package io.phasetwo.keycloak.events;

import com.google.common.base.Strings;
import io.phasetwo.keycloak.events.SenderEventListenerProvider;
import io.phasetwo.keycloak.model.WebhookModel;
import io.phasetwo.keycloak.model.WebhookProvider;
import io.phasetwo.keycloak.representation.ExtendedAdminEvent;
import io.phasetwo.keycloak.representation.ExtendedAuthDetails;
import java.io.IOException;
import java.util.Optional;
import java.util.concurrent.ScheduledExecutorService;
import java.util.concurrent.TimeUnit;
import java.util.function.Supplier;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.jboss.logging.Logger;
import org.keycloak.events.Event;
import org.keycloak.events.admin.AdminEvent;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.KeycloakSessionFactory;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.utils.KeycloakModelUtils;

/* loaded from: input_file:io/phasetwo/keycloak/events/WebhookSenderEventListenerProvider.class */
public class WebhookSenderEventListenerProvider extends HttpSenderEventListenerProvider {
    private static final Logger log = Logger.getLogger(WebhookSenderEventListenerProvider.class);
    private static final String WEBHOOK_URI_ENV = "WEBHOOK_URI";
    private static final String WEBHOOK_SECRET_ENV = "WEBHOOK_SECRET";
    private static final String WEBHOOK_ALGORITHM_ENV = "WEBHOOK_ALGORITHM";
    private final RunnableTransaction runnableTrx;
    private final KeycloakSessionFactory factory;
    private final String systemUri;
    private final String systemSecret;
    private final String systemAlgorithm;

    public WebhookSenderEventListenerProvider(KeycloakSession keycloakSession, ScheduledExecutorService scheduledExecutorService) {
        super(keycloakSession, scheduledExecutorService);
        this.factory = keycloakSession.getKeycloakSessionFactory();
        this.runnableTrx = new RunnableTransaction();
        keycloakSession.getTransactionManager().enlistAfterCompletion(this.runnableTrx);
        this.systemUri = System.getenv(WEBHOOK_URI_ENV);
        this.systemSecret = System.getenv(WEBHOOK_SECRET_ENV);
        this.systemAlgorithm = System.getenv(WEBHOOK_ALGORITHM_ENV);
    }

    @Override // io.phasetwo.keycloak.events.SenderEventListenerProvider
    public void onEvent(Event event) {
        log.debugf("onEvent %s %s", event.getType(), event.getId());
        try {
            ExtendedAdminEvent completeAdminEventAttributes = completeAdminEventAttributes("", event);
            this.runnableTrx.addRunnable(() -> {
                processEvent(completeAdminEventAttributes, event.getRealmId());
            });
        } catch (Exception e) {
            log.warn("Error converting and scheduling event: " + event, e);
        }
    }

    @Override // io.phasetwo.keycloak.events.SenderEventListenerProvider
    public void onEvent(AdminEvent adminEvent, boolean z) {
        log.debugf("onEvent %s %s %s", adminEvent.getOperationType(), adminEvent.getResourceTypeAsString(), adminEvent.getResourcePath());
        try {
            ExtendedAdminEvent completeAdminEventAttributes = completeAdminEventAttributes("", adminEvent);
            this.runnableTrx.addRunnable(() -> {
                processEvent(completeAdminEventAttributes, adminEvent.getRealmId());
            });
        } catch (Exception e) {
            log.warn("Error converting and scheduling event: " + adminEvent, e);
        }
    }

    public void processEvent(ExtendedAdminEvent extendedAdminEvent, String str) {
        processEvent(() -> {
            extendedAdminEvent.setUid(KeycloakModelUtils.generateId());
            return extendedAdminEvent;
        }, str);
    }

    private void processEvent(Supplier<ExtendedAdminEvent> supplier, String str) {
        KeycloakModelUtils.runJobInTransaction(this.factory, keycloakSession -> {
            ((WebhookProvider) keycloakSession.getProvider(WebhookProvider.class)).getWebhooksStream(keycloakSession.realms().getRealm(str)).filter(webhookModel -> {
                return webhookModel.isEnabled();
            }).filter(webhookModel2 -> {
                return !Strings.isNullOrEmpty(webhookModel2.getUrl());
            }).forEach(webhookModel3 -> {
                ExtendedAdminEvent extendedAdminEvent = (ExtendedAdminEvent) supplier.get();
                if (enabledFor(webhookModel3, extendedAdminEvent)) {
                    schedule(extendedAdminEvent, webhookModel3.getUrl(), webhookModel3.getSecret(), webhookModel3.getAlgorithm());
                }
            });
            if (Strings.isNullOrEmpty(this.systemUri)) {
                return;
            }
            schedule((ExtendedAdminEvent) supplier.get(), this.systemUri, this.systemSecret, this.systemAlgorithm);
        });
    }

