package org.keycloak.services.resources.account;

import java.io.IOException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.LinkedList;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.Objects;
import java.util.Properties;
import java.util.Set;
import java.util.function.Consumer;
import java.util.function.Function;
import java.util.function.Supplier;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
import javax.ws.rs.GET;
import javax.ws.rs.NotFoundException;
import javax.ws.rs.POST;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.Response;
import org.jboss.resteasy.annotations.cache.NoCache;
import org.jboss.resteasy.spi.HttpRequest;
import org.keycloak.common.ClientConnection;
import org.keycloak.common.Profile;
import org.keycloak.common.enums.AccountRestApiVersion;
import org.keycloak.common.util.StringPropertyReplacer;
import org.keycloak.events.EventBuilder;
import org.keycloak.events.EventStoreProvider;
import org.keycloak.events.EventType;
import org.keycloak.models.ClientModel;
import org.keycloak.models.ClientScopeModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserConsentModel;
import org.keycloak.models.UserModel;
import org.keycloak.provider.ConfiguredProvider;
import org.keycloak.representations.account.ClientRepresentation;
import org.keycloak.representations.account.ConsentRepresentation;
import org.keycloak.representations.account.ConsentScopeRepresentation;
import org.keycloak.representations.account.UserProfileAttributeMetadata;
import org.keycloak.representations.account.UserProfileMetadata;
import org.keycloak.representations.account.UserRepresentation;
import org.keycloak.representations.idm.ErrorRepresentation;
import org.keycloak.services.ErrorResponse;
import org.keycloak.services.managers.Auth;
import org.keycloak.services.managers.UserConsentManager;
import org.keycloak.services.messages.Messages;
import org.keycloak.services.resources.account.resources.ResourcesService;
import org.keycloak.services.util.ResolveRelative;
import org.keycloak.storage.ReadOnlyException;
import org.keycloak.theme.Theme;
import org.keycloak.userprofile.AttributeChangeListener;
import org.keycloak.userprofile.AttributeMetadata;
import org.keycloak.userprofile.Attributes;
import org.keycloak.userprofile.EventAuditingAttributeChangeListener;
import org.keycloak.userprofile.UserProfile;
import org.keycloak.userprofile.UserProfileContext;
import org.keycloak.userprofile.UserProfileProvider;
import org.keycloak.userprofile.ValidationException;
import org.keycloak.utils.MediaType;
import org.keycloak.validate.Validators;

/* loaded from: input_file:org/keycloak/services/resources/account/AccountRestService.class */
public class AccountRestService {

    @Context
    private HttpRequest request;

    @Context
    protected HttpHeaders headers;

    @Context
    protected ClientConnection clientConnection;
    private final KeycloakSession session;
    private final ClientModel client;
    private final EventBuilder event;
    private EventStoreProvider eventStore;
    private Auth auth;
    private final RealmModel realm;
    private final UserModel user;
    private final Locale locale;
    private final AccountRestApiVersion version;

    public AccountRestService(KeycloakSession keycloakSession, Auth auth, ClientModel clientModel, EventBuilder eventBuilder, AccountRestApiVersion accountRestApiVersion) {
        this.session = keycloakSession;
        this.auth = auth;
        this.realm = auth.getRealm();
        this.user = auth.getUser();
        this.client = clientModel;
        this.event = eventBuilder;
        this.locale = keycloakSession.getContext().resolveLocale(this.user);
        this.version = accountRestApiVersion;
        eventBuilder.client(auth.getClient()).user(auth.getUser());
    }

    public void init() {
        this.eventStore = this.session.getProvider(EventStoreProvider.class);
    }

