package com.cloudera.cmf.service.auth;

import com.cloudera.cmf.service.CommandUtils;
import com.cloudera.server.common.Util;
import com.cloudera.server.web.common.JamonModelAndView;
import com.google.common.collect.ImmutableList;
import java.io.File;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.URI;
import java.net.URISyntaxException;
import java.text.MessageFormat;
import java.util.ArrayList;
import org.apache.http.HttpEntity;
import org.apache.http.HttpResponse;
import org.apache.http.StatusLine;
import org.apache.http.client.ClientProtocolException;
import org.apache.http.client.HttpResponseException;
import org.apache.http.client.ResponseHandler;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpDelete;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.client.methods.HttpRequestBase;
import org.apache.http.client.utils.URIBuilder;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.entity.StringEntity;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.message.BasicNameValuePair;
import org.apache.http.ssl.SSLContexts;
import org.keycloak.representations.AccessTokenResponse;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.idm.CredentialRepresentation;
import org.keycloak.representations.idm.PartialImportRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.RoleRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.util.JsonSerialization;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/cloudera/cmf/service/auth/KeycloakClient.class */
class KeycloakClient {
    private static final Logger LOG = LoggerFactory.getLogger(KeycloakClient.class);
    private static final String AUTHPATH = "/realms/master/protocol/openid-connect/token";
    private static final String REALMS = "/admin/realms";
    private static final String THISREALM = "/admin/realms/{0}";
    private static final String PARTIALIMPORT = "/admin/realms/{0}/partialImport";
    private static final String PARTIALEXPORT = "/admin/realms/{0}/partial-export";
    private static final String CLIENTS = "/admin/realms/{0}/clients";
    private static final String ONECLIENT = "/admin/realms/{0}/clients/{1}";
    private static final String SECRET = "/admin/realms/{0}/clients/{1}/client-secret";
    private static final String USERS = "/admin/realms/{0}/users";
    private static final String ONEUSER = "/admin/realms/{0}/users/{1}";
    private static final String ROLES = "/admin/realms/{0}/users/{1}/role-mappings/realm";
    private static final String ROLES_AVAIL = "/admin/realms/{0}/users/{1}/role-mappings/realm/available";
    private static final String CLIENTROLES = "/admin/realms/{0}/clients/{1}/roles";
    private static final String CLIENTROLE = "/admin/realms/{0}/clients/{1}/roles/{2}";
    private static final String USER_CLIENT_ROLE = "/admin/realms/{0}/users/{1}/role-mappings/clients/{2}";
    private boolean useHttps;
    private String username;
    private String password;
    private String truststore;
    private String trustpass;
    private URI url;
    private CloseableHttpClient client;
    private AccessTokenResponse token;

    /* loaded from: input_file:com/cloudera/cmf/service/auth/KeycloakClient$Builder.class */
    public static class Builder {
        private Long port;
        private String hostname;
        private boolean useHttps;
        private String username;
        private String password;
        private String truststore;
        private String trustpass;

        public Builder setPort(Long l) {
            this.port = l;
            return this;
        }

        public Builder setHostname(String str) {
            this.hostname = str;
            return this;
        }

        public Builder setUseHttps(boolean z) {
            this.useHttps = z;
            return this;
        }

        public Builder setUsername(String str) {
            this.username = str;
            return this;
        }

        public Builder setPassword(String str) {
            this.password = str;
            return this;
        }

        public Builder setTruststore(String str) {
            this.truststore = str;
            return this;
        }

        public Builder setTrustpass(String str) {
            this.trustpass = str;
            return this;
        }

        public KeycloakClient build() throws KeycloakClientException {
            return new KeycloakClient(this.port, this.hostname, this.useHttps, this.username, this.password, this.truststore, this.trustpass);
        }
    }

