package com.cloudera.cmf.service.auth;

import com.cloudera.cmf.command.flow.CmdWorkCtx;
import com.cloudera.cmf.command.flow.WorkOutput;
import com.cloudera.cmf.command.flow.WorkOutputs;
import com.cloudera.cmf.model.DbRole;
import com.cloudera.cmf.model.DbService;
import com.cloudera.cmf.persist.CmfEntityManager;
import com.cloudera.cmf.service.ServiceHandler;
import com.cloudera.cmf.service.config.ParagraphParamSpec;
import com.cloudera.cmf.service.config.ParamSpec;
import com.cloudera.cmf.service.config.ParamSpecLabel;
import com.cloudera.cmf.service.mgmt.MgmtServiceHandler;
import com.cloudera.cmf.service.scm.ScmParams;
import com.cloudera.cmf.user.UserRole;
import com.cloudera.enterprise.I18nKey;
import com.cloudera.enterprise.MessageWithArgs;
import com.cloudera.server.cmf.OperationsManager;
import com.cloudera.server.web.common.I18n;
import com.fasterxml.jackson.annotation.JsonProperty;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Preconditions;
import java.util.Map;
import java.util.Set;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/cloudera/cmf/service/auth/CreateKeycloakClientsCmdWork.class */
public class CreateKeycloakClientsCmdWork extends AuthServiceAbstractCmdWork {
    private static final Logger LOG = LoggerFactory.getLogger(CreateKeycloakClientsCmdWork.class);

    @VisibleForTesting
    /* loaded from: input_file:com/cloudera/cmf/service/auth/CreateKeycloakClientsCmdWork$I18nKeys.class */
    public enum I18nKeys implements I18nKey {
        SUCCESS(0),
        DESCRIPTION(0),
        NO_REALM(0),
        CANT_CREATE_CLIENT(1);

        final int numArgs;

        I18nKeys(int i) {
            this.numArgs = i;
        }

        public String getKey() {
            return "message.command.service.auth.client-creation." + name().toLowerCase();
        }

        public int getNumArgs() {
            return this.numArgs;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public CreateKeycloakClientsCmdWork(@JsonProperty("serviceId") Long l) {
        this.serviceId = l;
    }

    @Override // com.cloudera.cmf.service.auth.AuthServiceAbstractCmdWork
    WorkOutput doWorkWithClient(CmdWorkCtx cmdWorkCtx, KeycloakClient keycloakClient) {
        try {
            OperationsManager operationsManager = cmdWorkCtx.getServiceDataProvider().getOperationsManager();
            if (!keycloakClient.realmExists("Default")) {
                LOG.error("Realm does not exist");
                return WorkOutputs.failure(cmdWorkCtx.getCommandId(), I18nKeys.NO_REALM.getKey(), new String[0]);
            }
            for (DbService dbService : cmdWorkCtx.getCmfEM().findAllServices()) {
                ServiceHandler serviceHandler = cmdWorkCtx.getServiceDataProvider().getServiceHandlerRegistry().get(dbService);
                if (dbService.getServiceType().equals(MgmtServiceHandler.SERVICE_TYPE)) {
                    for (DbRole dbRole : dbService.getRoles()) {
                        checkAllParams(cmdWorkCtx.getServiceDataProvider().getServiceHandlerRegistry().getRoleHandler(dbRole).getConfigSpec().getParams(), keycloakClient, dbService, dbRole, AuthServiceUtil.CM_DAEMONS_CLIENT_NAME, operationsManager, cmdWorkCtx.getCmfEM());
                    }
                } else {
                    checkAllParams(serviceHandler.getConfigSpec().getParams(), keycloakClient, dbService, null, dbService.getServiceType(), operationsManager, cmdWorkCtx.getCmfEM());
                }
            }
            setKeycloakAdapterConfig(keycloakClient, null, null, AuthServiceUtil.CM_SERVER_CLIENT_NAME, operationsManager, cmdWorkCtx.getCmfEM(), ScmParams.KEYCLOAK_ADAPTER_CONFIG);
            createCMServerClientRoles(keycloakClient);
            if (shouldCreateInitialUsers()) {
                keycloakClient.addUserClientRole("Default", keycloakClient.getUserIdByName("Default", "admin"), keycloakClient.getClientId("Default", AuthServiceUtil.CM_SERVER_CLIENT_NAME), UserRole.ROLE_ADMIN.name());
            }
            return WorkOutputs.success(I18nKeys.SUCCESS.getKey(), new String[0]);
        } catch (KeycloakClientException e) {
            LOG.error("Unable to add client to realm", e);
            return WorkOutputs.failure(cmdWorkCtx.getCommandId(), I18nKeys.CANT_CREATE_CLIENT.getKey(), e.getMessage());
        }
    }

