package org.keycloak.services.resources.admin;

import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriInfo;
import org.hibernate.type.EnumType;
import org.jboss.logging.Logger;
import org.jboss.resteasy.annotations.cache.NoCache;
import org.jboss.resteasy.spi.BadRequestException;
import org.jboss.resteasy.spi.NotFoundException;
import org.keycloak.authentication.AuthenticationFlow;
import org.keycloak.authentication.Authenticator;
import org.keycloak.authentication.ClientAuthenticator;
import org.keycloak.authentication.ClientAuthenticatorFactory;
import org.keycloak.authentication.ConfigurableAuthenticatorFactory;
import org.keycloak.authentication.FormAction;
import org.keycloak.authentication.FormAuthenticator;
import org.keycloak.authentication.RequiredActionFactory;
import org.keycloak.authentication.RequiredActionProvider;
import org.keycloak.models.AuthenticationExecutionModel;
import org.keycloak.models.AuthenticationFlowModel;
import org.keycloak.models.AuthenticatorConfigModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RequiredActionProviderModel;
import org.keycloak.provider.ProviderConfigProperty;
import org.keycloak.provider.ProviderFactory;
import org.keycloak.representations.IDToken;
import org.keycloak.representations.idm.ConfigPropertyRepresentation;
import org.keycloak.services.ErrorResponse;
import org.keycloak.services.resources.admin.RealmAuth;
import org.keycloak.utils.CredentialHelper;

/* loaded from: input_file:WEB-INF/lib/keycloak-services-1.7.0.Final.jar:org/keycloak/services/resources/admin/AuthenticationManagementResource.class */
public class AuthenticationManagementResource {
    private final RealmModel realm;
    private final KeycloakSession session;
    private RealmAuth auth;
    private AdminEventBuilder adminEvent;

    @Context
    private UriInfo uriInfo;
    private static Logger logger = Logger.getLogger((Class<?>) AuthenticationManagementResource.class);

    /* loaded from: input_file:WEB-INF/lib/keycloak-services-1.7.0.Final.jar:org/keycloak/services/resources/admin/AuthenticationManagementResource$AuthenticationExecutionRepresentation.class */
    public static class AuthenticationExecutionRepresentation {
        protected String id;
        protected String requirement;
        protected String displayName;
        protected List<String> requirementChoices;
        protected Boolean configurable;
        protected Boolean authenticationFlow;
        protected String providerId;
        protected String authenticationConfig;
        protected String flowId;
        protected int level;
        protected int index;

        public String getId() {
            return this.id;
        }

        public void setId(String str) {
            this.id = str;
        }

        public String getDisplayName() {
            return this.displayName;
        }

        public void setDisplayName(String str) {
            this.displayName = str;
        }

        public String getRequirement() {
            return this.requirement;
        }

        public void setRequirement(String str) {
            this.requirement = str;
        }

        public List<String> getRequirementChoices() {
            return this.requirementChoices;
        }

        public void setRequirementChoices(List<String> list) {
            this.requirementChoices = list;
        }

        public Boolean getConfigurable() {
            return this.configurable;
        }

        public void setConfigurable(Boolean bool) {
            this.configurable = bool;
        }

        public String getProviderId() {
            return this.providerId;
        }

        public void setProviderId(String str) {
            this.providerId = str;
        }

        public String getAuthenticationConfig() {
            return this.authenticationConfig;
        }

        public void setAuthenticationConfig(String str) {
            this.authenticationConfig = str;
        }

        public Boolean getAuthenticationFlow() {
            return this.authenticationFlow;
        }

        public void setAuthenticationFlow(Boolean bool) {
            this.authenticationFlow = bool;
        }

        public int getLevel() {
            return this.level;
        }

        public void setLevel(int i) {
            this.level = i;
        }

        public int getIndex() {
            return this.index;
        }

        public void setIndex(int i) {
            this.index = i;
        }

        public String getFlowId() {
            return this.flowId;
        }

        public void setFlowId(String str) {
            this.flowId = str;
        }
    }

    /* loaded from: input_file:WEB-INF/lib/keycloak-services-1.7.0.Final.jar:org/keycloak/services/resources/admin/AuthenticationManagementResource$AuthenticatorConfigDescription.class */
    public class AuthenticatorConfigDescription {
        protected String name;
        protected String providerId;
        protected String helpText;
        protected List<ConfigPropertyRepresentation> properties;

        public AuthenticatorConfigDescription() {
        }

        public String getName() {
            return this.name;
        }

        public void setName(String str) {
            this.name = str;
        }

        public String getHelpText() {
            return this.helpText;
        }

        public String getProviderId() {
            return this.providerId;
        }

        public void setProviderId(String str) {
            this.providerId = str;
        }

        public void setHelpText(String str) {
            this.helpText = str;
        }

        public List<ConfigPropertyRepresentation> getProperties() {
            return this.properties;
        }

        public void setProperties(List<ConfigPropertyRepresentation> list) {
            this.properties = list;
        }
    }

