package net.bluemind.cli.authentication;

import com.github.freva.asciitable.AsciiTable;
import com.github.freva.asciitable.Column;
import com.github.freva.asciitable.HorizontalAlign;
import java.time.Duration;
import java.util.Arrays;
import java.util.Collections;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
import java.util.stream.Collectors;
import net.bluemind.cli.cmd.api.CliContext;
import net.bluemind.cli.cmd.api.ICmdLet;
import net.bluemind.cli.cmd.api.ICmdLetRegistration;
import net.bluemind.cli.utils.CliUtils;
import net.bluemind.core.api.auth.AuthDomainProperties;
import net.bluemind.core.api.auth.AuthTypes;
import net.bluemind.core.container.model.ItemValue;
import net.bluemind.core.utils.JsonUtils;
import net.bluemind.domain.api.Domain;
import net.bluemind.domain.api.DomainSettingsKeys;
import net.bluemind.domain.api.IDomainSettings;
import net.bluemind.domain.api.IDomains;
import net.bluemind.keycloak.api.BluemindProviderComponent;
import net.bluemind.keycloak.api.IKeycloakAdmin;
import net.bluemind.keycloak.api.IKeycloakBluemindProviderAdmin;
import net.bluemind.keycloak.api.IKeycloakClientAdmin;
import net.bluemind.keycloak.api.IKeycloakUids;
import net.bluemind.keycloak.api.OidcClient;
import net.bluemind.keycloak.api.Realm;
import picocli.CommandLine;

@CommandLine.Command(name = "get-conf", description = {"Get domain authentication configurations"})
/* loaded from: input_file:net/bluemind/cli/authentication/GetAuthConfCommand.class */
public class GetAuthConfCommand implements ICmdLet, Runnable {
    private CliContext ctx;
    private CliUtils cliUtils;

    @CommandLine.Option(names = {"--json"}, required = false, defaultValue = "false", description = {"Display authentication configuration using Json format", "Table format otherwise"})
    public boolean json;

    @CommandLine.Option(required = false, names = {"--domain"}, description = {"Get authentication configuration from this domain UID or alias"})
    public String domain;
    private static volatile /* synthetic */ int[] $SWITCH_TABLE$net$bluemind$core$api$auth$AuthTypes;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:net/bluemind/cli/authentication/GetAuthConfCommand$AuthSettings.class */
    public static class AuthSettings {
        public final String domainUid;
        public final String authType;
        public final Map<String, String> properties;

        public AuthSettings(String str, String str2, Map<String, String> map) {
            this.domainUid = str;
            this.authType = str2;
            this.properties = map;
        }

        public static AuthSettings invalid(String str, String str2) {
            return new AuthSettings(str, "INVALID", Map.of("Error", str2));
        }

        public static AuthSettings internal(boolean z, String str, Realm realm, BluemindProviderComponent bluemindProviderComponent, OidcClient oidcClient) {
            return new AuthSettings(str, AuthTypes.INTERNAL.name(), realmProperties(z, realm, bluemindProviderComponent, oidcClient));
        }

        public static AuthSettings kerberos(boolean z, String str, Realm realm) {
            return new AuthSettings(str, AuthTypes.KERBEROS.name(), realmProperties(z, realm, null, null));
        }

