package org.keycloak.services.resources.admin;

import com.fasterxml.jackson.core.type.TypeReference;
import jakarta.ws.rs.BadRequestException;
import jakarta.ws.rs.Consumes;
import jakarta.ws.rs.DELETE;
import jakarta.ws.rs.DefaultValue;
import jakarta.ws.rs.FormParam;
import jakarta.ws.rs.GET;
import jakarta.ws.rs.NotFoundException;
import jakarta.ws.rs.POST;
import jakarta.ws.rs.PUT;
import jakarta.ws.rs.Path;
import jakarta.ws.rs.PathParam;
import jakarta.ws.rs.Produces;
import jakarta.ws.rs.QueryParam;
import jakarta.ws.rs.core.HttpHeaders;
import jakarta.ws.rs.core.Response;
import jakarta.ws.rs.core.UriInfo;
import java.io.InputStream;
import java.text.ParseException;
import java.text.SimpleDateFormat;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.eclipse.microprofile.openapi.annotations.Operation;
import org.eclipse.microprofile.openapi.annotations.extensions.Extension;
import org.eclipse.microprofile.openapi.annotations.parameters.Parameter;
import org.eclipse.microprofile.openapi.annotations.tags.Tag;
import org.jboss.logging.Logger;
import org.jboss.resteasy.reactive.NoCache;
import org.keycloak.Config;
import org.keycloak.KeyPairVerifier;
import org.keycloak.authentication.CredentialRegistrator;
import org.keycloak.authentication.RequiredActionProvider;
import org.keycloak.client.clienttype.ClientTypeManager;
import org.keycloak.common.ClientConnection;
import org.keycloak.common.Profile;
import org.keycloak.common.VerificationException;
import org.keycloak.common.util.PemUtils;
import org.keycloak.email.EmailTemplateProvider;
import org.keycloak.events.EventQuery;
import org.keycloak.events.EventStoreProvider;
import org.keycloak.events.EventType;
import org.keycloak.events.admin.AdminEventQuery;
import org.keycloak.events.admin.OperationType;
import org.keycloak.events.admin.ResourceType;
import org.keycloak.exportimport.ClientDescriptionConverter;
import org.keycloak.exportimport.ClientDescriptionConverterFactory;
import org.keycloak.exportimport.ExportAdapter;
import org.keycloak.exportimport.ExportOptions;
import org.keycloak.keys.Attributes;
import org.keycloak.models.ClientModel;
import org.keycloak.models.ClientScopeModel;
import org.keycloak.models.GroupModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.ModelDuplicateException;
import org.keycloak.models.ModelException;
import org.keycloak.models.ModelIllegalStateException;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.UserSessionModel;
import org.keycloak.models.utils.KeycloakModelUtils;
import org.keycloak.models.utils.ModelToRepresentation;
import org.keycloak.models.utils.RepresentationToModel;
import org.keycloak.organization.admin.resource.OrganizationsResource;
import org.keycloak.partialimport.Action;
import org.keycloak.partialimport.PartialImportResult;
import org.keycloak.partialimport.PartialImportResults;
import org.keycloak.protocol.oid4vc.issuance.mappers.OID4VCTargetRoleMapper;
import org.keycloak.representations.adapters.action.GlobalRequestResult;
import org.keycloak.representations.idm.AdminEventRepresentation;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.idm.ClientScopeRepresentation;
import org.keycloak.representations.idm.EventRepresentation;
import org.keycloak.representations.idm.GroupRepresentation;
import org.keycloak.representations.idm.ManagementPermissionReference;
import org.keycloak.representations.idm.RealmEventsConfigRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.services.ErrorResponse;
import org.keycloak.services.ErrorResponseException;
import org.keycloak.services.clientpolicy.condition.ClientScopesConditionFactory;
import org.keycloak.services.managers.AuthenticationManager;
import org.keycloak.services.managers.RealmManager;
import org.keycloak.services.managers.ResourceAdminManager;
import org.keycloak.services.resources.KeycloakOpenAPI;
import org.keycloak.services.resources.admin.ext.AdminRealmResourceProvider;
import org.keycloak.services.resources.admin.permissions.AdminPermissionEvaluator;
import org.keycloak.services.resources.admin.permissions.AdminPermissionManagement;
import org.keycloak.services.resources.admin.permissions.AdminPermissions;
import org.keycloak.services.util.DPoPUtil;
import org.keycloak.storage.DatastoreProvider;
import org.keycloak.storage.ExportImportManager;
import org.keycloak.storage.StoreSyncEvent;
import org.keycloak.userprofile.DeclarativeUserProfileProviderFactory;
import org.keycloak.util.JsonSerialization;
import org.keycloak.utils.GroupUtils;
import org.keycloak.utils.MediaType;
import org.keycloak.utils.ProfileHelper;
import org.keycloak.utils.ReservedCharValidator;