    /* loaded from: input_file:WEB-INF/lib/keycloak-services-1.7.0.Final.jar:org/keycloak/services/resources/admin/AuthenticationManagementResource$RequiredActionProviderRepresentation.class */
    public static class RequiredActionProviderRepresentation {
        private String alias;
        private String name;
        private boolean enabled;
        private boolean defaultAction;
        private Map<String, String> config = new HashMap();

        public String getAlias() {
            return this.alias;
        }

        public void setAlias(String str) {
            this.alias = str;
        }

        public String getName() {
            return this.name;
        }

        public void setName(String str) {
            this.name = str;
        }

        public boolean isEnabled() {
            return this.enabled;
        }

        public void setEnabled(boolean z) {
            this.enabled = z;
        }

        public boolean isDefaultAction() {
            return this.defaultAction;
        }

        public void setDefaultAction(boolean z) {
            this.defaultAction = z;
        }

        public Map<String, String> getConfig() {
            return this.config;
        }

        public void setConfig(Map<String, String> map) {
            this.config = map;
        }
    }

    public AuthenticationManagementResource(RealmModel realmModel, KeycloakSession keycloakSession, RealmAuth realmAuth, AdminEventBuilder adminEventBuilder) {
        this.realm = realmModel;
        this.session = keycloakSession;
        this.auth = realmAuth;
        this.auth.init(RealmAuth.Resource.REALM);
        this.adminEvent = adminEventBuilder;
    }

    @GET
    @Path("/form-providers")
    @NoCache
    @Produces({MediaType.APPLICATION_JSON})
    public List<Map<String, Object>> getFormProviders() {
        this.auth.requireView();
        return buildProviderMetadata(this.session.getKeycloakSessionFactory().getProviderFactories(FormAuthenticator.class));
    }

    @GET
    @Path("/authenticator-providers")
    @NoCache
    @Produces({MediaType.APPLICATION_JSON})
    public List<Map<String, Object>> getAuthenticatorProviders() {
        this.auth.requireView();
        return buildProviderMetadata(this.session.getKeycloakSessionFactory().getProviderFactories(Authenticator.class));
    }

    @GET
    @Path("/client-authenticator-providers")
    @NoCache
    @Produces({MediaType.APPLICATION_JSON})
    public List<Map<String, Object>> getClientAuthenticatorProviders() {
        this.auth.requireView();
        return buildProviderMetadata(this.session.getKeycloakSessionFactory().getProviderFactories(ClientAuthenticator.class));
    }

    public List<Map<String, Object>> buildProviderMetadata(List<ProviderFactory> list) {
        LinkedList linkedList = new LinkedList();
        for (ProviderFactory providerFactory : list) {
            HashMap hashMap = new HashMap();
            hashMap.put("id", providerFactory.getId());
            ConfigurableAuthenticatorFactory configurableAuthenticatorFactory = (ConfigurableAuthenticatorFactory) providerFactory;
            hashMap.put("description", configurableAuthenticatorFactory.getHelpText());
            hashMap.put("displayName", configurableAuthenticatorFactory.getDisplayType());
            linkedList.add(hashMap);
        }
        return linkedList;
    }

    @GET
    @Path("/form-action-providers")
    @NoCache
    @Produces({MediaType.APPLICATION_JSON})
    public List<Map<String, Object>> getFormActionProviders() {
        this.auth.requireView();
        return buildProviderMetadata(this.session.getKeycloakSessionFactory().getProviderFactories(FormAction.class));
    }

    @GET
    @Path("/flows")
    @NoCache
    @Produces({MediaType.APPLICATION_JSON})
    public List<AuthenticationFlowModel> getFlows() {
        this.auth.requireView();
        LinkedList linkedList = new LinkedList();
        for (AuthenticationFlowModel authenticationFlowModel : this.realm.getAuthenticationFlows()) {
            if (authenticationFlowModel.isTopLevel()) {
                linkedList.add(authenticationFlowModel);
            }
        }
        return linkedList;
    }

    @Path("/flows")
    @NoCache
    @Consumes({MediaType.APPLICATION_JSON})
    @POST
    public Response createFlow(AuthenticationFlowModel authenticationFlowModel) {
        this.auth.requireManage();
        if (authenticationFlowModel.getAlias() == null || authenticationFlowModel.getAlias().isEmpty()) {
            return ErrorResponse.exists("Failed to create flow with empty alias name");
        }
        if (this.realm.getFlowByAlias(authenticationFlowModel.getAlias()) != null) {
            return ErrorResponse.exists("Flow " + authenticationFlowModel.getAlias() + " already exists");
        }
        this.realm.addAuthenticationFlow(authenticationFlowModel);
        return Response.status(201).build();
    }

    @GET
    @Path("/flows/{id}")
    @NoCache
    @Produces({MediaType.APPLICATION_JSON})
    public AuthenticationFlowModel getFlow(@PathParam("id") String str) {
        this.auth.requireView();
        AuthenticationFlowModel authenticationFlowById = this.realm.getAuthenticationFlowById(str);
        if (authenticationFlowById == null) {
            throw new NotFoundException("Could not find flow with id");
        }
        return authenticationFlowById;
    }

