package io.phasetwo.portal;

import com.google.auto.service.AutoService;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.ImmutableSet;
import org.jboss.logging.Logger;
import org.keycloak.Config;
import org.keycloak.models.ClientModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.KeycloakSessionFactory;
import org.keycloak.models.ProtocolMapperModel;
import org.keycloak.models.RealmModel;
import org.keycloak.services.resource.RealmResourceProvider;
import org.keycloak.services.resource.RealmResourceProviderFactory;

@AutoService({RealmResourceProviderFactory.class})
/* loaded from: input_file:io/phasetwo/portal/PortalResourceProviderFactory.class */
public class PortalResourceProviderFactory implements RealmResourceProviderFactory {
    private static final Logger log = Logger.getLogger(PortalResourceProviderFactory.class);
    public static final String ID = "portal";
    public static final String NAME = "Admin portal";
    public static final String DESCRIPTION = "Portal for self-administration of profile and organizations.";

    public String getId() {
        return ID;
    }

    /* renamed from: create, reason: merged with bridge method [inline-methods] */
    public RealmResourceProvider m2create(KeycloakSession keycloakSession) {
        return new PortalResourceProvider(keycloakSession, keycloakSession.getContext().getRealm().getName());
    }

    public void init(Config.Scope scope) {
    }

    public void postInit(KeycloakSessionFactory keycloakSessionFactory) {
        keycloakSessionFactory.register(providerEvent -> {
            if (providerEvent instanceof RealmModel.RealmPostCreateEvent) {
                log.debug("RealmPostCreateEvent");
                realmPostCreate((RealmModel.RealmPostCreateEvent) providerEvent);
            }
        });
    }

    private void initClients(KeycloakSession keycloakSession) {
        try {
            keycloakSession.realms().getRealmsStream().forEach(realmModel -> {
                createClient(realmModel, keycloakSession);
            });
        } catch (Exception e) {
            log.warnf("Error initializing admin-portal clients. Ignoring. You may have to create them manually. %s", e.getMessage());
        }
    }

    private void realmPostCreate(RealmModel.RealmPostCreateEvent realmPostCreateEvent) {
        createClient(realmPostCreateEvent.getCreatedRealm(), realmPostCreateEvent.getKeycloakSession());
    }

    private void createClient(RealmModel realmModel, KeycloakSession keycloakSession) {
        log.debugf("Creating %s realm admin-portal client.", realmModel.getName());
        ClientModel clientByClientId = keycloakSession.clients().getClientByClientId(realmModel, "admin-portal");
        if (clientByClientId == null) {
            log.debugf("No admin-portal client for %s realm. Creating...", realmModel.getName());
            clientByClientId = "master".equals(realmModel.getName()) ? createClientForMaster(realmModel, keycloakSession) : createClientForRealm(realmModel, keycloakSession);
            updateAccountConsoleForRealm(realmModel, keycloakSession);
        }
        setClientScopeDefaults(realmModel, keycloakSession, clientByClientId);
    }

    private String getRedirectPath(RealmModel realmModel) {
        return String.format("/realms/%s/%s/", realmModel.getName(), ID);
    }

    private ClientModel createClientForRealm(RealmModel realmModel, KeycloakSession keycloakSession) {
        String redirectPath = getRedirectPath(realmModel);
        ClientModel addClient = keycloakSession.clients().addClient(realmModel, "admin-portal");
        setDefaults(realmModel, addClient);
        addClient.setRedirectUris(ImmutableSet.of(String.format("%s*", redirectPath)));
        addClient.setWebOrigins(ImmutableSet.of("/*"));
        addClient.setAttribute("post.logout.redirect.uris", "+");
        return addClient;
    }

    private void updateAccountConsoleForRealm(RealmModel realmModel, KeycloakSession keycloakSession) {
        keycloakSession.clients().getClientByClientId(realmModel, "account-console").addRedirectUri(String.format("%s*", getRedirectPath(realmModel)));
    }

    private ClientModel createClientForMaster(RealmModel realmModel, KeycloakSession keycloakSession) {
        ClientModel addClient = keycloakSession.clients().addClient(realmModel, "admin-portal");
        setDefaults(realmModel, addClient);
        addClient.setRedirectUris(ImmutableSet.of("/*"));
        addClient.setWebOrigins(ImmutableSet.of("/*"));
        addClient.setAttribute("post.logout.redirect.uris", "+");
        return addClient;
    }

    private void setDefaults(RealmModel realmModel, ClientModel clientModel) {
        clientModel.setProtocol("openid-connect");
        clientModel.setPublicClient(true);
        clientModel.setRootUrl("${authBaseUrl}");
        clientModel.setName(NAME);
        clientModel.setDescription(DESCRIPTION);
        clientModel.setBaseUrl(getRedirectPath(realmModel));
    }

    private void setOrganizationRoleMapper(ClientModel clientModel) {
        if (clientModel.getProtocolMapperByName("openid-connect", "organizations") != null) {
            return;
        }
        ProtocolMapperModel protocolMapperModel = new ProtocolMapperModel();
        protocolMapperModel.setProtocolMapper("oidc-organization-role-mapper");
        protocolMapperModel.setProtocol("openid-connect");
        protocolMapperModel.setName("organizations");
        protocolMapperModel.setConfig(new ImmutableMap.Builder().put("id.token.claim", "true").put("access.token.claim", "true").put("claim.name", "organizations").put("jsonType.label", "JSON").put("userinfo.token.claim", "true").build());
        clientModel.addProtocolMapper(protocolMapperModel);
    }

    private void setOrganizationIdMapper(ClientModel clientModel) {
        if (clientModel.getProtocolMapperByName("openid-connect", "org_id") != null) {
            return;
        }
        ProtocolMapperModel protocolMapperModel = new ProtocolMapperModel();
        protocolMapperModel.setProtocolMapper("oidc-usersessionmodel-note-mapper");
        protocolMapperModel.setProtocol("openid-connect");
        protocolMapperModel.setName("org_id");
        protocolMapperModel.setConfig(new ImmutableMap.Builder().put("user.session.note", "org_id").put("id.token.claim", "true").put("access.token.claim", "true").put("claim.name", "org_id").put("jsonType.label", "String").put("userinfo.token.claim", "true").build());
        clientModel.addProtocolMapper(protocolMapperModel);
    }

    private void setClientScopeDefaults(RealmModel realmModel, KeycloakSession keycloakSession, ClientModel clientModel) {
        clientModel.setFullScopeAllowed(true);
        keycloakSession.clientScopes().getClientScopesStream(realmModel).filter(clientScopeModel -> {
            return clientScopeModel.getRealm().equals(realmModel) && clientScopeModel.getName().equals("roles");
        }).forEach(clientScopeModel2 -> {
            log.debugf("Found 'roles' client scope. Adding as default...", new Object[0]);
            try {
                clientModel.addClientScope(clientScopeModel2, true);
            } catch (Exception e) {
                log.warn("'roles' client scope already exists. skipping...");
            }
        });
        setOrganizationRoleMapper(clientModel);
        setOrganizationIdMapper(clientModel);
    }

    public void close() {
    }
}
