package org.keycloak.quarkus.runtime.cli.command;

import java.util.EnumSet;
import org.keycloak.common.util.IoUtils;
import org.keycloak.config.OptionCategory;
import org.keycloak.models.utils.KeycloakModelUtils;
import org.keycloak.quarkus.runtime.cli.PropertyException;
import org.keycloak.quarkus.runtime.integration.jaxrs.QuarkusKeycloakApplication;
import org.keycloak.services.resources.KeycloakApplication;
import picocli.CommandLine;

@CommandLine.Command(name = BootstrapAdminService.NAME, header = {BootstrapAdminService.HEADER}, description = {"%nAdd an admin service account"})
/* loaded from: input_file:org/keycloak/quarkus/runtime/cli/command/BootstrapAdminService.class */
public class BootstrapAdminService extends AbstractNonServerCommand {
    public static final String NAME = "service";
    public static final String HEADER = "Add an admin service account";

    @CommandLine.ArgGroup(exclusive = true, multiplicity = "0..1")
    ClientIdOptions clientIdOptions;

    @CommandLine.Option(paramLabel = "SECRET", names = {"--client-secret:env"}, description = {"Environment variable name for the client secret"})
    String clientSecretEnv;
    String clientSecret;
    String clientId;

    /* loaded from: input_file:org/keycloak/quarkus/runtime/cli/command/BootstrapAdminService$ClientIdOptions.class */
    static class ClientIdOptions {

        @CommandLine.Option(paramLabel = "id", names = {"--client-id"}, description = {"Client id, defaults to temp-admin"})
        String clientId;

        @CommandLine.Option(paramLabel = "ID", names = {"--client-id:env"}, description = {"Environment variable name for the client id"})
        String cliendIdEnv;

        ClientIdOptions() {
        }
    }

    @Override // org.keycloak.quarkus.runtime.cli.command.AbstractCommand
    public String getName() {
        return NAME;
    }

    @Override // org.keycloak.quarkus.runtime.cli.command.AbstractStartCommand
    protected void doBeforeRun() {
        BootstrapAdmin bootstrapAdmin = (BootstrapAdmin) this.spec.commandLine().getParent().getCommand();
        if (this.clientIdOptions != null) {
            if (this.clientIdOptions.cliendIdEnv != null) {
                this.clientId = getFromEnv(this.clientIdOptions.cliendIdEnv);
            } else {
                this.clientId = this.clientIdOptions.clientId;
            }
        } else if (!bootstrapAdmin.noPrompt) {
            this.clientId = IoUtils.readLineFromConsole("client id", "temp-admin");
        }
        if (this.clientSecretEnv != null) {
            this.clientSecret = getFromEnv(this.clientSecretEnv);
            return;
        }
        if (bootstrapAdmin.noPrompt) {
            throw new PropertyException("No client secret provided");
        }
        this.clientSecret = IoUtils.readPasswordFromConsole("client secret");
        if (!this.clientSecret.equals(IoUtils.readPasswordFromConsole("client secret again"))) {
            throw new PropertyException("Client secrets do not match");
        }
        if (this.clientSecret.isBlank()) {
            throw new PropertyException("Client secret must not be blank");
        }
    }

    private String getFromEnv(String str) {
        String str2 = System.getenv(str);
        if (str2 == null) {
            throw new PropertyException(String.format("Environment variable %s not found", str));
        }
        return str2;
    }

    @Override // org.keycloak.quarkus.runtime.cli.command.AbstractNonServerCommand
    public void onStart(QuarkusKeycloakApplication quarkusKeycloakApplication) {
        KeycloakModelUtils.runJobInTransaction(KeycloakApplication.getSessionFactory(), keycloakSession -> {
            quarkusKeycloakApplication.createTemporaryMasterRealmAdminService(this.clientId, this.clientSecret, keycloakSession);
        });
    }

    @Override // org.keycloak.quarkus.runtime.cli.command.AbstractStartCommand
    protected EnumSet<OptionCategory> excludedCategories() {
        return EnumSet.of(OptionCategory.IMPORT, OptionCategory.EXPORT, OptionCategory.BOOTSTRAP_ADMIN);
    }
}
