package io.jans.kc.scheduler;

import io.jans.kc.api.admin.client.KeycloakApi;
import io.jans.kc.api.admin.client.model.AuthenticationFlow;
import io.jans.kc.api.admin.client.model.ManagedSamlClient;
import io.jans.kc.api.admin.client.model.ProtocolMapper;
import io.jans.kc.api.config.client.JansConfigApi;
import io.jans.kc.api.config.client.model.JansAttributeRepresentation;
import io.jans.kc.api.config.client.model.JansTrustRelationship;
import io.jans.kc.scheduler.job.ExecutionContext;
import io.jans.kc.scheduler.job.RecurringJob;
import io.jans.saml.metadata.model.EntityDescriptor;
import java.util.List;
import java.util.Optional;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/jans/kc/scheduler/TrustRelationshipSyncJob.class */
public class TrustRelationshipSyncJob extends RecurringJob {
    private static final Logger log = LoggerFactory.getLogger(TrustRelationshipSyncJob.class);
    private AuthenticationFlow authnBrowserFlow;
    private final JansConfigApi jansConfigApi = App.jansConfigApi();
    private final KeycloakApi keycloakApi = App.keycloakApi();
    private final String realm = App.configuration().keycloakResourcesRealm();
    private final String samlUserAttributeMapperId = App.configuration().keycloakResourcesSamlUserAttributeMapper();

    public TrustRelationshipSyncJob() {
        try {
            this.authnBrowserFlow = this.keycloakApi.getAuthenticationFlowFromAlias(this.realm, App.configuration().keycloakResourcesBrowserFlowAlias());
        } catch (Exception e) {
            log.warn("Could not properly initialize sync job", e);
            this.authnBrowserFlow = null;
        }
    }

    @Override // io.jans.kc.scheduler.job.Job
    public void run(ExecutionContext executionContext) {
        performSyncTasks();
    }

    private void performSyncTasks() {
        try {
            log.info("Performing Saml client housekeeping");
            performSamlClientsHousekeeping();
            log.info("Saml client housekeeping complete");
            log.info("Creating new managed saml clients");
            createNewManagedSamlClients();
            log.info("Creating new managed saml clients complete");
            log.info("Updating existing managed saml clients");
            updateExistingManagedSamlClients();
            log.info("Updating existing managed saml clients complete");
        } catch (Exception e) {
            log.error("Error running tr sync job", e);
        }
    }

    private void performSamlClientsHousekeeping() {
        deleteUnmanagedSamlClients();
    }

    private void deleteUnmanagedSamlClients() {
        log.debug("Deleting unmanaged SAML clients");
        List<ManagedSamlClient> findAllManagedSamlClients = this.keycloakApi.findAllManagedSamlClients(this.realm);
        if (findAllManagedSamlClients.isEmpty()) {
            log.debug("No previously managed SAML clients found in keycloak.");
        } else {
            log.debug("Previously managed SAML clients found in keycloak. Count: {}", Integer.valueOf(findAllManagedSamlClients.size()));
            findAllManagedSamlClients.forEach(managedSamlClient -> {
                if (this.jansConfigApi.trustRelationshipExists(managedSamlClient.externalRef())) {
                    return;
                }
                log.debug("Deleting previously managed SAML client with id: {}", managedSamlClient.keycloakId());
                this.keycloakApi.deleteManagedSamlClient(this.realm, managedSamlClient);
            });
        }
    }

    private void createNewManagedSamlClients() {
        if (this.authnBrowserFlow == null) {
            log.warn("Misconfigured browser authentication flow, skipping creation of new saml clients");
            return;
        }
        List<JansTrustRelationship> unassociatedJansTrustRelationships = unassociatedJansTrustRelationships();
        if (unassociatedJansTrustRelationships.isEmpty()) {
            log.debug("No unmanaged trust relationships found in Janssen.");
        } else {
            log.debug("Unmanaged trust relationships found in Janssen. Count: {}", Integer.valueOf(unassociatedJansTrustRelationships.size()));
            unassociatedJansTrustRelationships.stream().forEach(this::createNewManagedSamlClient);
        }
    }

