys()) {
            if (keyMetadataRepresentation.getType().equals("RSA")) {
                return keyMetadataRepresentation.getPublicKey();
            }
        }
        throw new SiteWhereException("No RSA public key found.");
    }

    @Override // com.sitewhere.spi.microservice.user.IUserManagement
    public IUser updateUser(String str, IUserCreateRequest iUserCreateRequest, boolean z) throws SiteWhereException {
        UserRepresentation findSingleUserByUsername = findSingleUserByUsername(str);
        if (findSingleUserByUsername == null) {
            throw new SiteWhereException(String.format("No user found for username: %s", str));
        }
        getRealmResource().users().get(findSingleUserByUsername.getId()).update(createUserFromRequest(iUserCreateRequest));
        return getUserByUsername(iUserCreateRequest.getUsername());
    }

    protected UserRepresentation findSingleUserByUsername(String str) throws SiteWhereException {
        List search = getRealmResource().users().search(str, true);
        if (search.size() > 1) {
            throw new SiteWhereException(String.format("Matched username: %s", ((UserRepresentation) search.get(0)).getUsername()));
        }
        if (search.size() == 0) {
            return null;
        }
        return (UserRepresentation) search.get(0);
    }

    @Override // com.sitewhere.spi.microservice.user.IUserManagement
    public IUser getUserByUsername(String str) throws SiteWhereException {
        UserRepresentation findSingleUserByUsername = findSingleUserByUsername(str);
        if (findSingleUserByUsername != null) {
            return convert(findSingleUserByUsername, true, true);
        }
        return null;
    }

    @Override // com.sitewhere.spi.microservice.user.IUserManagement
    public ISearchResults<IUser> listUsers(IUserSearchCriteria iUserSearchCriteria) throws SiteWhereException {
        List list = getRealmResource().users().list();
        Pager pager = new Pager(iUserSearchCriteria);
        Iterator it = list.iterator();
        while (it.hasNext()) {
            pager.process(convert((UserRepresentation) it.next(), true, false));
        }
        return new SearchResults(pager.getResults(), pager.getTotal());
    }

    @Override // com.sitewhere.spi.microservice.user.IUserManagement
    public IUser deleteUser(String str) throws SiteWhereException {
        UserRepresentation findSingleUserByUsername = findSingleUserByUsername(str);
        if (findSingleUserByUsername == null) {
            throw new SiteWhereException(String.format("No user found for username: %s", str));
        }
        Response delete = getRealmResource().users().delete(findSingleUserByUsername.getId());
        if (delete.getStatus() != 204) {
            throw new SiteWhereException(delete.getStatusInfo().getReasonPhrase());
        }
        return convert(findSingleUserByUsername, false, false);
    }

    @Override // com.sitewhere.spi.microservice.user.IUserManagement
    public IGrantedAuthority createGrantedAuthority(IGrantedAuthorityCreateRequest iGrantedAuthorityCreateRequest) throws SiteWhereException {
        RoleRepresentation roleRepresentation = new RoleRepresentation();
        roleRepresentation.setComposite(iGrantedAuthorityCreateRequest.isGroup());
        roleRepresentation.setName(iGrantedAuthorityCreateRequest.getAuthority());
        roleRepresentation.setDescription(iGrantedAuthorityCreateRequest.getDescription());
        getRealmResource().roles().create(roleRepresentation);
        RoleRepresentation keycloakRoleByName = getKeycloakRoleByName(iGrantedAuthorityCreateRequest.getAuthority());
        if (iGrantedAuthorityCreateRequest.getParent() != null) {
            try {
                getRealmResource().rolesById().addComposites(getKeycloakRoleByName(iGrantedAuthorityCreateRequest.getParent()).getId(), Collections.singletonList(keycloakRoleByName));
            } catch (NotFoundException e) {
                getLogger().warn(String.format("Unable to composite role to non-existent parent: %s", iGrantedAuthorityCreateRequest.getParent()));
            }
        }
        return convert(keycloakRoleByName);
    }

    protected RoleRepresentation getKeycloakRoleByName(String str) throws SiteWhereException {
        for (RoleRepresentation roleRepresentation : getRealmResource().roles().list()) {
            if (roleRepresentation.getName().equals(str)) {
                return roleRepresentation;
            }
        }
        return null;
    }

    @Override // com.sitewhere.spi.microservice.user.IUserManagement
    public IGrantedAuthority getGrantedAuthorityByName(String str) throws SiteWhereException {
        RoleRepresentation keycloakRoleByName = getKeycloakRoleByName(str);
        if (keycloakRoleByName == null) {
            return null;
        }
        return convert(keycloakRoleByName);
    }

    @Override // com.sitewhere.spi.microservice.user.IUserManagement
    public IGrantedAuthority updateGrantedAuthority(String str, IGrantedAuthorityCreateRequest iGrantedAuthorityCreateRequest) throws SiteWhereException {
        throw new SiteWhereException("Not implemented.");
    }

    @Override // com.sitewhere.spi.microservice.user.IUserManagement
    public ISearchResults<IGrantedAuthority> listGrantedAuthorities(IGrantedAuthoritySearchCriteria iGrantedAuthoritySearchCriteria) throws SiteWhereException {
        List list = getRealmResource().roles().list();
        Pager pager = new Pager(iGrantedAuthoritySearchCriteria);
        Iterator it = list.iterator();
        while (it.hasNext()) {
            pager.process(convert((RoleRepresentation) it.next()));
        }
        return new SearchResults(pager.getResults(), pager.getTotal());
    }