        private static Map<String, String> realmProperties(boolean z, Realm realm, BluemindProviderComponent bluemindProviderComponent, OidcClient oidcClient) {
            LinkedHashMap linkedHashMap = new LinkedHashMap();
            if (realm == null) {
                linkedHashMap.put("realmStatus", "realm not found!");
            } else {
                linkedHashMap.put("id", realm.id);
                linkedHashMap.put("realm", realm.realm);
                linkedHashMap.put("enabled", Boolean.toString(realm.enabled));
                linkedHashMap.put("accessCodeLifespanLogin", z ? String.valueOf(realm.accessCodeLifespanLogin) : secondsToString(realm.accessCodeLifespanLogin));
                linkedHashMap.put("accessTokenLifespan", z ? String.valueOf(realm.accessTokenLifespan) : secondsToString(realm.accessTokenLifespan));
                linkedHashMap.put("ssoSessionMaxLifespan", z ? String.valueOf(realm.ssoSessionMaxLifespan) : secondsToString(realm.ssoSessionMaxLifespan));
                linkedHashMap.put("ssoSessionIdleTimeout", z ? String.valueOf(realm.ssoSessionIdleTimeout) : secondsToString(realm.ssoSessionIdleTimeout));
            }
            if (bluemindProviderComponent == null) {
                linkedHashMap.put("componentStatus", "Keycloak BlueMind component not found!");
            } else {
                linkedHashMap.put("componentName", bluemindProviderComponent.name);
                linkedHashMap.put("componentBmUrl", bluemindProviderComponent.bmUrl);
                linkedHashMap.put("componentBmDomain", bluemindProviderComponent.bmDomain);
            }
            if (oidcClient == null) {
                linkedHashMap.put("clientStatus", "Keycloak BlueMind client not found!");
            } else {
                linkedHashMap.put("clientId", oidcClient.id);
                linkedHashMap.put("clientSecret", oidcClient.secret);
            }
            return linkedHashMap;
        }

        private static String secondsToString(long j) {
            String str;
            Duration ofSeconds = Duration.ofSeconds(j);
            str = "";
            str = ofSeconds.toDaysPart() > 0 ? str + ofSeconds.toDaysPart() + " days " : "";
            if (ofSeconds.toHoursPart() > 0) {
                str = str + ofSeconds.toHoursPart() + " hours ";
            }
            if (ofSeconds.toMinutesPart() > 0) {
                str = str + ofSeconds.toMinutesPart() + " minutes";
            }
            return str;
        }
    }

    /* loaded from: input_file:net/bluemind/cli/authentication/GetAuthConfCommand$Reg.class */
    public static class Reg implements ICmdLetRegistration {
        public Optional<String> group() {
            return Optional.of("auth");
        }

        public Class<? extends ICmdLet> commandClass() {
            return GetAuthConfCommand.class;
        }
    }

    @Override // java.lang.Runnable
    public void run() {
        IDomains iDomains = (IDomains) this.ctx.adminApi().instance(IDomains.class, new String[0]);
        Optional ofNullable = Optional.ofNullable(this.domain);
        CliUtils cliUtils = this.cliUtils;
        cliUtils.getClass();
        Optional map = ofNullable.map(cliUtils::getDomainUidByDomain);
        iDomains.getClass();
        Optional map2 = map.map(iDomains::get).map(itemValue -> {
            return Arrays.asList(itemValue);
        });
        iDomains.getClass();
        List<AuthSettings> list = ((List) map2.orElseGet(iDomains::all)).stream().filter(itemValue2 -> {
            return !((Domain) itemValue2.value).global;
        }).map(this::getDomainsAuthSettings).toList();
        this.ctx.info(this.json ? JsonUtils.asString(list) : domainsAsTable(list));
    }

    private String domainsAsTable(List<AuthSettings> list) {
        return AsciiTable.getTable(list, Arrays.asList(new Column().header("Domain UID").dataAlign(HorizontalAlign.LEFT).with(authSettings -> {
            return authSettings.domainUid;
        }), new Column().header("Auth type").dataAlign(HorizontalAlign.LEFT).with(authSettings2 -> {
            return authSettings2.authType;
        }), new Column().header("Auth properties").dataAlign(HorizontalAlign.LEFT).with(authSettings3 -> {
            return (String) authSettings3.properties.entrySet().stream().map(entry -> {
                return ((String) entry.getKey()) + ": " + ((String) entry.getValue());
            }).collect(Collectors.joining("\n"));
        })));
    }

