package jp.openstandia.connector.keycloak.rest;

import com.fasterxml.jackson.annotation.JsonProperty;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.stream.Collectors;
import javax.ws.rs.BadRequestException;
import javax.ws.rs.NotFoundException;
import jp.openstandia.connector.keycloak.KeycloakClient;
import jp.openstandia.connector.keycloak.KeycloakConfiguration;
import jp.openstandia.connector.keycloak.KeycloakSchema;
import jp.openstandia.connector.keycloak.KeycloakUserHandler;
import jp.openstandia.connector.keycloak.KeycloakUtils;
import org.identityconnectors.common.logging.Log;
import org.identityconnectors.framework.common.exceptions.AlreadyExistsException;
import org.identityconnectors.framework.common.exceptions.InvalidAttributeValueException;
import org.identityconnectors.framework.common.exceptions.UnknownUidException;
import org.identityconnectors.framework.common.objects.Attribute;
import org.identityconnectors.framework.common.objects.AttributeBuilder;
import org.identityconnectors.framework.common.objects.AttributeDelta;
import org.identityconnectors.framework.common.objects.AttributeDeltaUtil;
import org.identityconnectors.framework.common.objects.AttributeInfo;
import org.identityconnectors.framework.common.objects.AttributeUtil;
import org.identityconnectors.framework.common.objects.AttributeValueCompleteness;
import org.identityconnectors.framework.common.objects.ConnectorObject;
import org.identityconnectors.framework.common.objects.ConnectorObjectBuilder;
import org.identityconnectors.framework.common.objects.Name;
import org.identityconnectors.framework.common.objects.OperationOptions;
import org.identityconnectors.framework.common.objects.OperationalAttributes;
import org.identityconnectors.framework.common.objects.ResultsHandler;
import org.identityconnectors.framework.common.objects.Uid;
import org.keycloak.admin.client.Keycloak;
import org.keycloak.admin.client.resource.RealmResource;
import org.keycloak.admin.client.resource.UserResource;
import org.keycloak.admin.client.resource.UsersResource;
import org.keycloak.representations.idm.CredentialRepresentation;
import org.keycloak.representations.idm.UserRepresentation;

/* JADX WARN: Classes with same name are omitted:
  input_file:jp/openstandia/connector/keycloak/rest/KeycloakAdminRESTUser.class
 */
/* loaded from: input_file:lib/connector-keycloak-1.1.2.jar:jp/openstandia/connector/keycloak/rest/KeycloakAdminRESTUser.class */
public class KeycloakAdminRESTUser implements KeycloakClient.User {
    private static final Log LOGGER = Log.getLog(KeycloakAdminRESTUser.class);
    private final String instanceName;
    private final KeycloakConfiguration configuration;
    private Keycloak adminClient;

    public KeycloakAdminRESTUser(String str, KeycloakConfiguration keycloakConfiguration, Keycloak keycloak) {
        this.instanceName = str;
        this.configuration = keycloakConfiguration;
        this.adminClient = keycloak;
    }

    private RealmResource realm(String str) {
        return this.adminClient.realm(str);
    }

    private UsersResource users(String str) {
        return realm(str).users();
    }

    @Override // jp.openstandia.connector.keycloak.KeycloakClient.User
    public Uid createUser(KeycloakSchema keycloakSchema, String str, Set<Attribute> set) throws AlreadyExistsException {
        UserRepresentation userRep = toUserRep(keycloakSchema, set);
        CredentialRepresentation credentialRepresentation = null;
        if (this.configuration.isPasswordResetAPIEnabled()) {
            List<CredentialRepresentation> credentials = userRep.getCredentials();
            if (credentials != null && credentials.size() == 1) {
                credentialRepresentation = credentials.get(0);
            }
            userRep.setCredentials(null);
        }
        List<String> groups = userRep.getGroups();
        userRep.setGroups(null);
        String checkCreateResult = KeycloakRESTUtils.checkCreateResult(users(str).create(userRep), "createUser");
        updatePassword(str, checkCreateResult, credentialRepresentation, true);
        if (groups != null) {
            for (String str2 : groups) {
                try {
                    users(str).get(checkCreateResult).joinGroup(str2);
                } catch (NotFoundException e) {
                    LOGGER.warn("The group is not found already. Skipping join the user. groupId: {0}, userId: {1}, username: {2}", new Object[]{str2, checkCreateResult, userRep.getUsername()});
                }
            }
        }
        return new Uid(checkCreateResult, new Name(userRep.getUsername()));
    }

