package org.keycloak.client.admin.cli.commands;

import com.fasterxml.jackson.annotation.JsonProperty;
import java.io.PrintWriter;
import java.io.StringWriter;
import java.util.ArrayList;
import org.jboss.aesh.cl.CommandDefinition;
import org.jboss.aesh.cl.Option;
import org.jboss.aesh.console.command.CommandException;
import org.jboss.aesh.console.command.CommandResult;
import org.jboss.aesh.console.command.invocation.CommandInvocation;
import org.keycloak.client.admin.cli.config.ConfigData;
import org.keycloak.client.admin.cli.operations.ClientOperations;
import org.keycloak.client.admin.cli.operations.GroupOperations;
import org.keycloak.client.admin.cli.operations.RoleOperations;
import org.keycloak.client.admin.cli.operations.UserOperations;
import org.keycloak.client.admin.cli.util.AuthUtil;
import org.keycloak.client.admin.cli.util.ConfigUtil;
import org.keycloak.client.admin.cli.util.HttpUtil;
import org.keycloak.client.admin.cli.util.OsUtil;
import org.keycloak.models.LDAPConstants;
import org.keycloak.validate.validators.UriValidator;

@CommandDefinition(name = "get-roles", description = "[ARGUMENTS]")
/* loaded from: input_file:org/keycloak/client/admin/cli/commands/GetRolesCmd.class */
public class GetRolesCmd extends GetCmd {

    @Option(name = "uusername", description = "Target user's 'username'")
    String uusername;

    @Option(name = LDAPConstants.UID, description = "Target user's 'id'")
    String uid;

    @Option(name = "cclientid", description = "Target client's 'clientId'")
    String cclientid;

    @Option(name = "cid", description = "Target client's 'id'")
    String cid;

    @Option(name = "rname", description = "Composite role's 'name'")
    String rname;

    @Option(name = "rid", description = "Composite role's 'id'")
    String rid;

    @Option(name = "gname", description = "Target group's 'name'")
    String gname;

    @Option(name = "gpath", description = "Target group's 'path'")
    String gpath;

    @Option(name = "gid", description = "Target group's 'id'")
    String gid;

    @Option(name = "rolename", description = "Target role's 'name'")
    String rolename;

    @Option(name = "roleid", description = "Target role's 'id'")
    String roleid;

    @Option(name = "available", description = "List only available roles", hasValue = false)
    boolean available;

    @Option(name = "effective", description = "List assigned roles including transitively included roles", hasValue = false)
    boolean effective;

    @Option(name = "all", description = "List roles for all clients in addition to realm roles", hasValue = false)
    boolean all;

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // org.keycloak.client.admin.cli.commands.GetCmd, org.keycloak.client.admin.cli.commands.AbstractRequestCmd
    public void initOptions() {
        super.initOptions();
        if (this.args == null) {
            this.args = new ArrayList();
        }
        if (this.args.size() == 0) {
            this.args.add(UriValidator.ID);
        } else {
            this.args.add(0, UriValidator.ID);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // org.keycloak.client.admin.cli.commands.AbstractRequestCmd
    public void processOptions(CommandInvocation commandInvocation) {
        if (this.uid != null && this.uusername != null) {
            throw new IllegalArgumentException("Incompatible options: --uid and --uusername are mutually exclusive");
        }
        if ((this.gid != null && this.gname != null) || ((this.gid != null && this.gpath != null) || (this.gname != null && this.gpath != null))) {
            throw new IllegalArgumentException("Incompatible options: --gid, --gname and --gpath are mutually exclusive");
        }
        if (this.roleid != null && this.rolename != null) {
            throw new IllegalArgumentException("Incompatible options: --roleid and --rolename are mutually exclusive");
        }
        if (this.rid != null && this.rname != null) {
            throw new IllegalArgumentException("Incompatible options: --rid and --rname are mutually exclusive");
        }
        if (this.cid != null && this.cclientid != null) {
            throw new IllegalArgumentException("Incompatible options: --cid and --cclientid are mutually exclusive");
        }
        if (isUserSpecified() && isGroupSpecified()) {
            throw new IllegalArgumentException("Incompatible options: --uusername / --uid can't be used at the same time as --gname / --gid / --gpath");
        }
        if (isUserSpecified() && isCompositeRoleSpecified()) {
            throw new IllegalArgumentException("Incompatible options: --uusername / --uid can't be used at the same time as --rname / --rid");
        }
        if (isGroupSpecified() && isCompositeRoleSpecified()) {
            throw new IllegalArgumentException("Incompatible options: --rname / --rid can't be used at the same time as --gname / --gid / --gpath");
        }
        if (this.all && this.effective) {
            throw new IllegalArgumentException("Incompatible options: --all can't be used at the same time as --effective");
        }
        if (this.all && this.available) {
            throw new IllegalArgumentException("Incompatible options: --all can't be used at the same time as --available");
        }
        super.processOptions(commandInvocation);
    }

