package net.bluemind.keycloak.internal;

import io.vertx.core.http.HttpMethod;
import io.vertx.core.json.JsonArray;
import io.vertx.core.json.JsonObject;
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.List;
import java.util.Optional;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.TimeoutException;
import net.bluemind.core.api.fault.ErrorCode;
import net.bluemind.core.api.fault.ServerFault;
import net.bluemind.core.container.service.internal.RBACManager;
import net.bluemind.core.rest.BmContext;
import net.bluemind.keycloak.api.IKeycloakClientAdmin;
import net.bluemind.keycloak.api.IKeycloakUids;
import net.bluemind.keycloak.api.OidcClient;
import net.bluemind.keycloak.utils.KeycloakAdminClient;
import net.bluemind.keycloak.utils.adapters.OidcClientAdapter;
import net.bluemind.keycloak.utils.endpoint.KeycloakEndpoints;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:net/bluemind/keycloak/internal/KeycloakClientAdminService.class */
public class KeycloakClientAdminService implements IKeycloakClientAdmin {
    private static final Logger logger = LoggerFactory.getLogger(KeycloakClientAdminService.class);
    private RBACManager rbacManager;
    private final String domainUid;
    private final String realmId;

    public KeycloakClientAdminService(BmContext bmContext, String str) {
        this.rbacManager = new RBACManager(bmContext);
        this.domainUid = str;
        this.realmId = IKeycloakUids.realmId(str);
    }

    public void create(String str) throws ServerFault {
        this.rbacManager.check(new String[]{"manageDomain"});
        logger.info("Domain: {} - Realm {}: Create client {}", new Object[]{this.domainUid, this.realmId, str});
        String str2 = null;
        JsonArray jsonArray = KeycloakAdminClient.getInstance().call(KeycloakEndpoints.flowsEndpoint(this.realmId), HttpMethod.GET).getJsonArray("results");
        for (int i = 0; i < jsonArray.size(); i++) {
            JsonObject jsonObject = jsonArray.getJsonObject(i);
            if ("browser-bluemind".equals(jsonObject.getString("alias"))) {
                str2 = jsonObject.getString("id");
            }
        }
        try {
            JsonObject jsonObject2 = (JsonObject) KeycloakAdminClient.getInstance().execute(KeycloakEndpoints.clientsEndpoint(this.realmId), HttpMethod.POST, OidcClientAdapter.build(this.domainUid, str, Optional.ofNullable(str2)).toJson()).get(18L, TimeUnit.SECONDS);
            if (jsonObject2.containsKey("error")) {
                throw new ServerFault("Error: " + jsonObject2.getString("error") + " - " + jsonObject2.getString("error_description"), ErrorCode.UNKNOWN);
            }
        } catch (InterruptedException | ExecutionException | TimeoutException e) {
            throw new ServerFault("Failed to create client", e);
        }
    }

    public String getSecret(String str) throws ServerFault {
        this.rbacManager.check(new String[]{"manageDomain"});
        logger.info("Domain: {} - Realm {}: Get client secret {}", new Object[]{this.domainUid, this.realmId, str});
        try {
            JsonObject jsonObject = (JsonObject) KeycloakAdminClient.getInstance().execute(KeycloakEndpoints.clientCredsEndpoint(this.realmId, str), HttpMethod.GET).get(18L, TimeUnit.SECONDS);
            if (jsonObject != null) {
                return jsonObject.getString("value");
            }
            logger.warn("Failed to fetch secret");
            return null;
        } catch (InterruptedException | ExecutionException | TimeoutException e) {
            throw new ServerFault("Failed to get client secret", e);
        }
    }

    public List<OidcClient> allOidcClients() throws ServerFault {
        this.rbacManager.check(new String[]{"manageDomain"});
        logger.info("Domain: {} - Realm {}: Get OIDC clients", this.domainUid, this.realmId);
        try {
            JsonObject jsonObject = (JsonObject) KeycloakAdminClient.getInstance().execute(KeycloakEndpoints.clientsEndpoint(this.realmId), HttpMethod.GET).get(18L, TimeUnit.SECONDS);
            ArrayList arrayList = new ArrayList();
            jsonObject.getJsonArray("results").forEach(obj -> {
                if (obj == null || !"openid-connect".equals(((JsonObject) obj).getString("protocol"))) {
                    return;
                }
                arrayList.add(OidcClientAdapter.fromJson((JsonObject) obj).oidcClient);
            });
            return arrayList;
        } catch (InterruptedException | ExecutionException | TimeoutException e) {
            throw new ServerFault("Failed to fetch clients for realm " + this.realmId, e);
        }
    }

    public OidcClient getOidcClient(String str) throws ServerFault {
        this.rbacManager.check(new String[]{"manageDomain"});
        logger.info("Domain: {} - Realm {}: Get client {}", new Object[]{this.domainUid, this.realmId, str});
        try {
            JsonObject jsonObject = (JsonObject) KeycloakAdminClient.getInstance().execute(KeycloakEndpoints.clientsEndpoint(this.realmId) + "?clientId=" + URLEncoder.encode(str, StandardCharsets.UTF_8), HttpMethod.GET).get(18L, TimeUnit.SECONDS);
            if (jsonObject == null) {
                logger.warn("Failed to fetch client id {}", str);
                return null;
            }
            JsonArray jsonArray = jsonObject.getJsonArray("results");
            if (jsonArray == null || jsonArray.size() == 0 || !"openid-connect".equals(jsonObject.getJsonArray("results").getJsonObject(0).getString("protocol"))) {
                return null;
            }
            return OidcClientAdapter.fromJson(jsonObject.getJsonArray("results").getJsonObject(0)).oidcClient;
        } catch (InterruptedException | ExecutionException | TimeoutException e) {
            logger.error("EXCeptkion " + e.getClass().getName() + " : " + e.getMessage(), e);
            throw new ServerFault("Failed to fetch client " + str + " for domain " + this.domainUid + ", realm " + this.realmId);
        }
    }

    public void deleteOidcClient(String str) throws ServerFault {
        this.rbacManager.check(new String[]{"manageDomain"});
        logger.info("Domain: {} - Realm {}: Delete client {}", new Object[]{this.domainUid, this.realmId, str});
        try {
            KeycloakAdminClient.getInstance().execute(KeycloakEndpoints.clientsEndpoint(this.realmId) + "/" + str, HttpMethod.DELETE).get(18L, TimeUnit.SECONDS);
        } catch (InterruptedException | ExecutionException | TimeoutException e) {
            throw new ServerFault("Failed to delete client", e);
        }
    }

    public void updateClient(String str, OidcClient oidcClient) throws ServerFault {
        this.rbacManager.check(new String[]{"manageDomain"});
        logger.info("Domain: {} - Realm {}: Update client {}", new Object[]{this.domainUid, this.realmId, str});
        String str2 = oidcClient.id;
        if (str2 == null) {
            OidcClient oidcClient2 = getOidcClient(str);
            if (oidcClient2 == null) {
                throw new ServerFault(str + " not found in realm " + this.realmId + " - domain: " + this.domainUid + " - to update it");
            }
            str2 = oidcClient2.id;
        }
        try {
            KeycloakAdminClient.getInstance().execute(KeycloakEndpoints.clientsEndpoint(this.realmId) + "/" + str2, HttpMethod.PUT, new OidcClientAdapter(oidcClient).toJson()).get(18L, TimeUnit.SECONDS);
        } catch (InterruptedException | ExecutionException | TimeoutException e) {
            throw new ServerFault("Failed to update client " + str, e);
        }
    }
}
