package org.activiti.cloud.services.identity.keycloak;

import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
import java.util.stream.Collectors;
import org.activiti.cloud.identity.GroupSearchParams;
import org.activiti.cloud.identity.IdentityManagementService;
import org.activiti.cloud.identity.IdentityService;
import org.activiti.cloud.identity.UserSearchParams;
import org.activiti.cloud.identity.exceptions.IdentityInvalidApplicationException;
import org.activiti.cloud.identity.exceptions.IdentityInvalidGroupException;
import org.activiti.cloud.identity.exceptions.IdentityInvalidGroupRoleException;
import org.activiti.cloud.identity.exceptions.IdentityInvalidRoleException;
import org.activiti.cloud.identity.exceptions.IdentityInvalidUserException;
import org.activiti.cloud.identity.exceptions.IdentityInvalidUserRoleException;
import org.activiti.cloud.identity.model.Group;
import org.activiti.cloud.identity.model.Role;
import org.activiti.cloud.identity.model.SecurityRequestBodyRepresentation;
import org.activiti.cloud.identity.model.SecurityResponseRepresentation;
import org.activiti.cloud.identity.model.User;
import org.activiti.cloud.identity.model.UserRoles;
import org.activiti.cloud.services.identity.keycloak.client.KeycloakClient;
import org.activiti.cloud.services.identity.keycloak.mapper.KeycloakGroupToGroup;
import org.activiti.cloud.services.identity.keycloak.mapper.KeycloakRoleMappingToRole;
import org.activiti.cloud.services.identity.keycloak.mapper.KeycloakTokenToUserRoles;
import org.activiti.cloud.services.identity.keycloak.mapper.KeycloakUserToUser;
import org.activiti.cloud.services.identity.keycloak.model.KeycloakClientRepresentation;
import org.activiti.cloud.services.identity.keycloak.model.KeycloakRoleMapping;
import org.apache.commons.lang3.StringUtils;
import org.springframework.security.oauth2.jwt.Jwt;
import org.springframework.util.CollectionUtils;

/* loaded from: input_file:org/activiti/cloud/services/identity/keycloak/KeycloakManagementService.class */
public class KeycloakManagementService implements IdentityManagementService, IdentityService {
    public static final int PAGE_START = 0;
    public static final int PAGE_SIZE = 50;
    private final KeycloakClient keycloakClient;

    public KeycloakManagementService(KeycloakClient keycloakClient) {
        this.keycloakClient = keycloakClient;
    }

    public List<User> findUsers(UserSearchParams userSearchParams) {
        List<User> searchUsers = searchUsers(userSearchParams.getSearchKey());
        return !StringUtils.isEmpty(userSearchParams.getApplication()) ? filterUsersInApplicationsScope(searchUsers, userSearchParams) : filterUsersInRealmScope(searchUsers, userSearchParams);
    }

    private List<User> searchUsers(String str) {
        return (List) this.keycloakClient.searchUsers(str, 0, 50).stream().map(KeycloakUserToUser::toUser).collect(Collectors.toList());
    }

    private List<User> filterUsersInRealmScope(List<User> list, UserSearchParams userSearchParams) {
        HashMap hashMap = new HashMap();
        if (!CollectionUtils.isEmpty(userSearchParams.getRoles())) {
            mapUserWithRealmRoles(list, hashMap);
        }
        return (List) list.stream().filter(user -> {
            return filterByRoles((List) hashMap.get(user.getId()), userSearchParams.getRoles());
        }).filter(user2 -> {
            return filterByGroups(user2, userSearchParams.getGroups());
        }).collect(Collectors.toList());
    }

    private void mapUserWithRealmRoles(List<User> list, Map<String, List<Role>> map) {
        list.forEach(user -> {
            map.put(user.getId(), getUserRealmRoles(user.getId()));
        });
    }

    private List<Role> getUserRealmRoles(String str) {
        return KeycloakRoleMappingToRole.toRoles(this.keycloakClient.getUserRoleMapping(str));
    }

    private List<User> filterUsersInApplicationsScope(List<User> list, UserSearchParams userSearchParams) {
        String keycloakClientId = getKeycloakClientId(userSearchParams.getApplication());
        if (StringUtils.isEmpty(keycloakClientId)) {
            return Collections.emptyList();
        }
        Map<String, List<Role>> mapUsersWithApplicationRoles = mapUsersWithApplicationRoles(list, keycloakClientId);
        return (List) list.stream().filter(user -> {
            return filterByApplication((List) mapUsersWithApplicationRoles.get(user.getId()));
        }).filter(user2 -> {
            return filterByRoles((List) mapUsersWithApplicationRoles.get(user2.getId()), userSearchParams.getRoles());
        }).filter(user3 -> {
            return filterByGroups(user3, userSearchParams.getGroups());
        }).collect(Collectors.toList());
    }

    private Map<String, List<Role>> mapUsersWithApplicationRoles(List<User> list, String str) {
        return (Map) list.stream().collect(Collectors.toMap((v0) -> {
            return v0.getId();
        }, user -> {
            return getUserApplicationRoles(user.getId(), str);
        }));
    }