    @Override // org.keycloak.client.admin.cli.commands.AbstractRequestCmd
    public CommandResult process(CommandInvocation commandInvocation) throws CommandException, InterruptedException {
        String str;
        ConfigData copyWithServerInfo = copyWithServerInfo(ConfigUtil.loadConfig());
        setupTruststore(copyWithServerInfo, commandInvocation);
        String str2 = null;
        ConfigData copyWithServerInfo2 = copyWithServerInfo(ensureAuthInfo(copyWithServerInfo, commandInvocation));
        if (ConfigUtil.credentialsAvailable(copyWithServerInfo2)) {
            str2 = AuthUtil.ensureToken(copyWithServerInfo2);
        }
        String str3 = str2 != null ? "Bearer " + str2 : null;
        String serverUrl = copyWithServerInfo2.getServerUrl();
        String targetRealm = getTargetRealm(copyWithServerInfo2);
        String composeAdminRoot = this.adminRestRoot != null ? this.adminRestRoot : composeAdminRoot(serverUrl);
        if (isUserSpecified()) {
            if (this.uid == null) {
                this.uid = UserOperations.getIdFromUsername(composeAdminRoot, targetRealm, str3, this.uusername);
            }
            if (isClientSpecified()) {
                if (this.cid == null) {
                    this.cid = ClientOperations.getIdFromClientId(composeAdminRoot, targetRealm, str3, this.cclientid);
                }
                if (this.available) {
                    this.url = HttpUtil.composeResourceUrl(composeAdminRoot, targetRealm, "users/" + this.uid + "/role-mappings/clients/" + this.cid + "/available");
                } else if (this.effective) {
                    this.url = HttpUtil.composeResourceUrl(composeAdminRoot, targetRealm, "users/" + this.uid + "/role-mappings/clients/" + this.cid + "/composite");
                } else {
                    this.url = HttpUtil.composeResourceUrl(composeAdminRoot, targetRealm, "users/" + this.uid + "/role-mappings/clients/" + this.cid);
                }
            } else if (this.available) {
                this.url = HttpUtil.composeResourceUrl(composeAdminRoot, targetRealm, "users/" + this.uid + "/role-mappings/realm/available");
            } else if (this.effective) {
                this.url = HttpUtil.composeResourceUrl(composeAdminRoot, targetRealm, "users/" + this.uid + "/role-mappings/realm/composite");
            } else {
                this.url = HttpUtil.composeResourceUrl(composeAdminRoot, targetRealm, "users/" + this.uid + (this.all ? "/role-mappings" : "/role-mappings/realm"));
            }
        } else if (isGroupSpecified()) {
            if (this.gname != null) {
                this.gid = GroupOperations.getIdFromName(composeAdminRoot, targetRealm, str3, this.gname);
            } else if (this.gpath != null) {
                this.gid = GroupOperations.getIdFromPath(composeAdminRoot, targetRealm, str3, this.gpath);
            }
            if (isClientSpecified()) {
                if (this.cid == null) {
                    this.cid = ClientOperations.getIdFromClientId(composeAdminRoot, targetRealm, str3, this.cclientid);
                }
                if (this.available) {
                    this.url = HttpUtil.composeResourceUrl(composeAdminRoot, targetRealm, "groups/" + this.gid + "/role-mappings/clients/" + this.cid + "/available");
                } else if (this.effective) {
                    this.url = HttpUtil.composeResourceUrl(composeAdminRoot, targetRealm, "groups/" + this.gid + "/role-mappings/clients/" + this.cid + "/composite");