    @GET
    @Path("/")
    @NoCache
    @Produces({MediaType.APPLICATION_JSON})
    public UserRepresentation account(@QueryParam("userProfileMetadata") Boolean bool) {
        this.auth.requireOneOf("manage-account", "view-profile");
        UserModel user = this.auth.getUser();
        UserRepresentation userRepresentation = new UserRepresentation();
        userRepresentation.setId(user.getId());
        UserProfile create = this.session.getProvider(UserProfileProvider.class).create(UserProfileContext.ACCOUNT, user);
        userRepresentation.setAttributes(create.getAttributes().getReadable(false));
        addReadableBuiltinAttributes(user, userRepresentation, create.getAttributes().getReadable(true).keySet());
        if (bool == null || bool.booleanValue()) {
            userRepresentation.setUserProfileMetadata(createUserProfileMetadata(create));
        }
        return userRepresentation;
    }

    private void addReadableBuiltinAttributes(UserModel userModel, UserRepresentation userRepresentation, Set<String> set) {
        Objects.requireNonNull(userRepresentation);
        Consumer consumer = userRepresentation::setUsername;
        Objects.requireNonNull(userModel);
        setIfReadable("username", set, consumer, userModel::getUsername);
        Objects.requireNonNull(userRepresentation);
        Consumer consumer2 = userRepresentation::setFirstName;
        Objects.requireNonNull(userModel);
        setIfReadable("firstName", set, consumer2, userModel::getFirstName);
        Objects.requireNonNull(userRepresentation);
        Consumer consumer3 = userRepresentation::setLastName;
        Objects.requireNonNull(userModel);
        setIfReadable("lastName", set, consumer3, userModel::getLastName);
        Objects.requireNonNull(userRepresentation);
        Consumer consumer4 = userRepresentation::setEmail;
        Objects.requireNonNull(userModel);
        setIfReadable("email", set, consumer4, userModel::getEmail);
        Objects.requireNonNull(userRepresentation);
        Consumer consumer5 = (v1) -> {
            r3.setEmailVerified(v1);
        };
        Objects.requireNonNull(userModel);
        setIfReadable("email", set, consumer5, userModel::isEmailVerified);
    }

    private <T> void setIfReadable(String str, Set<String> set, Consumer<T> consumer, Supplier<T> supplier) {
        if (set.contains(str)) {
            consumer.accept(supplier.get());
        }
    }

    private UserProfileMetadata createUserProfileMetadata(UserProfile userProfile) {
        Map readable = userProfile.getAttributes().getReadable();
        if (readable == null) {
            return null;
        }
        return new UserProfileMetadata((List) readable.keySet().stream().map(str -> {
            return userProfile.getAttributes().getMetadata(str);
        }).filter((v0) -> {
            return Objects.nonNull(v0);
        }).sorted((attributeMetadata, attributeMetadata2) -> {
            return Integer.compare(attributeMetadata.getGuiOrder(), attributeMetadata2.getGuiOrder());
        }).map(attributeMetadata3 -> {
            return toRestMetadata(attributeMetadata3, userProfile);
        }).collect(Collectors.toList()));
    }

    private UserProfileAttributeMetadata toRestMetadata(AttributeMetadata attributeMetadata, UserProfile userProfile) {
        return new UserProfileAttributeMetadata(attributeMetadata.getName(), attributeMetadata.getAttributeDisplayName(), userProfile.getAttributes().isRequired(attributeMetadata.getName()), userProfile.getAttributes().isReadOnly(attributeMetadata.getName()), attributeMetadata.getAnnotations(), toValidatorMetadata(attributeMetadata));
    }

    private Map<String, Map<String, Object>> toValidatorMetadata(AttributeMetadata attributeMetadata) {
        if (attributeMetadata.getValidators() == null) {
            return null;
        }
        return (Map) attributeMetadata.getValidators().stream().filter(attributeValidatorMetadata -> {
            return Validators.validator(this.session, attributeValidatorMetadata.getValidatorId()) instanceof ConfiguredProvider;
        }).collect(Collectors.toMap((v0) -> {
            return v0.getValidatorId();
        }, (v0) -> {
            return v0.getValidatorConfig();
        }));
    }