    private KeycloakClient(Long l, String str, boolean z, String str2, String str3, String str4, String str5) throws KeycloakClientException {
        this.useHttps = z;
        this.username = str2;
        this.password = str3;
        this.truststore = str4;
        this.trustpass = str5;
        try {
            this.url = new URI(z ? Util.HTTPS : "http", null, str, StrictMath.toIntExact(l.longValue()), "/auth", null, null);
            login();
        } catch (URISyntaxException e) {
            throw new KeycloakClientException("Bad URI syntax", e);
        }
    }

    public URI getURI() {
        return this.url;
    }

    public String getTruststore() {
        return this.truststore;
    }

    public String getTrustpass() {
        return this.trustpass;
    }

    private String urlBuilder(String str, Object... objArr) {
        return new MessageFormat(this.url.toString() + str).format(objArr);
    }

    private void setHeaders(HttpRequestBase httpRequestBase) {
        httpRequestBase.addHeader("Content-Type", JamonModelAndView.JamonView.CONTENT_TYPE_TEXT_JSON);
        httpRequestBase.addHeader("Accept", JamonModelAndView.JamonView.CONTENT_TYPE_TEXT_JSON);
        httpRequestBase.addHeader("Authorization", "Bearer " + this.token.getToken());
    }

    private <T> ResponseHandler<T> getResponseHandler(final Class<T> cls) {
        return new ResponseHandler<T>() { // from class: com.cloudera.cmf.service.auth.KeycloakClient.1
            @Override // org.apache.http.client.ResponseHandler
            public T handleResponse(HttpResponse httpResponse) throws IOException {
                StatusLine statusLine = httpResponse.getStatusLine();
                HttpEntity entity = httpResponse.getEntity();
                if (statusLine.getStatusCode() >= 300) {
                    throw new HttpResponseException(statusLine.getStatusCode(), statusLine.getReasonPhrase());
                }
                if (entity == null) {
                    throw new ClientProtocolException("Response contains no content");
                }
                return (T) JsonSerialization.readValue(entity.getContent(), cls);
            }
        };
    }

    private <T> T doHttpGet(String str, Class<T> cls) throws KeycloakClientException {
        HttpGet httpGet = new HttpGet(str);
        setHeaders(httpGet);
        ResponseHandler<T> responseHandler = getResponseHandler(cls);
        LOG.debug("Http GET to " + str);
        try {
            return (T) this.client.execute(httpGet, responseHandler);
        } catch (IOException e) {
            throw new KeycloakClientException("Http GET failure to " + str + "; cause:  " + e.getMessage(), e);
        }
    }

    private void doHttpPost(String str, String str2, String str3) throws KeycloakClientException {
        try {
            StringEntity stringEntity = new StringEntity(str2);
            HttpPost httpPost = new HttpPost(str);
            setHeaders(httpPost);
            httpPost.setEntity(stringEntity);
            LOG.debug("Http POST to " + str);
            try {
                CloseableHttpResponse execute = this.client.execute(httpPost);
                if (execute.getStatusLine().getStatusCode() >= 300) {
                    throw new KeycloakClientException(str3 + ": " + execute.getStatusLine().getReasonPhrase());
                }
            } catch (IOException e) {
                throw new KeycloakClientException("Http POST failure to " + str + "; cause:  " + e.getMessage(), e);
            }
        } catch (UnsupportedEncodingException e2) {
            throw new KeycloakClientException("Can't create string entity " + str2, e2);
        }
    }

    private <T> T doEmptyHttpPost(String str, Class<T> cls) throws KeycloakClientException {
        HttpPost httpPost = new HttpPost(str);
        setHeaders(httpPost);
        ResponseHandler<T> responseHandler = getResponseHandler(cls);
        LOG.debug("Empty http POST to " + str);
        try {
            return (T) this.client.execute(httpPost, responseHandler);
        } catch (IOException e) {
            throw new KeycloakClientException("Empty http POST failure to " + str + "; cause:  " + e.getMessage(), e);
        }
    }

