package org.keycloak.services.resources.admin;

import java.io.IOException;
import java.net.URI;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import javax.ws.rs.Consumes;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.core.CacheControl;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriInfo;
import org.jboss.logging.Logger;
import org.jboss.resteasy.annotations.cache.NoCache;
import org.jboss.resteasy.plugins.providers.multipart.InputPart;
import org.jboss.resteasy.plugins.providers.multipart.MultipartFormDataInput;
import org.jboss.resteasy.spi.NotFoundException;
import org.jboss.resteasy.spi.ResteasyProviderFactory;
import org.keycloak.ClientConnection;
import org.keycloak.models.AdminRoles;
import org.keycloak.models.ClientModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.ModelDuplicateException;
import org.keycloak.models.RealmModel;
import org.keycloak.models.utils.ModelToRepresentation;
import org.keycloak.protocol.oidc.TokenManager;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.services.ErrorResponse;
import org.keycloak.services.ForbiddenException;
import org.keycloak.services.managers.RealmManager;
import org.keycloak.services.resources.KeycloakApplication;
import org.keycloak.util.JsonSerialization;

/* loaded from: input_file:WEB-INF/lib/keycloak-services-1.3.1.Final.jar:org/keycloak/services/resources/admin/RealmsAdminResource.class */
public class RealmsAdminResource {
    protected AdminAuth auth;
    protected TokenManager tokenManager;

    @Context
    protected KeycloakSession session;

    @Context
    protected KeycloakApplication keycloak;

    @Context
    protected ClientConnection clientConnection;
    protected static final Logger logger = Logger.getLogger((Class<?>) RealmsAdminResource.class);
    public static final CacheControl noCache = new CacheControl();

    public RealmsAdminResource(AdminAuth adminAuth, TokenManager tokenManager) {
        this.auth = adminAuth;
        this.tokenManager = tokenManager;
    }

    @GET
    @Produces({"application/json"})
    @NoCache
    public List<RealmRepresentation> getRealms() {
        RealmManager realmManager = new RealmManager(this.session);
        ArrayList arrayList = new ArrayList();
        if (this.auth.getRealm().equals(realmManager.getKeycloakAdminstrationRealm())) {
            for (RealmModel realmModel : this.session.realms().getRealms()) {
                addRealmRep(arrayList, realmModel, realmModel.getMasterAdminClient());
            }
        } else {
            addRealmRep(arrayList, this.auth.getRealm(), this.auth.getRealm().getClientByClientId(realmManager.getRealmAdminClientId(this.auth.getRealm())));
        }
        logger.debug("getRealms()");
        return arrayList;
    }

    protected void addRealmRep(List<RealmRepresentation> list, RealmModel realmModel, ClientModel clientModel) {
        if (this.auth.hasAppRole(clientModel, AdminRoles.MANAGE_REALM)) {
            list.add(ModelToRepresentation.toRepresentation(realmModel, false));
        } else if (this.auth.hasOneOfAppRole(clientModel, AdminRoles.ALL_REALM_ROLES)) {
            RealmRepresentation realmRepresentation = new RealmRepresentation();
            realmRepresentation.setRealm(realmModel.getName());
            list.add(realmRepresentation);
        }
    }

    @POST
    @Consumes({"application/json"})
    public Response importRealm(@Context UriInfo uriInfo, RealmRepresentation realmRepresentation) {
        RealmManager realmManager = new RealmManager(this.session);
        realmManager.setContextPath(this.keycloak.getContextPath());
        if (!this.auth.getRealm().equals(realmManager.getKeycloakAdminstrationRealm())) {
            throw new ForbiddenException();
        }
        if (!this.auth.hasRealmRole(AdminRoles.CREATE_REALM)) {
            throw new ForbiddenException();
        }
        logger.debugv("importRealm: {0}", realmRepresentation.getRealm());
        try {
            RealmModel importRealm = realmManager.importRealm(realmRepresentation);
            grantPermissionsToRealmCreator(importRealm);
            URI build = AdminRoot.realmsUrl(uriInfo).path(importRealm.getName()).build(new Object[0]);
            logger.debugv("imported realm success, sending back: {0}", build.toString());
            return Response.created(build).build();
        } catch (ModelDuplicateException e) {
            return ErrorResponse.exists("Realm " + realmRepresentation.getRealm() + " already exists");
        }
    }

    @POST
    @Consumes({"multipart/form-data"})
    public Response uploadRealm(@Context UriInfo uriInfo, MultipartFormDataInput multipartFormDataInput) throws IOException {
        RealmManager realmManager = new RealmManager(this.session);
        realmManager.setContextPath(this.keycloak.getContextPath());
        if (!this.auth.getRealm().equals(realmManager.getKeycloakAdminstrationRealm())) {
            throw new ForbiddenException();
        }
        if (!this.auth.hasRealmRole(AdminRoles.CREATE_REALM)) {
            throw new ForbiddenException();
        }
        List list = (List) multipartFormDataInput.getFormDataMap().get("file");
        Iterator it = list.iterator();
        while (it.hasNext()) {
            RealmRepresentation realmRepresentation = (RealmRepresentation) JsonSerialization.readValue(((InputPart) it.next()).getBodyAsString(), RealmRepresentation.class);
            try {
                RealmModel importRealm = realmManager.importRealm(realmRepresentation);
                grantPermissionsToRealmCreator(importRealm);
                if (list.size() == 1) {
                    return Response.created(AdminRoot.realmsUrl(uriInfo).path(importRealm.getName()).build(new Object[0])).build();
                }
            } catch (ModelDuplicateException e) {
                return ErrorResponse.exists("Realm " + realmRepresentation.getRealm() + " already exists");
            }
        }
        return Response.noContent().build();
    }

    private void grantPermissionsToRealmCreator(RealmModel realmModel) {
        if (this.auth.hasRealmRole(AdminRoles.ADMIN)) {
            return;
        }
        new RealmManager(this.session).getKeycloakAdminstrationRealm();
        ClientModel masterAdminClient = realmModel.getMasterAdminClient();
        for (String str : AdminRoles.ALL_REALM_ROLES) {
            this.auth.getUser().grantRole(masterAdminClient.getRole(str));
        }
    }

    @Path("{realm}")
    public RealmAdminResource getRealmAdmin(@Context HttpHeaders httpHeaders, @PathParam("realm") String str) {
        RealmManager realmManager = new RealmManager(this.session);
        RealmModel realmByName = realmManager.getRealmByName(str);
        if (realmByName == null) {
            throw new NotFoundException("{realm} = " + str);
        }
        if (!this.auth.getRealm().equals(realmManager.getKeycloakAdminstrationRealm()) && !this.auth.getRealm().equals(realmByName)) {
            throw new ForbiddenException();
        }
        RealmAuth realmAuth = this.auth.getRealm().equals(realmManager.getKeycloakAdminstrationRealm()) ? new RealmAuth(this.auth, realmByName.getMasterAdminClient()) : new RealmAuth(this.auth, realmByName.getClientByClientId(realmManager.getRealmAdminClientId(this.auth.getRealm())));
        AdminEventBuilder adminEventBuilder = new AdminEventBuilder(realmByName, this.auth, this.session, this.clientConnection);
        this.session.getContext().setRealm(realmByName);
        RealmAdminResource realmAdminResource = new RealmAdminResource(realmAuth, realmByName, this.tokenManager, adminEventBuilder);
        ResteasyProviderFactory.getInstance().injectProperties(realmAdminResource);
        return realmAdminResource;
    }

    static {
        noCache.setNoCache(true);
    }
}
