package org.keycloak.services.resources.admin;

import com.google.common.collect.Streams;
import java.io.IOException;
import java.io.InputStream;
import java.lang.reflect.Type;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.stream.Stream;
import javax.ws.rs.BadRequestException;
import javax.ws.rs.Consumes;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Response;
import org.jboss.resteasy.annotations.cache.NoCache;
import org.jboss.resteasy.plugins.providers.multipart.InputPart;
import org.jboss.resteasy.plugins.providers.multipart.MultipartFormDataInput;
import org.jboss.resteasy.spi.ResteasyProviderFactory;
import org.keycloak.broker.provider.IdentityProvider;
import org.keycloak.broker.provider.IdentityProviderFactory;
import org.keycloak.broker.social.SocialIdentityProvider;
import org.keycloak.connections.httpclient.HttpClientProvider;
import org.keycloak.events.admin.OperationType;
import org.keycloak.events.admin.ResourceType;
import org.keycloak.models.IdentityProviderModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.ModelDuplicateException;
import org.keycloak.models.RealmModel;
import org.keycloak.models.utils.ModelToRepresentation;
import org.keycloak.models.utils.RepresentationToModel;
import org.keycloak.models.utils.StripSecretsUtils;
import org.keycloak.provider.ProviderFactory;
import org.keycloak.representations.idm.IdentityProviderRepresentation;
import org.keycloak.services.ErrorResponse;
import org.keycloak.services.resources.admin.permissions.AdminPermissionEvaluator;
import org.keycloak.utils.MediaType;
import org.keycloak.utils.ReservedCharValidator;

/* loaded from: input_file:org/keycloak/services/resources/admin/IdentityProvidersResource.class */
public class IdentityProvidersResource {
    private final RealmModel realm;
    private final KeycloakSession session;
    private AdminPermissionEvaluator auth;
    private AdminEventBuilder adminEvent;

    public IdentityProvidersResource(RealmModel realmModel, KeycloakSession keycloakSession, AdminPermissionEvaluator adminPermissionEvaluator, AdminEventBuilder adminEventBuilder) {
        this.realm = realmModel;
        this.session = keycloakSession;
        this.auth = adminPermissionEvaluator;
        this.adminEvent = adminEventBuilder.resource(ResourceType.IDENTITY_PROVIDER);
    }

    @GET
    @Path("/providers/{provider_id}")
    @NoCache
    @Produces({MediaType.APPLICATION_JSON})
    public Response getIdentityProviders(@PathParam("provider_id") String str) {
        this.auth.realm().requireViewIdentityProviders();
        IdentityProviderFactory providerFactorytById = getProviderFactorytById(str);
        return providerFactorytById != null ? Response.ok(providerFactorytById).build() : Response.status(Response.Status.BAD_REQUEST).build();
    }

    @Path("import-config")
    @Consumes({"multipart/form-data"})
    @POST
    @Produces({MediaType.APPLICATION_JSON})
    public Map<String, String> importFrom(MultipartFormDataInput multipartFormDataInput) throws IOException {
        this.auth.realm().requireManageIdentityProviders();
        Map formDataMap = multipartFormDataInput.getFormDataMap();
        if (!formDataMap.containsKey("providerId") || !formDataMap.containsKey("file")) {
            throw new BadRequestException();
        }
        String bodyAsString = ((InputPart) ((List) formDataMap.get("providerId")).get(0)).getBodyAsString();
        return getProviderFactorytById(bodyAsString).parseConfig(this.session, (InputStream) ((InputPart) ((List) formDataMap.get("file")).get(0)).getBody(InputStream.class, (Type) null));
    }

    @Path("import-config")
    @Consumes({MediaType.APPLICATION_JSON})
    @POST
    @Produces({MediaType.APPLICATION_JSON})
    public Map<String, String> importFrom(Map<String, Object> map) throws IOException {
        this.auth.realm().requireManageIdentityProviders();
        if (!map.containsKey("providerId") || !map.containsKey("fromUrl")) {
            throw new BadRequestException();
        }
        ReservedCharValidator.validate((String) map.get("alias"));
        String obj = map.get("providerId").toString();
        InputStream inputStream = this.session.getProvider(HttpClientProvider.class).get(map.get("fromUrl").toString());
        try {
            return getProviderFactorytById(obj).parseConfig(this.session, inputStream);
        } finally {
            try {
                inputStream.close();
            } catch (IOException e) {
            }
        }
    }

    @GET
    @Path("instances")
    @NoCache
    @Produces({MediaType.APPLICATION_JSON})
    public Stream<IdentityProviderRepresentation> getIdentityProviders() {
        this.auth.realm().requireViewIdentityProviders();
        return this.realm.getIdentityProvidersStream().map(identityProviderModel -> {
            return StripSecretsUtils.strip(ModelToRepresentation.toRepresentation(this.realm, identityProviderModel));
        });
    }

    @POST
    @Path("instances")
    @Consumes({MediaType.APPLICATION_JSON})
    public Response create(IdentityProviderRepresentation identityProviderRepresentation) {
        this.auth.realm().requireManageIdentityProviders();
        ReservedCharValidator.validate(identityProviderRepresentation.getAlias());
        try {
            IdentityProviderModel model = RepresentationToModel.toModel(this.realm, identityProviderRepresentation, this.session);
            this.realm.addIdentityProvider(model);
            identityProviderRepresentation.setInternalId(model.getInternalId());
            this.adminEvent.operation(OperationType.CREATE).resourcePath(this.session.getContext().getUri(), model.getAlias()).representation(StripSecretsUtils.strip(identityProviderRepresentation)).success();
            return Response.created(this.session.getContext().getUri().getAbsolutePathBuilder().path(identityProviderRepresentation.getAlias()).build(new Object[0])).build();
        } catch (IllegalArgumentException e) {
            String message = e.getMessage();
            if (message == null) {
                message = "Invalid request";
            }
            return ErrorResponse.error(message, Response.Status.BAD_REQUEST);
        } catch (ModelDuplicateException e2) {
            return ErrorResponse.exists("Identity Provider " + identityProviderRepresentation.getAlias() + " already exists");
        }
    }

    @Path("instances/{alias}")
    public IdentityProviderResource getIdentityProvider(@PathParam("alias") String str) {
        this.auth.realm().requireViewIdentityProviders();
        IdentityProviderResource identityProviderResource = new IdentityProviderResource(this.auth, this.realm, this.session, (IdentityProviderModel) this.realm.getIdentityProvidersStream().filter(identityProviderModel -> {
            return Objects.equals(identityProviderModel.getAlias(), str) || Objects.equals(identityProviderModel.getInternalId(), str);
        }).findFirst().orElse(null), this.adminEvent);
        ResteasyProviderFactory.getInstance().injectProperties(identityProviderResource);
        return identityProviderResource;
    }

    private IdentityProviderFactory getProviderFactorytById(String str) {
        Stream<ProviderFactory> filter = getProviderFactories().filter(providerFactory -> {
            return Objects.equals(str, providerFactory.getId());
        });
        Class<IdentityProviderFactory> cls = IdentityProviderFactory.class;
        Objects.requireNonNull(IdentityProviderFactory.class);
        return (IdentityProviderFactory) filter.map((v1) -> {
            return r1.cast(v1);
        }).findFirst().orElse(null);
    }

    private Stream<ProviderFactory> getProviderFactories() {
        return Streams.concat(new Stream[]{this.session.getKeycloakSessionFactory().getProviderFactoriesStream(IdentityProvider.class), this.session.getKeycloakSessionFactory().getProviderFactoriesStream(SocialIdentityProvider.class)});
    }
}
