package org.keycloak.services.resources.admin;

import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriInfo;
import org.jboss.logging.Logger;
import org.jboss.resteasy.annotations.cache.NoCache;
import org.jboss.resteasy.spi.NotFoundException;
import org.keycloak.constants.KerberosConstants;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RequiredCredentialModel;
import org.keycloak.models.UserFederationProvider;
import org.keycloak.models.UserFederationProviderFactory;
import org.keycloak.models.UserFederationProviderModel;
import org.keycloak.models.utils.ModelToRepresentation;
import org.keycloak.provider.ProviderFactory;
import org.keycloak.representations.idm.UserFederationProviderFactoryRepresentation;
import org.keycloak.representations.idm.UserFederationProviderRepresentation;
import org.keycloak.services.managers.UsersSyncManager;
import org.keycloak.services.resources.admin.RealmAuth;
import org.keycloak.timer.TimerProvider;

/* loaded from: input_file:WEB-INF/lib/keycloak-services-1.2.0.Final.jar:org/keycloak/services/resources/admin/UserFederationResource.class */
public class UserFederationResource {
    protected static final Logger logger = Logger.getLogger((Class<?>) UserFederationResource.class);
    protected RealmModel realm;
    protected RealmAuth auth;

    @Context
    protected UriInfo uriInfo;

    @Context
    protected KeycloakSession session;

    public UserFederationResource(RealmModel realmModel, RealmAuth realmAuth) {
        this.auth = realmAuth;
        this.realm = realmModel;
        realmAuth.init(RealmAuth.Resource.USER);
    }

    @GET
    @NoCache
    @Path("providers")
    @Produces({"application/json"})
    public List<UserFederationProviderFactoryRepresentation> getProviders() {
        this.auth.requireView();
        LinkedList linkedList = new LinkedList();
        for (ProviderFactory providerFactory : this.session.getKeycloakSessionFactory().getProviderFactories(UserFederationProvider.class)) {
            UserFederationProviderFactoryRepresentation userFederationProviderFactoryRepresentation = new UserFederationProviderFactoryRepresentation();
            userFederationProviderFactoryRepresentation.setId(providerFactory.getId());
            userFederationProviderFactoryRepresentation.setOptions(((UserFederationProviderFactory) providerFactory).getConfigurationOptions());
            linkedList.add(userFederationProviderFactoryRepresentation);
        }
        return linkedList;
    }

    @GET
    @NoCache
    @Path("providers/{id}")
    @Produces({"application/json"})
    public UserFederationProviderFactoryRepresentation getProvider(@PathParam("id") String str) {
        this.auth.requireView();
        for (ProviderFactory providerFactory : this.session.getKeycloakSessionFactory().getProviderFactories(UserFederationProvider.class)) {
            if (providerFactory.getId().equals(str)) {
                UserFederationProviderFactoryRepresentation userFederationProviderFactoryRepresentation = new UserFederationProviderFactoryRepresentation();
                userFederationProviderFactoryRepresentation.setId(providerFactory.getId());
                userFederationProviderFactoryRepresentation.setOptions(((UserFederationProviderFactory) providerFactory).getConfigurationOptions());
                return userFederationProviderFactoryRepresentation;
            }
        }
        throw new NotFoundException("Could not find provider");
    }

    @POST
    @Path("instances")
    @Consumes({"application/json"})
    public Response createProviderInstance(UserFederationProviderRepresentation userFederationProviderRepresentation) {
        this.auth.requireManage();
        String displayName = userFederationProviderRepresentation.getDisplayName();
        if (displayName != null && displayName.trim().equals("")) {
            displayName = null;
        }
        UserFederationProviderModel addUserFederationProvider = this.realm.addUserFederationProvider(userFederationProviderRepresentation.getProviderName(), userFederationProviderRepresentation.getConfig(), userFederationProviderRepresentation.getPriority(), displayName, userFederationProviderRepresentation.getFullSyncPeriod(), userFederationProviderRepresentation.getChangedSyncPeriod(), userFederationProviderRepresentation.getLastSync());
        new UsersSyncManager().refreshPeriodicSyncForProvider(this.session.getKeycloakSessionFactory(), (TimerProvider) this.session.getProvider(TimerProvider.class), addUserFederationProvider, this.realm.getId());
        checkKerberosCredential(addUserFederationProvider);
        return Response.created(this.uriInfo.getAbsolutePathBuilder().path(addUserFederationProvider.getId()).build(new Object[0])).build();
    }

