package io.phasetwo.service.resource;

import com.google.auto.service.AutoService;
import io.phasetwo.service.Orgs;
import io.phasetwo.service.model.OrganizationModel;
import io.phasetwo.service.model.OrganizationProvider;
import io.phasetwo.service.util.IdentityProviders;
import org.jboss.logging.Logger;
import org.keycloak.Config;
import org.keycloak.models.AdminRoles;
import org.keycloak.models.ClientModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.KeycloakSessionFactory;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.utils.KeycloakModelUtils;
import org.keycloak.models.utils.PostMigrationEvent;
import org.keycloak.services.managers.RealmManager;
import org.keycloak.services.resource.RealmResourceProviderFactory;

@AutoService({RealmResourceProviderFactory.class})
/* loaded from: input_file:io/phasetwo/service/resource/OrganizationResourceProviderFactory.class */
public class OrganizationResourceProviderFactory implements RealmResourceProviderFactory {
    private static final Logger log = Logger.getLogger(OrganizationResourceProviderFactory.class);
    public static final String ID = "orgs";

    public String getId() {
        return ID;
    }

    public void close() {
    }

    /* renamed from: create, reason: merged with bridge method [inline-methods] */
    public OrganizationResourceProvider m63create(KeycloakSession keycloakSession) {
        log.debug("OrganizationResourceProviderFactory::create");
        return new OrganizationResourceProvider(keycloakSession);
    }

    public void init(Config.Scope scope) {
    }

    public void postInit(KeycloakSessionFactory keycloakSessionFactory) {
        log.debug("OrganizationResourceProviderFactory::postInit");
        keycloakSessionFactory.register(providerEvent -> {
            if (providerEvent instanceof RealmModel.RealmPostCreateEvent) {
                log.debug("RealmPostCreateEvent");
                realmPostCreate((RealmModel.RealmPostCreateEvent) providerEvent);
                return;
            }
            if (providerEvent instanceof PostMigrationEvent) {
                log.debug("PostMigrationEvent");
                if (Orgs.KC_ORGS_SKIP_MIGRATION == null) {
                    log.info("initializing organization roles following migration");
                    KeycloakModelUtils.runJobInTransaction(keycloakSessionFactory, this::initRoles);
                    return;
                }
                return;
            }
            if (providerEvent instanceof RealmModel.RealmRemovedEvent) {
                log.debug("RealmRemovedEvent");
                realmRemoved((RealmModel.RealmRemovedEvent) providerEvent);
                return;
            }
            if (providerEvent instanceof UserModel.UserRemovedEvent) {
                log.debug("UserRemovedEvent");
                userRemoved((UserModel.UserRemovedEvent) providerEvent);
            } else if (providerEvent instanceof OrganizationModel.OrganizationCreationEvent) {
                log.debug("OrganizationCreationEvent");
                organizationCreation((OrganizationModel.OrganizationCreationEvent) providerEvent);
            } else if (providerEvent instanceof OrganizationModel.OrganizationRemovedEvent) {
                log.debug("OrganizationRemovedEvent");
                organizationRemoved((OrganizationModel.OrganizationRemovedEvent) providerEvent);
            }
        });
    }

    private void initRoles(KeycloakSession keycloakSession) {
        log.debug("OrganizationResourceProviderFactory::initRoles");
        RealmManager realmManager = new RealmManager(keycloakSession);
        keycloakSession.realms().getRealmsStream().forEach(realmModel -> {
            ClientModel masterAdminClient = realmModel.getMasterAdminClient();
            if (masterAdminClient.getRole(OrganizationAdminAuth.ROLE_VIEW_ORGANIZATION) == null || masterAdminClient.getRole(OrganizationAdminAuth.ROLE_MANAGE_ORGANIZATION) == null || masterAdminClient.getRole(OrganizationAdminAuth.ROLE_CREATE_ORGANIZATION) == null) {
                addMasterAdminRoles(realmManager, realmModel);
            }
            if (realmModel.getName().equals(Config.getAdminRealm())) {
                return;
            }
            ClientModel clientByClientId = realmModel.getClientByClientId(realmManager.getRealmAdminClientId(realmModel));
            if (clientByClientId.getRole(OrganizationAdminAuth.ROLE_VIEW_ORGANIZATION) == null || clientByClientId.getRole(OrganizationAdminAuth.ROLE_MANAGE_ORGANIZATION) == null || clientByClientId.getRole(OrganizationAdminAuth.ROLE_CREATE_ORGANIZATION) == null) {
                addRealmAdminRoles(realmManager, realmModel);
            }
        });
    }

    private void realmPostCreate(RealmModel.RealmPostCreateEvent realmPostCreateEvent) {
        RealmModel createdRealm = realmPostCreateEvent.getCreatedRealm();
        RealmManager realmManager = new RealmManager(realmPostCreateEvent.getKeycloakSession());
        addMasterAdminRoles(realmManager, createdRealm);
        if (createdRealm.getName().equals(Config.getAdminRealm())) {
            return;
        }
        addRealmAdminRoles(realmManager, createdRealm);
    }