    private void checkAllParams(Set<ParamSpec<?>> set, KeycloakClient keycloakClient, DbService dbService, DbRole dbRole, String str, OperationsManager operationsManager, CmfEntityManager cmfEntityManager) throws KeycloakClientException {
        ParagraphParamSpec paragraphParamSpec = null;
        for (ParamSpec<?> paramSpec : set) {
            if (paramSpec.getLabels().contains(ParamSpecLabel.SSO_CONFIG)) {
                Preconditions.checkState(paragraphParamSpec == null);
                Preconditions.checkState(paramSpec instanceof ParagraphParamSpec);
                paragraphParamSpec = (ParagraphParamSpec) paramSpec;
                setKeycloakAdapterConfig(keycloakClient, dbService, dbRole, str, operationsManager, cmfEntityManager, paragraphParamSpec);
            }
        }
    }

    private void setKeycloakAdapterConfig(KeycloakClient keycloakClient, DbService dbService, DbRole dbRole, String str, OperationsManager operationsManager, CmfEntityManager cmfEntityManager, ParagraphParamSpec paragraphParamSpec) throws KeycloakClientException {
        String keycloakAdapterConfig = AuthServiceUtil.getKeycloakAdapterConfig(str, keycloakClient.getURI().toString(), keycloakClient.getSecret("Default", keycloakClient.addClient("Default", str)), keycloakClient.getTruststore(), keycloakClient.getTrustpass());
        operationsManager.beginConfigWork(cmfEntityManager, "Set Authentication Service client configuration for " + str, false);
        if (dbService != null) {
            operationsManager.setConfigUnsafe(cmfEntityManager, paragraphParamSpec, keycloakAdapterConfig, dbService, dbRole, null, null, null);
        } else {
            operationsManager.setConfigUnsafe(cmfEntityManager, paragraphParamSpec, keycloakAdapterConfig, null, null, null, cmfEntityManager.getScmConfigProvider().getConfigContainer(), null);
        }
    }

    private void createCMServerClientRoles(KeycloakClient keycloakClient) throws KeycloakClientException {
        String clientId = keycloakClient.getClientId("Default", AuthServiceUtil.CM_SERVER_CLIENT_NAME);
        for (UserRole userRole : UserRole.values()) {
            StringBuilder sb = new StringBuilder(I18n.t(userRole.getDescription()));
            boolean z = true;
            for (Map.Entry entry : userRole.getAuthorityDescriptions().entrySet()) {
                if (z) {
                    sb.append(" ");
                    z = false;
                } else {
                    sb.append("; ");
                }
                sb.append(I18n.t((String) entry.getValue()));
            }
            keycloakClient.addClientRole("Default", clientId, userRole.name(), StringUtils.abbreviate(sb.toString(), 255));
        }
    }

    @Override // com.cloudera.cmf.command.flow.CmdWork
    public MessageWithArgs getDescription(CmdWorkCtx cmdWorkCtx) {
        return MessageWithArgs.of(I18nKeys.DESCRIPTION.getKey(), new String[0]);
    }

    @Override // com.cloudera.cmf.service.auth.AuthServiceAbstractCmdWork, com.cloudera.cmf.command.flow.CmdWork
    public /* bridge */ /* synthetic */ void onFinish(WorkOutput workOutput, CmdWorkCtx cmdWorkCtx) {
        super.onFinish(workOutput, cmdWorkCtx);
    }

    @Override // com.cloudera.cmf.service.auth.AuthServiceAbstractCmdWork, com.cloudera.cmf.command.flow.CmdWork
    public /* bridge */ /* synthetic */ WorkOutput doWork(CmdWorkCtx cmdWorkCtx) {
        return super.doWork(cmdWorkCtx);
    }
}