    protected UserRepresentation toUserRep(KeycloakSchema keycloakSchema, Set<Attribute> set) {
        UserRepresentation userRepresentation = new UserRepresentation();
        for (Attribute attribute : set) {
            if (attribute.getName().equals(Name.NAME)) {
                userRepresentation.setUsername(AttributeUtil.getAsStringValue(attribute));
            } else if (attribute.getName().equals(OperationalAttributes.ENABLE_NAME)) {
                userRepresentation.setEnabled(AttributeUtil.getBooleanValue(attribute));
            } else if (attribute.getName().equals(OperationalAttributes.PASSWORD_NAME)) {
                ArrayList arrayList = new ArrayList();
                AttributeUtil.getGuardedStringValue(attribute).access(cArr -> {
                    String valueOf = String.valueOf(cArr);
                    CredentialRepresentation credentialRepresentation = new CredentialRepresentation();
                    credentialRepresentation.setType("password");
                    credentialRepresentation.setTemporary(Boolean.FALSE);
                    credentialRepresentation.setValue(valueOf);
                    arrayList.add(credentialRepresentation);
                });
                userRepresentation.setCredentials(arrayList);
            } else if (attribute.getName().equals("email")) {
                userRepresentation.setEmail(AttributeUtil.getAsStringValue(attribute));
            } else if (attribute.getName().equals(KeycloakUserHandler.ATTR_EMAIL_VERIFIED)) {
                userRepresentation.setEmailVerified(AttributeUtil.getBooleanValue(attribute));
            } else if (attribute.getName().equals(KeycloakUserHandler.ATTR_FIRST_NAME)) {
                userRepresentation.setFirstName(AttributeUtil.getAsStringValue(attribute));
            } else if (attribute.getName().equals(KeycloakUserHandler.ATTR_LAST_NAME)) {
                userRepresentation.setLastName(AttributeUtil.getAsStringValue(attribute));
            } else if (attribute.getName().equals(KeycloakUserHandler.ATTR_GROUPS)) {
                userRepresentation.setGroups((List) attribute.getValue().stream().map(obj -> {
                    return obj.toString();
                }).collect(Collectors.toList()));
            } else {
                if (!keycloakSchema.isUserSchema(attribute)) {
                    throw new InvalidAttributeValueException(String.format("Keycloak doesn't support to set '%s' attribute of User", attribute.getName()));
                }
                if (keycloakSchema.isMultiValuedUserSchema(attribute)) {
                    Map<String, List<String>> attributes = userRepresentation.getAttributes();
                    if (attributes == null) {
                        attributes = new HashMap();
                    }
                    attributes.put(attribute.getName(), (List) attribute.getValue().stream().map(obj2 -> {
                        return obj2.toString();
                    }).collect(Collectors.toList()));
                } else {
                    userRepresentation.singleAttribute(attribute.getName(), AttributeUtil.getStringValue(attribute));
                }
            }
        }
        return userRepresentation;
    }

    private void updatePassword(String str, String str2, CredentialRepresentation credentialRepresentation, Boolean bool) throws InvalidAttributeValueException {
        if (credentialRepresentation == null) {
            return;
        }
        try {
            users(str).get(str2).resetPassword(credentialRepresentation);
        } catch (BadRequestException e) {
            InvalidAttributeValueException invalidAttributeValueException = new InvalidAttributeValueException("Password policy error in keycloak", e);
            invalidAttributeValueException.setAffectedAttributeNames(Arrays.asList(OperationalAttributes.PASSWORD_NAME));
            throw invalidAttributeValueException;
        }
    }