@Extension(name = KeycloakOpenAPI.Profiles.ADMIN, value = "")
/* loaded from: input_file:org/keycloak/services/resources/admin/RealmAdminResource.class */
public class RealmAdminResource {
    protected static final Logger logger = Logger.getLogger(RealmAdminResource.class);
    protected final AdminPermissionEvaluator auth;
    protected final RealmModel realm;
    private final AdminEventBuilder adminEvent;
    protected final KeycloakSession session;
    protected final ClientConnection connection;
    protected final HttpHeaders headers;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.keycloak.services.resources.admin.RealmAdminResource$3, reason: invalid class name */
    /* loaded from: input_file:org/keycloak/services/resources/admin/RealmAdminResource$3.class */
    public static /* synthetic */ class AnonymousClass3 {
        static final /* synthetic */ int[] $SwitchMap$org$keycloak$partialimport$Action = new int[Action.values().length];

        static {
            try {
                $SwitchMap$org$keycloak$partialimport$Action[Action.ADDED.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$keycloak$partialimport$Action[Action.OVERWRITTEN.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
        }
    }

    public RealmAdminResource(KeycloakSession keycloakSession, AdminPermissionEvaluator adminPermissionEvaluator, AdminEventBuilder adminEventBuilder) {
        this.session = keycloakSession;
        this.auth = adminPermissionEvaluator;
        this.realm = keycloakSession.getContext().getRealm();
        this.connection = keycloakSession.getContext().getConnection();
        this.adminEvent = adminEventBuilder.resource(ResourceType.REALM);
        this.headers = keycloakSession.getContext().getRequestHeaders();
    }

    @Produces({MediaType.APPLICATION_JSON})
    @Tag(name = KeycloakOpenAPI.Admin.Tags.REALMS_ADMIN)
    @Operation(summary = "Base path for importing clients under this realm.")
    @POST
    @Path("client-description-converter")
    @Consumes({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML, "text/plain"})
    public ClientRepresentation convertClientDescription(String str) {
        this.auth.clients().requireManage();
        if (this.realm == null) {
            throw new NotFoundException("Realm not found.");
        }
        Stream providerFactoriesStream = this.session.getKeycloakSessionFactory().getProviderFactoriesStream(ClientDescriptionConverter.class);
        Class<ClientDescriptionConverterFactory> cls = ClientDescriptionConverterFactory.class;
        Objects.requireNonNull(ClientDescriptionConverterFactory.class);
        return (ClientRepresentation) providerFactoriesStream.map((v1) -> {
            return r1.cast(v1);
        }).filter(clientDescriptionConverterFactory -> {
            return clientDescriptionConverterFactory.isSupported(str);
        }).map(clientDescriptionConverterFactory2 -> {
            return ((ClientDescriptionConverter) clientDescriptionConverterFactory2.create(this.session)).convertToInternal(str);
        }).findFirst().orElseThrow(() -> {
            return new BadRequestException("Unsupported format");
        });
    }

    @Path("attack-detection")
    public AttackDetectionResource getAttackDetection() {
        return new AttackDetectionResource(this.session, this.auth, this.adminEvent);
    }

    @Path("clients")
    public ClientsResource getClients() {
        return new ClientsResource(this.session, this.auth, this.adminEvent);
    }

    @Path("client-templates")
    @Deprecated
    public ClientScopesResource getClientTemplates() {
        return getClientScopes();
    }

    @Path(ClientScopesConditionFactory.PROVIDER_ID)
    public ClientScopesResource getClientScopes() {
        return new ClientScopesResource(this.session, this.auth, this.adminEvent);
    }

    @Path("localization")
    public RealmLocalizationResource getLocalization() {
        return new RealmLocalizationResource(this.session, this.auth);
    }

    @NoCache
    @Produces({MediaType.APPLICATION_JSON})
    @Tag(name = KeycloakOpenAPI.Admin.Tags.REALMS_ADMIN)
    @Operation(summary = "Get realm default client scopes.  Only name and ids are returned.")
    @GET
    @Path("default-default-client-scopes")
    public Stream<ClientScopeRepresentation> getDefaultDefaultClientScopes() {
        return getDefaultClientScopes(true);
    }

    private Stream<ClientScopeRepresentation> getDefaultClientScopes(boolean z) {
        this.auth.clients().requireViewClientScopes();
        return this.realm.getDefaultClientScopesStream(z).map(clientScopeModel -> {
            ClientScopeRepresentation clientScopeRepresentation = new ClientScopeRepresentation();
            clientScopeRepresentation.setId(clientScopeModel.getId());
            clientScopeRepresentation.setName(clientScopeModel.getName());
            clientScopeRepresentation.setProtocol(clientScopeModel.getProtocol());
            return clientScopeRepresentation;
        });
    }

    @NoCache
    @Tag(name = KeycloakOpenAPI.Admin.Tags.REALMS_ADMIN)
    @Operation
    @PUT
    @Path("default-default-client-scopes/{clientScopeId}")
    public void addDefaultDefaultClientScope(@PathParam("clientScopeId") String str) {
        addDefaultClientScope(str, true);
    }

    private void addDefaultClientScope(String str, boolean z) {
        this.auth.clients().requireManageClientScopes();
        ClientScopeModel clientScopeById = this.realm.getClientScopeById(str);
        if (clientScopeById == null) {
            throw new NotFoundException("Client scope not found");
        }
        this.realm.addDefaultClientScope(clientScopeById, z);
        this.adminEvent.operation(OperationType.CREATE).resource(ResourceType.CLIENT_SCOPE).resourcePath((UriInfo) this.session.getContext().getUri()).success();
    }

    @NoCache
    @Tag(name = KeycloakOpenAPI.Admin.Tags.REALMS_ADMIN)
    @Operation
    @DELETE
    @Path("default-default-client-scopes/{clientScopeId}")
    public void removeDefaultDefaultClientScope(@PathParam("clientScopeId") String str) {
        this.auth.clients().requireManageClientScopes();
        ClientScopeModel clientScopeById = this.realm.getClientScopeById(str);
        if (clientScopeById == null) {
            throw new NotFoundException("Client scope not found");
        }
        this.realm.removeDefaultClientScope(clientScopeById);
        this.adminEvent.operation(OperationType.DELETE).resource(ResourceType.CLIENT_SCOPE).resourcePath((UriInfo) this.session.getContext().getUri()).success();
    }