    private boolean filterByGroups(User user, Set<String> set) {
        return CollectionUtils.isEmpty(set) || ((Set) this.keycloakClient.getUserGroups(user.getId()).stream().map((v0) -> {
            return v0.getName();
        }).collect(Collectors.toSet())).containsAll(set);
    }

    public List<Group> findGroups(GroupSearchParams groupSearchParams) {
        List<Group> findGroups = findGroups(groupSearchParams.getSearch());
        return !StringUtils.isEmpty(groupSearchParams.getApplication()) ? filterGroupsInApplicationsScope(findGroups, groupSearchParams) : filterGroupsInRealmScope(findGroups, groupSearchParams);
    }

    private List<Group> findGroups(String str) {
        return (List) this.keycloakClient.searchGroups(str, 0, 50).stream().map(KeycloakGroupToGroup::toGroup).collect(Collectors.toList());
    }

    private List<Group> filterGroupsInRealmScope(List<Group> list, GroupSearchParams groupSearchParams) {
        HashMap hashMap = new HashMap();
        if (!CollectionUtils.isEmpty(groupSearchParams.getRoles())) {
            mapGroupsWithRealmRoles(list, hashMap);
        }
        return (List) list.stream().filter(group -> {
            return filterByRoles((List) hashMap.get(group.getId()), groupSearchParams.getRoles());
        }).collect(Collectors.toList());
    }

    private void mapGroupsWithRealmRoles(List<Group> list, Map<String, List<Role>> map) {
        list.forEach(group -> {
            map.put(group.getId(), getGroupRealmRoles(group.getId()));
        });
    }

    private List<Role> getGroupRealmRoles(String str) {
        return KeycloakRoleMappingToRole.toRoles(this.keycloakClient.getGroupRoleMapping(str));
    }

    private List<Group> filterGroupsInApplicationsScope(List<Group> list, GroupSearchParams groupSearchParams) {
        String keycloakClientId = getKeycloakClientId(groupSearchParams.getApplication());
        if (StringUtils.isEmpty(keycloakClientId)) {
            return Collections.emptyList();
        }
        Map<String, List<Role>> mapGroupsWithApplicationRoles = mapGroupsWithApplicationRoles(list, keycloakClientId);
        return (List) list.stream().filter(group -> {
            return filterByApplication((List) mapGroupsWithApplicationRoles.get(group.getId()));
        }).filter(group2 -> {
            return filterByRoles((List) mapGroupsWithApplicationRoles.get(group2.getId()), groupSearchParams.getRoles());
        }).collect(Collectors.toList());
    }

    private Map<String, List<Role>> mapGroupsWithApplicationRoles(List<Group> list, String str) {
        return (Map) list.stream().collect(Collectors.toMap((v0) -> {
            return v0.getId();
        }, group -> {
            return getGroupApplicationRoles(group.getId(), str);
        }));
    }

    private boolean filterByRoles(List<Role> list, Set<String> set) {
        return CollectionUtils.isEmpty(set) || (list != null && ((Set) list.stream().map((v0) -> {
            return v0.getName();
        }).collect(Collectors.toSet())).containsAll(set));
    }

    public UserRoles getUserRoles(Jwt jwt) {
        return KeycloakTokenToUserRoles.toUserRoles(jwt);
    }

    public List<SecurityResponseRepresentation> getApplicationPermissions(String str, Set<String> set) {
        String keycloakClientId = getKeycloakClientId(str);
        Set<String> applicationRolesToSearch = getApplicationRolesToSearch(set, keycloakClientId);
        ArrayList arrayList = new ArrayList();
        applicationRolesToSearch.forEach(str2 -> {
            SecurityResponseRepresentation securityResponseRepresentation = new SecurityResponseRepresentation();
            securityResponseRepresentation.setRole(str2);
            securityResponseRepresentation.setUsers(getUsersClientRoleMapping(keycloakClientId, str2));
            securityResponseRepresentation.setGroups(getGroupsClientRoleMapping(keycloakClientId, str2));
            arrayList.add(securityResponseRepresentation);
        });
        return arrayList;
    }

    public List<User> findUsersByGroupName(String str) {
        ArrayList arrayList = new ArrayList();
        if (!StringUtils.isEmpty(str)) {
            findGroupStrictlyEqualToGroupName(str).ifPresent(group -> {
                arrayList.addAll(getUsersByGroupId(group.getId()));
            });
        }
        return arrayList;
    }

    private Optional<Group> findGroupStrictlyEqualToGroupName(String str) {
        return findGroups(str).stream().filter(group -> {
            return str.equals(group.getName());
        }).findFirst();
    }

    private List<User> getUsersByGroupId(String str) {
        return (List) this.keycloakClient.getUsersByGroupId(str).stream().map(KeycloakUserToUser::toUser).collect(Collectors.toList());
    }

    private List<User> getUsersClientRoleMapping(String str, String str2) {
        return (List) this.keycloakClient.getUsersClientRoleMapping(str, str2).stream().map(KeycloakUserToUser::toUser).collect(Collectors.toList());
    }