    @Override // jp.openstandia.connector.keycloak.KeycloakClient.User
    public void updateUser(KeycloakSchema keycloakSchema, String str, Uid uid, Set<AttributeDelta> set, OperationOptions operationOptions) throws UnknownUidException {
        UsersResource users = users(str);
        ArrayList<String> arrayList = new ArrayList();
        ArrayList<String> arrayList2 = new ArrayList();
        CredentialRepresentation credentialRepresentation = null;
        try {
            UserResource userResource = users.get(uid.getUidValue());
            UserRepresentation representation = userResource.toRepresentation();
            for (AttributeDelta attributeDelta : set) {
                if (attributeDelta.getName().equals(Uid.NAME)) {
                    KeycloakUtils.invalidSchema(attributeDelta.getName());
                } else if (attributeDelta.getName().equals(Name.NAME)) {
                    representation.setUsername(AttributeDeltaUtil.getAsStringValue(attributeDelta));
                } else if (attributeDelta.getName().equals(OperationalAttributes.ENABLE_NAME)) {
                    representation.setEnabled(AttributeDeltaUtil.getBooleanValue(attributeDelta));
                } else if (attributeDelta.getName().equals(OperationalAttributes.PASSWORD_NAME)) {
                    ArrayList arrayList3 = new ArrayList();
                    AttributeDeltaUtil.getGuardedStringValue(attributeDelta).access(cArr -> {
                        String valueOf = String.valueOf(cArr);
                        CredentialRepresentation credentialRepresentation2 = new CredentialRepresentation();
                        credentialRepresentation2.setType("password");
                        credentialRepresentation2.setTemporary(Boolean.FALSE);
                        credentialRepresentation2.setValue(valueOf);
                        arrayList3.add(credentialRepresentation2);
                    });
                    representation.setCredentials(arrayList3);
                } else if (attributeDelta.getName().equals("email")) {
                    representation.setEmail(KeycloakUtils.toKeycloakValue(keycloakSchema.userSchema, attributeDelta));
                } else if (attributeDelta.getName().equals(KeycloakUserHandler.ATTR_EMAIL_VERIFIED)) {
                    representation.setEmailVerified(AttributeDeltaUtil.getBooleanValue(attributeDelta));
                } else if (attributeDelta.getName().equals(KeycloakUserHandler.ATTR_FIRST_NAME)) {
                    representation.setFirstName(KeycloakUtils.toKeycloakValue(keycloakSchema.userSchema, attributeDelta));
                } else if (attributeDelta.getName().equals(KeycloakUserHandler.ATTR_LAST_NAME)) {
                    representation.setLastName(KeycloakUtils.toKeycloakValue(keycloakSchema.userSchema, attributeDelta));
                } else if (attributeDelta.getName().equals(KeycloakUserHandler.ATTR_GROUPS)) {
                    if (attributeDelta.getValuesToAdd() != null) {
                        Iterator it = attributeDelta.getValuesToAdd().iterator();
                        while (it.hasNext()) {
                            arrayList.add(it.next().toString());
                        }
                    }
                    if (attributeDelta.getValuesToRemove() != null) {
                        Iterator it2 = attributeDelta.getValuesToRemove().iterator();
                        while (it2.hasNext()) {
                            arrayList2.add(it2.next().toString());
                        }
                    }
                } else if (!keycloakSchema.isUserSchema(attributeDelta)) {
                    KeycloakUtils.invalidSchema(attributeDelta.getName());
                } else if (keycloakSchema.isMultiValuedUserSchema(attributeDelta)) {
                    Map<String, List<String>> attributes = representation.getAttributes();
                    if (attributes == null) {
                        attributes = new HashMap();
                    }
                    List<String> orDefault = attributes.getOrDefault(attributeDelta.getName(), new ArrayList());
                    attributes.put(attributeDelta.getName(), orDefault);
                    if (attributeDelta.getValuesToAdd() != null) {
                        Iterator it3 = attributeDelta.getValuesToAdd().iterator();
                        while (it3.hasNext()) {
                            orDefault.add(it3.next().toString());
                        }
                    }
                    if (attributeDelta.getValuesToRemove() != null) {
                        Iterator it4 = attributeDelta.getValuesToRemove().iterator();
                        while (it4.hasNext()) {
                            orDefault.remove(it4.next().toString());
                        }
                    }
                    representation.setAttributes(attributes);
                } else {
                    representation.singleAttribute(attributeDelta.getName(), AttributeDeltaUtil.getStringValue(attributeDelta));
                }
            }
            if (this.configuration.isPasswordResetAPIEnabled()) {
                List<CredentialRepresentation> credentials = representation.getCredentials();
                if (credentials != null && credentials.size() == 1) {
                    credentialRepresentation = credentials.get(0);
                }
                representation.setCredentials(null);
            }
            userResource.update(representation);
            updatePassword(str, representation.getId(), credentialRepresentation, true);
            for (String str2 : arrayList) {
                try {
                    users(str).get(representation.getId()).joinGroup(str2);
                } catch (NotFoundException e) {
                    LOGGER.warn("The group is not found already. Skipping join the user. groupId: {0}, userId: {1}, username: {2}", new Object[]{str2, representation.getId(), representation.getUsername()});
                }
            }
            for (String str3 : arrayList2) {
                try {
                    users(str).get(representation.getId()).leaveGroup(str3);
                } catch (NotFoundException e2) {
                    LOGGER.warn("The group is not found already. Skipping join the user. groupId: {0}, userId: {1}, username: {2}", new Object[]{str3, representation.getId(), representation.getUsername()});
                }
            }
        } catch (NotFoundException e3) {
            LOGGER.warn("Not found user when updating. uid: {0}", new Object[]{uid});
            throw new UnknownUidException(uid, KeycloakUserHandler.USER_OBJECT_CLASS);
        }
    }