    @NoCache
    @Produces({MediaType.APPLICATION_JSON})
    @Tag(name = KeycloakOpenAPI.Admin.Tags.REALMS_ADMIN)
    @Operation(summary = "Get realm optional client scopes.  Only name and ids are returned.")
    @GET
    @Path("default-optional-client-scopes")
    public Stream<ClientScopeRepresentation> getDefaultOptionalClientScopes() {
        return getDefaultClientScopes(false);
    }

    @NoCache
    @Tag(name = KeycloakOpenAPI.Admin.Tags.REALMS_ADMIN)
    @Operation
    @PUT
    @Path("default-optional-client-scopes/{clientScopeId}")
    public void addDefaultOptionalClientScope(@PathParam("clientScopeId") String str) {
        addDefaultClientScope(str, false);
    }

    @NoCache
    @Tag(name = KeycloakOpenAPI.Admin.Tags.REALMS_ADMIN)
    @Operation
    @DELETE
    @Path("default-optional-client-scopes/{clientScopeId}")
    public void removeDefaultOptionalClientScope(@PathParam("clientScopeId") String str) {
        removeDefaultDefaultClientScope(str);
    }

    @Path("clients-initial-access")
    public ClientInitialAccessResource getClientInitialAccess() {
        return new ClientInitialAccessResource(this.session, this.auth, this.adminEvent);
    }

    @Path("client-registration-policy")
    public ClientRegistrationPolicyResource getClientRegistrationPolicy() {
        return new ClientRegistrationPolicyResource(this.session, this.auth, this.adminEvent);
    }

    @Path("components")
    public ComponentResource getComponents() {
        return new ComponentResource(this.session, this.auth, this.adminEvent);
    }

    @Path("roles")
    public RoleContainerResource getRoleContainerResource() {
        return new RoleContainerResource(this.session, this.session.getContext().getUri(), this.realm, this.auth, this.realm, this.adminEvent);
    }

    @NoCache
    @Produces({MediaType.APPLICATION_JSON})
    @Tag(name = KeycloakOpenAPI.Admin.Tags.REALMS_ADMIN)
    @Operation(summary = "Get the top-level representation of the realm It will not include nested information like User and Client representations.")
    @GET
    public RealmRepresentation getRealm() {
        if (this.auth.realm().canViewRealm()) {
            return ModelToRepresentation.toRepresentation(this.session, this.realm, false);
        }
        this.auth.realm().requireViewRealmNameList();
        RealmRepresentation realmRepresentation = new RealmRepresentation();
        realmRepresentation.setRealm(this.realm.getName());
        realmRepresentation.setDefaultLocale(this.realm.getDefaultLocale());
        realmRepresentation.setDisplayName(this.realm.getDisplayName());
        realmRepresentation.setDisplayNameHtml(this.realm.getDisplayNameHtml());
        realmRepresentation.setSupportedLocales((Set) this.realm.getSupportedLocalesStream().collect(Collectors.toSet()));
        realmRepresentation.setBruteForceProtected(Boolean.valueOf(this.realm.isBruteForceProtected()));
        if (this.auth.users().canView()) {
            realmRepresentation.setRegistrationEmailAsUsername(Boolean.valueOf(this.realm.isRegistrationEmailAsUsername()));
        }
        return realmRepresentation;
    }

    @Tag(name = KeycloakOpenAPI.Admin.Tags.REALMS_ADMIN)
    @Operation(summary = "Update the top-level information of the realm Any user, roles or client information in the representation will be ignored.", description = "This will only update top-level attributes of the realm.")
    @PUT
    @Consumes({MediaType.APPLICATION_JSON})
    public Response updateRealm(RealmRepresentation realmRepresentation) {
        this.auth.realm().requireManageRealm();
        logger.debug("updating realm: " + this.realm.getName());
        if (Config.getAdminRealm().equals(this.realm.getName()) && realmRepresentation.getRealm() != null && !realmRepresentation.getRealm().equals(Config.getAdminRealm())) {
            throw ErrorResponse.error("Can't rename master realm", Response.Status.BAD_REQUEST);
        }
        ReservedCharValidator.validate(realmRepresentation.getRealm());
        ReservedCharValidator.validateLocales(realmRepresentation.getSupportedLocales());
        try {
            if (!"GENERATE".equals(realmRepresentation.getPublicKey()) && realmRepresentation.getPrivateKey() != null && realmRepresentation.getPublicKey() != null) {
                try {
                    KeyPairVerifier.verify(realmRepresentation.getPrivateKey(), realmRepresentation.getPublicKey());
                } catch (VerificationException e) {
                    throw ErrorResponse.error(e.getMessage(), Response.Status.BAD_REQUEST);
                }
            }
            if (!"GENERATE".equals(realmRepresentation.getPublicKey()) && realmRepresentation.getCertificate() != null) {
                try {
                    if (PemUtils.decodeCertificate(realmRepresentation.getCertificate()) == null) {
                        throw ErrorResponse.error("Failed to decode certificate", Response.Status.BAD_REQUEST);
                    }
                } catch (Exception e2) {
                    throw ErrorResponse.error("Failed to decode certificate", Response.Status.BAD_REQUEST);
                }
            }
            if (realmRepresentation.getAccessCodeLifespanLogin() != null && realmRepresentation.getAccessCodeLifespanUserAction() != null && (realmRepresentation.getAccessCodeLifespanLogin().intValue() < 1 || realmRepresentation.getAccessCodeLifespanUserAction().intValue() < 1)) {
                throw ErrorResponse.error("AccessCodeLifespanLogin or AccessCodeLifespanUserAction cannot be 0", Response.Status.BAD_REQUEST);
            }
            RepresentationToModel.updateRealm(realmRepresentation, this.realm, this.session);
            StoreSyncEvent.fire(this.session, this.realm, false);
            this.session.getContext().getUri();
            this.adminEvent.operation(OperationType.UPDATE).representation(realmRepresentation).success();
            return Response.noContent().build();
        } catch (ModelIllegalStateException e3) {
            logger.error(e3.getMessage(), e3);
            throw ErrorResponse.error(e3.getMessage(), Response.Status.INTERNAL_SERVER_ERROR);
        } catch (Exception e4) {
            logger.error(e4.getMessage(), e4);
            throw ErrorResponse.error("Failed to update realm", Response.Status.INTERNAL_SERVER_ERROR);
        } catch (ModelDuplicateException e5) {
            throw ErrorResponse.exists("Realm with same name exists");
        } catch (ErrorResponseException e6) {
            throw e6;
        } catch (ModelException e7) {
            throw ErrorResponse.error(e7.getMessage(), Response.Status.BAD_REQUEST);
        }
    }