    @Path("/flows/{id}")
    @NoCache
    @DELETE
    public void deleteFlow(@PathParam("id") String str) {
        this.auth.requireView();
        AuthenticationFlowModel authenticationFlowById = this.realm.getAuthenticationFlowById(str);
        if (authenticationFlowById == null) {
            throw new NotFoundException("Could not find flow with id");
        }
        if (authenticationFlowById.isBuiltIn()) {
            throw new BadRequestException("Can't delete built in flow");
        }
        for (AuthenticationExecutionModel authenticationExecutionModel : this.realm.getAuthenticationExecutions(str)) {
            if (authenticationExecutionModel.getFlowId() != null) {
                this.realm.removeAuthenticationFlow(this.realm.getAuthenticationFlowById(authenticationExecutionModel.getFlowId()));
            }
            this.realm.removeAuthenticatorExecution(authenticationExecutionModel);
        }
        this.realm.removeAuthenticationFlow(authenticationFlowById);
    }

    @Path("/flows/{flowAlias}/copy")
    @NoCache
    @Consumes({MediaType.APPLICATION_JSON})
    @POST
    public Response copy(@PathParam("flowAlias") String str, Map<String, String> map) {
        this.auth.requireManage();
        String str2 = map.get("newName");
        if (this.realm.getFlowByAlias(str2) != null) {
            return Response.status(Response.Status.CONFLICT).build();
        }
        AuthenticationFlowModel flowByAlias = this.realm.getFlowByAlias(str);
        if (flowByAlias == null) {
            logger.debug("flow not found: " + str);
            return Response.status(Response.Status.NOT_FOUND).build();
        }
        AuthenticationFlowModel authenticationFlowModel = new AuthenticationFlowModel();
        authenticationFlowModel.setAlias(str2);
        authenticationFlowModel.setDescription(flowByAlias.getDescription());
        authenticationFlowModel.setProviderId(flowByAlias.getProviderId());
        authenticationFlowModel.setBuiltIn(false);
        authenticationFlowModel.setTopLevel(flowByAlias.isTopLevel());
        copy(str2, flowByAlias, this.realm.addAuthenticationFlow(authenticationFlowModel));
        return Response.status(201).build();
    }

    protected void copy(String str, AuthenticationFlowModel authenticationFlowModel, AuthenticationFlowModel authenticationFlowModel2) {
        for (AuthenticationExecutionModel authenticationExecutionModel : this.realm.getAuthenticationExecutions(authenticationFlowModel.getId())) {
            if (authenticationExecutionModel.isAuthenticatorFlow()) {
                AuthenticationFlowModel authenticationFlowById = this.realm.getAuthenticationFlowById(authenticationExecutionModel.getFlowId());
                AuthenticationFlowModel authenticationFlowModel3 = new AuthenticationFlowModel();
                authenticationFlowModel3.setAlias(str + " " + authenticationFlowById.getAlias());
                authenticationFlowModel3.setDescription(authenticationFlowById.getDescription());
                authenticationFlowModel3.setProviderId(authenticationFlowById.getProviderId());
                authenticationFlowModel3.setBuiltIn(false);
                authenticationFlowModel3.setTopLevel(false);
                AuthenticationFlowModel addAuthenticationFlow = this.realm.addAuthenticationFlow(authenticationFlowModel3);
                authenticationExecutionModel.setFlowId(addAuthenticationFlow.getId());
                copy(str, authenticationFlowById, addAuthenticationFlow);
            }
            authenticationExecutionModel.setId(null);
            authenticationExecutionModel.setParentFlow(authenticationFlowModel2.getId());
            this.realm.addAuthenticatorExecution(authenticationExecutionModel);
        }
    }

    @Path("/flows/{flowAlias}/executions/flow")
    @NoCache
    @Consumes({MediaType.APPLICATION_JSON})
    @POST
    public void addExecutionFlow(@PathParam("flowAlias") String str, Map<String, String> map) {
        this.auth.requireManage();
        AuthenticationFlowModel flowByAlias = this.realm.getFlowByAlias(str);
        if (flowByAlias == null) {
            throw new BadRequestException("Parent flow doesn't exists");
        }
        String str2 = map.get("alias");
        String str3 = map.get(EnumType.TYPE);
        String str4 = map.get("provider");
        String str5 = map.get("description");
        if (this.realm.getFlowByAlias(str2) != null) {
            throw new BadRequestException("New flow alias name already exists");
        }
        AuthenticationFlowModel authenticationFlowModel = new AuthenticationFlowModel();
        authenticationFlowModel.setAlias(str2);
        authenticationFlowModel.setDescription(str5);
        authenticationFlowModel.setProviderId(str3);
        AuthenticationFlowModel addAuthenticationFlow = this.realm.addAuthenticationFlow(authenticationFlowModel);
        AuthenticationExecutionModel authenticationExecutionModel = new AuthenticationExecutionModel();
        authenticationExecutionModel.setParentFlow(flowByAlias.getId());
        authenticationExecutionModel.setFlowId(addAuthenticationFlow.getId());
        authenticationExecutionModel.setRequirement(AuthenticationExecutionModel.Requirement.DISABLED);
        authenticationExecutionModel.setAuthenticatorFlow(true);
        authenticationExecutionModel.setAuthenticator(str4);
        authenticationExecutionModel.setPriority(getNextPriority(flowByAlias));
        this.realm.addAuthenticatorExecution(authenticationExecutionModel);
    }

    private int getNextPriority(AuthenticationFlowModel authenticationFlowModel) {
        List<AuthenticationExecutionModel> sortedExecutions = getSortedExecutions(authenticationFlowModel);
        if (sortedExecutions.isEmpty()) {
            return 0;
        }
        return sortedExecutions.get(sortedExecutions.size() - 1).getPriority() + 1;
    }

