package org.keycloak.client.admin.cli.commands;

import com.fasterxml.jackson.databind.node.ObjectNode;
import java.io.PrintWriter;
import java.io.StringWriter;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import org.keycloak.client.admin.cli.KcAdmMain;
import org.keycloak.client.admin.cli.operations.ClientOperations;
import org.keycloak.client.admin.cli.operations.GroupOperations;
import org.keycloak.client.admin.cli.operations.LocalSearch;
import org.keycloak.client.admin.cli.operations.RoleOperations;
import org.keycloak.client.admin.cli.operations.UserOperations;
import org.keycloak.client.cli.config.ConfigData;
import org.keycloak.client.cli.util.ConfigUtil;
import org.keycloak.client.cli.util.OsUtil;
import picocli.CommandLine;

@CommandLine.Command(name = "add-roles", description = {"[ARGUMENTS]"})
/* loaded from: input_file:org/keycloak/client/admin/cli/commands/AddRolesCmd.class */
public class AddRolesCmd extends AbstractAuthOptionsCmd {

    @CommandLine.Option(names = {"--uusername"}, description = {"Target user's 'username'"})
    String uusername;

    @CommandLine.Option(names = {"--uid"}, description = {"Target user's 'id'"})
    String uid;

    @CommandLine.Option(names = {"--gname"}, description = {"Target group's 'name'"})
    String gname;

    @CommandLine.Option(names = {"--gpath"}, description = {"Target group's 'path'"})
    String gpath;

    @CommandLine.Option(names = {"--gid"}, description = {"Target group's 'id'"})
    String gid;

    @CommandLine.Option(names = {"--rname"}, description = {"Composite role's 'name'"})
    String rname;

    @CommandLine.Option(names = {"--rid"}, description = {"Composite role's 'id'"})
    String rid;

    @CommandLine.Option(names = {"--cclientid"}, description = {"Target client's 'clientId'"})
    String cclientid;

    @CommandLine.Option(names = {"--cid"}, description = {"Target client's 'id'"})
    String cid;

    @CommandLine.Option(names = {"--rolename"}, description = {"Role's 'name' attribute"})
    List<String> roleNames = new ArrayList();

    @CommandLine.Option(names = {"--roleid"}, description = {"Role's 'id' attribute"})
    List<String> roleIds = new ArrayList();

