package org.keycloak.example.photoz.album;

import java.security.Principal;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import javax.ejb.Stateless;
import javax.persistence.EntityManager;
import javax.persistence.PersistenceContext;
import javax.persistence.Query;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Response;
import org.apache.http.client.HttpClient;
import org.keycloak.authorization.client.AuthzClient;
import org.keycloak.authorization.client.Configuration;
import org.keycloak.authorization.client.representation.ResourceRepresentation;
import org.keycloak.authorization.client.representation.ScopeRepresentation;
import org.keycloak.authorization.client.resource.ProtectionResource;
import org.keycloak.example.photoz.ErrorResponse;
import org.keycloak.example.photoz.entity.Album;
import org.keycloak.representations.adapters.config.AdapterConfig;
import org.keycloak.util.JsonSerialization;

@Path("/album")
@Stateless
/* loaded from: input_file:WEB-INF/classes/org/keycloak/example/photoz/album/AlbumService.class */
public class AlbumService {
    public static final String SCOPE_ALBUM_VIEW = "urn:photoz.com:scopes:album:view";
    public static final String SCOPE_ALBUM_CREATE = "urn:photoz.com:scopes:album:create";
    public static final String SCOPE_ALBUM_DELETE = "urn:photoz.com:scopes:album:delete";

    @PersistenceContext
    private EntityManager entityManager;

    @Context
    private HttpServletRequest request;
    private AuthzClient authzClient;

    @POST
    @Consumes({"application/json"})
    public Response create(Album album) {
        Principal userPrincipal = this.request.getUserPrincipal();
        album.setUserId(userPrincipal.getName());
        Query createQuery = this.entityManager.createQuery("from Album where name = :name and userId = :userId");
        createQuery.setParameter("name", album.getName());
        createQuery.setParameter("userId", userPrincipal.getName());
        if (!createQuery.getResultList().isEmpty()) {
            throw new ErrorResponse("Name [" + album.getName() + "] already taken. Choose another one.", Response.Status.CONFLICT);
        }
        this.entityManager.persist(album);
        createProtectedResource(album);
        return Response.ok(album).build();
    }

    @Path("{id}")
    @DELETE
    public Response delete(@PathParam("id") String str) {
        Album album = (Album) this.entityManager.find(Album.class, Long.valueOf(str));
        try {
            deleteProtectedResource(album);
            this.entityManager.remove(album);
            return Response.ok().build();
        } catch (Exception e) {
            throw new RuntimeException("Could not delete album.", e);
        }
    }

    @GET
    @Produces({"application/json"})
    public Response findAll() {
        return Response.ok(this.entityManager.createQuery("from Album where userId = '" + this.request.getUserPrincipal().getName() + "'").getResultList()).build();
    }

    @GET
    @Produces({"application/json"})
    @Path("{id}")
    public Response findById(@PathParam("id") String str) {
        List resultList = this.entityManager.createQuery("from Album where id = " + str).getResultList();
        return resultList.isEmpty() ? Response.status(Response.Status.NOT_FOUND).build() : Response.ok(resultList.get(0)).build();
    }

    private void createProtectedResource(Album album) {
        try {
            HashSet hashSet = new HashSet();
            hashSet.add(new ScopeRepresentation(SCOPE_ALBUM_VIEW));
            hashSet.add(new ScopeRepresentation(SCOPE_ALBUM_DELETE));
            ResourceRepresentation resourceRepresentation = new ResourceRepresentation(album.getName(), hashSet, "/album/" + album.getId(), "http://photoz.com/album");
            resourceRepresentation.setOwner(album.getUserId());
            getAuthzClient().protection().resource().create(resourceRepresentation);
        } catch (Exception e) {
            throw new RuntimeException("Could not register protected resource.", e);
        }
    }

    private void deleteProtectedResource(Album album) {
        String str = "/album/" + album.getId();
        try {
            ProtectionResource protection = getAuthzClient().protection();
            Set findByFilter = protection.resource().findByFilter("uri=" + str);
            if (findByFilter.isEmpty()) {
                throw new RuntimeException("Could not find protected resource with URI [" + str + "]");
            }
            protection.resource().delete((String) findByFilter.iterator().next());
        } catch (Exception e) {
            throw new RuntimeException("Could not search protected resource.", e);
        }
    }

    private AuthzClient getAuthzClient() {
        if (this.authzClient == null) {
            try {
                AdapterConfig adapterConfig = (AdapterConfig) JsonSerialization.readValue(this.request.getServletContext().getResourceAsStream("/WEB-INF/keycloak.json"), AdapterConfig.class);
                this.authzClient = AuthzClient.create(new Configuration(adapterConfig.getAuthServerUrl(), adapterConfig.getRealm(), adapterConfig.getResource(), adapterConfig.getCredentials(), (HttpClient) null));
            } catch (Exception e) {
                throw new RuntimeException("Could not create authorization client.", e);
            }
        }
        return this.authzClient;
    }
}
