package org.keycloak.client.registration.cli.commands;

import com.fasterxml.jackson.core.JsonParseException;
import java.io.IOException;
import java.io.InputStream;
import java.io.PrintWriter;
import java.io.StringWriter;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import org.keycloak.client.cli.common.AttributeOperation;
import org.keycloak.client.cli.config.ConfigData;
import org.keycloak.client.cli.util.ConfigUtil;
import org.keycloak.client.cli.util.HttpUtil;
import org.keycloak.client.cli.util.IoUtil;
import org.keycloak.client.cli.util.OsUtil;
import org.keycloak.client.cli.util.ParseUtil;
import org.keycloak.client.registration.cli.CmdStdinContext;
import org.keycloak.client.registration.cli.EndpointType;
import org.keycloak.client.registration.cli.EndpointTypeConverter;
import org.keycloak.client.registration.cli.KcRegMain;
import org.keycloak.client.registration.cli.ReflectionUtil;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.oidc.OIDCClientRepresentation;
import org.keycloak.util.JsonSerialization;
import picocli.CommandLine;

@CommandLine.Command(name = "update", description = {"CLIENT_ID [ARGUMENTS]"})
/* loaded from: input_file:org/keycloak/client/registration/cli/commands/UpdateCmd.class */
public class UpdateCmd extends AbstractAuthOptionsCmd {

    @CommandLine.Parameters(arity = "0..1")
    String clientId;

    @CommandLine.Option(names = {"-e", "--endpoint"}, description = {"Endpoint type to use - one of: 'default', 'oidc'"}, converter = {EndpointTypeConverter.class})
    private EndpointType regType = null;

    @CommandLine.Option(names = {"-f", "--file"}, description = {"Use the file or standard input if '-' is specified"})
    private String file = null;

    @CommandLine.Option(names = {"-m", "--merge"}, description = {"Merge new values with existing configuration on the server"})
    private boolean mergeMode = false;

    @CommandLine.Option(names = {"-o", "--output"}, description = {"After update output the new client configuration"})
    private boolean outputClient = false;

    @CommandLine.Option(names = {"-c", "--compressed"}, description = {"Don't pretty print the output"})
    private boolean compressed = false;

    @CommandLine.ArgGroup(exclusive = true, multiplicity = "0..*")
    List<AttributeOperations> rawAttributeOperations = new ArrayList();
    List<AttributeOperation> attrs = new LinkedList();

    /* loaded from: input_file:org/keycloak/client/registration/cli/commands/UpdateCmd$AttributeOperations.class */
    static class AttributeOperations {

        @CommandLine.Option(names = {"-s", "--set"}, required = true)
        String set;

        @CommandLine.Option(names = {"-d", "--delete"}, required = true)
        String delete;

        AttributeOperations() {
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.keycloak.client.cli.common.BaseAuthOptionsCmd, org.keycloak.client.cli.common.BaseGlobalOptionsCmd
    public void processOptions() {
        super.processOptions();
        for (AttributeOperations attributeOperations : this.rawAttributeOperations) {
            if (attributeOperations.delete != null) {
                this.attrs.add(new AttributeOperation(AttributeOperation.Type.DELETE, attributeOperations.delete));
            } else {
                String[] parseKeyVal = ParseUtil.parseKeyVal(attributeOperations.set);
                this.attrs.add(new AttributeOperation(AttributeOperation.Type.SET, parseKeyVal[0], parseKeyVal[1]));
            }
        }
    }