    @Override // org.keycloak.client.cli.common.BaseGlobalOptionsCmd
    protected void process() {
        if (this.uid != null && this.uusername != null) {
            throw new IllegalArgumentException("Incompatible options: --uid and --uusername are mutually exclusive");
        }
        if ((this.gid != null && this.gname != null) || ((this.gid != null && this.gpath != null) || (this.gname != null && this.gpath != null))) {
            throw new IllegalArgumentException("Incompatible options: --gid, --gname and --gpath are mutually exclusive");
        }
        if (this.roleNames.isEmpty() && this.roleIds.isEmpty()) {
            throw new IllegalArgumentException("No role to add specified. Use --rolename or --roleid to specify roles to add");
        }
        if (this.cid != null && this.cclientid != null) {
            throw new IllegalArgumentException("Incompatible options: --cid and --cclientid are mutually exclusive");
        }
        if (this.rid != null && this.rname != null) {
            throw new IllegalArgumentException("Incompatible options: --rid and --rname are mutually exclusive");
        }
        if (isUserSpecified() && isGroupSpecified()) {
            throw new IllegalArgumentException("Incompatible options: --uusername / --uid can't be used at the same time as --gname / --gid / --gpath");
        }
        if (isUserSpecified() && isCompositeRoleSpecified()) {
            throw new IllegalArgumentException("Incompatible options: --uusername / --uid can't be used at the same time as --rname / --rid");
        }
        if (isGroupSpecified() && isCompositeRoleSpecified()) {
            throw new IllegalArgumentException("Incompatible options: --rname / --rid can't be used at the same time as --gname / --gid / --gpath");
        }
        if (!isUserSpecified() && !isGroupSpecified() && !isCompositeRoleSpecified()) {
            throw new IllegalArgumentException("No user nor group nor composite role specified. Use --uusername / --uid to specify user or --gname / --gid / --gpath to specify group or --rname / --rid to specify a composite role");
        }
        ConfigData copyWithServerInfo = copyWithServerInfo(ConfigUtil.loadConfig());
        setupTruststore(copyWithServerInfo);
        String str = null;
        ConfigData copyWithServerInfo2 = copyWithServerInfo(ensureAuthInfo(copyWithServerInfo));
        if (ConfigUtil.credentialsAvailable(copyWithServerInfo2)) {
            str = ensureToken(copyWithServerInfo2);
        }
        String str2 = str != null ? "Bearer " + str : null;
        String serverUrl = copyWithServerInfo2.getServerUrl();
        String targetRealm = getTargetRealm(copyWithServerInfo2);
        String composeAdminRoot = this.adminRestRoot != null ? this.adminRestRoot : composeAdminRoot(serverUrl);
        if (isUserSpecified()) {
            if (this.uid == null) {
                this.uid = UserOperations.getIdFromUsername(composeAdminRoot, targetRealm, str2, this.uusername);
            }
            if (!isClientSpecified()) {
                UserOperations.addRealmRoles(composeAdminRoot, targetRealm, str2, this.uid, new ArrayList(getRoleRepresentations(this.roleNames, this.roleIds, new LocalSearch(RoleOperations.getRealmRolesAsNodes(composeAdminRoot, targetRealm, str2)))));
                return;
            }
            if (this.cid == null) {
                this.cid = ClientOperations.getIdFromClientId(composeAdminRoot, targetRealm, str2, this.cclientid);
            }
            UserOperations.addClientRoles(composeAdminRoot, targetRealm, str2, this.uid, this.cid, new ArrayList(getRoleRepresentations(this.roleNames, this.roleIds, new LocalSearch(RoleOperations.getClientRoles(composeAdminRoot, targetRealm, this.cid, str2)))));
            return;
        }
        if (isGroupSpecified()) {
            if (this.gname != null) {
                this.gid = GroupOperations.getIdFromName(composeAdminRoot, targetRealm, str2, this.gname);
            } else if (this.gpath != null) {
                this.gid = GroupOperations.getIdFromPath(composeAdminRoot, targetRealm, str2, this.gpath);
            }
            if (!isClientSpecified()) {
                GroupOperations.addRealmRoles(composeAdminRoot, targetRealm, str2, this.gid, new ArrayList(getRoleRepresentations(this.roleNames, this.roleIds, new LocalSearch(RoleOperations.getRealmRolesAsNodes(composeAdminRoot, targetRealm, str2)))));
                return;
            }
            if (this.cid == null) {
                this.cid = ClientOperations.getIdFromClientId(composeAdminRoot, targetRealm, str2, this.cclientid);
            }
            GroupOperations.addClientRoles(composeAdminRoot, targetRealm, str2, this.gid, this.cid, new ArrayList(getRoleRepresentations(this.roleNames, this.roleIds, new LocalSearch(RoleOperations.getClientRoles(composeAdminRoot, targetRealm, this.cid, str2)))));
            return;
        }
        if (!isCompositeRoleSpecified()) {
            throw new IllegalArgumentException("No user nor group, nor composite role specified. Use --uusername / --uid to specify user or --gname / --gid / --gpath to specify group or --rname / --rid to specify a composite role");
        }
        if (this.rid == null) {
            this.rid = RoleOperations.getIdFromRoleName(composeAdminRoot, targetRealm, str2, this.rname);
        }
        if (!isClientSpecified()) {
            RoleOperations.addRealmRoles(composeAdminRoot, targetRealm, str2, this.rid, new ArrayList(getRoleRepresentations(this.roleNames, this.roleIds, new LocalSearch(RoleOperations.getRealmRolesAsNodes(composeAdminRoot, targetRealm, str2)))));
            return;
        }
        if (this.cid == null) {
            this.cid = ClientOperations.getIdFromClientId(composeAdminRoot, targetRealm, str2, this.cclientid);
        }
        RoleOperations.addClientRoles(composeAdminRoot, targetRealm, str2, this.rid, new ArrayList(getRoleRepresentations(this.roleNames, this.roleIds, new LocalSearch(RoleOperations.getClientRoles(composeAdminRoot, targetRealm, this.cid, str2)))));
    }

    private Set<ObjectNode> getRoleRepresentations(List<String> list, List<String> list2, LocalSearch localSearch) {
        HashSet hashSet = new HashSet();
        for (String str : list) {
            ObjectNode exactMatchOne = localSearch.exactMatchOne(str, "name");
            if (exactMatchOne == null) {
                throw new RuntimeException("Role not found for name: " + str);
            }
            hashSet.add(exactMatchOne);
        }
        for (String str2 : list2) {
            ObjectNode exactMatchOne2 = localSearch.exactMatchOne(str2, "id");
            if (exactMatchOne2 == null) {
                throw new RuntimeException("Role not found for id: " + str2);
            }
            hashSet.add(exactMatchOne2);
        }
        return hashSet;
    }

    private boolean isClientSpecified() {
        return (this.cid == null && this.cclientid == null) ? false : true;
    }

    private boolean isGroupSpecified() {
        return (this.gid == null && this.gname == null && this.gpath == null) ? false : true;
    }

    private boolean isUserSpecified() {
        return (this.uid == null && this.uusername == null) ? false : true;
    }