    @Override // jp.openstandia.connector.keycloak.KeycloakClient.User
    public void deleteUser(KeycloakSchema keycloakSchema, String str, Uid uid, OperationOptions operationOptions) throws UnknownUidException {
        try {
            KeycloakRESTUtils.checkDeleteResult(users(str).delete(uid.getUidValue()), "deleteUser");
        } catch (NotFoundException e) {
            LOGGER.warn("[{0}] Not found user when deleting. uid: {1}", new Object[]{this.instanceName, uid});
            throw new UnknownUidException(uid, KeycloakUserHandler.USER_OBJECT_CLASS);
        }
    }

    @Override // jp.openstandia.connector.keycloak.KeycloakClient.User
    public void getUsers(KeycloakSchema keycloakSchema, String str, ResultsHandler resultsHandler, OperationOptions operationOptions, Set<String> set, int i) {
        boolean shouldAllowPartialAttributeValues = KeycloakUtils.shouldAllowPartialAttributeValues(operationOptions);
        UsersResource users = users(str);
        Integer count = users.count();
        int i2 = 0;
        int i3 = 0;
        while (i3 < count.intValue()) {
            List<UserRepresentation> search = users.search(JsonProperty.USE_DEFAULT_NAME, Integer.valueOf(i2), Integer.valueOf(i), true);
            if (search.size() == 0) {
                return;
            }
            Iterator<UserRepresentation> it = search.iterator();
            while (it.hasNext()) {
                resultsHandler.handle(toConnectorObject(keycloakSchema, str, it.next(), set, shouldAllowPartialAttributeValues, i));
            }
            i3 += search.size();
            i2 += i;
        }
    }

    @Override // jp.openstandia.connector.keycloak.KeycloakClient.User
    public void getUser(KeycloakSchema keycloakSchema, String str, Uid uid, ResultsHandler resultsHandler, OperationOptions operationOptions, Set<String> set, int i) {
        try {
            resultsHandler.handle(toConnectorObject(keycloakSchema, str, users(str).get(uid.getUidValue()).toRepresentation(), set, KeycloakUtils.shouldAllowPartialAttributeValues(operationOptions), i));
        } catch (NotFoundException e) {
            LOGGER.warn("[{0}] Unknown userId: {1}, name: {2}", new Object[]{this.instanceName, uid.getUidValue(), uid.getNameHintValue()});
        }
    }

    @Override // jp.openstandia.connector.keycloak.KeycloakClient.User
    public void getUser(KeycloakSchema keycloakSchema, String str, Name name, ResultsHandler resultsHandler, OperationOptions operationOptions, Set<String> set, int i) {
        boolean shouldAllowPartialAttributeValues = KeycloakUtils.shouldAllowPartialAttributeValues(operationOptions);
        UsersResource users = users(str);
        Integer count = users.count(name.getNameValue());
        int i2 = 0;
        int i3 = 0;
        while (i3 < count.intValue()) {
            int i4 = i2 + i;
            List<UserRepresentation> search = users.search(name.getNameValue(), Integer.valueOf(i2), Integer.valueOf(i4), true);
            if (search.size() == 0) {
                break;
            }
            for (UserRepresentation userRepresentation : search) {
                if (userRepresentation.getUsername().equalsIgnoreCase(name.getNameValue())) {
                    resultsHandler.handle(toConnectorObject(keycloakSchema, str, userRepresentation, set, shouldAllowPartialAttributeValues, i));
                    return;
                }
            }
            i3 += search.size();
            i2 = i4 + 1;
        }
        LOGGER.warn("[{0}] Unknown username: {1}", new Object[]{this.instanceName, name.getNameValue()});
    }