    @Path("/flows/{flowAlias}/executions/execution")
    @NoCache
    @Consumes({MediaType.APPLICATION_JSON})
    @POST
    public void addExecution(@PathParam("flowAlias") String str, Map<String, String> map) {
        this.auth.requireManage();
        AuthenticationFlowModel flowByAlias = this.realm.getFlowByAlias(str);
        if (flowByAlias == null) {
            throw new BadRequestException("Parent flow doesn't exists");
        }
        String str2 = map.get("provider");
        AuthenticationExecutionModel authenticationExecutionModel = new AuthenticationExecutionModel();
        authenticationExecutionModel.setParentFlow(flowByAlias.getId());
        authenticationExecutionModel.setRequirement(AuthenticationExecutionModel.Requirement.DISABLED);
        authenticationExecutionModel.setAuthenticatorFlow(false);
        authenticationExecutionModel.setAuthenticator(str2);
        authenticationExecutionModel.setPriority(getNextPriority(flowByAlias));
        this.realm.addAuthenticatorExecution(authenticationExecutionModel);
    }

    @GET
    @Path("/flows/{flowAlias}/executions")
    @NoCache
    @Produces({MediaType.APPLICATION_JSON})
    public Response getExecutions(@PathParam("flowAlias") String str) {
        this.auth.requireView();
        AuthenticationFlowModel flowByAlias = this.realm.getFlowByAlias(str);
        if (flowByAlias == null) {
            logger.debug("flow not found: " + str);
            return Response.status(Response.Status.NOT_FOUND).build();
        }
        LinkedList linkedList = new LinkedList();
        recurseExecutions(flowByAlias, linkedList, 0);
        return Response.ok(linkedList).build();
    }

    public void recurseExecutions(AuthenticationFlowModel authenticationFlowModel, List<AuthenticationExecutionRepresentation> list, int i) {
        int i2 = 0;
        for (AuthenticationExecutionModel authenticationExecutionModel : this.realm.getAuthenticationExecutions(authenticationFlowModel.getId())) {
            AuthenticationExecutionRepresentation authenticationExecutionRepresentation = new AuthenticationExecutionRepresentation();
            authenticationExecutionRepresentation.setLevel(i);
            int i3 = i2;
            i2++;
            authenticationExecutionRepresentation.setIndex(i3);
            authenticationExecutionRepresentation.setRequirementChoices(new LinkedList());
            if (authenticationExecutionModel.isAuthenticatorFlow()) {
                AuthenticationFlowModel authenticationFlowById = this.realm.getAuthenticationFlowById(authenticationExecutionModel.getFlowId());
                if (AuthenticationFlow.BASIC_FLOW.equals(authenticationFlowById.getProviderId())) {
                    authenticationExecutionRepresentation.getRequirementChoices().add(AuthenticationExecutionModel.Requirement.ALTERNATIVE.name());
                    authenticationExecutionRepresentation.getRequirementChoices().add(AuthenticationExecutionModel.Requirement.REQUIRED.name());
                    authenticationExecutionRepresentation.getRequirementChoices().add(AuthenticationExecutionModel.Requirement.DISABLED.name());
                } else if (AuthenticationFlow.FORM_FLOW.equals(authenticationFlowById.getProviderId())) {
                    authenticationExecutionRepresentation.getRequirementChoices().add(AuthenticationExecutionModel.Requirement.REQUIRED.name());
                    authenticationExecutionRepresentation.getRequirementChoices().add(AuthenticationExecutionModel.Requirement.DISABLED.name());
                    authenticationExecutionRepresentation.setProviderId(authenticationExecutionModel.getAuthenticator());
                    authenticationExecutionRepresentation.setAuthenticationConfig(authenticationExecutionModel.getAuthenticatorConfig());
                } else if (AuthenticationFlow.CLIENT_FLOW.equals(authenticationFlowById.getProviderId())) {
                    authenticationExecutionRepresentation.getRequirementChoices().add(AuthenticationExecutionModel.Requirement.ALTERNATIVE.name());
                    authenticationExecutionRepresentation.getRequirementChoices().add(AuthenticationExecutionModel.Requirement.REQUIRED.name());
                    authenticationExecutionRepresentation.getRequirementChoices().add(AuthenticationExecutionModel.Requirement.DISABLED.name());
                }
                authenticationExecutionRepresentation.setDisplayName(authenticationFlowById.getAlias());
                authenticationExecutionRepresentation.setConfigurable(false);
                authenticationExecutionRepresentation.setId(authenticationExecutionModel.getId());
                authenticationExecutionRepresentation.setAuthenticationFlow(Boolean.valueOf(authenticationExecutionModel.isAuthenticatorFlow()));
                authenticationExecutionRepresentation.setRequirement(authenticationExecutionModel.getRequirement().name());
                authenticationExecutionRepresentation.setFlowId(authenticationExecutionModel.getFlowId());
                list.add(authenticationExecutionRepresentation);
                recurseExecutions(this.realm.getAuthenticationFlowById(authenticationExecutionModel.getFlowId()), list, i + 1);
            } else {
                ConfigurableAuthenticatorFactory configurableAuthenticatorFactory = CredentialHelper.getConfigurableAuthenticatorFactory(this.session, authenticationExecutionModel.getAuthenticator());
                authenticationExecutionRepresentation.setDisplayName(configurableAuthenticatorFactory.getDisplayType());
                authenticationExecutionRepresentation.setConfigurable(Boolean.valueOf(configurableAuthenticatorFactory.isConfigurable()));
                for (AuthenticationExecutionModel.Requirement requirement : configurableAuthenticatorFactory.getRequirementChoices()) {
                    authenticationExecutionRepresentation.getRequirementChoices().add(requirement.name());
                }
                authenticationExecutionRepresentation.setId(authenticationExecutionModel.getId());
                authenticationExecutionRepresentation.setRequirement(authenticationExecutionModel.getRequirement().name());
                authenticationExecutionRepresentation.setProviderId(authenticationExecutionModel.getAuthenticator());
                authenticationExecutionRepresentation.setAuthenticationConfig(authenticationExecutionModel.getAuthenticatorConfig());
                list.add(authenticationExecutionRepresentation);
            }
        }
    }