    @Path("/")
    @NoCache
    @Consumes({MediaType.APPLICATION_JSON})
    @POST
    @Produces({MediaType.APPLICATION_JSON})
    public Response updateAccount(UserRepresentation userRepresentation) {
        this.auth.require("manage-account");
        this.event.event(EventType.UPDATE_PROFILE).detail("context", UserProfileContext.ACCOUNT.name());
        UserProfile create = this.session.getProvider(UserProfileProvider.class).create(UserProfileContext.ACCOUNT, userRepresentation.toAttributes(), this.auth.getUser());
        try {
            create.update(new AttributeChangeListener[]{new EventAuditingAttributeChangeListener(create, this.event)});
            this.event.success();
            return Response.noContent().build();
        } catch (ValidationException e) {
            ArrayList arrayList = new ArrayList();
            for (ValidationException.Error error : e.getErrors()) {
                arrayList.add(new ErrorRepresentation(error.getAttribute(), error.getMessage(), validationErrorParamsToString(error.getMessageParameters(), create.getAttributes())));
            }
            return ErrorResponse.errors(arrayList, e.getStatusCode(), false);
        } catch (ReadOnlyException e2) {
            return ErrorResponse.error(Messages.READ_ONLY_USER, Response.Status.BAD_REQUEST);
        }
    }

    private String[] validationErrorParamsToString(Object[] objArr, Attributes attributes) {
        if (objArr == null) {
            return null;
        }
        String[] strArr = new String[objArr.length];
        int i = 0;
        for (Object obj : objArr) {
            if (obj == null) {
                i++;
            } else if (i == 0) {
                AttributeMetadata metadata = attributes.getMetadata(obj.toString());
                if (metadata != null) {
                    int i2 = i;
                    i++;
                    strArr[i2] = metadata.getAttributeDisplayName();
                } else {
                    int i3 = i;
                    i++;
                    strArr[i3] = obj.toString();
                }
            } else {
                int i4 = i;
                i++;
                strArr[i4] = obj.toString();
            }
        }
        return strArr;
    }

    @Path("/sessions")
    public SessionResource sessions() {
        checkAccountApiEnabled();
        this.auth.requireOneOf("manage-account", "view-profile");
        return new SessionResource(this.session, this.auth, this.request);
    }

    @Path("/credentials")
    public AccountCredentialResource credentials() {
        checkAccountApiEnabled();
        return new AccountCredentialResource(this.session, this.user, this.auth);
    }

    @Path("/resources")
    public ResourcesService resources() {
        checkAccountApiEnabled();
        this.auth.requireOneOf("manage-account", "view-profile");
        return new ResourcesService(this.session, this.user, this.auth, this.request);
    }

    private ClientRepresentation modelToRepresentation(ClientModel clientModel, List<String> list, List<String> list2, Map<String, UserConsentModel> map) {
        ClientRepresentation clientRepresentation = new ClientRepresentation();
        clientRepresentation.setClientId(clientModel.getClientId());
        clientRepresentation.setClientName(StringPropertyReplacer.replaceProperties(clientModel.getName(), getProperties()));
        clientRepresentation.setDescription(clientModel.getDescription());
        clientRepresentation.setUserConsentRequired(clientModel.isConsentRequired());
        clientRepresentation.setInUse(list.contains(clientModel.getClientId()));
        clientRepresentation.setOfflineAccess(list2.contains(clientModel.getClientId()));
        clientRepresentation.setRootUrl(clientModel.getRootUrl());
        clientRepresentation.setBaseUrl(clientModel.getBaseUrl());
        clientRepresentation.setEffectiveUrl(ResolveRelative.resolveRelativeUri(this.session, clientModel.getRootUrl(), clientModel.getBaseUrl()));
        UserConsentModel userConsentModel = map.get(clientModel.getClientId());
        if (userConsentModel != null) {
            clientRepresentation.setConsent(modelToRepresentation(userConsentModel));
            clientRepresentation.setLogoUri(clientModel.getAttribute("logoUri"));
            clientRepresentation.setPolicyUri(clientModel.getAttribute("policyUri"));
            clientRepresentation.setTosUri(clientModel.getAttribute("tosUri"));
        }
        return clientRepresentation;
    }

    private ConsentRepresentation modelToRepresentation(UserConsentModel userConsentModel) {
        return new ConsentRepresentation((List) userConsentModel.getGrantedClientScopes().stream().map(clientScopeModel -> {
            return new ConsentScopeRepresentation(clientScopeModel.getId(), clientScopeModel.getName(), StringPropertyReplacer.replaceProperties(clientScopeModel.getConsentScreenText(), getProperties()));
        }).collect(Collectors.toList()), userConsentModel.getCreatedDate(), userConsentModel.getLastUpdatedDate());
    }

    private Properties getProperties() {
        try {
            return this.session.theme().getTheme(Theme.Type.ACCOUNT).getMessages(this.locale);
        } catch (IOException e) {
            return null;
        }
    }

