package org.alfresco.utility.data.auth;

import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import javax.ws.rs.core.Response;
import org.alfresco.utility.TasAisProperties;
import org.alfresco.utility.data.AisToken;
import org.alfresco.utility.model.UserModel;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.http.client.HttpClient;
import org.jboss.resteasy.client.jaxrs.ResteasyClientBuilder;
import org.jboss.resteasy.client.jaxrs.engines.ApacheHttpClient4Engine;
import org.junit.Assert;
import org.keycloak.adapters.HttpClientBuilder;
import org.keycloak.admin.client.KeycloakBuilder;
import org.keycloak.admin.client.resource.UsersResource;
import org.keycloak.authorization.client.AuthzClient;
import org.keycloak.authorization.client.Configuration;
import org.keycloak.representations.AccessTokenResponse;
import org.keycloak.representations.adapters.config.AdapterConfig;
import org.keycloak.representations.idm.CredentialRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Scope;
import org.springframework.stereotype.Service;

@Scope("prototype")
@Service
/* loaded from: input_file:org/alfresco/utility/data/auth/DataAIS.class */
public class DataAIS implements InitializingBean {
    private UsersResource usersResource;
    private AuthzClient authzClient;
    private boolean enabled;
    private static final int TIMEOUT_DELTA_MILLISECONDS = 5000;

    @Autowired
    private TasAisProperties aisProperties;
    private static Log LOG = LogFactory.getLog(DataAIS.class);
    private static HashMap<Integer, AisToken> aisTokens = new HashMap<>();

    /* loaded from: input_file:org/alfresco/utility/data/auth/DataAIS$Builder.class */
    public class Builder implements UserManageable {
        private Builder() {
        }

        @Override // org.alfresco.utility.data.auth.UserManageable
        public Builder createUser(UserModel userModel) {
            DataAIS.LOG.info(String.format("[AlfrescoIdentityService] Add user %s", userModel.getUsername()));
            CredentialRepresentation credentialRepresentation = new CredentialRepresentation();
            credentialRepresentation.setType("password");
            credentialRepresentation.setValue(userModel.getPassword());
            credentialRepresentation.setTemporary(false);
            UserRepresentation userRepresentation = new UserRepresentation();
            userRepresentation.setUsername(userModel.getUsername());
            userRepresentation.setFirstName(userModel.getFirstName());
            userRepresentation.setLastName(userModel.getLastName());
            userRepresentation.setCredentials(Arrays.asList(credentialRepresentation));
            userRepresentation.setEnabled(true);
            Response create = DataAIS.this.usersResource.create(userRepresentation);
            Assert.assertTrue("Failed to create user in Keycloak: " + create.getStatusInfo(), create.getStatusInfo().equals(Response.Status.CREATED));
            create.close();
            return this;
        }

        @Override // org.alfresco.utility.data.auth.UserManageable
        public Builder deleteUser(UserModel userModel) {
            DataAIS.LOG.info(String.format("[AlfrescoIdentityService] Delete user %s", userModel.getUsername()));
            UserRepresentation findUserByUsername = findUserByUsername(userModel.getUsername());
            if (findUserByUsername != null) {
                removeTokenForUser(generateTokenKey(userModel));
                DataAIS.this.usersResource.delete(findUserByUsername.getId()).close();
            }
            return this;
        }

        @Override // org.alfresco.utility.data.auth.UserManageable
        public Builder updateUser(UserModel userModel, HashMap<String, String> hashMap) {
            throw new UnsupportedOperationException("Not implemented.");
        }

        @Override // org.alfresco.utility.data.auth.UserManageable
        public Builder assertUserExists(UserModel userModel) {
            DataAIS.LOG.info(String.format("[AlfrescoIdentityService] Assert user %s exists", userModel.getUsername()));
            Assert.assertNotNull(findUserByUsername(userModel.getUsername()));
            return this;
        }

        @Override // org.alfresco.utility.data.auth.UserManageable
        public Builder assertUserDoesNotExist(UserModel userModel) {
            DataAIS.LOG.info(String.format("[AlfrescoIdentityService] Assert user %s does not exists", userModel.getUsername()));
            Assert.assertNull(findUserByUsername(userModel.getUsername()));
            return this;
        }

        public Builder disableUser(UserModel userModel) {
            DataAIS.LOG.info(String.format("[AlfrescoIdentityService] Disable user %s", userModel.getUsername()));
            UserRepresentation findUserByUsername = findUserByUsername(userModel.getUsername());
            findUserByUsername.setEnabled(false);
            DataAIS.this.usersResource.get(findUserByUsername.getId()).update(findUserByUsername);
            removeTokenForUser(generateTokenKey(userModel));
            return this;
        }

        public Builder enableUser(UserModel userModel) {
            DataAIS.LOG.info(String.format("[AlfrescoIdentityService] Disable user %s", userModel.getUsername()));
            UserRepresentation findUserByUsername = findUserByUsername(userModel.getUsername());
            findUserByUsername.setEnabled(true);
            DataAIS.this.usersResource.get(findUserByUsername.getId()).update(findUserByUsername);
            return this;
        }