    @Tag(name = KeycloakOpenAPI.Admin.Tags.REALMS_ADMIN)
    @DELETE
    @Operation(summary = "Delete the realm")
    public void deleteRealm() {
        this.auth.realm().requireManageRealm();
        if (Config.getAdminRealm().equals(this.realm.getName())) {
            throw ErrorResponse.error("Can't remove master realm", Response.Status.BAD_REQUEST);
        }
        if (!new RealmManager(this.session).removeRealm(this.realm)) {
            throw new NotFoundException("Realm doesn't exist");
        }
        new AdminEventBuilder(this.auth.adminAuth().getRealm(), this.auth.adminAuth(), this.session, this.connection).operation(OperationType.DELETE).resource(ResourceType.REALM).realm(this.auth.adminAuth().getRealm()).resourcePath(this.realm.getName()).success();
    }

    @Path("users")
    public UsersResource users() {
        return new UsersResource(this.session, this.auth, this.adminEvent);
    }

    @NoCache
    @Produces({MediaType.APPLICATION_JSON})
    @Tag(name = KeycloakOpenAPI.Admin.Tags.REALMS_ADMIN)
    @Operation
    @GET
    @Path("users-management-permissions")
    public ManagementPermissionReference getUserMgmtPermissions() {
        this.auth.realm().requireViewRealm();
        AdminPermissionManagement management = AdminPermissions.management(this.session, this.realm);
        return management.users().isPermissionsEnabled() ? toUsersMgmtRef(management) : new ManagementPermissionReference();
    }

    @NoCache
    @Tag(name = KeycloakOpenAPI.Admin.Tags.REALMS_ADMIN)
    @Path("users-management-permissions")
    @Consumes({MediaType.APPLICATION_JSON})
    @Produces({MediaType.APPLICATION_JSON})
    @Operation
    @PUT
    public ManagementPermissionReference setUsersManagementPermissionsEnabled(ManagementPermissionReference managementPermissionReference) {
        this.auth.realm().requireManageRealm();
        AdminPermissionManagement management = AdminPermissions.management(this.session, this.realm);
        management.users().setPermissionsEnabled(managementPermissionReference.isEnabled());
        return managementPermissionReference.isEnabled() ? toUsersMgmtRef(management) : new ManagementPermissionReference();
    }

    public static ManagementPermissionReference toUsersMgmtRef(AdminPermissionManagement adminPermissionManagement) {
        ManagementPermissionReference managementPermissionReference = new ManagementPermissionReference();
        managementPermissionReference.setEnabled(true);
        managementPermissionReference.setResource(adminPermissionManagement.users().resource().getId());
        managementPermissionReference.setScopePermissions(adminPermissionManagement.users().getPermissions());
        return managementPermissionReference;
    }

    @Path("organizations")
    public OrganizationsResource organizations() {
        return new OrganizationsResource(this.session, this.auth, this.adminEvent);
    }

    @Path("{extension}")
    public Object extension(@PathParam("extension") String str) {
        Object resource;
        AdminRealmResourceProvider adminRealmResourceProvider = (AdminRealmResourceProvider) this.session.getProvider(AdminRealmResourceProvider.class, str);
        if (adminRealmResourceProvider == null || (resource = adminRealmResourceProvider.getResource(this.session, this.realm, this.auth, this.adminEvent)) == null) {
            throw new NotFoundException();
        }
        return resource;
    }

    @Path("authentication")
    public AuthenticationManagementResource flows() {
        return new AuthenticationManagementResource(this.session, this.auth, this.adminEvent);
    }

    @Path("roles-by-id")
    public RoleByIdResource rolesById() {
        return new RoleByIdResource(this.session, this.auth, this.adminEvent);
    }

    @Produces({MediaType.APPLICATION_JSON})
    @Tag(name = KeycloakOpenAPI.Admin.Tags.REALMS_ADMIN)
    @Operation(summary = "Push the realm's revocation policy to any client that has an admin url associated with it.")
    @POST
    @Path("push-revocation")
    public GlobalRequestResult pushRevocation() {
        this.auth.realm().requireManageRealm();
        GlobalRequestResult pushRealmRevocationPolicy = new ResourceAdminManager(this.session).pushRealmRevocationPolicy(this.realm);
        this.adminEvent.operation(OperationType.ACTION).resourcePath((UriInfo) this.session.getContext().getUri()).representation(pushRealmRevocationPolicy).success();
        return pushRealmRevocationPolicy;
    }