    @Override // org.keycloak.client.cli.common.BaseGlobalOptionsCmd
    protected void process() {
        if (this.clientId == null) {
            throw new IllegalArgumentException("CLIENT_ID not specified");
        }
        if (this.clientId.startsWith("-")) {
            IoUtil.warnfErr(CmdStdinContext.CLIENT_OPTION_WARN, this.clientId);
        }
        if (this.file == null && this.attrs.size() == 0) {
            throw new IllegalArgumentException("No file nor attribute values specified");
        }
        if (this.file == null && this.attrs.size() > 0) {
            this.mergeMode = true;
        }
        CmdStdinContext cmdStdinContext = new CmdStdinContext();
        if (this.file != null) {
            cmdStdinContext = CmdStdinContext.parseFileOrStdin(this.file, this.regType);
            this.regType = cmdStdinContext.getEndpointType();
        }
        if (this.regType == null) {
            this.regType = EndpointType.DEFAULT;
            cmdStdinContext.setEndpointType(this.regType);
        } else if (this.regType != EndpointType.DEFAULT && this.regType != EndpointType.OIDC) {
            throw new RuntimeException("Update not supported for endpoint type: " + this.regType.getEndpoint());
        }
        ConfigData copyWithServerInfo = copyWithServerInfo(ConfigUtil.loadConfig());
        String serverUrl = copyWithServerInfo.getServerUrl();
        String realm = copyWithServerInfo.getRealm();
        if (this.externalToken == null) {
            boolean z = false;
            Iterator<AttributeOperation> it = this.attrs.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                AttributeOperation next = it.next();
                if ("registrationAccessToken".equals(next.getKey().toString())) {
                    z = true;
                    if (next.getType() == AttributeOperation.Type.SET) {
                        this.externalToken = next.getValue();
                    }
                }
            }
            if (!z) {
                this.externalToken = cmdStdinContext.getRegistrationAccessToken();
            }
        }
        if (this.externalToken == null) {
            this.externalToken = ConfigUtil.getRegistrationToken(copyWithServerInfo.sessionRealmConfigData(), this.clientId);
        }
        setupTruststore(copyWithServerInfo);
        String str = this.externalToken;
        if (str == null) {
            ConfigData copyWithServerInfo2 = copyWithServerInfo(ensureAuthInfo(copyWithServerInfo));
            if (ConfigUtil.credentialsAvailable(copyWithServerInfo2)) {
                str = ensureToken(copyWithServerInfo2);
            }
        }
        String str2 = str != null ? "Bearer " + str : null;
        if (this.mergeMode) {
            String readFully = IoUtil.readFully(HttpUtil.doGet(serverUrl + "/realms/" + realm + "/clients-registrations/" + this.regType.getEndpoint() + "/" + HttpUtil.urlencode(this.clientId), HttpUtil.APPLICATION_JSON, str2));
            CmdStdinContext cmdStdinContext2 = new CmdStdinContext();
            cmdStdinContext2.setContent(readFully);
            cmdStdinContext2.setEndpointType(this.regType);
            try {
                if (this.regType == EndpointType.DEFAULT) {
                    cmdStdinContext2.setClient((ClientRepresentation) JsonSerialization.readValue(readFully, ClientRepresentation.class));
                    this.externalToken = cmdStdinContext2.getClient().getRegistrationAccessToken();
                } else if (this.regType == EndpointType.OIDC) {
                    cmdStdinContext2.setOidcClient((OIDCClientRepresentation) JsonSerialization.readValue(readFully, OIDCClientRepresentation.class));
                    this.externalToken = cmdStdinContext2.getOidcClient().getRegistrationAccessToken();
                }
                if (this.externalToken != null) {
                    str2 = "Bearer " + this.externalToken;
                    String str3 = this.externalToken;
                    String str4 = this.clientId;
                    ConfigUtil.saveMergeConfig(configData -> {
                        ConfigUtil.setRegistrationToken(configData.ensureRealmConfigData(serverUrl, realm), str4, str3);
                    });
                }
                if (cmdStdinContext.getClient() != null) {
                    ReflectionUtil.merge(cmdStdinContext.getClient(), cmdStdinContext2.getClient());
                } else if (cmdStdinContext.getOidcClient() != null) {
                    ReflectionUtil.merge(cmdStdinContext.getOidcClient(), cmdStdinContext2.getOidcClient());
                }
                cmdStdinContext = cmdStdinContext2;
            } catch (JsonParseException e) {
                throw new RuntimeException("Not a valid JSON document. " + e.getMessage(), e);
            } catch (IOException e2) {
                throw new RuntimeException("Not a valid JSON document", e2);
            }
        }
        if (this.attrs.size() > 0) {
            cmdStdinContext = CmdStdinContext.mergeAttributes(cmdStdinContext, this.attrs);
        }
        InputStream doPut = HttpUtil.doPut(serverUrl + "/realms/" + realm + "/clients-registrations/" + this.regType.getEndpoint() + "/" + HttpUtil.urlencode(this.clientId), HttpUtil.APPLICATION_JSON, HttpUtil.APPLICATION_JSON, cmdStdinContext.getContent(), str2);
        try {
            if (this.regType == EndpointType.DEFAULT) {
                ClientRepresentation clientRepresentation = (ClientRepresentation) JsonSerialization.readValue(doPut, ClientRepresentation.class);
                outputResult(clientRepresentation);
                this.externalToken = clientRepresentation.getRegistrationAccessToken();
            } else if (this.regType == EndpointType.OIDC) {
                OIDCClientRepresentation oIDCClientRepresentation = (OIDCClientRepresentation) JsonSerialization.readValue(doPut, OIDCClientRepresentation.class);
                outputResult(oIDCClientRepresentation);
                this.externalToken = oIDCClientRepresentation.getRegistrationAccessToken();
            }
            String str5 = this.externalToken;
            String str6 = this.clientId;
            ConfigUtil.saveMergeConfig(configData2 -> {
                ConfigUtil.setRegistrationToken(configData2.ensureRealmConfigData(serverUrl, realm), str6, str5);
            });
        } catch (IOException e3) {
            throw new RuntimeException("Failed to process HTTP response", e3);
        }
    }