    private void doHttpDelete(String str, String str2) throws KeycloakClientException {
        HttpDelete httpDelete = new HttpDelete(str);
        setHeaders(httpDelete);
        LOG.debug("Http DELETE to " + str);
        try {
            CloseableHttpResponse execute = this.client.execute(httpDelete);
            if (execute.getStatusLine().getStatusCode() >= 300) {
                throw new KeycloakClientException(str2 + ": " + execute.getStatusLine().getReasonPhrase());
            }
        } catch (IOException e) {
            throw new KeycloakClientException("Http DELETE failure to " + str + "; cause:  " + e.getMessage(), e);
        }
    }

    private String representationToJsonString(Object obj) throws KeycloakClientException {
        try {
            return JsonSerialization.writeValueAsString(obj);
        } catch (IOException e) {
            throw new KeycloakClientException("Unable to translate " + obj.getClass().toString() + " into a json string", e);
        }
    }

    private void login() throws KeycloakClientException {
        HttpClientBuilder useSystemProperties = HttpClientBuilder.create().useSystemProperties();
        String urlBuilder = urlBuilder(AUTHPATH, new Object[0]);
        try {
            if (this.useHttps) {
                useSystemProperties.setSSLSocketFactory(new SSLConnectionSocketFactory(SSLContexts.custom().useProtocol("TLS").loadTrustMaterial(new File(this.truststore), this.trustpass.toCharArray()).build()));
            }
            this.client = useSystemProperties.build();
            HttpPost httpPost = new HttpPost(urlBuilder);
            httpPost.addHeader("Content-Type", "application/x-www-form-urlencoded");
            httpPost.addHeader("Accept", JamonModelAndView.JamonView.CONTENT_TYPE_TEXT_JSON);
            ArrayList arrayList = new ArrayList();
            arrayList.add(new BasicNameValuePair("grant_type", "password"));
            arrayList.add(new BasicNameValuePair("username", this.username));
            arrayList.add(new BasicNameValuePair("password", this.password));
            arrayList.add(new BasicNameValuePair("client_id", "admin-cli"));
            ResponseHandler responseHandler = getResponseHandler(AccessTokenResponse.class);
            try {
                httpPost.setEntity(new UrlEncodedFormEntity(arrayList));
                this.token = (AccessTokenResponse) this.client.execute(httpPost, responseHandler);
            } catch (UnsupportedEncodingException e) {
                throw new KeycloakClientException("Error encoding params", e);
            } catch (IOException e2) {
                throw new KeycloakClientException("Login http POST failure to " + urlBuilder + "; cause:  " + e2.getMessage(), e2);
            }
        } catch (Exception e3) {
            throw new KeycloakClientException("Problem configuring TLS to " + urlBuilder + " using truststore " + this.truststore, e3);
        }
    }

    public void makeRealm(String str, String str2) throws KeycloakClientException {
        createRealm(str, str2);
        populateRealm(str, str2);
    }

    public boolean realmExists(String str) throws KeycloakClientException {
        for (RealmRepresentation realmRepresentation : (RealmRepresentation[]) doHttpGet(urlBuilder(REALMS, new Object[0]), RealmRepresentation[].class)) {
            if (realmRepresentation.getRealm().equals(str)) {
                return true;
            }
        }
        return false;
    }

    private void createRealm(String str, String str2) throws KeycloakClientException {
        try {
            RealmRepresentation realmRepresentation = (RealmRepresentation) JsonSerialization.readValue(str2, RealmRepresentation.class);
            realmRepresentation.setId(str);
            realmRepresentation.setRealm(str);
            realmRepresentation.setDisplayName("Welcome to the " + str + " realm");
            realmRepresentation.setDisplayNameHtml("Welcome to the " + str + " realm");
            doHttpPost(urlBuilder(REALMS, new Object[0]), representationToJsonString(realmRepresentation), "Unable to create realm");
        } catch (IOException e) {
            throw new KeycloakClientException("Problem reading initial realm data", e);
        }
    }

    private void populateRealm(String str, String str2) throws KeycloakClientException {
        try {
            PartialImportRepresentation partialImportRepresentation = (PartialImportRepresentation) JsonSerialization.readValue(str2, PartialImportRepresentation.class);
            partialImportRepresentation.setIfResourceExists("OVERWRITE");
            doHttpPost(urlBuilder(PARTIALIMPORT, str), representationToJsonString(partialImportRepresentation), "Unable to populate realm");
        } catch (IOException e) {
            throw new KeycloakClientException("Problem reading initial realm data", e);
        }
    }

