package eu.europeana.keycloak.user;

import jakarta.annotation.PreDestroy;
import jakarta.json.Json;
import jakarta.json.JsonReader;
import java.io.IOException;
import java.io.StringReader;
import java.io.UnsupportedEncodingException;
import java.time.LocalDate;
import java.util.ArrayList;
import java.util.List;
import org.apache.http.NameValuePair;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpDelete;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.entity.StringEntity;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.message.BasicNameValuePair;
import org.apache.http.util.EntityUtils;
import org.jboss.logging.Logger;
import org.keycloak.email.DefaultEmailSenderProvider;
import org.keycloak.email.EmailException;
import org.keycloak.models.ClientModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleModel;
import org.keycloak.models.UserModel;

/* loaded from: input_file:eu/europeana/keycloak/user/UserRemovedMessageHandler.class */
public class UserRemovedMessageHandler {
    private static final Logger LOG = Logger.getLogger(UserRemovedMessageHandler.class);
    public static final String CLIENT_OWNER = "client_owner";
    public static final String SHARED_OWNER = "shared_owner";
    public static final int DAYS_TO_ADD = 30;
    private final String prefix;
    private String userSetToken;
    private boolean setsDeleteOK = false;
    private boolean slackHttpMessageOK = false;
    private boolean slackEmailMessageOK = false;
    private final CloseableHttpClient httpClient = HttpClients.createDefault();

    public UserRemovedMessageHandler(String str) {
        this.prefix = str;
    }

    @PreDestroy
    public void close() throws IOException {
        if (this.httpClient != null) {
            this.httpClient.close();
            LOG.info("HTTP client closed.");
        }
    }

    public void handleUserRemoveEvent(KeycloakSession keycloakSession, UserModel.UserRemovedEvent userRemovedEvent) {
        RealmModel realm = userRemovedEvent.getRealm();
        UserModel userByUsername = keycloakSession.users().getUserByUsername(realm, UserRemovedConfig.SLACK_USERNAME);
        removeKeysAndNotify(keycloakSession, userRemovedEvent, realm);
        if (getUserSetToken()) {
            this.setsDeleteOK = sendUserSetDeleteRequest(userRemovedEvent, this.userSetToken);
        }
        if (UserRemovedConfig.DEBUG_LOGS) {
            LOG.info(formatMessage(userRemovedEvent, this.setsDeleteOK ? "User sets deleted." : "No user sets deleted."));
            LOG.info(formatMessage(userRemovedEvent, "Sending confirmation message to Slack"));
        }
        if (null != UserRemovedConfig.SLACK_WEBHOOK && !"".equalsIgnoreCase(UserRemovedConfig.SLACK_WEBHOOK)) {
            String formatUserRemovedMessage = formatUserRemovedMessage(userRemovedEvent, true);
            LOG.info("message " + formatUserRemovedMessage);
            this.slackHttpMessageOK = sendSlackHttpMessage(userRemovedEvent, formatUserRemovedMessage, UserRemovedConfig.SLACK_WEBHOOK);
        }
        if (!this.slackHttpMessageOK) {
            if (UserRemovedConfig.DEBUG_LOGS) {
                LOG.info(formatMessage(userRemovedEvent, "Error occurred trying to send the message over HTTP, now trying to send it via email ..."));
            }
            this.slackEmailMessageOK = sendSlackEmailMessage(keycloakSession, userByUsername, userRemovedEvent, formatUserRemovedMessage(userRemovedEvent, false));
        }
        if (this.slackHttpMessageOK || this.slackEmailMessageOK) {
            LOG.info(formatMessage(userRemovedEvent, "Confirmation message was sent to Slack"));
        } else {
            LOG.error(formatMessage(userRemovedEvent, "!IMPORTANT! User account was removed, but failed to send confirmation message to Slack. Please notify the Slack delete_user_account channel, providing details about the error and the deleted user, so they can handle the issue manually."));
        }
    }

    private void removeKeysAndNotify(KeycloakSession keycloakSession, UserModel.UserRemovedEvent userRemovedEvent, RealmModel realmModel) {
        UserModel user = userRemovedEvent.getUser();
        List<String> removeKeysAssociatedToUser = removeKeysAssociatedToUser(keycloakSession, user, realmModel);
        if (removeKeysAssociatedToUser.isEmpty()) {
            return;
        }
        String format = String.format("{\"text\":\"User account with the name %s associated to the email address %s was removed and left the following project keys without owner: %s\"}", user.getUsername(), user.getEmail(), String.join(",", removeKeysAssociatedToUser));
        if (sendSlackHttpMessage(userRemovedEvent, format, UserRemovedConfig.SLACK_WEBHOOK_ORPHAN_PROJECT_KEY)) {
            return;
        }
        LOG.error(formatMessage(userRemovedEvent, "Failed slack message is - " + format));
    }