    @Produces({MediaType.APPLICATION_JSON})
    @Tag(name = KeycloakOpenAPI.Admin.Tags.REALMS_ADMIN)
    @Operation(summary = "Removes all user sessions.", description = "Any client that has an admin url will also be told to invalidate any sessions they have.")
    @POST
    @Path("logout-all")
    public GlobalRequestResult logoutAll() {
        this.auth.users().requireManage();
        this.session.sessions().removeUserSessions(this.realm);
        GlobalRequestResult logoutAll = new ResourceAdminManager(this.session).logoutAll(this.realm);
        this.adminEvent.operation(OperationType.ACTION).resourcePath((UriInfo) this.session.getContext().getUri()).representation(logoutAll).success();
        return logoutAll;
    }

    @Tag(name = KeycloakOpenAPI.Admin.Tags.REALMS_ADMIN)
    @Operation(summary = "Remove a specific user session.", description = "Any client that has an admin url will also be told to invalidate this particular session.")
    @Path("sessions/{session}")
    @DELETE
    public void deleteSession(@PathParam("session") String str, @QueryParam("isOffline") @DefaultValue("false") boolean z) {
        this.auth.users().requireManage();
        UserSessionModel offlineUserSession = z ? this.session.sessions().getOfflineUserSession(this.realm, str) : this.session.sessions().getUserSession(this.realm, str);
        if (offlineUserSession == null) {
            throw new NotFoundException("Sesssion not found");
        }
        AuthenticationManager.backchannelLogout(this.session, this.realm, offlineUserSession, this.session.getContext().getUri(), this.connection, this.headers, true);
        HashMap hashMap = new HashMap();
        hashMap.put("offline", Boolean.valueOf(z));
        this.adminEvent.operation(OperationType.DELETE).resource(ResourceType.USER_SESSION).resourcePath((UriInfo) this.session.getContext().getUri()).representation(hashMap).success();
    }

    @NoCache
    @Produces({MediaType.APPLICATION_JSON})
    @Tag(name = KeycloakOpenAPI.Admin.Tags.REALMS_ADMIN)
    @Operation(summary = "Get client session stats Returns a JSON map.", description = "The key is the client id, the value is the number of sessions that currently are active with that client. Only clients that actually have a session associated with them will be in this map.")
    @Path("client-session-stats")
    @GET
    public Stream<Map<String, String>> getClientSessionStats() {
        this.auth.realm().requireViewRealm();
        HashMap hashMap = new HashMap();
        for (Map.Entry entry : this.session.sessions().getActiveClientSessionStats(this.realm, false).entrySet()) {
            HashMap hashMap2 = new HashMap();
            ClientModel clientById = this.realm.getClientById((String) entry.getKey());
            if (clientById != null) {
                hashMap2.put("id", clientById.getId());
                hashMap2.put(OID4VCTargetRoleMapper.CLIENT_CONFIG_KEY, clientById.getClientId());
                hashMap2.put(Attributes.ACTIVE_KEY, ((Long) entry.getValue()).toString());
                hashMap2.put("offline", "0");
                hashMap.put(clientById.getId(), hashMap2);
            }
        }
        for (Map.Entry entry2 : this.session.sessions().getActiveClientSessionStats(this.realm, true).entrySet()) {
            Map map = (Map) hashMap.get(entry2.getKey());
            if (map == null) {
                map = new HashMap();
                ClientModel clientById2 = this.realm.getClientById((String) entry2.getKey());
                if (clientById2 != null) {
                    map.put("id", clientById2.getId());
                    map.put(OID4VCTargetRoleMapper.CLIENT_CONFIG_KEY, clientById2.getClientId());
                    map.put(Attributes.ACTIVE_KEY, "0");
                    hashMap.put(clientById2.getId(), map);
                }
            }
            map.put("offline", ((Long) entry2.getValue()).toString());
        }
        return hashMap.values().stream();
    }

    @NoCache
    @Produces({MediaType.APPLICATION_JSON})
    @Tag(name = KeycloakOpenAPI.Admin.Tags.REALMS_ADMIN)
    @Operation(summary = "Get the events provider configuration Returns JSON object with events provider configuration")
    @GET
    @Path("events/config")
    public RealmEventsConfigRepresentation getRealmEventsConfig() {
        this.auth.realm().requireViewEvents();
        RealmEventsConfigRepresentation eventsConfigReprensetation = ModelToRepresentation.toEventsConfigReprensetation(this.realm);
        if (eventsConfigReprensetation.getEnabledEventTypes() == null || eventsConfigReprensetation.getEnabledEventTypes().isEmpty()) {
            eventsConfigReprensetation.setEnabledEventTypes((List) Arrays.stream(EventType.values()).filter((v0) -> {
                return v0.isSaveByDefault();
            }).map((v0) -> {
                return v0.name();
            }).collect(Collectors.toList()));
        }
        return eventsConfigReprensetation;
    }

    @Tag(name = KeycloakOpenAPI.Admin.Tags.REALMS_ADMIN)
    @Operation(description = "Update the events provider Change the events provider and/or its configuration")
    @PUT
    @Path("events/config")
    @Consumes({MediaType.APPLICATION_JSON})
    public void updateRealmEventsConfig(RealmEventsConfigRepresentation realmEventsConfigRepresentation) {
        this.auth.realm().requireManageEvents();
        logger.debug("updating realm events config: " + this.realm.getName());
        new RealmManager(this.session).updateRealmEventsConfig(realmEventsConfigRepresentation, this.realm);
        this.adminEvent.operation(OperationType.UPDATE).resource(ResourceType.REALM).resourcePath((UriInfo) this.session.getContext().getUri()).representation(realmEventsConfigRepresentation).refreshRealmEventsConfig(this.session).success();
    }

