package org.keycloak.services.clientregistration;

import java.net.URI;
import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Response;
import org.jboss.logging.Logger;
import org.keycloak.events.EventBuilder;
import org.keycloak.events.EventType;
import org.keycloak.models.AdminRoles;
import org.keycloak.models.ClientModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.ModelDuplicateException;
import org.keycloak.models.RealmModel;
import org.keycloak.models.utils.ModelToRepresentation;
import org.keycloak.models.utils.RepresentationToModel;
import org.keycloak.protocol.oidc.utils.AuthorizeClientUtil;
import org.keycloak.representations.AccessToken;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.services.ErrorResponse;
import org.keycloak.services.ForbiddenException;
import org.keycloak.services.managers.AppAuthManager;
import org.keycloak.services.resources.Cors;

/* loaded from: input_file:org/keycloak/services/clientregistration/DefaultClientRegistrationProvider.class */
public class DefaultClientRegistrationProvider implements ClientRegistrationProvider {
    private static final Logger logger = Logger.getLogger(DefaultClientRegistrationProvider.class);
    private KeycloakSession session;
    private EventBuilder event;
    private RealmModel realm;

    public DefaultClientRegistrationProvider(KeycloakSession keycloakSession) {
        this.session = keycloakSession;
    }

    @POST
    @Consumes({"application/json"})
    public Response create(ClientRepresentation clientRepresentation) {
        this.event.event(EventType.CLIENT_REGISTER);
        authenticate(true, null);
        try {
            ClientModel createClient = RepresentationToModel.createClient(this.session, this.realm, clientRepresentation, true);
            clientRepresentation = ModelToRepresentation.toRepresentation(createClient);
            URI build = this.session.getContext().getUri().getAbsolutePathBuilder().path(createClient.getId()).build(new Object[0]);
            logger.infov("Created client {0}", clientRepresentation.getClientId());
            this.event.client(clientRepresentation.getClientId()).success();
            return Response.created(build).entity(clientRepresentation).build();
        } catch (ModelDuplicateException e) {
            return ErrorResponse.exists("Client " + clientRepresentation.getClientId() + " already exists");
        }
    }

    @GET
    @Produces({"application/json"})
    @Path("{clientId}")
    public Response get(@PathParam("clientId") String str) {
        this.event.event(EventType.CLIENT_INFO);
        ClientModel authenticate = authenticate(false, str);
        return authenticate == null ? Response.status(Response.Status.NOT_FOUND).build() : Response.ok(ModelToRepresentation.toRepresentation(authenticate)).build();
    }

    @Path("{clientId}")
    @PUT
    @Consumes({"application/json"})
    public Response update(@PathParam("clientId") String str, ClientRepresentation clientRepresentation) {
        this.event.event(EventType.CLIENT_UPDATE).client(str);
        RepresentationToModel.updateClient(clientRepresentation, authenticate(false, str));
        logger.infov("Updated client {0}", clientRepresentation.getClientId());
        this.event.success();
        return Response.status(Response.Status.OK).build();
    }

    @Path("{clientId}")
    @DELETE
    public Response delete(@PathParam("clientId") String str) {
        this.event.event(EventType.CLIENT_DELETE).client(str);
        if (!this.realm.removeClient(authenticate(false, str).getId())) {
            return Response.status(Response.Status.NOT_FOUND).build();
        }
        this.event.success();
        return Response.ok().build();
    }

    public void close() {
    }

    private ClientModel authenticate(boolean z, String str) {
        String str2 = (String) this.session.getContext().getRequestHeaders().getRequestHeaders().getFirst(Cors.AUTHORIZATION_HEADER);
        if (str2 != null && str2.split(" ")[0].equalsIgnoreCase("Bearer")) {
            AccessToken.Access resourceAccess = new AppAuthManager().authenticateBearerToken(this.session, this.realm).getToken().getResourceAccess("realm-management");
            if (resourceAccess != null) {
                if (resourceAccess.isUserInRole(AdminRoles.MANAGE_CLIENTS)) {
                    if (z) {
                        return null;
                    }
                    return this.realm.getClientByClientId(str);
                }
                if (z && resourceAccess.isUserInRole(AdminRoles.CREATE_CLIENT)) {
                    if (z) {
                        return null;
                    }
                    return this.realm.getClientByClientId(str);
                }
            }
        } else if (!z) {
            try {
                ClientModel client = AuthorizeClientUtil.authorizeClient(this.session, this.event, this.realm).getClient();
                if (client != null && !client.isPublicClient()) {
                    if (client.getClientId().equals(str)) {
                        return client;
                    }
                }
            } catch (Throwable th) {
            }
        }
        this.event.error("not_allowed");
        throw new ForbiddenException();
    }

    @Override // org.keycloak.services.clientregistration.ClientRegistrationProvider
    public void setRealm(RealmModel realmModel) {
        this.realm = realmModel;
    }

    @Override // org.keycloak.services.clientregistration.ClientRegistrationProvider
    public void setEvent(EventBuilder eventBuilder) {
        this.event = eventBuilder;
    }
}