    private void outputResult(Object obj) throws IOException {
        if (this.outputClient) {
            if (this.compressed) {
                IoUtil.printOut(JsonSerialization.writeValueAsString(obj));
            } else {
                IoUtil.printOut(JsonSerialization.writeValueAsPrettyString(obj));
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.keycloak.client.cli.common.BaseAuthOptionsCmd, org.keycloak.client.cli.common.BaseGlobalOptionsCmd
    public boolean nothingToDo() {
        return super.nothingToDo() && this.regType == null && this.file == null && this.rawAttributeOperations.isEmpty() && this.clientId == null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.keycloak.client.cli.common.BaseGlobalOptionsCmd
    public String help() {
        StringWriter stringWriter = new StringWriter();
        PrintWriter printWriter = new PrintWriter(stringWriter);
        printWriter.println("Usage: " + KcRegMain.CMD + " update CLIENT [ARGUMENTS]");
        printWriter.println();
        printWriter.println("Command to update an existing client configuration. If registration access token is specified it is used.");
        printWriter.println("Otherwise, if 'registrationAccessToken' attribute is set, that is used. Otherwise, if registration access");
        printWriter.println("token is available in configuration file, we use that. Finally, if it's not available anywhere, the current ");
        printWriter.println("active session is used.");
        globalOptions(printWriter);
        printWriter.println("  Command specific options:");
        printWriter.println("    CLIENT                ClientId of the client to update");
        printWriter.println("    -t, --token TOKEN     Use the specified Registration Access Token for authorization");
        printWriter.println("    -s, --set KEY=VALUE   Set specific attribute to a specified value");
        printWriter.println("              KEY+=VALUE  Add item to an array");
        printWriter.println("    -d, --delete NAME     Delete the specific attribute, or array item");
        printWriter.println("    -e, --endpoint TYPE   Endpoint type to use - one of: 'default', 'oidc'");
        printWriter.println("    -f, --file FILENAME   Use the file or standard input if '-' is specified");
        printWriter.println("    -m, --merge           Merge new values with existing configuration on the server");
        printWriter.println("                          Merge is automatically enabled unless --file is specified");
        printWriter.println("    -o, --output          After update output the new client configuration");
        printWriter.println("    -c, --compressed      Don't pretty print the output");
        printWriter.println();
        printWriter.println();
        printWriter.println("Nested attributes are supported by using '.' to separate components of a KEY. Optionally, the KEY components ");
        printWriter.println("can be quoted with double quotes - e.g. my_client.attributes.\"external.user.id\". If VALUE starts with [ and ");
        printWriter.println("ends with ] the attribute will be set as a JSON array. If VALUE starts with { and ends with } the attribute ");
        printWriter.println("will be set as a JSON object. If KEY ends with an array index - e.g. clients[3]=VALUE - then the specified item");
        printWriter.println("of the array is updated. If KEY+=VALUE syntax is used, then KEY is assumed to be an array, and another item is");
        printWriter.println("added to it.");
        printWriter.println();
        printWriter.println("Attributes can also be deleted. If KEY ends with an array index, then the targeted item of an array is removed");
        printWriter.println("and the following items are shifted.");
        printWriter.println();
        printWriter.println("Merged mode fetches current configuration from the server, applies attribute changes to it, and sends it");
        printWriter.println("back to the server, overwriting existing configuration there. If available, Registration Access Token is used ");
        printWriter.println("for authorization when doing changes. Otherwise current session's authorization is used in which case user needs");
        printWriter.println("manage-clients permission for update to work.");
        printWriter.println();
        printWriter.println();
        printWriter.println("Examples:");
        printWriter.println();
        printWriter.println("Update a client by fetching current configuration from server, and applying specified changes.");
        printWriter.println("  " + OsUtil.PROMPT + " " + KcRegMain.CMD + " update my_client -s enabled=true -s 'redirectUris=[\"http://localhost:8080/myapp/*\"]'");
        printWriter.println();
        printWriter.println("Update a client by overwriting existing configuration on the server with a new one:");
        printWriter.println("  " + OsUtil.PROMPT + " " + KcRegMain.CMD + " update my_client -f new_my_client.json");
        printWriter.println();
        printWriter.println("Update a client by overwriting existing configuration using local file as a template:");
        printWriter.println("  " + OsUtil.PROMPT + " " + KcRegMain.CMD + " update my_client -f new_my_client.json -s enabled=true");
        printWriter.println();
        printWriter.println("Update client by fetching current configuration from server and merging with specified changes:");
        printWriter.println("  " + OsUtil.PROMPT + " " + KcRegMain.CMD + " update my_client -f new_my_client.json -s enabled=true --merge");
        printWriter.println();
        printWriter.println("Update a client using 'oidc' endpoint:");
        printWriter.println("  " + OsUtil.PROMPT + " " + KcRegMain.CMD + " update my_client -e oidc -s 'redirect_uris=[\"http://localhost:8080/myapp/*\"]'");
        printWriter.println();
        printWriter.println();
        printWriter.println("Use '" + KcRegMain.CMD + " help' for general information and a list of commands");
        return stringWriter.toString();
    }
}