    private List<Group> getGroupsClientRoleMapping(String str, String str2) {
        return (List) this.keycloakClient.getGroupsClientRoleMapping(str, str2).stream().map(KeycloakGroupToGroup::toGroup).collect(Collectors.toList());
    }

    private Set<String> getApplicationRolesToSearch(Set<String> set, String str) {
        return (Set) this.keycloakClient.getClientRoles(str).stream().map((v0) -> {
            return v0.getName();
        }).filter(str2 -> {
            return CollectionUtils.isEmpty(set) || set.contains(str2);
        }).collect(Collectors.toSet());
    }

    public void addApplicationPermissions(String str, List<SecurityRequestBodyRepresentation> list) {
        String keycloakClientId = getKeycloakClientId(str);
        if (StringUtils.isEmpty(keycloakClientId)) {
            throw new IdentityInvalidApplicationException(str);
        }
        list.forEach(securityRequestBodyRepresentation -> {
            String role = securityRequestBodyRepresentation.getRole();
            KeycloakRoleMapping keyCloakRoleFromRoleName = getKeyCloakRoleFromRoleName(role, keycloakClientId);
            ArrayList arrayList = new ArrayList();
            ArrayList arrayList2 = new ArrayList();
            if (securityRequestBodyRepresentation.getUsers() != null) {
                securityRequestBodyRepresentation.getUsers().forEach(str2 -> {
                    arrayList.add(validateUserApplicationPermissions(str2, role));
                });
            }
            if (securityRequestBodyRepresentation.getGroups() != null) {
                securityRequestBodyRepresentation.getGroups().forEach(str3 -> {
                    arrayList2.add(validateGroupApplicationPermissions(str3, role));
                });
            }
            addApplicationRolePermissions(keyCloakRoleFromRoleName, arrayList, arrayList2, keycloakClientId);
        });
    }

    private void addApplicationRolePermissions(KeycloakRoleMapping keycloakRoleMapping, List<String> list, List<String> list2, String str) {
        list.forEach(str2 -> {
            this.keycloakClient.addUserClientRoleMapping(str2, str, List.of(keycloakRoleMapping));
        });
        list2.forEach(str3 -> {
            this.keycloakClient.addGroupClientRoleMapping(str3, str, List.of(keycloakRoleMapping));
        });
    }

    private KeycloakRoleMapping getKeyCloakRoleFromRoleName(String str, String str2) {
        if (str == null) {
            throw new IdentityInvalidRoleException();
        }
        return this.keycloakClient.getClientRoles(str2).stream().filter(keycloakRoleMapping -> {
            return keycloakRoleMapping.getName().equals(str);
        }).findFirst().orElseThrow(() -> {
            return new IdentityInvalidRoleException(str);
        });
    }

    private String validateUserApplicationPermissions(String str, String str2) {
        User userFromUsername = getUserFromUsername(str);
        if (userHasRole(userFromUsername.getId(), str2)) {
            return userFromUsername.getId();
        }
        throw new IdentityInvalidUserRoleException(str, str2);
    }

    private User getUserFromUsername(String str) {
        return searchUsers(str).stream().filter(user -> {
            return user.getUsername().equals(str);
        }).findFirst().orElseThrow(() -> {
            return new IdentityInvalidUserException(str);
        });
    }

    private boolean userHasRole(String str, String str2) {
        return getUserRealmRoles(str).stream().anyMatch(role -> {
            return role.getName().equals(str2);
        });
    }

    private String validateGroupApplicationPermissions(String str, String str2) {
        Group groupFromGroupName = getGroupFromGroupName(str);
        if (groupHasRole(groupFromGroupName.getId(), str2)) {
            return groupFromGroupName.getId();
        }
        throw new IdentityInvalidGroupRoleException(str, str2);
    }

    private Group getGroupFromGroupName(String str) {
        return findGroups(str).stream().filter(group -> {
            return group.getName().equals(str);
        }).findFirst().orElseThrow(() -> {
            return new IdentityInvalidGroupException(str);
        });
    }

    private boolean groupHasRole(String str, String str2) {
        return getGroupRealmRoles(str).stream().anyMatch(role -> {
            return role.getName().equals(str2);
        });
    }

    private boolean filterByApplication(List<Role> list) {
        return list.stream().findAny().isPresent();
    }

    private List<Role> getUserApplicationRoles(String str, String str2) {
        return !str2.isEmpty() ? KeycloakRoleMappingToRole.toRoles(this.keycloakClient.getUserClientRoleMapping(str, str2)) : Collections.emptyList();
    }

    private List<Role> getGroupApplicationRoles(String str, String str2) {
        return !str2.isEmpty() ? KeycloakRoleMappingToRole.toRoles(this.keycloakClient.getGroupClientRoleMapping(str, str2)) : Collections.emptyList();
    }

    private String getKeycloakClientId(String str) {
        List<KeycloakClientRepresentation> searchClients = this.keycloakClient.searchClients(str, 0, 1);
        if (searchClients.isEmpty()) {
            return null;
        }
        return searchClients.get(0).getId();
    }
}