    @Path("instances/{id}")
    @PUT
    @Consumes({"application/json"})
    public void updateProviderInstance(@PathParam("id") String str, UserFederationProviderRepresentation userFederationProviderRepresentation) {
        this.auth.requireManage();
        String displayName = userFederationProviderRepresentation.getDisplayName();
        if (displayName != null && displayName.trim().equals("")) {
            displayName = null;
        }
        UserFederationProviderModel userFederationProviderModel = new UserFederationProviderModel(str, userFederationProviderRepresentation.getProviderName(), userFederationProviderRepresentation.getConfig(), userFederationProviderRepresentation.getPriority(), displayName, userFederationProviderRepresentation.getFullSyncPeriod(), userFederationProviderRepresentation.getChangedSyncPeriod(), userFederationProviderRepresentation.getLastSync());
        this.realm.updateUserFederationProvider(userFederationProviderModel);
        new UsersSyncManager().refreshPeriodicSyncForProvider(this.session.getKeycloakSessionFactory(), (TimerProvider) this.session.getProvider(TimerProvider.class), userFederationProviderModel, this.realm.getId());
        checkKerberosCredential(userFederationProviderModel);
    }

    @GET
    @NoCache
    @Path("instances/{id}")
    @Produces({"application/json"})
    public UserFederationProviderRepresentation getProviderInstance(@PathParam("id") String str) {
        this.auth.requireView();
        for (UserFederationProviderModel userFederationProviderModel : this.realm.getUserFederationProviders()) {
            if (userFederationProviderModel.getId().equals(str)) {
                return ModelToRepresentation.toRepresentation(userFederationProviderModel);
            }
        }
        throw new NotFoundException("could not find provider");
    }

    @Path("instances/{id}")
    @DELETE
    public void deleteProviderInstance(@PathParam("id") String str) {
        this.auth.requireManage();
        getProviderInstance(str);
        UserFederationProviderModel userFederationProviderModel = new UserFederationProviderModel(str, null, null, -1, null, -1, -1, 0);
        this.realm.removeUserFederationProvider(userFederationProviderModel);
        new UsersSyncManager().removePeriodicSyncForProvider((TimerProvider) this.session.getProvider(TimerProvider.class), userFederationProviderModel);
    }

    @GET
    @Path("instances")
    @NoCache
    @Produces({"application/json"})
    public List<UserFederationProviderRepresentation> getUserFederationInstances() {
        this.auth.requireManage();
        LinkedList linkedList = new LinkedList();
        Iterator<UserFederationProviderModel> it = this.realm.getUserFederationProviders().iterator();
        while (it.hasNext()) {
            linkedList.add(ModelToRepresentation.toRepresentation(it.next()));
        }
        return linkedList;
    }

    @GET
    @Path("sync/{id}")
    @NoCache
    public Response syncUsers(@PathParam("id") String str, @QueryParam("action") String str2) {
        logger.debug("Syncing users");
        this.auth.requireManage();
        for (UserFederationProviderModel userFederationProviderModel : this.realm.getUserFederationProviders()) {
            if (userFederationProviderModel.getId().equals(str)) {
                UsersSyncManager usersSyncManager = new UsersSyncManager();
                if ("triggerFullSync".equals(str2)) {
                    usersSyncManager.syncAllUsers(this.session.getKeycloakSessionFactory(), this.realm.getId(), userFederationProviderModel);
                } else if ("triggerChangedUsersSync".equals(str2)) {
                    usersSyncManager.syncChangedUsers(this.session.getKeycloakSessionFactory(), this.realm.getId(), userFederationProviderModel);
                }
                return Response.noContent().build();
            }
        }
        throw new NotFoundException("could not find provider");
    }

    private void checkKerberosCredential(UserFederationProviderModel userFederationProviderModel) {
        if (Boolean.valueOf(userFederationProviderModel.getConfig().get(KerberosConstants.ALLOW_KERBEROS_AUTHENTICATION)).booleanValue()) {
            boolean z = false;
            Iterator<RequiredCredentialModel> it = this.realm.getRequiredCredentials().iterator();
            while (it.hasNext()) {
                if (it.next().getType().equals("kerberos")) {
                    z = true;
                }
            }
            if (z) {
                return;
            }
            this.realm.addRequiredCredential("kerberos");
            logger.info("Added 'kerberos' to required realm credentials");
        }
    }
}