    @NoCache
    @Produces({MediaType.APPLICATION_JSON})
    @Tag(name = KeycloakOpenAPI.Admin.Tags.REALMS_ADMIN)
    @Operation(summary = "Get events Returns all events, or filters them based on URL query parameters listed here")
    @Path("events")
    @GET
    public Stream<EventRepresentation> getEvents(@Parameter(description = "The types of events to return") @QueryParam("type") List<String> list, @Parameter(description = "App or oauth client name") @QueryParam("client") String str, @Parameter(description = "User id") @QueryParam("user") String str2, @Parameter(description = "From date") @QueryParam("dateFrom") String str3, @Parameter(description = "To date") @QueryParam("dateTo") String str4, @Parameter(description = "IP Address") @QueryParam("ipAddress") String str5, @Parameter(description = "Paging offset") @QueryParam("first") Integer num, @Parameter(description = "Maximum results size (defaults to 100)") @QueryParam("max") Integer num2) {
        this.auth.realm().requireViewEvents();
        EventQuery realm = this.session.getProvider(EventStoreProvider.class).createQuery().realm(this.realm.getId());
        if (str != null) {
            realm.client(str);
        }
        if (list != null && !list.isEmpty()) {
            EventType[] eventTypeArr = new EventType[list.size()];
            for (int i = 0; i < eventTypeArr.length; i++) {
                eventTypeArr[i] = EventType.valueOf(list.get(i));
            }
            realm.type(eventTypeArr);
        }
        if (str2 != null) {
            realm.user(str2);
        }
        if (str3 != null) {
            try {
                realm.fromDate(new SimpleDateFormat("yyyy-MM-dd").parse(str3));
            } catch (ParseException e) {
                throw new BadRequestException("Invalid value for 'Date(From)', expected format is yyyy-MM-dd");
            }
        }
        if (str4 != null) {
            try {
                realm.toDate(new SimpleDateFormat("yyyy-MM-dd").parse(str4));
            } catch (ParseException e2) {
                throw new BadRequestException("Invalid value for 'Date(To)', expected format is yyyy-MM-dd");
            }
        }
        if (str5 != null) {
            realm.ipAddress(str5);
        }
        if (num != null) {
            realm.firstResult(num.intValue());
        }
        if (num2 != null) {
            realm.maxResults(num2.intValue());
        } else {
            realm.maxResults(100);
        }
        return realm.getResultStream().map(ModelToRepresentation::toRepresentation);
    }

    @NoCache
    @Produces({MediaType.APPLICATION_JSON})
    @Tag(name = KeycloakOpenAPI.Admin.Tags.REALMS_ADMIN)
    @Operation(summary = "Get admin events Returns all admin events, or filters events based on URL query parameters listed here")
    @Path("admin-events")
    @GET
    public Stream<AdminEventRepresentation> getEvents(@QueryParam("operationTypes") List<String> list, @QueryParam("authRealm") String str, @QueryParam("authClient") String str2, @Parameter(description = "user id") @QueryParam("authUser") String str3, @QueryParam("authIpAddress") String str4, @QueryParam("resourcePath") String str5, @QueryParam("dateFrom") String str6, @QueryParam("dateTo") String str7, @QueryParam("first") Integer num, @Parameter(description = "Maximum results size (defaults to 100)") @QueryParam("max") Integer num2, @QueryParam("resourceTypes") List<String> list2) {
        this.auth.realm().requireViewEvents();
        AdminEventQuery realm = this.session.getProvider(EventStoreProvider.class).createAdminQuery().realm(this.realm.getId());
        if (str != null) {
            realm.authRealm(str);
        }
        if (str2 != null) {
            realm.authClient(str2);
        }
        if (str3 != null) {
            realm.authUser(str3);
        }
        if (str4 != null) {
            realm.authIpAddress(str4);
        }
        if (str5 != null) {
            realm.resourcePath(str5);
        }
        if (list != null && !list.isEmpty()) {
            OperationType[] operationTypeArr = new OperationType[list.size()];
            for (int i = 0; i < operationTypeArr.length; i++) {
                operationTypeArr[i] = OperationType.valueOf(list.get(i));
            }
            realm.operation(operationTypeArr);
        }
        if (list2 != null && !list2.isEmpty()) {
            ResourceType[] resourceTypeArr = new ResourceType[list2.size()];
            for (int i2 = 0; i2 < resourceTypeArr.length; i2++) {
                resourceTypeArr[i2] = ResourceType.valueOf(list2.get(i2));
            }
            realm.resourceType(resourceTypeArr);
        }
        if (str6 != null) {
            try {
                realm.fromTime(new SimpleDateFormat("yyyy-MM-dd").parse(str6));
            } catch (ParseException e) {
                throw new BadRequestException("Invalid value for 'Date(From)', expected format is yyyy-MM-dd");
            }
        }
        if (str7 != null) {
            try {
                realm.toTime(new SimpleDateFormat("yyyy-MM-dd").parse(str7));
            } catch (ParseException e2) {
                throw new BadRequestException("Invalid value for 'Date(To)', expected format is yyyy-MM-dd");
            }
        }
        if (num != null) {
            realm.firstResult(num.intValue());
        }
        if (num2 != null) {
            realm.maxResults(num2.intValue());
        } else {
            realm.maxResults(100);
        }
        return realm.getResultStream().map(ModelToRepresentation::toRepresentation);
    }