    private boolean isCompositeRoleSpecified() {
        return (this.rid == null && this.rname == null) ? false : true;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.keycloak.client.cli.common.BaseAuthOptionsCmd, org.keycloak.client.cli.common.BaseGlobalOptionsCmd
    public boolean nothingToDo() {
        return super.nothingToDo() && this.uusername == null && this.uid == null && this.cclientid == null && this.roleIds.isEmpty() && this.roleNames.isEmpty();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.keycloak.client.cli.common.BaseGlobalOptionsCmd
    public String help() {
        StringWriter stringWriter = new StringWriter();
        PrintWriter printWriter = new PrintWriter(stringWriter);
        printWriter.println("Usage: " + KcAdmMain.CMD + " add-roles (--uusername USERNAME | --uid ID) [--cclientid CLIENT_ID | --cid ID] (--rolename NAME | --roleid ID)+ [ARGUMENTS]");
        printWriter.println("       " + KcAdmMain.CMD + " add-roles (--gname NAME | --gpath PATH | --gid ID) [--cclientid CLIENT_ID | --cid ID] (--rolename NAME | --roleid ID)+ [ARGUMENTS]");
        printWriter.println("       " + KcAdmMain.CMD + " add-roles (--rname ROLE_NAME | --rid ROLE_ID) [--cclientid CLIENT_ID | --cid ID] (--rolename NAME | --roleid ID)+ [ARGUMENTS]");
        printWriter.println();
        printWriter.println("Command to add realm or client roles to a user, a group or a composite role.");
        printWriter.println();
        printWriter.println("Use `" + KcAdmMain.CMD + " config credentials` to establish an authenticated session, or use CREDENTIALS OPTIONS");
        printWriter.println("to perform one time authentication.");
        printWriter.println();
        printWriter.println("If client is specified using --cclientid or --cid then roles to add are client roles, otherwise they are realm roles.");
        printWriter.println("Either a user, or a group needs to be specified. If user is specified using --uusername or --uid then roles are added");
        printWriter.println("to a specific user. If group is specified using --gname, --gpath or --gid then roles are added to a specific group.");
        printWriter.println("If composite role is specified using --rname or --rid then roles are added to a specific composite role.");
        printWriter.println("One or more roles have to be specified using --rolename or --roleid so that they are added to a group, a user or a composite role.");
        globalOptions(printWriter);
        printWriter.println("    --uusername           User's 'username'. If more than one user exists with the same username");
        printWriter.println("                          you'll have to use --uid to specify the target user");
        printWriter.println("    --uid                 User's 'id' attribute");
        printWriter.println("    --gname               Group's 'name'. If more than one group exists with the same name you'll have");
        printWriter.println("                          to use --gid, or --gpath to specify the target group");
        printWriter.println("    --gpath               Group's 'path' attribute");
        printWriter.println("    --gid                 Group's 'id' attribute");
        printWriter.println("    --rname               Composite role's 'name' attribute");
        printWriter.println("    --rid                 Composite role's 'id' attribute");
        printWriter.println("    --cclientid           Client's 'clientId' attribute");
        printWriter.println("    --cid                 Client's 'id' attribute");
        printWriter.println("    --rolename            Role's 'name' attribute");
        printWriter.println("    --roleid              Role's 'id' attribute");
        printWriter.println("    -a, --admin-root URL      URL of Admin REST endpoint root if not default - e.g. http://localhost:8080/admin");
        printWriter.println("    -r, --target-realm REALM  Target realm to issue requests against if not the one authenticated against");
        printWriter.println();
        printWriter.println("Examples:");
        printWriter.println();
        printWriter.println("Add 'offline_access' realm role to a user:");
        printWriter.println("  " + OsUtil.PROMPT + " " + KcAdmMain.CMD + " add-roles -r demorealm --uusername testuser --rolename offline_access");
        printWriter.println();
        printWriter.println("Add 'realm-management' client roles 'view-users', 'view-clients' and 'view-realm' to a user:");
        printWriter.println("  " + OsUtil.PROMPT + " " + KcAdmMain.CMD + " add-roles -r demorealm --uusername testuser --cclientid realm-management --rolename view-users --rolename view-clients --rolename view-realm");
        printWriter.println();
        printWriter.println("Add 'uma_authorization' realm role to a group:");
        printWriter.println("  " + OsUtil.PROMPT + " " + KcAdmMain.CMD + " add-roles -r demorealm --gname PowerUsers --rolename uma_authorization");
        printWriter.println();
        printWriter.println("Add 'realm-management' client roles 'realm-admin' to a group:");
        printWriter.println("  " + OsUtil.PROMPT + " " + KcAdmMain.CMD + " add-roles -r demorealm --gname PowerUsers --cclientid realm-management --rolename realm-admin");
        printWriter.println();
        printWriter.println();
        printWriter.println("Use '" + KcAdmMain.CMD + " help' for general information and a list of commands");
        return stringWriter.toString();
    }
}