                } else {
                    this.url = HttpUtil.composeResourceUrl(composeAdminRoot, targetRealm, "groups/" + this.gid + "/role-mappings/clients/" + this.cid);
                }
            } else if (this.available) {
                this.url = HttpUtil.composeResourceUrl(composeAdminRoot, targetRealm, "groups/" + this.gid + "/role-mappings/realm/available");
            } else if (this.effective) {
                this.url = HttpUtil.composeResourceUrl(composeAdminRoot, targetRealm, "groups/" + this.gid + "/role-mappings/realm/composite");
            } else {
                this.url = HttpUtil.composeResourceUrl(composeAdminRoot, targetRealm, "groups/" + this.gid + (this.all ? "/role-mappings" : "/role-mappings/realm"));
            }
        } else if (isCompositeRoleSpecified()) {
            String str4 = this.rname != null ? "roles/" + this.rname : "roles-by-id/" + this.rid;
            if (isClientSpecified()) {
                if (this.cid == null) {
                    this.cid = ClientOperations.getIdFromClientId(composeAdminRoot, targetRealm, str3, this.cclientid);
                }
                if (this.available) {
                    throw new IllegalArgumentException("Option --available not supported with composite roles. Try '" + OsUtil.CMD + " get-roles --cid " + this.cid + "' for full list of client roles for that client");
                }
                if (this.effective) {
                    throw new IllegalArgumentException("Option --effective not supported with composite roles.");
                }
                str = str4 + "/composites/clients/" + this.cid;
            } else {
                if (this.available) {
                    throw new IllegalArgumentException("Option --available not supported with composite roles. Try '" + OsUtil.CMD + " get-roles' for full list of realm roles");
                }
                if (this.effective) {
                    throw new IllegalArgumentException("Option --effective not supported with composite roles.");
                }
                str = str4 + (this.all ? "/composites" : "/composites/realm");
            }
            this.url = HttpUtil.composeResourceUrl(composeAdminRoot, targetRealm, str);
        } else if (isClientSpecified()) {
            if (this.cid == null) {
                this.cid = ClientOperations.getIdFromClientId(composeAdminRoot, targetRealm, str3, this.cclientid);
            }
            if (isRoleSpecified()) {
                if (this.rolename == null) {
                    this.rolename = RoleOperations.getClientRoleNameFromId(composeAdminRoot, targetRealm, str3, this.cid, this.roleid);
                }
                this.url = HttpUtil.composeResourceUrl(composeAdminRoot, targetRealm, "clients/" + this.cid + "/roles/" + this.rolename);
            } else {
                this.url = HttpUtil.composeResourceUrl(composeAdminRoot, targetRealm, "clients/" + this.cid + "/roles");
            }
        } else if (isRoleSpecified()) {
            if (this.rolename == null) {
                this.rolename = RoleOperations.getClientRoleNameFromId(composeAdminRoot, targetRealm, str3, this.cid, this.roleid);
            }
            this.url = HttpUtil.composeResourceUrl(composeAdminRoot, targetRealm, "roles/" + this.rolename);
        } else {
            this.url = HttpUtil.composeResourceUrl(composeAdminRoot, targetRealm, "roles");
        }
        return super.process(commandInvocation);
    }

