package org.keycloak.organization.utils;

import jakarta.ws.rs.core.Response;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.function.Consumer;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.keycloak.TokenVerifier;
import org.keycloak.authentication.actiontoken.inviteorg.InviteOrgActionToken;
import org.keycloak.common.Profile;
import org.keycloak.common.VerificationException;
import org.keycloak.http.HttpRequest;
import org.keycloak.models.GroupModel;
import org.keycloak.models.IdentityProviderModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.OrganizationDomainModel;
import org.keycloak.models.OrganizationModel;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.organization.OrganizationProvider;
import org.keycloak.representations.idm.OrganizationDomainRepresentation;
import org.keycloak.representations.idm.OrganizationRepresentation;
import org.keycloak.services.ErrorResponse;
import org.keycloak.utils.StringUtil;

/* loaded from: input_file:org/keycloak/organization/utils/Organizations.class */
public class Organizations {
    public static boolean canManageOrganizationGroup(KeycloakSession keycloakSession, GroupModel groupModel) {
        if (Profile.isFeatureEnabled(Profile.Feature.ORGANIZATION) && keycloakSession.getAttribute(OrganizationModel.class.getName()) == null) {
            return StringUtil.isBlank(groupModel.getFirstAttribute("kc.org"));
        }
        return true;
    }

    public static List<IdentityProviderModel> resolveBroker(KeycloakSession keycloakSession, UserModel userModel) {
        OrganizationProvider provider = keycloakSession.getProvider(OrganizationProvider.class);
        RealmModel realm = keycloakSession.getContext().getRealm();
        OrganizationModel byMember = provider.getByMember(userModel);
        if (byMember == null || !byMember.isEnabled()) {
            return List.of();
        }
        if (!provider.isManagedMember(byMember, userModel)) {
            return List.of();
        }
        List list = byMember.getIdentityProviders().toList();
        return keycloakSession.users().getFederatedIdentitiesStream(realm, userModel).map(federatedIdentityModel -> {
            IdentityProviderModel identityProviderByAlias = realm.getIdentityProviderByAlias(federatedIdentityModel.getIdentityProvider());
            if (list.contains(identityProviderByAlias) && keycloakSession.users().getFederatedIdentity(realm, userModel, identityProviderByAlias.getAlias()) != null) {
                return identityProviderByAlias;
            }
            return null;
        }).filter((v0) -> {
            return Objects.nonNull(v0);
        }).toList();
    }

    public static Consumer<GroupModel> removeGroup(KeycloakSession keycloakSession, RealmModel realmModel) {
        return groupModel -> {
            if (!Profile.isFeatureEnabled(Profile.Feature.ORGANIZATION)) {
                realmModel.removeGroup(groupModel);
                return;
            }
            OrganizationModel organizationModel = (OrganizationModel) keycloakSession.getAttribute(OrganizationModel.class.getName());
            try {
                String firstAttribute = groupModel.getFirstAttribute("kc.org");
                OrganizationProvider provider = keycloakSession.getProvider(OrganizationProvider.class);
                if (firstAttribute != null) {
                    keycloakSession.setAttribute(OrganizationModel.class.getName(), provider.getById(firstAttribute));
                }
                realmModel.removeGroup(groupModel);
                if (organizationModel == null) {
                    keycloakSession.removeAttribute(OrganizationModel.class.getName());
                } else {
                    keycloakSession.setAttribute(OrganizationModel.class.getName(), organizationModel);
                }
            } catch (Throwable th) {
                if (organizationModel == null) {
                    keycloakSession.removeAttribute(OrganizationModel.class.getName());
                } else {
                    keycloakSession.setAttribute(OrganizationModel.class.getName(), organizationModel);
                }
                throw th;
            }
        };
    }

    public static boolean isEnabledAndOrganizationsPresent(OrganizationProvider organizationProvider) {
        return (organizationProvider == null || !organizationProvider.isEnabled() || organizationProvider.count() == 0) ? false : true;
    }

    public static void checkEnabled(OrganizationProvider organizationProvider) {
        if (organizationProvider == null || !organizationProvider.isEnabled()) {
            throw ErrorResponse.error("Organizations not enabled for this realm.", Response.Status.NOT_FOUND);
        }
    }

    public static OrganizationRepresentation toRepresentation(OrganizationModel organizationModel) {
        if (organizationModel == null) {
            return null;
        }
        OrganizationRepresentation organizationRepresentation = new OrganizationRepresentation();
        organizationRepresentation.setId(organizationModel.getId());
        organizationRepresentation.setName(organizationModel.getName());
        organizationRepresentation.setEnabled(organizationModel.isEnabled());
        organizationRepresentation.setDescription(organizationModel.getDescription());
        organizationRepresentation.setAttributes(organizationModel.getAttributes());
        Stream map = organizationModel.getDomains().filter((v0) -> {
            return Objects.nonNull(v0);
        }).map(Organizations::toRepresentation);
        Objects.requireNonNull(organizationRepresentation);
        map.forEach(organizationRepresentation::addDomain);
        return organizationRepresentation;
    }

    public static OrganizationDomainRepresentation toRepresentation(OrganizationDomainModel organizationDomainModel) {
        OrganizationDomainRepresentation organizationDomainRepresentation = new OrganizationDomainRepresentation();
        organizationDomainRepresentation.setName(organizationDomainModel.getName());
        organizationDomainRepresentation.setVerified(organizationDomainModel.isVerified());
        return organizationDomainRepresentation;
    }

    public static OrganizationModel toModel(OrganizationRepresentation organizationRepresentation, OrganizationModel organizationModel) {
        if (organizationRepresentation == null) {
            return null;
        }
        organizationModel.setName(organizationRepresentation.getName());
        organizationModel.setEnabled(organizationRepresentation.isEnabled());
        organizationModel.setDescription(organizationRepresentation.getDescription());
        organizationModel.setAttributes(organizationRepresentation.getAttributes());
        organizationModel.setDomains((Set) ((Set) Optional.ofNullable(organizationRepresentation.getDomains()).orElse(Set.of())).stream().filter((v0) -> {
            return Objects.nonNull(v0);
        }).filter(organizationDomainRepresentation -> {
            return StringUtil.isNotBlank(organizationDomainRepresentation.getName());
        }).map(Organizations::toModel).collect(Collectors.toSet()));
        return organizationModel;
    }

    public static OrganizationDomainModel toModel(OrganizationDomainRepresentation organizationDomainRepresentation) {
        return new OrganizationDomainModel(organizationDomainRepresentation.getName(), organizationDomainRepresentation.isVerified());
    }

    public static InviteOrgActionToken parseInvitationToken(HttpRequest httpRequest) throws VerificationException {
        String str = (String) httpRequest.getUri().getQueryParameters().getFirst("token");
        if (str == null) {
            return null;
        }
        return TokenVerifier.create(str, InviteOrgActionToken.class).getToken();
    }
}
