package net.bluemind.keycloak.utils;

import com.fasterxml.jackson.core.type.TypeReference;
import io.vertx.core.json.JsonObject;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.util.Base64;
import java.util.Map;
import net.bluemind.core.api.auth.AuthDomainProperties;
import net.bluemind.core.api.auth.AuthTypes;
import net.bluemind.core.container.model.ItemValue;
import net.bluemind.core.context.SecurityContext;
import net.bluemind.core.rest.ServerSideServiceProvider;
import net.bluemind.domain.api.Domain;
import net.bluemind.domain.api.DomainSettingsKeys;
import net.bluemind.domain.api.IDomainSettings;
import net.bluemind.domain.api.IDomains;
import net.bluemind.hornetq.client.MQ;
import net.bluemind.keycloak.api.IKeycloakKerberosAdmin;
import net.bluemind.keycloak.api.IKeycloakUids;
import net.bluemind.keycloak.utils.adapters.KerberosComponentAdapter;
import net.bluemind.network.topology.Topology;
import net.bluemind.node.api.INodeClient;
import net.bluemind.node.api.NodeActivator;
import net.bluemind.server.api.Server;
import net.bluemind.server.api.TagDescriptor;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:net/bluemind/keycloak/utils/KerberosConfigHelper.class */
public class KerberosConfigHelper {
    private static final Logger logger = LoggerFactory.getLogger(KerberosConfigHelper.class);
    private static final String LAST_CONF_LOCATION = "/etc/bm-keycloak/krbconf.json";
    private static final String GLOBAL_VIRT = "global.virt";

    private KerberosConfigHelper() {
    }

    public static void updateKeycloakKerberosConf(ItemValue<Domain> itemValue) {
        String str = itemValue.uid;
        if (GLOBAL_VIRT.equals(str)) {
            return;
        }
        if (((Domain) itemValue.value).properties == null || ((Domain) itemValue.value).properties.get(AuthDomainProperties.AUTH_TYPE.name()) == null) {
            logger.warn("skipping kerberos conf update for domain {} (no domain properties)", str);
            return;
        }
        logger.info("Domain {} created/updated : updating kerberos conf", str);
        ((IKeycloakKerberosAdmin) ServerSideServiceProvider.getProvider(SecurityContext.SYSTEM).instance(IKeycloakKerberosAdmin.class, new String[]{str})).deleteKerberosProvider(IKeycloakUids.kerberosComponentName(IKeycloakUids.realmId(str)));
        if (AuthTypes.KERBEROS.name().equals(((Domain) itemValue.value).properties.get(AuthDomainProperties.AUTH_TYPE.name()))) {
            createKeycloakKerberosConf(itemValue);
        }
        updateGlobalRealmKerb();
        updateKrb5Conf();
    }

    public static void createKeycloakKerberosConf(ItemValue<Domain> itemValue) {
        String str = (String) ((Domain) itemValue.value).properties.get(AuthDomainProperties.KRB_KEYTAB.name());
        String str2 = (String) ((Map) MQ.sharedMap("domain.settings", new TypeReference<Map<String, String>>() { // from class: net.bluemind.keycloak.utils.KerberosConfigHelper.1
        }).get(itemValue.uid)).get(DomainSettingsKeys.external_url.name());
        NodeActivator.get(((Server) Topology.get().any(TagDescriptor.bm_keycloak.getTag()).value).address()).writeFile(getKeytabFilename(itemValue.uid), new ByteArrayInputStream(Base64.getDecoder().decode(str)));
        KerberosComponentAdapter build = KerberosComponentAdapter.build(itemValue);
        if (GLOBAL_VIRT.equals(itemValue.uid) || str2 != null) {
            ((IKeycloakKerberosAdmin) ServerSideServiceProvider.getProvider(SecurityContext.SYSTEM).instance(IKeycloakKerberosAdmin.class, new String[]{itemValue.uid})).create(build.component);
            return;
        }
        IKeycloakKerberosAdmin iKeycloakKerberosAdmin = (IKeycloakKerberosAdmin) ServerSideServiceProvider.getProvider(SecurityContext.SYSTEM).instance(IKeycloakKerberosAdmin.class, new String[]{GLOBAL_VIRT});
        iKeycloakKerberosAdmin.deleteKerberosProvider(IKeycloakUids.kerberosComponentName(GLOBAL_VIRT));
        iKeycloakKerberosAdmin.create(build.component);
    }

