package org.keycloak.services.resources.admin;

import jakarta.ws.rs.Consumes;
import jakarta.ws.rs.DELETE;
import jakarta.ws.rs.GET;
import jakarta.ws.rs.NotFoundException;
import jakarta.ws.rs.POST;
import jakarta.ws.rs.PUT;
import jakarta.ws.rs.Path;
import jakarta.ws.rs.PathParam;
import jakarta.ws.rs.Produces;
import jakarta.ws.rs.core.Response;
import jakarta.ws.rs.core.UriInfo;
import java.text.MessageFormat;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import java.util.stream.Stream;
import org.eclipse.microprofile.openapi.annotations.Operation;
import org.eclipse.microprofile.openapi.annotations.extensions.Extension;
import org.eclipse.microprofile.openapi.annotations.parameters.Parameter;
import org.eclipse.microprofile.openapi.annotations.tags.Tag;
import org.jboss.logging.Logger;
import org.jboss.resteasy.annotations.cache.NoCache;
import org.keycloak.events.admin.OperationType;
import org.keycloak.events.admin.ResourceType;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.ModelDuplicateException;
import org.keycloak.models.ProtocolMapperContainerModel;
import org.keycloak.models.ProtocolMapperModel;
import org.keycloak.models.RealmModel;
import org.keycloak.models.utils.ModelToRepresentation;
import org.keycloak.models.utils.RepresentationToModel;
import org.keycloak.protocol.ProtocolMapper;
import org.keycloak.protocol.ProtocolMapperConfigException;
import org.keycloak.protocol.ProtocolMapperUtils;
import org.keycloak.representations.idm.ProtocolMapperRepresentation;
import org.keycloak.services.ErrorResponse;
import org.keycloak.services.ErrorResponseException;
import org.keycloak.services.resources.KeycloakOpenAPI;
import org.keycloak.services.resources.admin.permissions.AdminPermissionEvaluator;
import org.keycloak.utils.MediaType;

@Extension(name = KeycloakOpenAPI.Profiles.ADMIN, value = "")
/* loaded from: input_file:org/keycloak/services/resources/admin/ProtocolMappersResource.class */
public class ProtocolMappersResource {
    protected static final Logger logger = Logger.getLogger(ProtocolMappersResource.class);
    protected final RealmModel realm;
    protected final ProtocolMapperContainerModel client;
    protected final AdminPermissionEvaluator auth;
    protected final AdminPermissionEvaluator.RequirePermissionCheck managePermission;
    protected final AdminPermissionEvaluator.RequirePermissionCheck viewPermission;
    protected final AdminEventBuilder adminEvent;
    protected final KeycloakSession session;

    public ProtocolMappersResource(KeycloakSession keycloakSession, ProtocolMapperContainerModel protocolMapperContainerModel, AdminPermissionEvaluator adminPermissionEvaluator, AdminEventBuilder adminEventBuilder, AdminPermissionEvaluator.RequirePermissionCheck requirePermissionCheck, AdminPermissionEvaluator.RequirePermissionCheck requirePermissionCheck2) {
        this.session = keycloakSession;
        this.realm = keycloakSession.getContext().getRealm();
        this.auth = adminPermissionEvaluator;
        this.client = protocolMapperContainerModel;
        this.adminEvent = adminEventBuilder.resource(ResourceType.PROTOCOL_MAPPER);
        this.managePermission = requirePermissionCheck;
        this.viewPermission = requirePermissionCheck2;
    }

    @NoCache
    @Produces({MediaType.APPLICATION_JSON})
    @Tag(name = KeycloakOpenAPI.Admin.Tags.PROTOCOL_MAPPERS)
    @Operation(summary = "Get mappers by name for a specific protocol")
    @GET
    @Path("protocol/{protocol}")
    public Stream<ProtocolMapperRepresentation> getMappersPerProtocol(@PathParam("protocol") String str) {
        this.viewPermission.require();
        return this.client.getProtocolMappersStream().filter(protocolMapperModel -> {
            return ProtocolMapperUtils.isEnabled(this.session, protocolMapperModel) && Objects.equals(protocolMapperModel.getProtocol(), str);
        }).map(ModelToRepresentation::toRepresentation);
    }

    @NoCache
    @Tag(name = KeycloakOpenAPI.Admin.Tags.PROTOCOL_MAPPERS)
    @Operation(summary = "Create a mapper")
    @POST
    @Path("models")
    @Consumes({MediaType.APPLICATION_JSON})
    public Response createMapper(ProtocolMapperRepresentation protocolMapperRepresentation) {
        this.managePermission.require();
        try {
            ProtocolMapperModel model = RepresentationToModel.toModel(protocolMapperRepresentation);
            validateModel(model);
            ProtocolMapperModel addProtocolMapper = this.client.addProtocolMapper(model);
            this.adminEvent.operation(OperationType.CREATE).resourcePath(this.session.getContext().getUri(), addProtocolMapper.getId()).representation(protocolMapperRepresentation).success();
            return Response.created(this.session.getContext().getUri().getAbsolutePathBuilder().path(addProtocolMapper.getId()).build(new Object[0])).build();
        } catch (ModelDuplicateException e) {
            throw ErrorResponse.exists("Protocol mapper exists with same name");
        }
    }

