package org.activiti.cloud.services.identity.keycloak;

import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.activiti.cloud.identity.GroupSearchParams;
import org.activiti.cloud.identity.IdentityManagementService;
import org.activiti.cloud.identity.UserSearchParams;
import org.activiti.cloud.identity.model.Group;
import org.activiti.cloud.identity.model.Role;
import org.activiti.cloud.identity.model.User;
import org.activiti.cloud.identity.model.UserRoles;
import org.activiti.cloud.services.identity.keycloak.client.KeycloakClient;
import org.activiti.cloud.services.identity.keycloak.mapper.KeycloakGroupToGroup;
import org.activiti.cloud.services.identity.keycloak.mapper.KeycloakRoleMappingToRole;
import org.activiti.cloud.services.identity.keycloak.mapper.KeycloakTokenToUserRoles;
import org.activiti.cloud.services.identity.keycloak.mapper.KeycloakUserToUser;
import org.activiti.cloud.services.identity.keycloak.model.KeycloakClientRepresentation;
import org.activiti.cloud.services.identity.keycloak.model.KeycloakGroup;
import org.activiti.cloud.services.identity.keycloak.model.KeycloakUser;
import org.apache.commons.lang3.StringUtils;
import org.springframework.security.oauth2.jwt.Jwt;
import org.springframework.util.CollectionUtils;

/* loaded from: input_file:org/activiti/cloud/services/identity/keycloak/KeycloakManagementService.class */
public class KeycloakManagementService implements IdentityManagementService {
    public static final int PAGE_START = 0;
    public static final int PAGE_SIZE = 50;
    private final KeycloakClient keycloakClient;
    private final KeycloakUserToUser keycloakUserToUser;
    private final KeycloakGroupToGroup keycloakGroupToGroup;
    private final KeycloakTokenToUserRoles keycloakTokenToUserRoles;
    private final KeycloakRoleMappingToRole keycloakRoleMappingToRole;

    public KeycloakManagementService(KeycloakClient keycloakClient, KeycloakUserToUser keycloakUserToUser, KeycloakGroupToGroup keycloakGroupToGroup, KeycloakTokenToUserRoles keycloakTokenToUserRoles, KeycloakRoleMappingToRole keycloakRoleMappingToRole) {
        this.keycloakClient = keycloakClient;
        this.keycloakUserToUser = keycloakUserToUser;
        this.keycloakGroupToGroup = keycloakGroupToGroup;
        this.keycloakTokenToUserRoles = keycloakTokenToUserRoles;
        this.keycloakRoleMappingToRole = keycloakRoleMappingToRole;
    }

    public List<User> findUsers(UserSearchParams userSearchParams) {
        Stream<KeycloakUser> stream = this.keycloakClient.searchUsers(userSearchParams.getSearchKey(), 0, 50).stream();
        KeycloakUserToUser keycloakUserToUser = this.keycloakUserToUser;
        Objects.requireNonNull(keycloakUserToUser);
        List<User> list = (List) stream.map(keycloakUserToUser::toUser).collect(Collectors.toList());
        return !StringUtils.isEmpty(userSearchParams.getApplication()) ? filterUsersInApplicationsScope(list, userSearchParams) : filterUsersInRealmScope(list, userSearchParams);
    }

    private List<User> filterUsersInRealmScope(List<User> list, UserSearchParams userSearchParams) {
        HashMap hashMap = new HashMap();
        if (!CollectionUtils.isEmpty(userSearchParams.getRoles())) {
            mapUserWithRealmRoles(list, hashMap);
        }
        return (List) list.stream().filter(user -> {
            return filterByRoles((List) hashMap.get(user.getId()), userSearchParams.getRoles());
        }).filter(user2 -> {
            return filterByGroups(user2, userSearchParams.getGroups());
        }).collect(Collectors.toList());
    }

    private void mapUserWithRealmRoles(List<User> list, Map<String, List<Role>> map) {
        list.forEach(user -> {
            map.put(user.getId(), getUserRealmRoles(user.getId()));
        });
    }

    private List<Role> getUserRealmRoles(String str) {
        return this.keycloakRoleMappingToRole.toRoles(this.keycloakClient.getUserRoleMapping(str));
    }

    private List<User> filterUsersInApplicationsScope(List<User> list, UserSearchParams userSearchParams) {
        String keycloakClientId = getKeycloakClientId(userSearchParams.getApplication());
        if (StringUtils.isEmpty(keycloakClientId)) {
            return Collections.emptyList();
        }
        Map<String, List<Role>> mapUsersWithApplicationRoles = mapUsersWithApplicationRoles(list, keycloakClientId);
        return (List) list.stream().filter(user -> {
            return filterByApplication((List) mapUsersWithApplicationRoles.get(user.getId()));
        }).filter(user2 -> {
            return filterByRoles((List) mapUsersWithApplicationRoles.get(user2.getId()), userSearchParams.getRoles());
        }).filter(user3 -> {
            return filterByGroups(user3, userSearchParams.getGroups());
        }).collect(Collectors.toList());
    }