    @Path("/flows/{flowAlias}/executions")
    @NoCache
    @Consumes({MediaType.APPLICATION_JSON})
    @PUT
    public void updateExecutions(@PathParam("flowAlias") String str, AuthenticationExecutionRepresentation authenticationExecutionRepresentation) {
        this.auth.requireManage();
        if (this.realm.getFlowByAlias(str) == null) {
            logger.debug("flow not found: " + str);
            throw new NotFoundException("flow not found");
        }
        AuthenticationExecutionModel authenticationExecutionById = this.realm.getAuthenticationExecutionById(authenticationExecutionRepresentation.getId());
        if (authenticationExecutionById == null) {
            this.session.getTransaction().setRollbackOnly();
            throw new NotFoundException("Illegal execution");
        }
        if (authenticationExecutionById.getRequirement().name().equals(authenticationExecutionRepresentation.getRequirement())) {
            return;
        }
        authenticationExecutionById.setRequirement(AuthenticationExecutionModel.Requirement.valueOf(authenticationExecutionRepresentation.getRequirement()));
        this.realm.updateAuthenticatorExecution(authenticationExecutionById);
    }

    @Path("/executions")
    @NoCache
    @Consumes({MediaType.APPLICATION_JSON})
    @POST
    public Response addExecution(AuthenticationExecutionModel authenticationExecutionModel) {
        this.auth.requireManage();
        AuthenticationFlowModel parentFlow = getParentFlow(authenticationExecutionModel);
        if (parentFlow.isBuiltIn()) {
            throw new BadRequestException("It is illegal to add execution to a built in flow");
        }
        authenticationExecutionModel.setPriority(getNextPriority(parentFlow));
        return Response.created(this.uriInfo.getAbsolutePathBuilder().path(this.realm.addAuthenticatorExecution(authenticationExecutionModel).getId()).build(new Object[0])).build();
    }

    public AuthenticationFlowModel getParentFlow(AuthenticationExecutionModel authenticationExecutionModel) {
        if (authenticationExecutionModel.getParentFlow() == null) {
            throw new BadRequestException("parent flow not set on new execution");
        }
        AuthenticationFlowModel authenticationFlowById = this.realm.getAuthenticationFlowById(authenticationExecutionModel.getParentFlow());
        if (authenticationFlowById == null) {
            throw new BadRequestException("execution parent flow does not exist");
        }
        return authenticationFlowById;
    }

    @POST
    @Path("/executions/{executionId}/raise-priority")
    @NoCache
    public void raisePriority(@PathParam("executionId") String str) {
        this.auth.requireManage();
        AuthenticationExecutionModel authenticationExecutionById = this.realm.getAuthenticationExecutionById(str);
        if (authenticationExecutionById == null) {
            this.session.getTransaction().setRollbackOnly();
            throw new NotFoundException("Illegal execution");
        }
        AuthenticationFlowModel parentFlow = getParentFlow(authenticationExecutionById);
        if (parentFlow.isBuiltIn()) {
            throw new BadRequestException("It is illegal to modify execution in a built in flow");
        }
        AuthenticationExecutionModel authenticationExecutionModel = null;
        for (AuthenticationExecutionModel authenticationExecutionModel2 : getSortedExecutions(parentFlow)) {
            if (authenticationExecutionModel2.getId().equals(authenticationExecutionById.getId())) {
                break;
            } else {
                authenticationExecutionModel = authenticationExecutionModel2;
            }
        }
        if (authenticationExecutionModel == null) {
            return;
        }
        int priority = authenticationExecutionModel.getPriority();
        authenticationExecutionModel.setPriority(authenticationExecutionById.getPriority());
        this.realm.updateAuthenticatorExecution(authenticationExecutionModel);
        authenticationExecutionById.setPriority(priority);
        this.realm.updateAuthenticatorExecution(authenticationExecutionById);
    }

    public List<AuthenticationExecutionModel> getSortedExecutions(AuthenticationFlowModel authenticationFlowModel) {
        List<AuthenticationExecutionModel> authenticationExecutions = this.realm.getAuthenticationExecutions(authenticationFlowModel.getId());
        Collections.sort(authenticationExecutions, AuthenticationExecutionModel.ExecutionComparator.SINGLETON);
        return authenticationExecutions;
    }