    public String addClient(String str, String str2) throws KeycloakClientException {
        String clientId = getClientId(str, str2);
        if (clientId != null) {
            return clientId;
        }
        ClientRepresentation clientRepresentation = new ClientRepresentation();
        clientRepresentation.setName(str2);
        clientRepresentation.setClientId(str2);
        clientRepresentation.setDescription("Auto generated " + str2);
        clientRepresentation.setRootUrl(CommandUtils.CONFIG_TOP_LEVEL_DIR);
        clientRepresentation.setAdminUrl(CommandUtils.CONFIG_TOP_LEVEL_DIR);
        clientRepresentation.setBaseUrl(CommandUtils.CONFIG_TOP_LEVEL_DIR);
        clientRepresentation.setEnabled(true);
        clientRepresentation.setClientAuthenticatorType("client-secret");
        clientRepresentation.setRedirectUris(ImmutableList.of("*"));
        clientRepresentation.setWebOrigins(ImmutableList.of("+"));
        clientRepresentation.setDirectAccessGrantsEnabled(false);
        clientRepresentation.setPublicClient(false);
        clientRepresentation.setFrontchannelLogout(false);
        clientRepresentation.setProtocol("openid-connect");
        doHttpPost(urlBuilder(CLIENTS, str), representationToJsonString(clientRepresentation), "Unable to add client " + str2 + " to realm " + str);
        return getClientId(str, str2);
    }

    public String getClient(String str, String str2) throws KeycloakClientException {
        return representationToJsonString((ClientRepresentation) doHttpGet(urlBuilder(ONECLIENT, str, str2), ClientRepresentation.class));
    }

    public String getClientId(String str, String str2) throws KeycloakClientException {
        try {
            URIBuilder uRIBuilder = new URIBuilder(urlBuilder(CLIENTS, str));
            uRIBuilder.addParameter("clientId", str2);
            for (ClientRepresentation clientRepresentation : (ClientRepresentation[]) doHttpGet(uRIBuilder.build().toString(), ClientRepresentation[].class)) {
                if (clientRepresentation.getClientId().equals(str2)) {
                    return clientRepresentation.getId();
                }
            }
            return null;
        } catch (URISyntaxException e) {
            throw new KeycloakClientException("Problem building url for client id", e);
        }
    }

    public void deleteClient(String str, String str2) throws KeycloakClientException {
        doHttpDelete(urlBuilder(ONECLIENT, str, str2), "Unable to delete client " + str2 + " from realm " + str);
    }

    public void addClientRole(String str, String str2, String str3, String str4) throws KeycloakClientException {
        RoleRepresentation roleRepresentation = new RoleRepresentation();
        roleRepresentation.setName(str3);
        roleRepresentation.setDescription(str4);
        roleRepresentation.setClientRole(true);
        roleRepresentation.setComposite(false);
        doHttpPost(urlBuilder(CLIENTROLES, str, str2), representationToJsonString(roleRepresentation), "Unable to create client role " + str3 + " for client " + str2);
    }

    public String getClientRole(String str, String str2, String str3) throws KeycloakClientException {
        return representationToJsonString((RoleRepresentation) doHttpGet(urlBuilder(CLIENTROLE, str, str2, str3), RoleRepresentation.class));
    }

    public String getSecret(String str, String str2) throws KeycloakClientException {
        return ((CredentialRepresentation) doHttpGet(urlBuilder(SECRET, str, str2), CredentialRepresentation.class)).getValue();
    }

    public String genSecret(String str, String str2) throws KeycloakClientException {
        return ((CredentialRepresentation) doEmptyHttpPost(urlBuilder(SECRET, str, str2), CredentialRepresentation.class)).getValue();
    }