    private static List<String> removeKeysAssociatedToUser(KeycloakSession keycloakSession, UserModel userModel, RealmModel realmModel) {
        List<RoleModel> list = userModel.getRoleMappingsStream().filter(roleModel -> {
            return CLIENT_OWNER.equals(roleModel.getName()) || SHARED_OWNER.equals(roleModel.getName());
        }).toList();
        ArrayList arrayList = new ArrayList();
        for (RoleModel roleModel2 : list) {
            ClientModel container = roleModel2.getContainer();
            if (roleModel2.isClientRole() && container != null) {
                if (CLIENT_OWNER.equals(roleModel2.getName())) {
                    dissociatePrivateKey(keycloakSession, userModel, realmModel, container);
                }
                if (SHARED_OWNER.equals(roleModel2.getName()) && keycloakSession.users().getRoleMembersStream(realmModel, roleModel2).findAny().isEmpty()) {
                    arrayList.add(container.getClientId());
                }
            }
        }
        return arrayList;
    }

    private static void dissociatePrivateKey(KeycloakSession keycloakSession, UserModel userModel, RealmModel realmModel, ClientModel clientModel) {
        if (clientModel == null) {
            LOG.error("Unable to remove private key associated to user");
        } else if (keycloakSession.clients().removeClient(realmModel, clientModel.getId())) {
            LOG.info("Removed the private key " + clientModel.getClientId() + " associated to user-" + userModel.getUsername());
        }
    }

    public boolean getUserSetToken() {
        HttpPost httpPost = new HttpPost(UserRemovedConfig.OID_TOKEN_URL);
        if (UserRemovedConfig.DEBUG_LOGS) {
            LOG.info("Auth server OID url: " + UserRemovedConfig.OID_TOKEN_URL);
        }
        try {
            httpPost.setEntity(new UrlEncodedFormEntity(getPostParameters(), "UTF-8"));
            httpPost.setHeader("Content-type", "application/x-www-form-urlencoded");
            try {
                CloseableHttpResponse execute = this.httpClient.execute(httpPost);
                try {
                    boolean processResponse = processResponse(execute);
                    if (execute != null) {
                        execute.close();
                    }
                    return processResponse;
                } finally {
                }
            } catch (Exception e) {
                LOG.error(e);
                return false;
            }
        } catch (UnsupportedEncodingException e2) {
            LOG.error(e2);
            return false;
        }
    }

    private boolean processResponse(CloseableHttpResponse closeableHttpResponse) throws IOException {
        if (closeableHttpResponse.getStatusLine().getStatusCode() != 200) {
            LOG.error("Error sending POST request, received HTTP response code" + closeableHttpResponse.getStatusLine().getStatusCode());
            return false;
        }
        String entityUtils = EntityUtils.toString(closeableHttpResponse.getEntity());
        this.userSetToken = readJsonValue(entityUtils, "access_token");
        if (!isNotBlank(this.userSetToken)) {
            LOG.error("No access token found in response from Keycloak: " + entityUtils);
            return false;
        }
        if (!UserRemovedConfig.DEBUG_LOGS) {
            return true;
        }
        LOG.info("User set access token: " + this.userSetToken);
        return true;
    }

    private static ArrayList<NameValuePair> getPostParameters() {
        ArrayList<NameValuePair> arrayList = new ArrayList<>();
        arrayList.add(new BasicNameValuePair("grant_type", "password"));
        arrayList.add(new BasicNameValuePair("username", UserRemovedConfig.DELETE_MGR_ID));
        arrayList.add(new BasicNameValuePair("password", UserRemovedConfig.DELETE_MGR_PW));
        arrayList.add(new BasicNameValuePair("client_id", UserRemovedConfig.CLIENT_ID));
        arrayList.add(new BasicNameValuePair("client_secret", UserRemovedConfig.CLIENT_SECRET));
        arrayList.add(new BasicNameValuePair("scope", UserRemovedConfig.SCOPE));
        return arrayList;
    }

    private boolean sendUserSetDeleteRequest(UserModel.UserRemovedEvent userRemovedEvent, String str) {
        String str2 = UserRemovedConfig.SET_API_URL + "?creator=" + userRemovedEvent.getUser().getId();
        if (UserRemovedConfig.DEBUG_LOGS) {
            str2 = str2 + "&profile=debug&includeErrorStack=true";
            LOG.info(str2);
        }
        HttpDelete httpDelete = new HttpDelete(str2);
        httpDelete.setHeader("Authorization", "Bearer " + str);
        try {
            CloseableHttpResponse execute = this.httpClient.execute(httpDelete);
            try {
                if (execute.getStatusLine().getStatusCode() == 204) {
                    LOG.info(formatMessage(userRemovedEvent, "Usersets delete request successful: received HTTP " + execute.getStatusLine().getStatusCode()));
                    if (execute != null) {
                        execute.close();
                    }
                    return true;
                }
                if (UserRemovedConfig.DEBUG_LOGS) {
                    LOG.error("Usersets delete request was not successful: received HTTP " + execute.getStatusLine().getStatusCode() + " response. Response body: " + EntityUtils.toString(execute.getEntity()));
                } else {
                    LOG.error(formatMessage(userRemovedEvent, "Usersets delete request was not successful: received HTTP " + execute.getStatusLine().getStatusCode()));
                }
                if (execute != null) {
                    execute.close();
                }
                return false;
            } finally {
            }
        } catch (IOException e) {
            if (UserRemovedConfig.DEBUG_LOGS) {
                LOG.error(e);
                return false;
            }
            LOG.error(formatMessage(userRemovedEvent, "IOException occurred while sending delete request by HTTP: " + e.getMessage()));
            return false;
        }
    }