    @POST
    @Path("/executions/{executionId}/lower-priority")
    @NoCache
    public void lowerPriority(@PathParam("executionId") String str) {
        this.auth.requireManage();
        AuthenticationExecutionModel authenticationExecutionById = this.realm.getAuthenticationExecutionById(str);
        if (authenticationExecutionById == null) {
            this.session.getTransaction().setRollbackOnly();
            throw new NotFoundException("Illegal execution");
        }
        AuthenticationFlowModel parentFlow = getParentFlow(authenticationExecutionById);
        if (parentFlow.isBuiltIn()) {
            throw new BadRequestException("It is illegal to modify execution in a built in flow");
        }
        List<AuthenticationExecutionModel> sortedExecutions = getSortedExecutions(parentFlow);
        int i = 0;
        while (i < sortedExecutions.size() && !sortedExecutions.get(i).getId().equals(authenticationExecutionById.getId())) {
            i++;
        }
        if (i + 1 >= sortedExecutions.size()) {
            return;
        }
        AuthenticationExecutionModel authenticationExecutionModel = sortedExecutions.get(i + 1);
        int priority = authenticationExecutionById.getPriority();
        authenticationExecutionById.setPriority(authenticationExecutionModel.getPriority());
        this.realm.updateAuthenticatorExecution(authenticationExecutionById);
        authenticationExecutionModel.setPriority(priority);
        this.realm.updateAuthenticatorExecution(authenticationExecutionModel);
    }

    @Path("/executions/{executionId}")
    @NoCache
    @DELETE
    public void removeExecution(@PathParam("executionId") String str) {
        this.auth.requireManage();
        AuthenticationExecutionModel authenticationExecutionById = this.realm.getAuthenticationExecutionById(str);
        if (authenticationExecutionById == null) {
            this.session.getTransaction().setRollbackOnly();
            throw new NotFoundException("Illegal execution");
        }
        if (getParentFlow(authenticationExecutionById).isBuiltIn()) {
            throw new BadRequestException("It is illegal to remove execution from a built in flow");
        }
        if (authenticationExecutionById.getFlowId() != null) {
            this.realm.removeAuthenticationFlow(this.realm.getAuthenticationFlowById(authenticationExecutionById.getFlowId()));
        }
        this.realm.removeAuthenticatorExecution(authenticationExecutionById);
    }

    @Path("/executions/{executionId}/config")
    @NoCache
    @Consumes({MediaType.APPLICATION_JSON})
    @POST
    public Response newExecutionConfig(@PathParam("executionId") String str, AuthenticatorConfigModel authenticatorConfigModel) {
        this.auth.requireManage();
        AuthenticationExecutionModel authenticationExecutionById = this.realm.getAuthenticationExecutionById(str);
        if (authenticationExecutionById == null) {
            this.session.getTransaction().setRollbackOnly();
            throw new NotFoundException("Illegal execution");
        }
        AuthenticatorConfigModel addAuthenticatorConfig = this.realm.addAuthenticatorConfig(authenticatorConfigModel);
        authenticationExecutionById.setAuthenticatorConfig(addAuthenticatorConfig.getId());
        this.realm.updateAuthenticatorExecution(authenticationExecutionById);
        return Response.created(this.uriInfo.getAbsolutePathBuilder().path(addAuthenticatorConfig.getId()).build(new Object[0])).build();
    }

    @GET
    @Path("/executions/{executionId}/config/{id}")
    @NoCache
    @Produces({MediaType.APPLICATION_JSON})
    public AuthenticatorConfigModel getAuthenticatorConfig(@PathParam("executionId") String str, @PathParam("id") String str2) {
        this.auth.requireView();
        AuthenticatorConfigModel authenticatorConfigById = this.realm.getAuthenticatorConfigById(str2);
        if (authenticatorConfigById == null) {
            throw new NotFoundException("Could not find authenticator config");
        }
        return authenticatorConfigById;
    }

    @GET
    @Path("unregistered-required-actions")
    @NoCache
    @Produces({MediaType.APPLICATION_JSON})
    public List<Map<String, String>> getUnregisteredRequiredActions() {
        List<ProviderFactory> providerFactories = this.session.getKeycloakSessionFactory().getProviderFactories(RequiredActionProvider.class);
        LinkedList linkedList = new LinkedList();
        for (ProviderFactory providerFactory : providerFactories) {
            RequiredActionFactory requiredActionFactory = (RequiredActionFactory) providerFactory;
            boolean z = false;
            Iterator<RequiredActionProviderModel> it = this.realm.getRequiredActionProviders().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                if (it.next().getProviderId().equals(providerFactory.getId())) {
                    z = true;
                    break;
                }
            }
            if (!z) {
                HashMap hashMap = new HashMap();
                hashMap.put(IDToken.NAME, requiredActionFactory.getDisplayText());
                hashMap.put("providerId", requiredActionFactory.getId());
                linkedList.add(hashMap);
            }
        }
        return linkedList;
    }