    private Map<String, List<Role>> mapUsersWithApplicationRoles(List<User> list, String str) {
        return (Map) list.stream().collect(Collectors.toMap((v0) -> {
            return v0.getId();
        }, user -> {
            return getUserApplicationRoles(user.getId(), str);
        }));
    }

    private boolean filterByGroups(User user, Set<String> set) {
        return CollectionUtils.isEmpty(set) || ((Set) this.keycloakClient.getUserGroups(user.getId()).stream().map((v0) -> {
            return v0.getName();
        }).collect(Collectors.toSet())).containsAll(set);
    }

    public List<Group> findGroups(GroupSearchParams groupSearchParams) {
        Stream<KeycloakGroup> stream = this.keycloakClient.searchGroups(groupSearchParams.getSearch(), 0, 50).stream();
        KeycloakGroupToGroup keycloakGroupToGroup = this.keycloakGroupToGroup;
        Objects.requireNonNull(keycloakGroupToGroup);
        List<Group> list = (List) stream.map(keycloakGroupToGroup::toGroup).collect(Collectors.toList());
        return !StringUtils.isEmpty(groupSearchParams.getApplication()) ? filterGroupsInApplicationsScope(list, groupSearchParams) : filterGroupsInRealmScope(list, groupSearchParams);
    }

    private List<Group> filterGroupsInRealmScope(List<Group> list, GroupSearchParams groupSearchParams) {
        HashMap hashMap = new HashMap();
        if (!CollectionUtils.isEmpty(groupSearchParams.getRoles())) {
            mapGroupsWithRealmRoles(list, hashMap);
        }
        return (List) list.stream().filter(group -> {
            return filterByRoles((List) hashMap.get(group.getId()), groupSearchParams.getRoles());
        }).collect(Collectors.toList());
    }

    private void mapGroupsWithRealmRoles(List<Group> list, Map<String, List<Role>> map) {
        list.forEach(group -> {
            map.put(group.getId(), getGroupRealmRoles(group.getId()));
        });
    }

    private List<Role> getGroupRealmRoles(String str) {
        return this.keycloakRoleMappingToRole.toRoles(this.keycloakClient.getGroupRoleMapping(str));
    }

    private List<Group> filterGroupsInApplicationsScope(List<Group> list, GroupSearchParams groupSearchParams) {
        String keycloakClientId = getKeycloakClientId(groupSearchParams.getApplication());
        if (StringUtils.isEmpty(keycloakClientId)) {
            return Collections.emptyList();
        }
        Map<String, List<Role>> mapGroupsWithApplicationRoles = mapGroupsWithApplicationRoles(list, keycloakClientId);
        return (List) list.stream().filter(group -> {
            return filterByApplication((List) mapGroupsWithApplicationRoles.get(group.getId()));
        }).filter(group2 -> {
            return filterByRoles((List) mapGroupsWithApplicationRoles.get(group2.getId()), groupSearchParams.getRoles());
        }).collect(Collectors.toList());
    }

    private Map<String, List<Role>> mapGroupsWithApplicationRoles(List<Group> list, String str) {
        return (Map) list.stream().collect(Collectors.toMap((v0) -> {
            return v0.getId();
        }, group -> {
            return getGroupApplicationRoles(group.getId(), str);
        }));
    }

    private boolean filterByRoles(List<Role> list, Set<String> set) {
        return CollectionUtils.isEmpty(set) || (list != null && ((Set) list.stream().map((v0) -> {
            return v0.getName();
        }).collect(Collectors.toSet())).containsAll(set));
    }

    public UserRoles getUserRoles(Jwt jwt) {
        return this.keycloakTokenToUserRoles.toUserRoles(jwt);
    }

    private boolean filterByApplication(List<Role> list) {
        return list.stream().findAny().isPresent();
    }

    private List<Role> getUserApplicationRoles(String str, String str2) {
        return !str2.isEmpty() ? this.keycloakRoleMappingToRole.toRoles(this.keycloakClient.getUserClientRoleMapping(str, str2)) : Collections.emptyList();
    }

    private List<Role> getGroupApplicationRoles(String str, String str2) {
        return !str2.isEmpty() ? this.keycloakRoleMappingToRole.toRoles(this.keycloakClient.getGroupClientRoleMapping(str, str2)) : Collections.emptyList();
    }

    private String getKeycloakClientId(String str) {
        List<KeycloakClientRepresentation> searchClients = this.keycloakClient.searchClients(str, 0, 1);
        if (searchClients.isEmpty()) {
            return null;
        }
        return searchClients.get(0).getId();
    }
}