    private void createNewManagedSamlClient(JansTrustRelationship jansTrustRelationship) {
        try {
            log.debug("Creating managed SAML client from Janssen TR with inum {}", jansTrustRelationship.getInum());
            List entityDescriptors = this.jansConfigApi.getTrustRelationshipSamlMetadata(jansTrustRelationship).getEntityDescriptors();
            if (!entityDescriptors.isEmpty()) {
                String inum = jansTrustRelationship.getInum();
                ManagedSamlClient createManagedSamlClient = this.keycloakApi.createManagedSamlClient(this.realm, inum, this.authnBrowserFlow, (EntityDescriptor) entityDescriptors.get(0));
                addReleasedAttributesToManagedSamlClient(createManagedSamlClient, this.jansConfigApi.getTrustRelationshipReleasedAttributes(jansTrustRelationship));
                log.debug("Created managed SAML client with id {} from Janssen TR with inum {}", createManagedSamlClient.keycloakId(), inum);
            }
        } catch (Exception e) {
            log.warn("Could not create managed SAML client using tr with inum {}", jansTrustRelationship.getInum());
            log.warn("Resulting exception: ", e);
        }
    }

    private void updateExistingManagedSamlClients() {
        List<JansTrustRelationship> findAllTrustRelationships = this.jansConfigApi.findAllTrustRelationships();
        List<ManagedSamlClient> findAllManagedSamlClients = this.keycloakApi.findAllManagedSamlClients(this.realm);
        log.debug("Updating existing managed saml clients. Count: {}", Integer.valueOf(findAllManagedSamlClients.size()));
        findAllManagedSamlClients.stream().forEach(managedSamlClient -> {
            Optional findFirst = findAllTrustRelationships.stream().filter(jansTrustRelationship -> {
                return managedSamlClient.correspondsToExternalRef(jansTrustRelationship.getInum());
            }).findFirst();
            if (findFirst.isPresent()) {
                updateExistingSamlClient(managedSamlClient, (JansTrustRelationship) findFirst.get());
            }
        });
    }

    private void updateExistingSamlClient(ManagedSamlClient managedSamlClient, JansTrustRelationship jansTrustRelationship) {
        try {
            log.debug("Updating managed SAML client with id {}. Associated trust relationship inum: {}", managedSamlClient.keycloakId(), managedSamlClient.externalRef());
            List entityDescriptors = this.jansConfigApi.getTrustRelationshipSamlMetadata(jansTrustRelationship).getEntityDescriptors();
            if (!entityDescriptors.isEmpty()) {
                this.keycloakApi.updateManagedSamlClient(this.realm, managedSamlClient, (EntityDescriptor) entityDescriptors.get(0));
                List<JansAttributeRepresentation> trustRelationshipReleasedAttributes = this.jansConfigApi.getTrustRelationshipReleasedAttributes(jansTrustRelationship);
                List<ProtocolMapper> managedSamlClientProtocolMappers = this.keycloakApi.getManagedSamlClientProtocolMappers(this.realm, managedSamlClient);
                managedSamlClientProtocolMappers.forEach(protocolMapper -> {
                    String inumFromProtocolMapperName = inumFromProtocolMapperName(protocolMapper.getName());
                    if (trustRelationshipReleasedAttributes.stream().anyMatch(jansAttributeRepresentation -> {
                        return inumFromProtocolMapperName.equals(jansAttributeRepresentation.getInum());
                    })) {
                        return;
                    }
                    log.debug("Removing attribute {} for managed saml client {} because it's no more part of the released attributes", protocolMapper.getName(), managedSamlClient.clientId());
                    deleteProtolMapperFromManagedClient(managedSamlClient, protocolMapper);
                });
                addReleasedAttributesToManagedSamlClient(managedSamlClient, trustRelationshipReleasedAttributes.stream().filter(jansAttributeRepresentation -> {
                    return !managedSamlClientProtocolMappers.stream().anyMatch(protocolMapper2 -> {
                        return inumFromProtocolMapperName(protocolMapper2.getName()).equals(jansAttributeRepresentation.getInum());
                    });
                }).toList());
                managedSamlClientProtocolMappers.forEach(protocolMapper2 -> {
                    String inumFromProtocolMapperName = inumFromProtocolMapperName(protocolMapper2.getName());
                    Optional findFirst = trustRelationshipReleasedAttributes.stream().filter(jansAttributeRepresentation2 -> {
                        return inumFromProtocolMapperName.equals(jansAttributeRepresentation2.getInum());
                    }).findFirst();
                    if (findFirst.isPresent()) {
                        updateManagedSamlClientProtocolMapper(managedSamlClient, protocolMapper2, (JansAttributeRepresentation) findFirst.get());
                    }
                });
            }
        } catch (Exception e) {
            log.warn("Could not update managed SAML client with id {}", managedSamlClient.keycloakId());
            log.warn("Resulting exception: ", e);
        }
    }