    @Path("register-required-action")
    @NoCache
    @Consumes({MediaType.APPLICATION_JSON})
    @POST
    public void registereRequiredAction(Map<String, String> map) {
        String str = map.get("providerId");
        String str2 = map.get(IDToken.NAME);
        RequiredActionProviderModel requiredActionProviderModel = new RequiredActionProviderModel();
        requiredActionProviderModel.setAlias(str);
        requiredActionProviderModel.setName(str2);
        requiredActionProviderModel.setProviderId(str);
        requiredActionProviderModel.setDefaultAction(false);
        requiredActionProviderModel.setEnabled(true);
        this.realm.addRequiredActionProvider(requiredActionProviderModel);
    }

    @GET
    @Path("required-actions")
    @NoCache
    @Produces({MediaType.APPLICATION_JSON})
    public List<RequiredActionProviderRepresentation> getRequiredActions() {
        LinkedList linkedList = new LinkedList();
        Iterator<RequiredActionProviderModel> it = this.realm.getRequiredActionProviders().iterator();
        while (it.hasNext()) {
            linkedList.add(toRepresentation(it.next()));
        }
        return linkedList;
    }

    public static RequiredActionProviderRepresentation toRepresentation(RequiredActionProviderModel requiredActionProviderModel) {
        RequiredActionProviderRepresentation requiredActionProviderRepresentation = new RequiredActionProviderRepresentation();
        requiredActionProviderRepresentation.setAlias(requiredActionProviderModel.getAlias());
        requiredActionProviderRepresentation.setName(requiredActionProviderModel.getName());
        requiredActionProviderRepresentation.setDefaultAction(requiredActionProviderModel.isDefaultAction());
        requiredActionProviderRepresentation.setEnabled(requiredActionProviderModel.isEnabled());
        requiredActionProviderRepresentation.setConfig(requiredActionProviderModel.getConfig());
        return requiredActionProviderRepresentation;
    }

    @GET
    @Path("required-actions/{alias}")
    @NoCache
    @Produces({MediaType.APPLICATION_JSON})
    public RequiredActionProviderRepresentation getRequiredAction(@PathParam("alias") String str) {
        RequiredActionProviderModel requiredActionProviderByAlias = this.realm.getRequiredActionProviderByAlias(str);
        if (requiredActionProviderByAlias == null) {
            throw new NotFoundException("Failed to find required action");
        }
        return toRepresentation(requiredActionProviderByAlias);
    }

    @Path("required-actions/{alias}")
    @PUT
    @Consumes({MediaType.APPLICATION_JSON})
    public void updateRequiredAction(@PathParam("alias") String str, RequiredActionProviderRepresentation requiredActionProviderRepresentation) {
        this.auth.requireManage();
        RequiredActionProviderModel requiredActionProviderByAlias = this.realm.getRequiredActionProviderByAlias(str);
        if (requiredActionProviderByAlias == null) {
            throw new NotFoundException("Failed to find required action");
        }
        RequiredActionProviderModel requiredActionProviderModel = new RequiredActionProviderModel();
        requiredActionProviderModel.setId(requiredActionProviderByAlias.getId());
        requiredActionProviderModel.setName(requiredActionProviderRepresentation.getName());
        requiredActionProviderModel.setAlias(requiredActionProviderRepresentation.getAlias());
        requiredActionProviderModel.setProviderId(requiredActionProviderByAlias.getProviderId());
        requiredActionProviderModel.setDefaultAction(requiredActionProviderRepresentation.isDefaultAction());
        requiredActionProviderModel.setEnabled(requiredActionProviderRepresentation.isEnabled());
        requiredActionProviderModel.setConfig(requiredActionProviderRepresentation.getConfig());
        this.realm.updateRequiredActionProvider(requiredActionProviderModel);
    }

    @Path("required-actions/{alias}")
    @DELETE
    public void updateRequiredAction(@PathParam("alias") String str) {
        this.auth.requireManage();
        RequiredActionProviderModel requiredActionProviderByAlias = this.realm.getRequiredActionProviderByAlias(str);
        if (requiredActionProviderByAlias == null) {
            throw new NotFoundException("Failed to find required action.");
        }
        this.realm.removeRequiredActionProvider(requiredActionProviderByAlias);
    }