    @Override // com.sitewhere.spi.microservice.user.IUserManagement
    public void deleteGrantedAuthority(String str) throws SiteWhereException {
        getRealmResource().roles().deleteRole(str);
    }

    @Override // com.sitewhere.spi.microservice.user.IUserManagement
    public List<IRole> getRoles(String str) throws SiteWhereException {
        IUser userByUsername = getUserByUsername(str);
        if (userByUsername == null) {
            throw new SiteWhereException(String.format("User not found: %s", str));
        }
        return userByUsername.getRoles();
    }

    @Override // com.sitewhere.spi.microservice.user.IUserManagement
    public List<IRole> addRoles(String str, List<String> list) throws SiteWhereException {
        UserRepresentation findSingleUserByUsername = findSingleUserByUsername(str);
        if (findSingleUserByUsername == null) {
            throw new SiteWhereException(String.format("User not found: %s", str));
        }
        ArrayList arrayList = new ArrayList();
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            GroupRepresentation findSingleGroupByName = findSingleGroupByName(it.next());
            if (findSingleGroupByName != null) {
                getRealmResource().users().get(findSingleUserByUsername.getId()).joinGroup(findSingleGroupByName.getId());
                arrayList.add(convert(findSingleGroupByName, false));
            }
        }
        return arrayList;
    }

    @Override // com.sitewhere.spi.microservice.user.IUserManagement
    public List<IRole> removeRoles(String str, List<String> list) throws SiteWhereException {
        UserRepresentation findSingleUserByUsername = findSingleUserByUsername(str);
        if (findSingleUserByUsername == null) {
            throw new SiteWhereException(String.format("User not found: %s", str));
        }
        ArrayList arrayList = new ArrayList();
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            GroupRepresentation findSingleGroupByName = findSingleGroupByName(it.next());
            if (findSingleGroupByName != null) {
                getRealmResource().users().get(findSingleUserByUsername.getId()).joinGroup(findSingleGroupByName.getId());
                arrayList.add(convert(findSingleGroupByName, false));
            }
        }
        return arrayList;
    }

    @Override // com.sitewhere.spi.microservice.user.IUserManagement
    public IRole createRole(IRoleCreateRequest iRoleCreateRequest) throws SiteWhereException {
        GroupRepresentation groupRepresentation = new GroupRepresentation();
        groupRepresentation.setName(iRoleCreateRequest.getRole());
        Response add = getRealmResource().groups().add(groupRepresentation);
        if (add.getStatus() != 201) {
            throw new SiteWhereException(add.getStatusInfo().getReasonPhrase());
        }
        String path = add.getLocation().getPath();
        String substring = path.substring(path.lastIndexOf(47) + 1);
        ArrayList arrayList = new ArrayList();
        Iterator it = iRoleCreateRequest.getAuthorities().iterator();
        while (it.hasNext()) {
            arrayList.add(getRealmResource().roles().get((String) it.next()).toRepresentation());
        }
        getRealmResource().groups().group(substring).roles().realmLevel().add(arrayList);
        return getRoleByName(groupRepresentation.getName());
    }

    protected GroupRepresentation findSingleGroupByName(String str) throws SiteWhereException {
        List groups = getRealmResource().groups().groups(str, 0, 1);
        if (groups.size() > 1) {
            throw new SiteWhereException(String.format("Matched multiple groups for: %s", str));
        }
        if (groups.size() == 0) {
            return null;
        }
        return (GroupRepresentation) groups.get(0);
    }

    @Override // com.sitewhere.spi.microservice.user.IUserManagement
    public IRole getRoleByName(String str) throws SiteWhereException {
        GroupRepresentation findSingleGroupByName = findSingleGroupByName(str);
        if (findSingleGroupByName != null) {
            return convert(findSingleGroupByName, true);
        }
        return null;
    }

    @Override // com.sitewhere.spi.microservice.user.IUserManagement
    public IRole updateRole(String str, IRoleCreateRequest iRoleCreateRequest) throws SiteWhereException {
        throw new SiteWhereException("Not implemented.");
    }

    @Override // com.sitewhere.spi.microservice.user.IUserManagement
    public ISearchResults<IRole> listRoles(IRoleSearchCriteria iRoleSearchCriteria) throws SiteWhereException {
        List groups = getRealmResource().groups().groups();
        Pager pager = new Pager(iRoleSearchCriteria);
        Iterator it = groups.iterator();
        while (it.hasNext()) {
            pager.process(convert((GroupRepresentation) it.next(), false));
        }
        return new SearchResults(pager.getResults(), pager.getTotal());
    }

    @Override // com.sitewhere.spi.microservice.user.IUserManagement
    public void deleteRole(String str) throws SiteWhereException {
        GroupRepresentation findSingleGroupByName = findSingleGroupByName(str);
        if (findSingleGroupByName != null) {
            getRealmResource().groups().group(findSingleGroupByName.getId()).remove();
        }
    }

    protected Keycloak getKeycloak() {
        return this.keycloak;
    }

    protected String getClientSecret() {
        return this.clientSecret;
    }
}