    private String formatUserRemovedMessage(UserModel.UserRemovedEvent userRemovedEvent, boolean z) {
        UserModel user = userRemovedEvent.getUser();
        String str = z ? ":heavy_check_mark:" : "✓";
        String str2 = z ? UserRemovedConfig.ERROR_ICON : "✘";
        String str3 = UserRemovedConfig.SLACK_USER_DELETE_MESSAGEBODY;
        Object[] objArr = new Object[5];
        objArr[0] = LocalDate.now();
        objArr[1] = user.getEmail();
        objArr[2] = str;
        objArr[3] = this.setsDeleteOK ? str : str2;
        objArr[4] = LocalDate.now().plusDays(30L);
        return String.format(str3, objArr);
    }

    private boolean sendSlackHttpMessage(UserModel.UserRemovedEvent userRemovedEvent, String str, String str2) {
        try {
            StringEntity stringEntity = new StringEntity(str);
            HttpPost httpPost = new HttpPost(str2);
            httpPost.setEntity(stringEntity);
            httpPost.setHeader("Accept", "application/json");
            httpPost.setHeader("Content-type", "application/json");
            try {
                CloseableHttpResponse execute = this.httpClient.execute(httpPost);
                try {
                    if (execute.getStatusLine().getStatusCode() == 200) {
                        LOG.info(formatMessage(userRemovedEvent, "Slack message sent successfully: received HTTP " + execute.getStatusLine().getStatusCode() + " response"));
                        if (execute != null) {
                            execute.close();
                        }
                        return true;
                    }
                    LOG.error(formatMessage(userRemovedEvent, "Error sending Slack message: received HTTP " + execute.getStatusLine().getStatusCode() + " response"));
                    if (execute != null) {
                        execute.close();
                    }
                    return false;
                } finally {
                }
            } catch (IOException e) {
                LOG.error(e);
                return false;
            }
        } catch (UnsupportedEncodingException e2) {
            LOG.errorf("UnsupportedEncodingException occurred while creating Slack message", e2);
            return false;
        }
    }

    private boolean sendSlackEmailMessage(KeycloakSession keycloakSession, UserModel userModel, UserModel.UserRemovedEvent userRemovedEvent, String str) {
        DefaultEmailSenderProvider defaultEmailSenderProvider = new DefaultEmailSenderProvider(keycloakSession);
        UserModel user = userRemovedEvent.getUser();
        try {
            if (userModel == null) {
                LOG.info(formatMessage(userRemovedEvent, "Sending email to Slack user failed for : " + user.getId()));
                return false;
            }
            LOG.info(formatMessage(userRemovedEvent, "Sending email to Slack user: " + userModel.getEmail()));
            defaultEmailSenderProvider.send(keycloakSession.getContext().getRealm().getSmtpConfig(), userModel, "User account for Keycloak user with ID: " + user.getId(), str, str);
            return true;
        } catch (EmailException e) {
            LOG.error(formatMessage(userRemovedEvent, "EmailException occurred while sending Slack message by email: " + e.getMessage()));
            return false;
        }
    }

    private String formatMessage(UserModel.UserRemovedEvent userRemovedEvent, String str) {
        StringBuilder sb = new StringBuilder();
        sb.append("type: USER_DELETE_EVENT");
        if (userRemovedEvent.getRealm() != null) {
            sb.append(", realm: ");
            sb.append(userRemovedEvent.getRealm().getName());
        }
        if (userRemovedEvent.getUser() != null) {
            if (isNotBlank(userRemovedEvent.getUser().getId())) {
                sb.append(", userId: ");
                sb.append(userRemovedEvent.getUser().getId());
            }
            if (isNotBlank(userRemovedEvent.getUser().getEmail())) {
                sb.append(", userEmail: ");
                sb.append(userRemovedEvent.getUser().getEmail());
            }
            if (isNotBlank(userRemovedEvent.getUser().getUsername())) {
                sb.append(", userName: ");
                sb.append(userRemovedEvent.getUser().getUsername());
            }
        }
        if (str != null) {
            sb.append(", message: ");
            sb.append((CharSequence) sb);
        }
        sb.append(" ");
        return this.prefix + String.valueOf(sb);
    }

    private boolean isNotBlank(String str) {
        return (null == str || str.isEmpty() || str.isBlank()) ? false : true;
    }

    private String readJsonValue(String str, String str2) {
        JsonReader createReader = Json.createReader(new StringReader(str));
        String string = createReader.readObject().getString(str2);
        createReader.close();
        return string;
    }
}