    @Tag(name = KeycloakOpenAPI.Admin.Tags.REALMS_ADMIN)
    @Operation(summary = "Delete all events")
    @Path("events")
    @DELETE
    public void clearEvents() {
        this.auth.realm().requireManageEvents();
        this.session.getProvider(EventStoreProvider.class).clear(this.realm);
    }

    @Tag(name = KeycloakOpenAPI.Admin.Tags.REALMS_ADMIN)
    @Operation(summary = "Delete all admin events")
    @Path("admin-events")
    @DELETE
    public void clearAdminEvents() {
        this.auth.realm().requireManageEvents();
        this.session.getProvider(EventStoreProvider.class).clearAdmin(this.realm);
    }

    @NoCache
    @Tag(name = KeycloakOpenAPI.Admin.Tags.REALMS_ADMIN)
    @Deprecated
    @Path("testSMTPConnection")
    @Consumes({MediaType.APPLICATION_FORM_URLENCODED})
    @Operation(summary = "Test SMTP connection with current logged in user")
    @POST
    public Response testSMTPConnection(@Parameter(description = "SMTP server configuration") @FormParam("config") String str) throws Exception {
        return testSMTPConnection((Map<String, String>) JsonSerialization.readValue(str, new TypeReference<Map<String, String>>() { // from class: org.keycloak.services.resources.admin.RealmAdminResource.1
        }));
    }

    @NoCache
    @Tag(name = KeycloakOpenAPI.Admin.Tags.REALMS_ADMIN)
    @Operation
    @POST
    @Path("testSMTPConnection")
    @Consumes({MediaType.APPLICATION_JSON})
    public Response testSMTPConnection(Map<String, String> map) throws Exception {
        try {
            UserModel user = this.auth.adminAuth().getUser();
            if (user.getEmail() == null) {
                throw ErrorResponse.error("Logged in user does not have an e-mail.", Response.Status.INTERNAL_SERVER_ERROR);
            }
            if ("**********".equals(map.get("password"))) {
                map.put("password", (String) this.realm.getSmtpConfig().get("password"));
            }
            this.session.getProvider(EmailTemplateProvider.class).sendSmtpTestEmail(map, user);
            return Response.noContent().build();
        } catch (Exception e) {
            e.printStackTrace();
            logger.errorf("Failed to send email \n %s", e.getCause());
            throw ErrorResponse.error("Failed to send email", Response.Status.INTERNAL_SERVER_ERROR);
        }
    }

    @Path("identity-provider")
    public IdentityProvidersResource getIdentityProviderResource() {
        return new IdentityProvidersResource(this.realm, this.session, this.auth, this.adminEvent);
    }

    @NoCache
    @Produces({MediaType.APPLICATION_JSON})
    @Tag(name = KeycloakOpenAPI.Admin.Tags.REALMS_ADMIN)
    @Operation(summary = "Get group hierarchy.  Only name and ids are returned.")
    @GET
    @Path("default-groups")
    public Stream<GroupRepresentation> getDefaultGroups() {
        this.auth.realm().requireViewRealm();
        return this.realm.getDefaultGroupsStream().map(ModelToRepresentation::groupToBriefRepresentation);
    }

    @NoCache
    @Tag(name = KeycloakOpenAPI.Admin.Tags.REALMS_ADMIN)
    @Operation
    @PUT
    @Path("default-groups/{groupId}")
    public void addDefaultGroup(@PathParam("groupId") String str) {
        this.auth.realm().requireManageRealm();
        GroupModel groupById = this.realm.getGroupById(str);
        if (groupById == null) {
            throw new NotFoundException("Group not found");
        }
        this.realm.addDefaultGroup(groupById);
        this.adminEvent.operation(OperationType.CREATE).resource(ResourceType.GROUP).resourcePath((UriInfo) this.session.getContext().getUri()).success();
    }

    @NoCache
    @Tag(name = KeycloakOpenAPI.Admin.Tags.REALMS_ADMIN)
    @Operation
    @DELETE
    @Path("default-groups/{groupId}")
    public void removeDefaultGroup(@PathParam("groupId") String str) {
        this.auth.realm().requireManageRealm();
        GroupModel groupById = this.realm.getGroupById(str);
        if (groupById == null) {
            throw new NotFoundException("Group not found");
        }
        this.realm.removeDefaultGroup(groupById);
        this.adminEvent.operation(OperationType.DELETE).resource(ResourceType.GROUP).resourcePath((UriInfo) this.session.getContext().getUri()).success();
    }

    @Path("groups")
    public GroupsResource getGroups() {
        return new GroupsResource(this.realm, this.session, this.auth, this.adminEvent);
    }

    @NoCache
    @Produces({MediaType.APPLICATION_JSON})
    @Tag(name = KeycloakOpenAPI.Admin.Tags.REALMS_ADMIN)
    @Operation
    @GET
    @Path("group-by-path/{path: .*}")
    public GroupRepresentation getGroupByPath(@PathParam("path") String str) {
        GroupModel findGroupByPath = KeycloakModelUtils.findGroupByPath(this.session, this.realm, str);
        if (findGroupByPath == null) {
            throw new NotFoundException("Group path does not exist");
        }
        this.auth.groups().requireView(findGroupByPath);
        return GroupUtils.populateSubGroupCount(findGroupByPath, ModelToRepresentation.toRepresentation(findGroupByPath, true));
    }