    private List<JansTrustRelationship> unassociatedJansTrustRelationships() {
        List<JansTrustRelationship> findAllTrustRelationships = this.jansConfigApi.findAllTrustRelationships();
        List<ManagedSamlClient> findAllManagedSamlClients = this.keycloakApi.findAllManagedSamlClients(this.realm);
        return findAllTrustRelationships.stream().filter(jansTrustRelationship -> {
            return findAllManagedSamlClients.stream().noneMatch(managedSamlClient -> {
                return managedSamlClient.externalRef().equals(jansTrustRelationship.getInum());
            });
        }).toList();
    }

    private void addReleasedAttributesToManagedSamlClient(ManagedSamlClient managedSamlClient, List<JansAttributeRepresentation> list) {
        this.keycloakApi.addProtocolMappersToManagedSamlClient(this.realm, managedSamlClient, list.stream().map(jansAttributeRepresentation -> {
            log.debug("Preparing to add released attribute {} to managed saml client with clientId {}", jansAttributeRepresentation.getName(), managedSamlClient.clientId());
            return ProtocolMapper.samlUserAttributeMapper(this.samlUserAttributeMapperId).name(generateKeycloakUniqueProtocolMapperName(jansAttributeRepresentation)).userAttribute(jansAttributeRepresentation.getName()).friendlyName(jansAttributeRepresentation.getDisplayName() != null ? jansAttributeRepresentation.getDisplayName() : jansAttributeRepresentation.getName()).attributeName(jansAttributeRepresentation.getSaml2Uri()).attributeNameFormatUriReference().build();
        }).toList());
    }

    private void updateManagedSamlClientProtocolMapper(ManagedSamlClient managedSamlClient, ProtocolMapper protocolMapper, JansAttributeRepresentation jansAttributeRepresentation) {
        log.debug("Updating managed client released attribute. Client id: {} / Attribute name: {}", managedSamlClient.clientId(), jansAttributeRepresentation.getName());
        this.keycloakApi.updateManagedSamlClientProtocolMapper(this.realm, managedSamlClient, ProtocolMapper.samlUserAttributeMapper(protocolMapper).userAttribute(jansAttributeRepresentation.getName()).friendlyName(jansAttributeRepresentation.getDisplayName() != null ? jansAttributeRepresentation.getDisplayName() : jansAttributeRepresentation.getName()).attributeName(jansAttributeRepresentation.getSaml2Uri()).attributeNameFormatUriReference().build());
    }

    private void deleteProtolMapperFromManagedClient(ManagedSamlClient managedSamlClient, ProtocolMapper protocolMapper) {
        log.debug("Deleting released attribute from managed client. Client id: {} / Attribute name: {}", managedSamlClient.clientId(), protocolMapper.getName());
        this.keycloakApi.deleteManagedSamlClientProtocolMapper(this.realm, managedSamlClient, protocolMapper);
    }

    private final String generateKeycloakUniqueProtocolMapperName(JansAttributeRepresentation jansAttributeRepresentation) {
        return String.format("%s:%s", jansAttributeRepresentation.getInum(), jansAttributeRepresentation.getName());
    }

    private final String inumFromProtocolMapperName(String str) {
        int indexOf = str.indexOf(":");
        return indexOf != -1 ? str.substring(0, indexOf) : "";
    }
}