    @GET
    @Path("config-description/{providerId}")
    @NoCache
    @Produces({MediaType.APPLICATION_JSON})
    public AuthenticatorConfigDescription getAuthenticatorConfigDescription(@PathParam("providerId") String str) {
        this.auth.requireView();
        ConfigurableAuthenticatorFactory configurableAuthenticatorFactory = CredentialHelper.getConfigurableAuthenticatorFactory(this.session, str);
        if (configurableAuthenticatorFactory == null) {
            throw new NotFoundException("Could not find authenticator provider");
        }
        AuthenticatorConfigDescription authenticatorConfigDescription = new AuthenticatorConfigDescription();
        authenticatorConfigDescription.setProviderId(str);
        authenticatorConfigDescription.setName(configurableAuthenticatorFactory.getDisplayType());
        authenticatorConfigDescription.setHelpText(configurableAuthenticatorFactory.getHelpText());
        authenticatorConfigDescription.setProperties(new LinkedList());
        Iterator<ProviderConfigProperty> it = configurableAuthenticatorFactory.getConfigProperties().iterator();
        while (it.hasNext()) {
            authenticatorConfigDescription.getProperties().add(getConfigPropertyRep(it.next()));
        }
        return authenticatorConfigDescription;
    }

    private ConfigPropertyRepresentation getConfigPropertyRep(ProviderConfigProperty providerConfigProperty) {
        ConfigPropertyRepresentation configPropertyRepresentation = new ConfigPropertyRepresentation();
        configPropertyRepresentation.setName(providerConfigProperty.getName());
        configPropertyRepresentation.setLabel(providerConfigProperty.getLabel());
        configPropertyRepresentation.setType(providerConfigProperty.getType());
        configPropertyRepresentation.setDefaultValue(providerConfigProperty.getDefaultValue());
        configPropertyRepresentation.setHelpText(providerConfigProperty.getHelpText());
        return configPropertyRepresentation;
    }

    @GET
    @Path("per-client-config-description")
    @NoCache
    @Produces({MediaType.APPLICATION_JSON})
    public Map<String, List<ConfigPropertyRepresentation>> getPerClientConfigDescription() {
        this.auth.requireView();
        List<ProviderFactory> providerFactories = this.session.getKeycloakSessionFactory().getProviderFactories(ClientAuthenticator.class);
        HashMap hashMap = new HashMap();
        Iterator<ProviderFactory> it = providerFactories.iterator();
        while (it.hasNext()) {
            String id = it.next().getId();
            List<ProviderConfigProperty> configPropertiesPerClient = ((ClientAuthenticatorFactory) CredentialHelper.getConfigurableAuthenticatorFactory(this.session, id)).getConfigPropertiesPerClient();
            LinkedList linkedList = new LinkedList();
            Iterator<ProviderConfigProperty> it2 = configPropertiesPerClient.iterator();
            while (it2.hasNext()) {
                linkedList.add(getConfigPropertyRep(it2.next()));
            }
            hashMap.put(id, linkedList);
        }
        return hashMap;
    }

    @POST
    @Path("config")
    @NoCache
    public Response createAuthenticatorConfig(AuthenticatorConfigModel authenticatorConfigModel) {
        this.auth.requireManage();
        return Response.created(this.uriInfo.getAbsolutePathBuilder().path(this.realm.addAuthenticatorConfig(authenticatorConfigModel).getId()).build(new Object[0])).build();
    }

    @GET
    @Path("config/{id}")
    @NoCache
    @Produces({MediaType.APPLICATION_JSON})
    public AuthenticatorConfigModel getAuthenticatorConfig(@PathParam("id") String str) {
        this.auth.requireView();
        AuthenticatorConfigModel authenticatorConfigById = this.realm.getAuthenticatorConfigById(str);
        if (authenticatorConfigById == null) {
            throw new NotFoundException("Could not find authenticator config");
        }
        return authenticatorConfigById;
    }

    @Path("config/{id}")
    @NoCache
    @DELETE
    public void removeAuthenticatorConfig(@PathParam("id") String str) {
        this.auth.requireManage();
        AuthenticatorConfigModel authenticatorConfigById = this.realm.getAuthenticatorConfigById(str);
        if (authenticatorConfigById == null) {
            throw new NotFoundException("Could not find authenticator config");
        }
        new LinkedList();
        Iterator<AuthenticationFlowModel> it = this.realm.getAuthenticationFlows().iterator();
        while (it.hasNext()) {
            for (AuthenticationExecutionModel authenticationExecutionModel : this.realm.getAuthenticationExecutions(it.next().getId())) {
                if (str.equals(authenticationExecutionModel.getAuthenticatorConfig())) {
                    authenticationExecutionModel.setAuthenticatorConfig(null);
                    this.realm.updateAuthenticatorExecution(authenticationExecutionModel);
                }
            }
        }
        this.realm.removeAuthenticatorConfig(authenticatorConfigById);
    }

    @Path("config/{id}")
    @NoCache
    @Consumes({MediaType.APPLICATION_JSON})
    @PUT
    public void updateAuthenticatorConfig(@PathParam("id") String str, AuthenticatorConfigModel authenticatorConfigModel) {
        this.auth.requireManage();
        AuthenticatorConfigModel authenticatorConfigById = this.realm.getAuthenticatorConfigById(str);
        if (authenticatorConfigById == null) {
            throw new NotFoundException("Could not find authenticator config");
        }
        authenticatorConfigById.setAlias(authenticatorConfigModel.getAlias());
        authenticatorConfigById.setConfig(authenticatorConfigModel.getConfig());
        this.realm.updateAuthenticatorConfig(authenticatorConfigById);
    }
}