    @NoCache
    @Tag(name = KeycloakOpenAPI.Admin.Tags.PROTOCOL_MAPPERS)
    @Operation(summary = "Create multiple mappers")
    @POST
    @Path("add-models")
    @Consumes({MediaType.APPLICATION_JSON})
    public void createMapper(List<ProtocolMapperRepresentation> list) {
        this.managePermission.require();
        Iterator<ProtocolMapperRepresentation> it = list.iterator();
        while (it.hasNext()) {
            ProtocolMapperModel model = RepresentationToModel.toModel(it.next());
            validateModel(model);
            this.client.addProtocolMapper(model);
        }
        this.adminEvent.operation(OperationType.CREATE).resourcePath((UriInfo) this.session.getContext().getUri()).representation(list).success();
    }

    @NoCache
    @Produces({MediaType.APPLICATION_JSON})
    @Tag(name = KeycloakOpenAPI.Admin.Tags.PROTOCOL_MAPPERS)
    @Operation(summary = "Get mappers")
    @GET
    @Path("models")
    public Stream<ProtocolMapperRepresentation> getMappers() {
        this.viewPermission.require();
        return this.client.getProtocolMappersStream().filter(protocolMapperModel -> {
            return ProtocolMapperUtils.isEnabled(this.session, protocolMapperModel);
        }).map(ModelToRepresentation::toRepresentation);
    }

    @NoCache
    @Produces({MediaType.APPLICATION_JSON})
    @Tag(name = KeycloakOpenAPI.Admin.Tags.PROTOCOL_MAPPERS)
    @Operation(summary = "Get mapper by id")
    @GET
    @Path("models/{id}")
    public ProtocolMapperRepresentation getMapperById(@Parameter(description = "Mapper id") @PathParam("id") String str) {
        this.viewPermission.require();
        ProtocolMapperModel protocolMapperById = this.client.getProtocolMapperById(str);
        if (protocolMapperById == null) {
            throw new NotFoundException("Model not found");
        }
        return ModelToRepresentation.toRepresentation(protocolMapperById);
    }

    @NoCache
    @Tag(name = KeycloakOpenAPI.Admin.Tags.PROTOCOL_MAPPERS)
    @Operation(summary = "Update the mapper")
    @PUT
    @Path("models/{id}")
    @Consumes({MediaType.APPLICATION_JSON})
    public void update(@Parameter(description = "Mapper id") @PathParam("id") String str, ProtocolMapperRepresentation protocolMapperRepresentation) {
        this.managePermission.require();
        if (this.client.getProtocolMapperById(str) == null) {
            throw new NotFoundException("Model not found");
        }
        ProtocolMapperModel model = RepresentationToModel.toModel(protocolMapperRepresentation);
        validateModel(model);
        this.client.updateProtocolMapper(model);
        this.adminEvent.operation(OperationType.UPDATE).resourcePath((UriInfo) this.session.getContext().getUri()).representation(protocolMapperRepresentation).success();
    }

    @NoCache
    @Tag(name = KeycloakOpenAPI.Admin.Tags.PROTOCOL_MAPPERS)
    @Operation(summary = "Delete the mapper")
    @DELETE
    @Path("models/{id}")
    public void delete(@Parameter(description = "Mapper id") @PathParam("id") String str) {
        this.managePermission.require();
        ProtocolMapperModel protocolMapperById = this.client.getProtocolMapperById(str);
        if (protocolMapperById == null) {
            throw new NotFoundException("Model not found");
        }
        this.client.removeProtocolMapper(protocolMapperById);
        this.adminEvent.operation(OperationType.DELETE).resourcePath((UriInfo) this.session.getContext().getUri()).success();
    }

    private void validateModel(ProtocolMapperModel protocolMapperModel) {
        try {
            ProtocolMapper providerFactory = this.session.getKeycloakSessionFactory().getProviderFactory(ProtocolMapper.class, protocolMapperModel.getProtocolMapper());
            if (providerFactory == null) {
                throw new NotFoundException("ProtocolMapper provider not found");
            }
            providerFactory.validateConfig(this.session, this.realm, this.client, protocolMapperModel);
        } catch (ProtocolMapperConfigException e) {
            logger.error(e.getMessage());
            throw new ErrorResponseException(e.getMessage(), MessageFormat.format(AdminRoot.getMessages(this.session, this.realm, this.auth.adminAuth().getToken().getLocale()).getProperty(e.getMessageKey(), e.getMessage()), e.getParameters()), Response.Status.BAD_REQUEST);
        }
    }
}