    @Produces({MediaType.APPLICATION_JSON})
    @Tag(name = KeycloakOpenAPI.Admin.Tags.REALMS_ADMIN)
    @Operation(summary = "Partial import from a JSON file to an existing realm.")
    @POST
    @Path("partialImport")
    @Consumes({MediaType.APPLICATION_JSON})
    public Response partialImport(InputStream inputStream) {
        this.auth.realm().requireManageRealm();
        try {
            return Response.ok(KeycloakModelUtils.runJobInTransactionWithResult(this.session.getKeycloakSessionFactory(), this.session.getContext(), keycloakSession -> {
                return getPartialImportResults(inputStream, keycloakSession, keycloakSession.realms().getRealm(this.realm.getId()), this.adminEvent.clone(keycloakSession));
            }, false, "Partial import in realm " + this.realm.getName())).build();
        } catch (ModelDuplicateException e) {
            throw ErrorResponse.exists(e.getLocalizedMessage());
        }
    }

    private static PartialImportResults getPartialImportResults(InputStream inputStream, KeycloakSession keycloakSession, RealmModel realmModel, AdminEventBuilder adminEventBuilder) {
        PartialImportResults partialImportRealm = keycloakSession.getProvider(DatastoreProvider.class).getExportImportManager().partialImportRealm(realmModel, inputStream);
        for (PartialImportResult partialImportResult : partialImportRealm.getResults()) {
            switch (AnonymousClass3.$SwitchMap$org$keycloak$partialimport$Action[partialImportResult.getAction().ordinal()]) {
                case DeclarativeUserProfileProviderFactory.PROVIDER_PRIORITY /* 1 */:
                    fireCreatedEvent(partialImportResult, adminEventBuilder);
                    break;
                case DPoPUtil.DEFAULT_ALLOWED_CLOCK_SKEW /* 2 */:
                    fireUpdateEvent(partialImportResult, adminEventBuilder);
                    break;
            }
        }
        return partialImportRealm;
    }

    private static void fireCreatedEvent(PartialImportResult partialImportResult, AdminEventBuilder adminEventBuilder) {
        adminEventBuilder.operation(OperationType.CREATE).resourcePath(partialImportResult.getResourceType().getPath(), partialImportResult.getId()).representation(partialImportResult.getRepresentation()).success();
    }

    private static void fireUpdateEvent(PartialImportResult partialImportResult, AdminEventBuilder adminEventBuilder) {
        adminEventBuilder.operation(OperationType.UPDATE).resourcePath(partialImportResult.getResourceType().getPath(), partialImportResult.getId()).representation(partialImportResult.getRepresentation()).success();
    }

    @Produces({MediaType.APPLICATION_JSON})
    @Tag(name = KeycloakOpenAPI.Admin.Tags.REALMS_ADMIN)
    @Operation(summary = "Partial export of existing realm into a JSON file.")
    @POST
    @Path("partial-export")
    public Response partialExport(@QueryParam("exportGroupsAndRoles") Boolean bool, @QueryParam("exportClients") Boolean bool2) {
        this.auth.realm().requireManageRealm();
        boolean z = bool != null && bool.booleanValue();
        boolean z2 = bool2 != null && bool2.booleanValue();
        if (z) {
            this.auth.groups().requireList();
        }
        if (z2) {
            this.auth.clients().requireView();
        }
        ExportOptions exportOptions = new ExportOptions(false, z2, z, z2, true);
        ExportImportManager exportImportManager = this.session.getProvider(DatastoreProvider.class).getExportImportManager();
        final Response.ResponseBuilder ok = Response.ok();
        exportImportManager.exportRealm(this.realm, exportOptions, new ExportAdapter() { // from class: org.keycloak.services.resources.admin.RealmAdminResource.2
            public void setType(String str) {
                ok.type(str);
            }

            public void writeToOutputStream(ExportAdapter.ConsumerOfOutputStream consumerOfOutputStream) {
                Response.ResponseBuilder responseBuilder = ok;
                Objects.requireNonNull(consumerOfOutputStream);
                responseBuilder.entity(consumerOfOutputStream::accept);
            }
        });
        return ok.build();
    }

    @Path("keys")
    public KeyResource keys() {
        return new KeyResource(this.realm, this.session, this.auth);
    }

    @NoCache
    @Produces({MediaType.APPLICATION_JSON})
    @Tag(name = KeycloakOpenAPI.Admin.Tags.REALMS_ADMIN)
    @Operation
    @GET
    @Path("credential-registrators")
    public Stream<String> getCredentialRegistrators() {
        this.auth.realm().requireViewRealm();
        return this.session.getContext().getRealm().getRequiredActionProvidersStream().filter((v0) -> {
            return v0.isEnabled();
        }).map((v0) -> {
            return v0.getProviderId();
        }).filter(str -> {
            return this.session.getProvider(RequiredActionProvider.class, str) instanceof CredentialRegistrator;
        });
    }

    @Path("client-policies/policies")
    public ClientPoliciesResource getClientPoliciesResource() {
        ProfileHelper.requireFeature(Profile.Feature.CLIENT_POLICIES);
        return new ClientPoliciesResource(this.session, this.auth);
    }

    @Path("client-policies/profiles")
    public ClientProfilesResource getClientProfilesResource() {
        ProfileHelper.requireFeature(Profile.Feature.CLIENT_POLICIES);
        return new ClientProfilesResource(this.session, this.auth);
    }

    @Path("client-types")
    public ClientTypesResource getClientTypesResource() {
        ProfileHelper.requireFeature(Profile.Feature.CLIENT_TYPES);
        return new ClientTypesResource(this.session.getProvider(ClientTypeManager.class), this.realm, this.auth);
    }
}