    @GET
    @Produces({MediaType.APPLICATION_JSON})
    @Path("/applications/{clientId}/consent")
    public Response getConsent(@PathParam("clientId") String str) {
        checkAccountApiEnabled();
        this.auth.requireOneOf("manage-account", "view-consent", "manage-consent");
        ClientModel clientByClientId = this.realm.getClientByClientId(str);
        if (clientByClientId == null) {
            return ErrorResponse.error("No client with clientId: " + str + " found.", Response.Status.NOT_FOUND);
        }
        UserConsentModel consentByClient = this.session.users().getConsentByClient(this.realm, this.user.getId(), clientByClientId.getId());
        return consentByClient == null ? Response.noContent().build() : Response.ok(modelToRepresentation(consentByClient)).build();
    }

    @Path("/applications/{clientId}/consent")
    @DELETE
    public Response revokeConsent(@PathParam("clientId") String str) {
        checkAccountApiEnabled();
        this.auth.requireOneOf("manage-account", "manage-consent");
        this.event.event(EventType.REVOKE_GRANT);
        ClientModel clientByClientId = this.realm.getClientByClientId(str);
        if (clientByClientId == null) {
            String format = String.format("No client with clientId: %s found.", str);
            this.event.error(format);
            return ErrorResponse.error(format, Response.Status.NOT_FOUND);
        }
        UserConsentManager.revokeConsentToClient(this.session, clientByClientId, this.user);
        this.event.detail("revoked_client", clientByClientId.getClientId()).success();
        return Response.noContent().build();
    }

    @POST
    @Produces({MediaType.APPLICATION_JSON})
    @Path("/applications/{clientId}/consent")
    public Response grantConsent(@PathParam("clientId") String str, ConsentRepresentation consentRepresentation) {
        this.event.event(EventType.GRANT_CONSENT);
        return upsert(str, consentRepresentation);
    }

    @Produces({MediaType.APPLICATION_JSON})
    @Path("/applications/{clientId}/consent")
    @PUT
    public Response updateConsent(@PathParam("clientId") String str, ConsentRepresentation consentRepresentation) {
        this.event.event(EventType.UPDATE_CONSENT);
        return upsert(str, consentRepresentation);
    }

    private Response upsert(String str, ConsentRepresentation consentRepresentation) {
        checkAccountApiEnabled();
        this.auth.requireOneOf("manage-account", "manage-consent");
        ClientModel clientByClientId = this.realm.getClientByClientId(str);
        if (clientByClientId == null) {
            String format = String.format("No client with clientId: %s found.", str);
            this.event.error(format);
            return ErrorResponse.error(format, Response.Status.NOT_FOUND);
        }
        try {
            UserConsentModel createConsent = createConsent(clientByClientId, consentRepresentation);
            if (this.session.users().getConsentByClient(this.realm, this.user.getId(), clientByClientId.getId()) == null) {
                this.session.users().addConsent(this.realm, this.user.getId(), createConsent);
                this.event.event(EventType.GRANT_CONSENT);
            } else {
                this.session.users().updateConsent(this.realm, this.user.getId(), createConsent);
                this.event.event(EventType.UPDATE_CONSENT);
            }
            this.event.detail("granted_client", clientByClientId.getClientId());
            this.event.detail("scope", (String) createConsent.getGrantedClientScopes().stream().map(clientScopeModel -> {
                return clientScopeModel.getName();
            }).collect(Collectors.joining(" "))).success();
            return Response.ok(modelToRepresentation(this.session.users().getConsentByClient(this.realm, this.user.getId(), clientByClientId.getId()))).build();
        } catch (IllegalArgumentException e) {
            return ErrorResponse.error(e.getMessage(), Response.Status.BAD_REQUEST);
        }
    }