    public String exportRealm(String str) throws KeycloakClientException {
        try {
            URIBuilder uRIBuilder = new URIBuilder(urlBuilder(PARTIALEXPORT, str));
            uRIBuilder.addParameter("exportClients", "true");
            uRIBuilder.addParameter("exportGroupsAndRoles", "true");
            return representationToJsonString((RealmRepresentation) doEmptyHttpPost(uRIBuilder.build().toString(), RealmRepresentation.class));
        } catch (URISyntaxException e) {
            throw new KeycloakClientException("Problem building url for realm export", e);
        }
    }

    public void deleteRealm(String str) throws KeycloakClientException {
        doHttpDelete(urlBuilder(THISREALM, str), "Unable to delete realm");
    }

    public String createUser(String str, String str2, String str3) throws KeycloakClientException {
        CredentialRepresentation credentialRepresentation = new CredentialRepresentation();
        credentialRepresentation.setValue(str3);
        credentialRepresentation.setType("password");
        UserRepresentation userRepresentation = new UserRepresentation();
        userRepresentation.setUsername(str2);
        userRepresentation.setCredentials(ImmutableList.of(credentialRepresentation));
        userRepresentation.setEnabled(true);
        userRepresentation.setFirstName("Temporary");
        userRepresentation.setLastName(str2);
        doHttpPost(urlBuilder(USERS, str), representationToJsonString(userRepresentation), "Unable to add user " + str2 + " to realm " + str);
        return getUserIdByName(str, str2);
    }

    public String createAdminUser(String str, String str2, String str3) throws KeycloakClientException {
        String createUser = createUser(str, str2, str3);
        setAllUserRoles(str, createUser);
        return createUser;
    }

    public String getUserIdByName(String str, String str2) throws KeycloakClientException {
        try {
            URIBuilder uRIBuilder = new URIBuilder(urlBuilder(USERS, str));
            uRIBuilder.addParameter("username", str2);
            for (UserRepresentation userRepresentation : (UserRepresentation[]) doHttpGet(uRIBuilder.build().toString(), UserRepresentation[].class)) {
                if (userRepresentation.getUsername().equals(str2)) {
                    return userRepresentation.getId();
                }
            }
            return null;
        } catch (URISyntaxException e) {
            throw new KeycloakClientException("Problem building url for user id", e);
        }
    }

    public String getUserRolesAvailable(String str, String str2) throws KeycloakClientException {
        return representationToJsonString((RoleRepresentation[]) doHttpGet(urlBuilder(ROLES_AVAIL, str, str2), RoleRepresentation[].class));
    }

    public void setAllUserRoles(String str, String str2) throws KeycloakClientException {
        doHttpPost(urlBuilder(ROLES, str, str2), representationToJsonString((RoleRepresentation[]) doHttpGet(urlBuilder(ROLES_AVAIL, str, str2), RoleRepresentation[].class)), "Unable to add roles to user");
    }

    public void addUserClientRole(String str, String str2, String str3, String str4) throws KeycloakClientException {
        doHttpPost(urlBuilder(USER_CLIENT_ROLE, str, str2, str3), "[ " + getClientRole(str, str3, str4) + " ]", "Unable to add user client role to user " + str2 + " for client role " + str4);
    }

    public String getUserClientRoles(String str, String str2, String str3) throws KeycloakClientException {
        return representationToJsonString((RoleRepresentation[]) doHttpGet(urlBuilder(USER_CLIENT_ROLE, str, str2, str3), RoleRepresentation[].class));
    }

    public String userInfo(String str, String str2) throws KeycloakClientException {
        return representationToJsonString((UserRepresentation) doHttpGet(urlBuilder(ONEUSER, str, str2), UserRepresentation.class));
    }

    public void deleteUser(String str, String str2) throws KeycloakClientException {
        doHttpDelete(urlBuilder(ONEUSER, str, str2), "Unable to delete user " + str2 + " from realm " + str);
    }

    public void close() throws KeycloakClientException {
        try {
            this.client.close();
        } catch (IOException e) {
            throw new KeycloakClientException("Cannot close connection", e);
        }
    }
}
