package net.bluemind.keycloak.internal;

import com.google.common.base.Objects;
import java.util.Collections;
import java.util.Optional;
import java.util.Set;
import net.bluemind.core.api.auth.AuthDomainProperties;
import net.bluemind.core.api.auth.AuthTypes;
import net.bluemind.core.container.model.ItemValue;
import net.bluemind.core.context.SecurityContext;
import net.bluemind.core.rest.BmContext;
import net.bluemind.core.rest.ServerSideServiceProvider;
import net.bluemind.directory.api.BaseDirEntry;
import net.bluemind.directory.api.DirEntry;
import net.bluemind.directory.api.MaintenanceOperation;
import net.bluemind.directory.service.IDirEntryRepairSupport;
import net.bluemind.directory.service.RepairTaskMonitor;
import net.bluemind.domain.api.Domain;
import net.bluemind.domain.api.IDomains;
import net.bluemind.keycloak.api.BluemindProviderComponent;
import net.bluemind.keycloak.api.IKeycloakAdmin;
import net.bluemind.keycloak.api.IKeycloakBluemindProviderAdmin;
import net.bluemind.keycloak.api.IKeycloakClientAdmin;
import net.bluemind.keycloak.api.IKeycloakKerberosAdmin;
import net.bluemind.keycloak.api.IKeycloakUids;
import net.bluemind.keycloak.api.KerberosComponent;
import net.bluemind.keycloak.api.OidcClient;
import net.bluemind.keycloak.api.Realm;
import net.bluemind.keycloak.utils.KeycloakHelper;
import net.bluemind.keycloak.utils.adapters.BlueMindComponentAdapter;
import net.bluemind.keycloak.utils.adapters.KerberosComponentAdapter;
import net.bluemind.keycloak.utils.adapters.OidcClientAdapter;
import net.bluemind.keycloak.utils.adapters.RealmAdapter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:net/bluemind/keycloak/internal/KeycloakRealmRepairSupport.class */
public class KeycloakRealmRepairSupport implements IDirEntryRepairSupport {
    private static final Logger logger = LoggerFactory.getLogger(KeycloakRealmRepairSupport.class);
    public static final MaintenanceOperation keycloakRepair = MaintenanceOperation.create("domain.keycloak", "Ensure that domain has a correct keycloak configuration (realm, client)");

    /* loaded from: input_file:net/bluemind/keycloak/internal/KeycloakRealmRepairSupport$Factory.class */
    public static class Factory implements IDirEntryRepairSupport.Factory {
        public IDirEntryRepairSupport create(BmContext bmContext) {
            return new KeycloakRealmRepairSupport(bmContext);
        }
    }

    /* loaded from: input_file:net/bluemind/keycloak/internal/KeycloakRealmRepairSupport$KeycloakRepairImpl.class */
    private static class KeycloakRepairImpl extends IDirEntryRepairSupport.InternalMaintenanceOperation {

        /* loaded from: input_file:net/bluemind/keycloak/internal/KeycloakRealmRepairSupport$KeycloakRepairImpl$KeycloakConf.class */
        private static class KeycloakConf {
            private ItemValue<Domain> domain;
            private Realm realm;
            private OidcClient oidcClient;
            private BluemindProviderComponent bluemindProviderComponent;
            private KerberosComponent kerberosComponent;

            public static KeycloakConf build(String str) {
                ItemValue itemValue = ((IDomains) ServerSideServiceProvider.getProvider(SecurityContext.SYSTEM).instance(IDomains.class, new String[0])).get(str);
                Realm realm = ((IKeycloakAdmin) ServerSideServiceProvider.getProvider(SecurityContext.SYSTEM).instance(IKeycloakAdmin.class, new String[]{str})).getRealm(str);
                return realm == null ? new KeycloakConf(itemValue, realm, null, null, null) : new KeycloakConf(itemValue, realm, ((IKeycloakClientAdmin) ServerSideServiceProvider.getProvider(SecurityContext.SYSTEM).instance(IKeycloakClientAdmin.class, new String[]{str})).getOidcClient(IKeycloakUids.clientId(realm.id)), ((IKeycloakBluemindProviderAdmin) ServerSideServiceProvider.getProvider(SecurityContext.SYSTEM).instance(IKeycloakBluemindProviderAdmin.class, new String[]{str})).getBluemindProvider(IKeycloakUids.bmProviderId(realm.id)), ((IKeycloakKerberosAdmin) ServerSideServiceProvider.getProvider(SecurityContext.SYSTEM).instance(IKeycloakKerberosAdmin.class, new String[]{str})).getKerberosProvider(IKeycloakUids.kerberosComponentName(realm.id)));
            }