        public AccessTokenResponse obtainAccessToken(UserModel userModel) {
            DataAIS.LOG.info(String.format("[AlfrescoIdentityService] Obtain access token for user %s", userModel.getUsername()));
            return DataAIS.this.authzClient.obtainAccessToken(userModel.getUsername(), userModel.getPassword());
        }

        public UserRepresentation findUserByUsername(String str) {
            List<UserRepresentation> search = DataAIS.this.usersResource.search(str, (String) null, (String) null, (String) null, 0, Integer.MAX_VALUE);
            UserRepresentation userRepresentation = search.size() == 1 ? (UserRepresentation) search.get(0) : null;
            if (search.size() > 1) {
                for (UserRepresentation userRepresentation2 : search) {
                    if (userRepresentation2.getUsername().equalsIgnoreCase(str)) {
                        return userRepresentation2;
                    }
                }
            }
            return userRepresentation;
        }

        public synchronized void addTokenForUser(Integer num, AccessTokenResponse accessTokenResponse) {
            DataAIS.aisTokens.put(num, new AisToken(accessTokenResponse.getToken(), accessTokenResponse.getRefreshToken(), Long.valueOf(System.currentTimeMillis()).longValue(), accessTokenResponse.getExpiresIn() * 1000));
        }

        public synchronized void removeTokenForUser(Integer num) {
            DataAIS.aisTokens.remove(num);
        }

        public Boolean checkTokenValidity(Integer num) {
            Long valueOf = Long.valueOf(System.currentTimeMillis());
            if (DataAIS.aisTokens.containsKey(num)) {
                if (valueOf.longValue() < DataAIS.aisTokens.get(num).getExpirationTime() - 5000) {
                    return true;
                }
            }
            return false;
        }

        public AisToken getAccessToken(UserModel userModel) {
            Integer generateTokenKey = generateTokenKey(userModel);
            if (!checkTokenValidity(generateTokenKey).booleanValue()) {
                addTokenForUser(generateTokenKey, obtainAccessToken(userModel));
            }
            return DataAIS.aisTokens.get(generateTokenKey);
        }

        private Integer generateTokenKey(UserModel userModel) {
            return Integer.valueOf((31 * ((31 * 1) + (userModel.getUsername() == null ? 0 : userModel.getUsername().hashCode()))) + (userModel.getPassword() == null ? 0 : userModel.getPassword().hashCode()));
        }

        @Override // org.alfresco.utility.data.auth.UserManageable
        public /* bridge */ /* synthetic */ UserManageable updateUser(UserModel userModel, HashMap hashMap) throws Exception {
            return updateUser(userModel, (HashMap<String, String>) hashMap);
        }
    }

    public void afterPropertiesSet() {
        AdapterConfig adapterConfig = this.aisProperties.getAdapterConfig();
        String authServerUrl = adapterConfig.getAuthServerUrl();
        if (authServerUrl != null && !authServerUrl.isEmpty()) {
            this.enabled = true;
        }
        if (this.enabled) {
            String realm = adapterConfig.getRealm();
            String resource = adapterConfig.getResource();
            String adminUsername = this.aisProperties.getAdminUsername();
            String adminPassword = this.aisProperties.getAdminPassword();
            Assert.assertTrue("AIS realm can not be empty", (realm == null || realm.isEmpty()) ? false : true);
            Assert.assertTrue("AIS resource can not be empty", (resource == null || resource.isEmpty()) ? false : true);
            Assert.assertTrue("AIS adminUsername can not be empty", (adminUsername == null || adminUsername.isEmpty()) ? false : true);
            Assert.assertTrue("AIS adminPassword can not be empty", (adminPassword == null || adminPassword.isEmpty()) ? false : true);
            LOG.info(String.format("[AlfrescoIdentityService] Building Keycloak clients. Url= %s ", authServerUrl));
            HttpClient build = new HttpClientBuilder().build(adapterConfig);
            this.usersResource = KeycloakBuilder.builder().serverUrl(authServerUrl).realm(realm).username(adminUsername).password(adminPassword).clientId(resource).resteasyClient(new ResteasyClientBuilder().httpEngine(new ApacheHttpClient4Engine(build)).build()).build().realm(realm).users();
            this.authzClient = AuthzClient.create(new Configuration(authServerUrl, realm, resource, adapterConfig.getCredentials(), build));
        }
    }

    public boolean isEnabled() {
        return this.enabled;
    }

    public void setUsersResource(UsersResource usersResource) {
        this.usersResource = usersResource;
    }

    public void setAuthzClient(AuthzClient authzClient) {
        this.authzClient = authzClient;
    }

    public void setAisProperties(TasAisProperties tasAisProperties) {
        this.aisProperties = tasAisProperties;
    }

    public Builder perform() {
        Assert.assertTrue("[AlfrescoIdentityService] AlfrescoIdentityService support is disabled.", isEnabled());
        return new Builder();
    }
}