    private void addMasterAdminRoles(RealmManager realmManager, RealmModel realmModel) {
        addRoles(realmModel.getMasterAdminClient(), realmManager.getRealmByName(Config.getAdminRealm()).getRole(AdminRoles.ADMIN));
    }

    private void addRealmAdminRoles(RealmManager realmManager, RealmModel realmModel) {
        ClientModel clientByClientId = realmModel.getClientByClientId(realmManager.getRealmAdminClientId(realmModel));
        addRoles(clientByClientId, clientByClientId.getRole(AdminRoles.REALM_ADMIN));
    }

    private void addRoles(ClientModel clientModel, RoleModel roleModel) {
        for (String str : new String[]{OrganizationAdminAuth.ROLE_VIEW_ORGANIZATION, OrganizationAdminAuth.ROLE_MANAGE_ORGANIZATION}) {
            addRole(str, clientModel, roleModel, true);
        }
        addRole(OrganizationAdminAuth.ROLE_CREATE_ORGANIZATION, clientModel, roleModel, false);
    }

    private void addRole(String str, ClientModel clientModel, RoleModel roleModel, boolean z) {
        if (clientModel.getRole(str) == null) {
            RoleModel addRole = clientModel.addRole(str);
            addRole.setDescription("${role_" + str + "}");
            if (z) {
                roleModel.addCompositeRole(addRole);
            }
        }
    }

    private void realmRemoved(RealmModel.RealmRemovedEvent realmRemovedEvent) {
        ((OrganizationProvider) realmRemovedEvent.getKeycloakSession().getProvider(OrganizationProvider.class)).removeOrganizations(realmRemovedEvent.getRealm());
    }

    private void userRemoved(UserModel.UserRemovedEvent userRemovedEvent) {
        ((OrganizationProvider) userRemovedEvent.getKeycloakSession().getProvider(OrganizationProvider.class)).getUserOrganizationsStream(userRemovedEvent.getRealm(), userRemovedEvent.getUser()).forEach(organizationModel -> {
            try {
                organizationModel.revokeMembership(userRemovedEvent.getUser());
                organizationModel.getRolesStream().forEach(organizationRoleModel -> {
                    if (organizationRoleModel.hasRole(userRemovedEvent.getUser())) {
                        organizationRoleModel.revokeRole(userRemovedEvent.getUser());
                    }
                });
            } catch (Exception e) {
                log.warn("error removing user from org", e);
            }
        });
    }

    private void organizationCreation(OrganizationModel.OrganizationCreationEvent organizationCreationEvent) {
        OrganizationModel organization = organizationCreationEvent.getOrganization();
        for (String str : OrganizationAdminAuth.DEFAULT_ORG_ROLES) {
            organization.addRole(str);
        }
        if (organizationCreationEvent.getRealm().getAttribute(Orgs.ORG_CONFIG_CREATE_ADMIN_USER_KEY, true).booleanValue()) {
            String defaultAdminUsername = getDefaultAdminUsername(organization);
            UserModel addUser = organizationCreationEvent.getKeycloakSession().users().addUser(organizationCreationEvent.getRealm(), KeycloakModelUtils.generateId(), defaultAdminUsername, true, false);
            addUser.setEnabled(true);
            addUser.setEmail(String.format("%s@noreply.phasetwo.io", defaultAdminUsername));
            addUser.setEmailVerified(true);
            organization.grantMembership(addUser);
            for (String str2 : OrganizationAdminAuth.DEFAULT_ORG_ROLES) {
                organization.getRoleByName(str2).grantRole(addUser);
            }
        }
    }

    private void organizationRemoved(OrganizationModel.OrganizationRemovedEvent organizationRemovedEvent) {
        OrganizationModel organization = organizationRemovedEvent.getOrganization();
        try {
            organization.getIdentityProvidersStream().forEach(identityProviderModel -> {
                IdentityProviders.removeOrganization(organization.getId(), identityProviderModel);
            });
        } catch (Exception e) {
            log.warnf("Couldn't remove identity providers on organizationRemoved. Likely because this follows a realmRemoved event. %s", e.getMessage());
        }
        try {
            UserModel userByUsername = organizationRemovedEvent.getKeycloakSession().users().getUserByUsername(organizationRemovedEvent.getRealm(), getDefaultAdminUsername(organizationRemovedEvent.getOrganization()));
            if (userByUsername != null) {
                log.debugf("User removed on deletion of org %s? %b", organizationRemovedEvent.getOrganization().getId(), Boolean.valueOf(organizationRemovedEvent.getKeycloakSession().users().removeUser(organizationRemovedEvent.getRealm(), userByUsername)));
            } else {
                log.warnf("Default org admin %s for org %s doesn't exist. Skipping deletion on org removal.", getDefaultAdminUsername(organizationRemovedEvent.getOrganization()), organizationRemovedEvent.getOrganization().getId());
            }
        } catch (Exception e2) {
            log.warnf("Couldn't remove default org admin user on organizationRemoved. Likely because this follows a realmRemoved event. %s", e2.getMessage());
        }
    }

    public static String getDefaultAdminUsername(OrganizationModel organizationModel) {
        return String.format("org-admin-%s", organizationModel.getId());
    }
}
