package org.openremote.manager.setup;

import java.util.Arrays;
import java.util.Collections;
import org.keycloak.admin.client.resource.RealmResource;
import org.keycloak.admin.client.resource.RoleResource;
import org.keycloak.representations.idm.ClientRepresentation;
import org.openremote.manager.security.ManagerIdentityService;
import org.openremote.manager.security.ManagerKeycloakIdentityProvider;
import org.openremote.model.Container;
import org.openremote.model.security.ClientRole;
import org.openremote.model.security.Realm;
import org.openremote.model.security.User;
import org.openremote.model.setup.Setup;

/* loaded from: input_file:org/openremote/manager/setup/AbstractKeycloakSetup.class */
public abstract class AbstractKeycloakSetup implements Setup {
    public static final ClientRole[] PUBLIC_USER_ROLES = {ClientRole.READ_ASSETS, ClientRole.READ_MAP, ClientRole.READ_INSIGHTS};
    public static final ClientRole[] REGULAR_USER_ROLES = {ClientRole.WRITE_USER, ClientRole.READ_MAP, ClientRole.READ_ASSETS, ClientRole.READ_USERS, ClientRole.READ_RULES, ClientRole.READ_INSIGHTS, ClientRole.READ_ALARMS, ClientRole.WRITE_ASSETS, ClientRole.WRITE_ATTRIBUTES, ClientRole.WRITE_RULES, ClientRole.WRITE_INSIGHTS, ClientRole.WRITE_ALARMS};
    protected final Container container;
    protected final ManagerIdentityService identityService;
    protected final ManagerKeycloakIdentityProvider keycloakProvider;
    protected final SetupService setupService;

    public AbstractKeycloakSetup(Container container) {
        this.container = container;
        this.identityService = container.getService(ManagerIdentityService.class);
        this.keycloakProvider = (ManagerKeycloakIdentityProvider) this.identityService.getIdentityProvider();
        this.setupService = (SetupService) container.getService(SetupService.class);
    }

    public ManagerKeycloakIdentityProvider getKeycloakProvider() {
        return this.keycloakProvider;
    }

    public Realm createRealm(String str, String str2, boolean z) {
        Realm realm = new Realm();
        realm.setName(str);
        realm.setDisplayName(str2);
        realm.setEnabled(true);
        realm.setDuplicateEmailsAllowed(true);
        realm.setRememberMe(Boolean.valueOf(z));
        return this.keycloakProvider.createRealm(realm);
    }

    public User createUser(String str, String str2, String str3, String str4, String str5, String str6, boolean z, ClientRole[] clientRoleArr) {
        return createUser(str, str2, str3, str4, str5, str6, z, false, false, clientRoleArr);
    }

    public User createUser(String str, String str2, String str3, String str4, String str5, String str6, boolean z, boolean z2, boolean z3, ClientRole[] clientRoleArr) {
        User user = new User();
        user.setUsername(str2);
        user.setFirstName(str4);
        user.setLastName(str5);
        user.setEmail(str6);
        user.setEnabled(Boolean.valueOf(z));
        if (z2) {
            user.setAttribute("emailNotificationsDisabled", "true");
        }
        if (z3) {
            user.setAttribute("pushNotificationsDisabled", "true");
        }
        User createUpdateUser = this.keycloakProvider.createUpdateUser(str, user, str3, true);
        if (createUpdateUser == null) {
            return null;
        }
        if (clientRoleArr != null && clientRoleArr.length > 0) {
            this.keycloakProvider.updateUserRoles(str, createUpdateUser.getId(), ManagerKeycloakIdentityProvider.DEFAULT_REALM_KEYCLOAK_THEME_DEFAULT, (String[]) Arrays.stream(clientRoleArr).map((v0) -> {
                return v0.getValue();
            }).toArray(i -> {
                return new String[i];
            }));
        }
        return createUpdateUser;
    }

    public void removeManageAccount(String str) {
        this.keycloakProvider.getRealms(realmsResource -> {
            RealmResource realm = realmsResource.realm(str);
            ClientRepresentation client = this.keycloakProvider.getClient(str, "account");
            RoleResource roleResource = realm.roles().get("default-roles-" + str);
            roleResource.getClientRoleComposites(client.getId()).stream().filter(roleRepresentation -> {
                return roleRepresentation.getName().equals("manage-account");
            }).findFirst().ifPresent(roleRepresentation2 -> {
                roleResource.deleteComposites(Collections.singletonList(roleRepresentation2));
            });
            return null;
        });
    }
}