    private AuthSettings getDomainsAuthSettings(ItemValue<Domain> itemValue) {
        AuthTypes authTypes = AuthTypes.INTERNAL;
        try {
            AuthTypes valueOf = AuthTypes.valueOf((String) ((Domain) itemValue.value).properties.get(AuthDomainProperties.AUTH_TYPE.name()));
            Set emptySet = Collections.emptySet();
            switch ($SWITCH_TABLE$net$bluemind$core$api$auth$AuthTypes()[valueOf.ordinal()]) {
                case 1:
                    return internal(itemValue);
                case 2:
                    return kerberos(itemValue);
                case 3:
                    emptySet = Set.of(AuthDomainProperties.CAS_URL.name());
                    break;
                case 4:
                    emptySet = Set.of(AuthDomainProperties.OPENID_HOST.name(), AuthDomainProperties.OPENID_CLIENT_ID.name(), AuthDomainProperties.OPENID_CLIENT_SECRET.name());
                    break;
            }
            ((Domain) itemValue.value).properties.keySet().retainAll(emptySet);
            return new AuthSettings(itemValue.uid, valueOf.name(), ((Domain) itemValue.value).properties);
        } catch (IllegalArgumentException | NullPointerException unused) {
            return AuthSettings.invalid(itemValue.uid, "Null or invalid AUTH_TYPE propery: '" + ((String) ((Domain) itemValue.value).properties.get(AuthDomainProperties.AUTH_TYPE.name())) + "'");
        }
    }

    private String getKeycloakDomainUid(ItemValue<Domain> itemValue) {
        return ((IDomainSettings) this.ctx.adminApi().instance(IDomainSettings.class, new String[]{itemValue.uid})).get().get(DomainSettingsKeys.external_url.name()) != null ? itemValue.uid : "global.virt";
    }

    private AuthSettings internal(ItemValue<Domain> itemValue) {
        String keycloakDomainUid = getKeycloakDomainUid(itemValue);
        String realmId = IKeycloakUids.realmId(keycloakDomainUid);
        return AuthSettings.internal(this.json, itemValue.uid, ((IKeycloakAdmin) this.ctx.adminApi().instance(IKeycloakAdmin.class, new String[]{itemValue.uid})).getRealm(keycloakDomainUid), ((IKeycloakBluemindProviderAdmin) this.ctx.adminApi().instance(IKeycloakBluemindProviderAdmin.class, new String[]{keycloakDomainUid})).getBluemindProvider(IKeycloakUids.bmProviderId(realmId)), ((IKeycloakClientAdmin) this.ctx.adminApi().instance(IKeycloakClientAdmin.class, new String[]{keycloakDomainUid})).getOidcClient(IKeycloakUids.clientId(realmId)));
    }

    private AuthSettings kerberos(ItemValue<Domain> itemValue) {
        return AuthSettings.kerberos(this.json, itemValue.uid, ((IKeycloakAdmin) this.ctx.adminApi().instance(IKeycloakAdmin.class, new String[]{itemValue.uid})).getRealm(getKeycloakDomainUid(itemValue)));
    }

    public Runnable forContext(CliContext cliContext) {
        this.ctx = cliContext;
        this.cliUtils = new CliUtils(cliContext);
        return this;
    }

    static /* synthetic */ int[] $SWITCH_TABLE$net$bluemind$core$api$auth$AuthTypes() {
        int[] iArr = $SWITCH_TABLE$net$bluemind$core$api$auth$AuthTypes;
        if (iArr != null) {
            return iArr;
        }
        int[] iArr2 = new int[AuthTypes.values().length];
        try {
            iArr2[AuthTypes.CAS.ordinal()] = 3;
        } catch (NoSuchFieldError unused) {
        }
        try {
            iArr2[AuthTypes.INTERNAL.ordinal()] = 1;
        } catch (NoSuchFieldError unused2) {
        }
        try {
            iArr2[AuthTypes.KERBEROS.ordinal()] = 2;
        } catch (NoSuchFieldError unused3) {
        }
        try {
            iArr2[AuthTypes.OPENID.ordinal()] = 4;
        } catch (NoSuchFieldError unused4) {
        }
        $SWITCH_TABLE$net$bluemind$core$api$auth$AuthTypes = iArr2;
        return iArr2;
    }
}
