package org.keycloak.services.resources.admin;

import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
import javax.ws.rs.GET;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriInfo;
import org.jboss.logging.Logger;
import org.jboss.resteasy.annotations.cache.NoCache;
import org.keycloak.broker.provider.IdentityProvider;
import org.keycloak.broker.provider.IdentityProviderFactory;
import org.keycloak.exportimport.ExportImportConfig;
import org.keycloak.models.ClientIdentityProviderMappingModel;
import org.keycloak.models.ClientModel;
import org.keycloak.models.FederatedIdentityModel;
import org.keycloak.models.IdentityProviderModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.ModelDuplicateException;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.utils.ModelToRepresentation;
import org.keycloak.models.utils.RepresentationToModel;
import org.keycloak.provider.ProviderFactory;
import org.keycloak.representations.idm.IdentityProviderRepresentation;
import org.keycloak.services.resources.flows.Flows;
import org.keycloak.social.SocialIdentityProvider;

/* loaded from: input_file:WEB-INF/lib/keycloak-services-1.2.0.Beta1.jar:org/keycloak/services/resources/admin/IdentityProviderResource.class */
public class IdentityProviderResource {
    private static Logger logger = Logger.getLogger((Class<?>) IdentityProviderResource.class);
    private final RealmAuth auth;
    private final RealmModel realm;
    private final KeycloakSession session;
    private final IdentityProviderModel identityProviderModel;

    public IdentityProviderResource(RealmAuth realmAuth, RealmModel realmModel, KeycloakSession keycloakSession, IdentityProviderModel identityProviderModel) {
        this.realm = realmModel;
        this.session = keycloakSession;
        this.identityProviderModel = identityProviderModel;
        this.auth = realmAuth;
    }

    @GET
    @Produces({MediaType.APPLICATION_JSON})
    @NoCache
    public IdentityProviderRepresentation getIdentityProvider() {
        return ModelToRepresentation.toRepresentation(this.identityProviderModel);
    }

    @NoCache
    @DELETE
    public Response delete() {
        this.auth.requireManage();
        removeClientIdentityProviders(this.realm.getApplications(), this.identityProviderModel);
        removeClientIdentityProviders(this.realm.getOAuthClients(), this.identityProviderModel);
        this.realm.removeIdentityProviderByAlias(this.identityProviderModel.getAlias());
        return Response.noContent().build();
    }

    @PUT
    @Consumes({MediaType.APPLICATION_JSON})
    public Response update(IdentityProviderRepresentation identityProviderRepresentation) {
        try {
            this.auth.requireManage();
            String internalId = identityProviderRepresentation.getInternalId();
            String alias = identityProviderRepresentation.getAlias();
            String providerIdByInternalId = getProviderIdByInternalId(this.realm, internalId);
            this.realm.updateIdentityProvider(RepresentationToModel.toModel(identityProviderRepresentation));
            if (providerIdByInternalId != null && !providerIdByInternalId.equals(alias)) {
                logger.debug("Changing providerId in all clients and linked users. oldProviderId=" + providerIdByInternalId + ", newProviderId=" + alias);
                updateClientsAfterProviderAliasChange(this.realm.getApplications(), providerIdByInternalId, alias);
                updateClientsAfterProviderAliasChange(this.realm.getOAuthClients(), providerIdByInternalId, alias);
                updateUsersAfterProviderAliasChange(this.session.users().getUsers(this.realm), providerIdByInternalId, alias);
            }
            return Response.noContent().build();
        } catch (ModelDuplicateException e) {
            return Flows.errors().exists("Identity Provider " + identityProviderRepresentation.getAlias() + " already exists");
        }
    }

    private String getProviderIdByInternalId(RealmModel realmModel, String str) {
        for (IdentityProviderModel identityProviderModel : realmModel.getIdentityProviders()) {
            if (identityProviderModel.getInternalId().equals(str)) {
                return identityProviderModel.getAlias();
            }
        }
        return null;
    }

    private void updateClientsAfterProviderAliasChange(List<? extends ClientModel> list, String str, String str2) {
        for (ClientModel clientModel : list) {
            List<ClientIdentityProviderMappingModel> identityProviders = clientModel.getIdentityProviders();
            boolean z = true;
            Iterator<ClientIdentityProviderMappingModel> it = identityProviders.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                ClientIdentityProviderMappingModel next = it.next();
                if (next.getIdentityProvider().equals(str)) {
                    next.setIdentityProvider(str2);
                    z = true;
                    break;
                }
            }
            if (z) {
                clientModel.updateIdentityProviders(identityProviders);
            }
        }
    }

    private void updateUsersAfterProviderAliasChange(List<UserModel> list, String str, String str2) {
        for (UserModel userModel : list) {
            FederatedIdentityModel federatedIdentity = this.session.users().getFederatedIdentity(userModel, str, this.realm);
            if (federatedIdentity != null) {
                this.session.users().removeFederatedIdentity(this.realm, userModel, str);
                this.session.users().addFederatedIdentity(this.realm, userModel, new FederatedIdentityModel(str2, federatedIdentity.getUserId(), federatedIdentity.getUserName(), federatedIdentity.getToken()));
            }
        }
    }

    private IdentityProviderFactory getIdentityProviderFactory() {
        ArrayList<ProviderFactory> arrayList = new ArrayList();
        arrayList.addAll(this.session.getKeycloakSessionFactory().getProviderFactories(IdentityProvider.class));
        arrayList.addAll(this.session.getKeycloakSessionFactory().getProviderFactories(SocialIdentityProvider.class));
        for (ProviderFactory providerFactory : arrayList) {
            if (providerFactory.getId().equals(this.identityProviderModel.getProviderId())) {
                return (IdentityProviderFactory) providerFactory;
            }
        }
        return null;
    }

    @GET
    @Path(ExportImportConfig.ACTION_EXPORT)
    public Response export(@Context UriInfo uriInfo, @QueryParam("format") String str) {
        try {
            this.auth.requireView();
            return getIdentityProviderFactory().create(this.identityProviderModel).export(uriInfo, this.realm, str);
        } catch (Exception e) {
            return Flows.errors().error("Could not export public broker configuration for identity provider [" + this.identityProviderModel.getProviderId() + "].", Response.Status.NOT_FOUND);
        }
    }

    private void removeClientIdentityProviders(List<? extends ClientModel> list, IdentityProviderModel identityProviderModel) {
        for (ClientModel clientModel : list) {
            List<ClientIdentityProviderMappingModel> identityProviders = clientModel.getIdentityProviders();
            Iterator it = new ArrayList(identityProviders).iterator();
            while (true) {
                if (it.hasNext()) {
                    ClientIdentityProviderMappingModel clientIdentityProviderMappingModel = (ClientIdentityProviderMappingModel) it.next();
                    if (clientIdentityProviderMappingModel.getIdentityProvider().equals(identityProviderModel.getAlias())) {
                        identityProviders.remove(clientIdentityProviderMappingModel);
                        clientModel.updateIdentityProviders(identityProviders);
                        break;
                    }
                }
            }
        }
    }
}