    private boolean isRoleSpecified() {
        return (this.roleid == null && this.rolename == null) ? false : true;
    }

    private boolean isClientSpecified() {
        return (this.cid == null && this.cclientid == null) ? false : true;
    }

    private boolean isGroupSpecified() {
        return (this.gid == null && this.gname == null && this.gpath == null) ? false : true;
    }

    private boolean isCompositeRoleSpecified() {
        return (this.rid == null && this.rname == null) ? false : true;
    }

    private boolean isUserSpecified() {
        return (this.uid == null && this.uusername == null) ? false : true;
    }

    @Override // org.keycloak.client.admin.cli.commands.GetCmd, org.keycloak.client.admin.cli.commands.AbstractRequestCmd
    protected String suggestHelp() {
        return JsonProperty.USE_DEFAULT_NAME;
    }

    @Override // org.keycloak.client.admin.cli.commands.GetCmd, org.keycloak.client.admin.cli.commands.AbstractGlobalOptionsCmd
    protected boolean nothingToDo() {
        return false;
    }

    @Override // org.keycloak.client.admin.cli.commands.GetCmd, org.keycloak.client.admin.cli.commands.AbstractGlobalOptionsCmd
    protected String help() {
        return usage();
    }

    public static String usage() {
        StringWriter stringWriter = new StringWriter();
        PrintWriter printWriter = new PrintWriter(stringWriter);
        printWriter.println("Usage: " + OsUtil.CMD + " get-roles [--cclientid CLIENT_ID | --cid ID] [ARGUMENTS]");
        printWriter.println("       " + OsUtil.CMD + " get-roles (--uusername USERNAME | --uid ID) [--cclientid CLIENT_ID | --cid ID] [--available | --effective | --all] (ARGUMENTS)");
        printWriter.println("       " + OsUtil.CMD + " get-roles (--gname NAME | --gpath PATH | --gid ID) [--cclientid CLIENT_ID | --cid ID] [--available | --effective | --all] [ARGUMENTS]");
        printWriter.println("       " + OsUtil.CMD + " get-roles (--rname ROLE_NAME | --rid ROLE_ID) [--cclientid CLIENT_ID | --cid ID] [--available | --effective | --all] [ARGUMENTS]");
        printWriter.println();
        printWriter.println("Command to list realm or client roles of a realm, a user, a group or a composite role.");
        printWriter.println();
        printWriter.println("Use '" + OsUtil.CMD + " config credentials' to establish an authenticated session, or use CREDENTIALS OPTIONS");
        printWriter.println("to perform one time authentication.");
        printWriter.println();
        printWriter.println("If client is specified using --cclientid or --cid then client roles are listed, otherwise realm roles are listed.");
        printWriter.println("If user is specified using --uusername or --uid then roles are listed for a specific user.");
        printWriter.println("If group is specified using --gname, --gpath or --gid then roles are listed for a specific group.");
        printWriter.println("If composite role is specified --rname or --rid then roles are listed for a specific composite role.");
        printWriter.println("If neither user nor group, nor composite role is specified then defined roles are listed for a realm or specific client.");
        printWriter.println("If role is specified using --rolename or --roleid then only that specific role is returned.");
        printWriter.println("If --available is specified, then only roles not yet added to the target user or group are returned.");
        printWriter.println("If --effective is specified, then roles added to the target user or group are transitively resolved and a full");
        printWriter.println("set of roles in effect for that user, group or composite role is returned.");
        printWriter.println("If --all is specified, then client roles for all clients are returned in addition to realm roles.");
        printWriter.println();
        printWriter.println("Arguments:");
        printWriter.println();
        printWriter.println("  Global options:");
        printWriter.println("    -x                    Print full stack trace when exiting with error");
        printWriter.println("    --config              Path to the config file (" + ConfigUtil.DEFAULT_CONFIG_FILE_STRING + " by default)");
        printWriter.println("    --no-config           Don't use config file - no authentication info is loaded or saved");
        printWriter.println("    --token               Token to use to invoke on Keycloak.  Other credential may be ignored if this flag is set.");
        printWriter.println("    --truststore PATH     Path to a truststore containing trusted certificates");