    private ConnectorObject toConnectorObject(KeycloakSchema keycloakSchema, String str, UserRepresentation userRepresentation, Set<String> set, boolean z, int i) {
        ConnectorObjectBuilder name = new ConnectorObjectBuilder().setObjectClass(KeycloakUserHandler.USER_OBJECT_CLASS).setUid(userRepresentation.getId()).setName(userRepresentation.getUsername());
        if (KeycloakUtils.shouldReturn(set, OperationalAttributes.ENABLE_NAME)) {
            name.addAttribute(new Attribute[]{AttributeBuilder.buildEnabled(userRepresentation.isEnabled().booleanValue())});
        }
        if (KeycloakUtils.shouldReturn(set, KeycloakUserHandler.ATTR_CREATED_TIMESTAMP)) {
            name.addAttribute(KeycloakUserHandler.ATTR_CREATED_TIMESTAMP, new Object[]{KeycloakUtils.toZoneDateTime(userRepresentation.getCreatedTimestamp().longValue())});
        }
        if (KeycloakUtils.shouldReturn(set, "email")) {
            name.addAttribute("email", new Object[]{userRepresentation.getEmail()});
        }
        if (KeycloakUtils.shouldReturn(set, KeycloakUserHandler.ATTR_EMAIL_VERIFIED)) {
            name.addAttribute(KeycloakUserHandler.ATTR_EMAIL_VERIFIED, new Object[]{userRepresentation.isEmailVerified()});
        }
        if (KeycloakUtils.shouldReturn(set, KeycloakUserHandler.ATTR_FIRST_NAME)) {
            name.addAttribute(KeycloakUserHandler.ATTR_FIRST_NAME, new Object[]{userRepresentation.getFirstName()});
        }
        if (KeycloakUtils.shouldReturn(set, KeycloakUserHandler.ATTR_LAST_NAME)) {
            name.addAttribute(KeycloakUserHandler.ATTR_LAST_NAME, new Object[]{userRepresentation.getLastName()});
        }
        if (userRepresentation.getAttributes() != null) {
            for (Map.Entry<String, List<String>> entry : userRepresentation.getAttributes().entrySet()) {
                String key = entry.getKey();
                AttributeInfo userSchema = keycloakSchema.getUserSchema(key);
                if (userSchema == null) {
                    LOGGER.ok("[{0}] Ignored. \"{1}\" is not defined in the user schema.", new Object[]{this.instanceName, key});
                } else if (KeycloakUtils.shouldReturn(set, userSchema.getName())) {
                    name.addAttribute(new Attribute[]{KeycloakUtils.toConnectorAttribute(userSchema, entry)});
                }
            }
        }
        if (z) {
            LOGGER.ok("[{0}] Suppress fetching groups because return partial attribute values is requested", new Object[]{this.instanceName});
            AttributeBuilder attributeBuilder = new AttributeBuilder();
            attributeBuilder.setName(KeycloakUserHandler.ATTR_GROUPS).setAttributeValueCompleteness(AttributeValueCompleteness.INCOMPLETE);
            attributeBuilder.addValue(Collections.EMPTY_LIST);
            name.addAttribute(new Attribute[]{attributeBuilder.build()});
        } else if (set == null) {
            LOGGER.ok("[{0}] Suppress fetching groups because returned by default is true", new Object[]{this.instanceName});
        } else if (KeycloakUtils.shouldReturn(set, KeycloakUserHandler.ATTR_GROUPS)) {
            LOGGER.ok("[{0}] Fetching groups because attributes to get is requested", new Object[]{this.instanceName});
            name.addAttribute(KeycloakUserHandler.ATTR_GROUPS, (Collection) users(str).get(userRepresentation.getId()).groups().stream().map(groupRepresentation -> {
                return groupRepresentation.getId();
            }).collect(Collectors.toList()));
        }
        return name.build();
    }
}