    private void schedule(ExtendedAdminEvent extendedAdminEvent, String str, String str2, String str3) {
        SenderEventListenerProvider.SenderTask senderTask = new SenderEventListenerProvider.SenderTask(extendedAdminEvent, getBackOff());
        senderTask.getProperties().put("url", str);
        senderTask.getProperties().put("secret", str2);
        senderTask.getProperties().put("algorithm", str3);
        schedule(senderTask, 0L, TimeUnit.MILLISECONDS);
    }

    private boolean enabledFor(WebhookModel webhookModel, ExtendedAdminEvent extendedAdminEvent) {
        String type = extendedAdminEvent.getType();
        log.debugf("Checking webhook enabled for %s [%s]", type, webhookModel.getEventTypes());
        for (String str : webhookModel.getEventTypes()) {
            if ("*".equals(str)) {
                return true;
            }
            if ("access.*".equals(str) && type.startsWith("access.")) {
                return true;
            }
            if ("admin.*".equals(str) && type.startsWith("admin.")) {
                return true;
            }
            if ("system.*".equals(str) && type.startsWith("system.")) {
                return true;
            }
            try {
                if (Pattern.matches(str, type)) {
                    return true;
                }
            } catch (Exception e) {
            }
            if (str.equals(type)) {
                return true;
            }
        }
        return false;
    }

    @Override // io.phasetwo.keycloak.events.HttpSenderEventListenerProvider, io.phasetwo.keycloak.events.SenderEventListenerProvider
    void send(SenderEventListenerProvider.SenderTask senderTask) throws SenderEventListenerProvider.SenderException, IOException {
        send(senderTask, senderTask.getProperties().get("url"), Optional.ofNullable(senderTask.getProperties().get("secret")), Optional.ofNullable(senderTask.getProperties().get("algorithm")));
    }

    private ExtendedAdminEvent completeAdminEventAttributes(String str, Event event) {
        UserModel userById;
        RealmModel realm = this.session.realms().getRealm(event.getRealmId());
        ExtendedAdminEvent extendedAdminEvent = new ExtendedAdminEvent(str, event, realm);
        if (!Strings.isNullOrEmpty(event.getUserId()) && (userById = this.session.users().getUserById(realm, event.getUserId())) != null) {
            extendedAdminEvent.m33getAuthDetails().setUsername(userById.getUsername());
        }
        completeExtendedAuthDetails(extendedAdminEvent);
        return extendedAdminEvent;
    }

    private ExtendedAdminEvent completeAdminEventAttributes(String str, AdminEvent adminEvent) {
        RealmModel realm = this.session.realms().getRealm(adminEvent.getRealmId());
        ExtendedAdminEvent extendedAdminEvent = new ExtendedAdminEvent(str, adminEvent, realm);
        ExtendedAuthDetails m33getAuthDetails = extendedAdminEvent.m33getAuthDetails();
        if (!Strings.isNullOrEmpty(m33getAuthDetails.getUserId())) {
            m33getAuthDetails.setUsername(this.session.users().getUserById(realm, m33getAuthDetails.getUserId()).getUsername());
        }
        String resourcePath = extendedAdminEvent.getResourcePath();
        if (resourcePath != null && resourcePath.startsWith("users")) {
            Matcher matcher = Pattern.compile("^users/([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})$").matcher(resourcePath);
            if (matcher.matches()) {
                String group = matcher.group(1);
                UserModel userById = this.session.users().getUserById(this.session.realms().getRealm(adminEvent.getRealmId()), group);
                extendedAdminEvent.getDetails().put("userId", group);
                if (userById != null) {
                    extendedAdminEvent.getDetails().put("username", userById.getUsername());
                }
            }
        }
        completeExtendedAuthDetails(extendedAdminEvent);
        return extendedAdminEvent;
    }

    private ExtendedAdminEvent completeExtendedAuthDetails(ExtendedAdminEvent extendedAdminEvent) {
        ExtendedAuthDetails m33getAuthDetails = extendedAdminEvent.m33getAuthDetails();
        if (m33getAuthDetails == null) {
            return extendedAdminEvent;
        }
        try {
            m33getAuthDetails.setSessionId(this.session.getContext().getAuthenticationSession().getParentSession().getId());
        } catch (Exception e) {
            log.debug("couldn't get sessionId", e);
        }
        try {
            m33getAuthDetails.setRealmId(this.session.getContext().getAuthenticationSession().getParentSession().getRealm().getName());
        } catch (Exception e2) {
            log.debug("couldn't get realmId", e2);
        }
        return extendedAdminEvent;
    }
}