        printWriter.println("    --trustpass PASSWORD  Truststore password (prompted for if not specified and --truststore is used)");
        printWriter.println("    CREDENTIALS OPTIONS   Same set of options as accepted by '" + OsUtil.CMD + " config credentials' in order to establish");
        printWriter.println("                          an authenticated sessions. In combination with --no-config option this allows transient");
        printWriter.println("                          (on-the-fly) authentication to be performed which leaves no tokens in config file.");
        printWriter.println();
        printWriter.println("  Command specific options:");
        printWriter.println("    --uusername               User's 'username'. If more than one user exists with the same username");
        printWriter.println("                              you'll have to use --uid to specify the target user");
        printWriter.println("    --uid                     User's 'id' attribute");
        printWriter.println("    --gname                   Group's 'name'. If more than one group exists with the same name you'll have");
        printWriter.println("                              to use --gid, or --gpath to specify the target group");
        printWriter.println("    --gpath                   Group's 'path' attribute");
        printWriter.println("    --gid                     Group's 'id' attribute");
        printWriter.println("    --rname                   Composite role's 'name' attribute");
        printWriter.println("    --rid                     Composite role's 'id' attribute");
        printWriter.println("    --cclientid               Client's 'clientId' attribute");
        printWriter.println("    --cid                     Client's 'id' attribute");
        printWriter.println("    --rolename                Role's 'name' attribute");
        printWriter.println("    --roleid                  Role's 'id' attribute");
        printWriter.println("    --available               Return available roles - those that can still be added");
        printWriter.println("    --effective               Return effective roles - transitively taking composite roles into account");
        printWriter.println("    --all                     Return all client roles in addition to realm roles");
        printWriter.println();
        printWriter.println("    -H, --print-headers       Print response headers");
        printWriter.println("    -F, --fields FILTER       A filter pattern to specify which fields of a JSON response to output");
        printWriter.println("                              Use '" + OsUtil.CMD + " get --help' for more info on FILTER syntax.");
        printWriter.println("    -c, --compressed          Don't pretty print the output");
        printWriter.println("    --format FORMAT           Set output format to comma-separated-values by using 'csv'. Default format is 'json'");
        printWriter.println("    --noquotes                Don't quote strings when output format is 'csv'");
        printWriter.println("    -a, --admin-root URL      URL of Admin REST endpoint root if not default - e.g. http://localhost:8080/auth/admin");
        printWriter.println("    -r, --target-realm REALM  Target realm to issue requests against if not the one authenticated against");
        printWriter.println();
        printWriter.println("Examples:");
        printWriter.println();
        printWriter.println("Get all realm roles defined on a realm:");
        printWriter.println("  " + OsUtil.PROMPT + " " + OsUtil.CMD + " get-roles -r demorealm");
        printWriter.println();
        printWriter.println("Get all client roles defined on a specific client, displaying only 'id' and 'name':");
        printWriter.println("  " + OsUtil.PROMPT + " " + OsUtil.CMD + " get-roles -r demorealm --cclientid realm-management --fields id,name");
        printWriter.println();
        printWriter.println("List all realm roles for a specific user:");
        printWriter.println("  " + OsUtil.PROMPT + " " + OsUtil.CMD + " get-roles -r demorealm --uusername testuser");
        printWriter.println();
        printWriter.println("List effective client roles for 'realm-management' client for a specific user:");
        printWriter.println("  " + OsUtil.PROMPT + " " + OsUtil.CMD + " get-roles -r demorealm --uusername testuser --cclientid realm-management --effective");
        printWriter.println();
        printWriter.println();
        printWriter.println("Use '" + OsUtil.CMD + " help' for general information and a list of commands");
        return stringWriter.toString();
    }
}
