package com.premiumminds.flowable.service;

import com.google.common.cache.CacheBuilder;
import com.google.common.cache.CacheLoader;
import com.google.common.cache.LoadingCache;
import com.premiumminds.flowable.conf.KeycloakProperties;
import java.util.List;
import java.util.Optional;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.TimeUnit;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.ws.rs.NotFoundException;
import org.flowable.ui.common.model.RemoteGroup;
import org.flowable.ui.common.model.RemoteToken;
import org.flowable.ui.common.model.RemoteUser;
import org.flowable.ui.common.service.exception.UnauthorizedException;
import org.flowable.ui.common.service.idm.RemoteIdmService;
import org.keycloak.admin.client.Keycloak;
import org.keycloak.admin.client.KeycloakBuilder;
import org.keycloak.admin.client.resource.RealmResource;
import org.keycloak.representations.idm.GroupRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.context.annotation.Primary;
import org.springframework.stereotype.Service;

@Primary
@Service
/* loaded from: input_file:com/premiumminds/flowable/service/KeycloakServiceImpl.class */
public class KeycloakServiceImpl implements RemoteIdmService {
    private static final Logger LOGGER = LoggerFactory.getLogger(KeycloakServiceImpl.class);
    private final Keycloak keycloak;
    private final RealmResource realm;
    private final OIDCClient oidcClient;
    private final KeycloakAccessTokenExtractor accessTokenExtractor;
    private final LoadingCache<String, Optional<RemoteUser>> usersCache;
    private final LoadingCache<String, Optional<RemoteGroup>> groupsCache;
    private final LoadingCache<String, List<RemoteUser>> groupsUsersCache;

    public KeycloakServiceImpl(KeycloakProperties keycloakProperties) {
        this.keycloak = KeycloakBuilder.builder().serverUrl(keycloakProperties.getUrl()).realm(keycloakProperties.getRealm()).clientId(keycloakProperties.getClient().getClientId()).clientSecret(keycloakProperties.getClient().getClientSecret()).grantType("client_credentials").build();
        this.realm = this.keycloak.realm(keycloakProperties.getRealm());
        OIDCMetadataHolder oIDCMetadataHolder = new OIDCMetadataHolder(keycloakProperties);
        this.oidcClient = new OIDCClient(keycloakProperties, oIDCMetadataHolder);
        this.accessTokenExtractor = new KeycloakAccessTokenExtractor(keycloakProperties, oIDCMetadataHolder);
        this.usersCache = CacheBuilder.newBuilder().maximumSize(100L).expireAfterWrite(30L, TimeUnit.MINUTES).weakValues().build(new CacheLoader<String, Optional<RemoteUser>>() { // from class: com.premiumminds.flowable.service.KeycloakServiceImpl.1
            public Optional<RemoteUser> load(String str) {
                try {
                    return Optional.of(KeycloakServiceImpl.this.convertUser(KeycloakServiceImpl.this.realm.users().get(str).toRepresentation(), KeycloakServiceImpl.this.realm.users().get(str).groups()));
                } catch (NotFoundException e) {
                    return Optional.empty();
                }
            }
        });
        this.groupsCache = CacheBuilder.newBuilder().maximumSize(100L).expireAfterWrite(30L, TimeUnit.MINUTES).weakValues().build(new CacheLoader<String, Optional<RemoteGroup>>() { // from class: com.premiumminds.flowable.service.KeycloakServiceImpl.2
            public Optional<RemoteGroup> load(String str) {
                try {
                    return Optional.of(KeycloakServiceImpl.this.convertGroup(KeycloakServiceImpl.this.realm.groups().group(str).toRepresentation()));
                } catch (NotFoundException e) {
                    return Optional.empty();
                }
            }
        });
        this.groupsUsersCache = CacheBuilder.newBuilder().maximumSize(100L).expireAfterWrite(30L, TimeUnit.MINUTES).weakValues().build(new CacheLoader<String, List<RemoteUser>>() { // from class: com.premiumminds.flowable.service.KeycloakServiceImpl.3
            public List<RemoteUser> load(String str) {
                Stream stream = KeycloakServiceImpl.this.realm.groups().group(str).members().stream();
                KeycloakServiceImpl keycloakServiceImpl = KeycloakServiceImpl.this;
                return (List) stream.map(userRepresentation -> {
                    return keycloakServiceImpl.convertUser(userRepresentation);
                }).collect(Collectors.toList());
            }
        });
    }

    public RemoteUser authenticateUser(String str, String str2) {
        try {
            List<String> roles = this.accessTokenExtractor.getRoles(this.oidcClient.authenticate(str, str2).getBearerAccessToken().getValue());
            RemoteUser remoteUser = new RemoteUser();
            remoteUser.setId(str);
            remoteUser.getPrivileges().addAll(roles);
            return remoteUser;
        } catch (Exception e) {
            LOGGER.warn("error authenticating", e);
            throw new UnauthorizedException("call authenticateUser(username='" + str + "') username or password no recognized");
        }
    }

    public RemoteToken getToken(String str) {
        throw new IllegalStateException("method should not be called");
    }

    public RemoteUser getUser(String str) {
        try {
            return (RemoteUser) ((Optional) this.usersCache.get(str)).orElseThrow(() -> {
                return new NotFoundException("user with id '" + str + "' not found");
            });
        } catch (ExecutionException e) {
            throw new RuntimeException("error getting user", e);
        }
    }

    public List<RemoteUser> findUsersByNameFilter(String str) {
        return (List) this.realm.users().search(str, 0, 20).stream().map(this::convertUser).collect(Collectors.toList());
    }

    public List<RemoteUser> findUsersByGroup(String str) {
        try {
            return (List) this.groupsUsersCache.get(str);
        } catch (ExecutionException e) {
            throw new RuntimeException("error getting users of group '" + str + "'", e);
        }
    }

    public RemoteGroup getGroup(String str) {
        try {
            return (RemoteGroup) ((Optional) this.groupsCache.get(str)).orElseThrow(() -> {
                return new NotFoundException("group with id '" + str + "' not found");
            });
        } catch (ExecutionException e) {
            throw new RuntimeException("error getting group", e);
        }
    }

    public List<RemoteGroup> findGroupsByNameFilter(String str) {
        return (List) this.realm.groups().groups(str, 0, 20).stream().map(this::convertGroup).collect(Collectors.toList());
    }

    /* JADX INFO: Access modifiers changed from: private */
    public RemoteUser convertUser(UserRepresentation userRepresentation) {
        RemoteUser remoteUser = new RemoteUser();
        remoteUser.setId(userRepresentation.getId());
        remoteUser.setFullName(userRepresentation.getFirstName() + " " + userRepresentation.getLastName());
        remoteUser.setFirstName(userRepresentation.getFirstName());
        remoteUser.setLastName(userRepresentation.getLastName());
        remoteUser.setEmail(userRepresentation.getEmail());
        return remoteUser;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public RemoteGroup convertGroup(GroupRepresentation groupRepresentation) {
        RemoteGroup remoteGroup = new RemoteGroup();
        remoteGroup.setId(groupRepresentation.getId());
        remoteGroup.setName(groupRepresentation.getName());
        return remoteGroup;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public RemoteUser convertUser(UserRepresentation userRepresentation, List<GroupRepresentation> list) {
        RemoteUser convertUser = convertUser(userRepresentation);
        convertUser.setGroups((List) list.stream().map(this::convertGroup).collect(Collectors.toList()));
        return convertUser;
    }
}