            private KeycloakConf(ItemValue<Domain> itemValue, Realm realm, OidcClient oidcClient, BluemindProviderComponent bluemindProviderComponent, KerberosComponent kerberosComponent) {
                this.domain = itemValue;
                this.realm = realm;
                this.oidcClient = oidcClient;
                this.bluemindProviderComponent = bluemindProviderComponent;
                this.kerberosComponent = kerberosComponent;
            }

            public boolean isOk() {
                Realm realm = RealmAdapter.build(this.domain.uid).realm;
                if (!Objects.equal(realm, this.realm)) {
                    KeycloakRealmRepairSupport.logger.error("Realm ko for domain: {} - must be:\n{}\nis: {}", new Object[]{this.domain.uid, realm, this.realm});
                    return false;
                }
                OidcClient oidcClient = OidcClientAdapter.build(this.domain.uid, IKeycloakUids.clientId(realm.id), Optional.empty()).oidcClient;
                oidcClient.secret = (String) ((Domain) this.domain.value).properties.get(AuthDomainProperties.OPENID_CLIENT_SECRET.name());
                if (!Objects.equal(oidcClient, this.oidcClient)) {
                    KeycloakRealmRepairSupport.logger.info("OidcClient ko for domain: {} - must be:\n{}\nis: {}", new Object[]{this.domain.uid, oidcClient, this.oidcClient});
                    return false;
                }
                BluemindProviderComponent expectedBluemindProviderComponent = expectedBluemindProviderComponent();
                expectedBluemindProviderComponent.bmCoreToken = null;
                if (!Objects.equal(expectedBluemindProviderComponent, this.bluemindProviderComponent)) {
                    KeycloakRealmRepairSupport.logger.info("BluemindProvider ko for domain: {} - must be:\n{}\nis: {}", new Object[]{this.domain.uid, expectedBluemindProviderComponent, this.bluemindProviderComponent});
                    return false;
                }
                if (!AuthTypes.KERBEROS.name().equals(((Domain) this.domain.value).properties.get(AuthDomainProperties.AUTH_TYPE.name()))) {
                    return true;
                }
                KerberosComponent kerberosComponent = KerberosComponentAdapter.build(this.domain).component;
                if (Objects.equal(kerberosComponent, this.kerberosComponent)) {
                    return true;
                }
                KeycloakRealmRepairSupport.logger.info("KerberosProvider ko for domain: {} - must be:\n{}\nis: {}", new Object[]{this.domain.uid, kerberosComponent, this.kerberosComponent});
                return false;
            }

            public BluemindProviderComponent expectedBluemindProviderComponent() {
                return BlueMindComponentAdapter.build(this.domain.uid).component;
            }
        }

        public KeycloakRepairImpl() {
            super(KeycloakRealmRepairSupport.keycloakRepair.identifier, (String) null, (String) null, 1);
        }

        public void check(String str, DirEntry dirEntry, RepairTaskMonitor repairTaskMonitor) {
            repairTaskMonitor.begin(1.0d, "Check Keycloak configuration for domain: " + str);
            repairTaskMonitor.progress(1.0d, "Keycloak configuration is " + (KeycloakConf.build(str).isOk() ? "ok" : "ko"));
            repairTaskMonitor.end();
        }

        public void repair(String str, DirEntry dirEntry, RepairTaskMonitor repairTaskMonitor) {
            repairTaskMonitor.begin(2.0d, "Check Keycloak configuration for domain: " + str);
            KeycloakConf build = KeycloakConf.build(str);
            if (build.isOk()) {
                repairTaskMonitor.progress(1.0d, "Keycloak configuration don't need repair for domain: " + str);
                new ComponentService(str).updateComponent(new BlueMindComponentAdapter(build.expectedBluemindProviderComponent()).toJson());
                repairTaskMonitor.progress(1.0d, "Keycloak BlueMind provider updated for domain: " + str);
                repairTaskMonitor.end();
                return;
            }
            repairTaskMonitor.progress(1.0d, "Keycloak configuration need repair for domain: " + str);
            KeycloakHelper.initForDomain(str, true);
            repairTaskMonitor.progress(1.0d, "Reset keycloak configuration for domain: " + str);
            repairTaskMonitor.end();
        }
    }

    public KeycloakRealmRepairSupport(BmContext bmContext) {
    }

    public Set<MaintenanceOperation> availableOperations(BaseDirEntry.Kind kind) {
        return kind == BaseDirEntry.Kind.DOMAIN ? Set.of(keycloakRepair) : Collections.emptySet();
    }

    public Set<IDirEntryRepairSupport.InternalMaintenanceOperation> ops(BaseDirEntry.Kind kind) {
        return kind == BaseDirEntry.Kind.DOMAIN ? Set.of(new KeycloakRepairImpl()) : Collections.emptySet();
    }
}