    private UserConsentModel createConsent(ClientModel clientModel, ConsentRepresentation consentRepresentation) throws IllegalArgumentException {
        UserConsentModel userConsentModel = new UserConsentModel(clientModel);
        Map map = (Map) this.realm.getClientScopesStream().collect(Collectors.toMap((v0) -> {
            return v0.getId();
        }, Function.identity()));
        if (clientModel.isConsentRequired()) {
            map.put(clientModel.getId(), clientModel);
        }
        for (ConsentScopeRepresentation consentScopeRepresentation : consentRepresentation.getGrantedScopes()) {
            ClientScopeModel clientScopeModel = (ClientScopeModel) map.get(consentScopeRepresentation.getId());
            if (clientScopeModel == null) {
                String format = String.format("Scope id %s does not exist for client %s.", consentScopeRepresentation, userConsentModel.getClient().getName());
                this.event.error(format);
                throw new IllegalArgumentException(format);
            }
            userConsentModel.addGrantedClientScope(clientScopeModel);
        }
        return userConsentModel;
    }

    @Path("/linked-accounts")
    public LinkedAccountsResource linkedAccounts() {
        return new LinkedAccountsResource(this.session, this.request, this.client, this.auth, this.event, this.user);
    }

    @GET
    @Path("/applications")
    @NoCache
    @Produces({MediaType.APPLICATION_JSON})
    public Stream<ClientRepresentation> applications(@QueryParam("name") String str) {
        checkAccountApiEnabled();
        this.auth.requireOneOf("manage-account", "view-applications");
        HashSet hashSet = new HashSet();
        LinkedList linkedList = new LinkedList();
        hashSet.addAll((Collection) this.session.sessions().getUserSessionsStream(this.realm, this.user).flatMap(userSessionModel -> {
            return userSessionModel.getAuthenticatedClientSessions().values().stream();
        }).map((v0) -> {
            return v0.getClient();
        }).peek(clientModel -> {
            linkedList.add(clientModel.getClientId());
        }).collect(Collectors.toSet()));
        LinkedList linkedList2 = new LinkedList();
        hashSet.addAll((Collection) this.session.sessions().getOfflineUserSessionsStream(this.realm, this.user).flatMap(userSessionModel2 -> {
            return userSessionModel2.getAuthenticatedClientSessions().values().stream();
        }).map((v0) -> {
            return v0.getClient();
        }).peek(clientModel2 -> {
            linkedList2.add(clientModel2.getClientId());
        }).collect(Collectors.toSet()));
        HashMap hashMap = new HashMap();
        hashSet.addAll((Collection) this.session.users().getConsentsStream(this.realm, this.user.getId()).peek(userConsentModel -> {
            hashMap.put(userConsentModel.getClient().getClientId(), userConsentModel);
        }).map((v0) -> {
            return v0.getClient();
        }).collect(Collectors.toSet()));
        Stream alwaysDisplayInConsoleClientsStream = this.realm.getAlwaysDisplayInConsoleClientsStream();
        Objects.requireNonNull(hashSet);
        alwaysDisplayInConsoleClientsStream.forEach((v1) -> {
            r1.add(v1);
        });
        return hashSet.stream().filter(clientModel3 -> {
            return (clientModel3.isBearerOnly() || clientModel3.getClientId().isEmpty()) ? false : true;
        }).filter(clientModel4 -> {
            return matches(clientModel4, str);
        }).map(clientModel5 -> {
            return modelToRepresentation(clientModel5, linkedList, linkedList2, hashMap);
        });
    }

    private boolean matches(ClientModel clientModel, String str) {
        if (str == null) {
            return true;
        }
        if (clientModel.getName() == null) {
            return false;
        }
        return clientModel.getName().toLowerCase().contains(str.toLowerCase());
    }

    private static void checkAccountApiEnabled() {
        if (!Profile.isFeatureEnabled(Profile.Feature.ACCOUNT_API)) {
            throw new NotFoundException();
        }
    }
}