    public static void updateGlobalRealmKerb() {
        ServerSideServiceProvider provider = ServerSideServiceProvider.getProvider(SecurityContext.SYSTEM);
        if (((IDomains) provider.instance(IDomains.class, new String[0])).all().stream().noneMatch(itemValue -> {
            return isKerberosWithoutExternalUrl(itemValue);
        })) {
            ((IKeycloakKerberosAdmin) provider.instance(IKeycloakKerberosAdmin.class, new String[]{GLOBAL_VIRT})).deleteKerberosProvider(IKeycloakUids.kerberosComponentName(GLOBAL_VIRT));
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static boolean isKerberosWithoutExternalUrl(ItemValue<Domain> itemValue) {
        return AuthTypes.KERBEROS.name().equals(((Domain) itemValue.value).properties.get(AuthDomainProperties.AUTH_TYPE.name())) && getExternalUrl(itemValue.uid) == null;
    }

    public static void updateKrb5Conf() {
        JsonObject jsonObject;
        JsonObject conf = getConf();
        try {
            jsonObject = new JsonObject(Files.readString(Paths.get(LAST_CONF_LOCATION, new String[0])));
        } catch (IOException unused) {
            jsonObject = new JsonObject();
        }
        if (conf.equals(jsonObject)) {
            logger.debug("Kerberos config did not change. No need to update /etc/krb5.conf.");
            return;
        }
        INodeClient iNodeClient = NodeActivator.get(((Server) Topology.get().any(TagDescriptor.bm_keycloak.getTag()).value).address());
        iNodeClient.writeFile(LAST_CONF_LOCATION, new ByteArrayInputStream(conf.encode().getBytes(StandardCharsets.UTF_8)));
        iNodeClient.listFiles("/etc/bm-keycloak/", "keytab").forEach(fileDescription -> {
            iNodeClient.deleteFile(fileDescription.getPath());
        });
        conf.fieldNames().forEach(str -> {
            iNodeClient.writeFile(getKeytabFilename(str), new ByteArrayInputStream(Base64.getDecoder().decode(conf.getJsonObject(str).getString(AuthDomainProperties.KRB_KEYTAB.name()))));
        });
    }

    private static JsonObject getConf() {
        JsonObject jsonObject = new JsonObject();
        ((IDomains) ServerSideServiceProvider.getProvider(SecurityContext.SYSTEM).instance(IDomains.class, new String[0])).all().forEach(itemValue -> {
            if (AuthTypes.KERBEROS.name().equals(((Domain) itemValue.value).properties.get(AuthDomainProperties.AUTH_TYPE.name()))) {
                jsonObject.put(itemValue.uid, new JsonObject().put(AuthDomainProperties.KRB_AD_DOMAIN.name(), ((Domain) itemValue.value).properties.get(AuthDomainProperties.KRB_AD_DOMAIN.name())).put(AuthDomainProperties.KRB_AD_IP.name(), ((Domain) itemValue.value).properties.get(AuthDomainProperties.KRB_AD_IP.name())).put(AuthDomainProperties.KRB_KEYTAB.name(), ((Domain) itemValue.value).properties.get(AuthDomainProperties.KRB_KEYTAB.name())));
            }
        });
        return jsonObject;
    }

    private static String getExternalUrl(String str) {
        return (String) ((IDomainSettings) ServerSideServiceProvider.getProvider(SecurityContext.SYSTEM).instance(IDomainSettings.class, new String[]{str})).get().get(DomainSettingsKeys.external_url.name());
    }

    public static String getKeytabFilename(String str) {
        return "/etc/bm-keycloak/" + str + ".keytab";
    }
}
