package org.keycloak.services.resources.admin;

import java.text.MessageFormat;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Set;
import java.util.stream.Collectors;
import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriInfo;
import org.jboss.logging.Logger;
import org.jboss.resteasy.annotations.cache.NoCache;
import org.jboss.resteasy.spi.NotFoundException;
import org.keycloak.common.ClientConnection;
import org.keycloak.events.admin.OperationType;
import org.keycloak.events.admin.ResourceType;
import org.keycloak.models.ClientModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.ModelException;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleMapperModel;
import org.keycloak.models.RoleModel;
import org.keycloak.models.utils.ModelToRepresentation;
import org.keycloak.representations.idm.ClientMappingsRepresentation;
import org.keycloak.representations.idm.MappingsRepresentation;
import org.keycloak.representations.idm.RoleRepresentation;
import org.keycloak.services.ErrorResponseException;
import org.keycloak.services.managers.RealmManager;
import org.keycloak.services.resources.admin.permissions.AdminPermissionEvaluator;
import org.keycloak.utils.MediaType;

/* loaded from: input_file:org/keycloak/services/resources/admin/RoleMapperResource.class */
public class RoleMapperResource {
    protected static final Logger logger = Logger.getLogger(RoleMapperResource.class);
    protected RealmModel realm;
    private RoleMapperModel roleMapper;
    private AdminEventBuilder adminEvent;
    protected AdminPermissionEvaluator.RequirePermissionCheck managePermission;
    protected AdminPermissionEvaluator.RequirePermissionCheck viewPermission;
    private AdminPermissionEvaluator auth;

    @Context
    protected ClientConnection clientConnection;

    @Context
    protected KeycloakSession session;

    @Context
    protected HttpHeaders headers;

    public RoleMapperResource(RealmModel realmModel, AdminPermissionEvaluator adminPermissionEvaluator, RoleMapperModel roleMapperModel, AdminEventBuilder adminEventBuilder, AdminPermissionEvaluator.RequirePermissionCheck requirePermissionCheck, AdminPermissionEvaluator.RequirePermissionCheck requirePermissionCheck2) {
        this.auth = adminPermissionEvaluator;
        this.realm = realmModel;
        this.adminEvent = adminEventBuilder.resource(ResourceType.REALM_ROLE_MAPPING);
        this.roleMapper = roleMapperModel;
        this.managePermission = requirePermissionCheck;
        this.viewPermission = requirePermissionCheck2;
    }

    @GET
    @Produces({MediaType.APPLICATION_JSON})
    @NoCache
    public MappingsRepresentation getRoleMappings() {
        this.viewPermission.require();
        MappingsRepresentation mappingsRepresentation = new MappingsRepresentation();
        Set realmRoleMappings = this.roleMapper.getRealmRoleMappings();
        new RealmManager(this.session);
        if (realmRoleMappings.size() > 0) {
            ArrayList arrayList = new ArrayList();
            Iterator it = realmRoleMappings.iterator();
            while (it.hasNext()) {
                arrayList.add(ModelToRepresentation.toBriefRepresentation((RoleModel) it.next()));
            }
            mappingsRepresentation.setRealmMappings(arrayList);
        }
        List<ClientModel> clients = this.realm.getClients();
        if (clients.size() > 0) {
            HashMap hashMap = new HashMap();
            for (ClientModel clientModel : clients) {
                Set clientRoleMappings = this.roleMapper.getClientRoleMappings(clientModel);
                if (clientRoleMappings.size() > 0) {
                    ClientMappingsRepresentation clientMappingsRepresentation = new ClientMappingsRepresentation();
                    clientMappingsRepresentation.setId(clientModel.getId());
                    clientMappingsRepresentation.setClient(clientModel.getClientId());
                    ArrayList arrayList2 = new ArrayList();
                    clientMappingsRepresentation.setMappings(arrayList2);
                    Iterator it2 = clientRoleMappings.iterator();
                    while (it2.hasNext()) {
                        arrayList2.add(ModelToRepresentation.toBriefRepresentation((RoleModel) it2.next()));
                    }
                    hashMap.put(clientModel.getClientId(), clientMappingsRepresentation);
                    mappingsRepresentation.setClientMappings(hashMap);
                }
            }
        }
        return mappingsRepresentation;
    }

    @GET
    @Path("realm")
    @NoCache
    @Produces({MediaType.APPLICATION_JSON})
    public List<RoleRepresentation> getRealmRoleMappings() {
        this.viewPermission.require();
        Set realmRoleMappings = this.roleMapper.getRealmRoleMappings();
        ArrayList arrayList = new ArrayList();
        Iterator it = realmRoleMappings.iterator();
        while (it.hasNext()) {
            arrayList.add(ModelToRepresentation.toBriefRepresentation((RoleModel) it.next()));
        }
        return arrayList;
    }

    @GET
    @Path("realm/composite")
    @NoCache
    @Produces({MediaType.APPLICATION_JSON})
    public List<RoleRepresentation> getCompositeRealmRoleMappings() {
        this.viewPermission.require();
        Set<RoleModel> roles = this.realm.getRoles();
        ArrayList arrayList = new ArrayList();
        for (RoleModel roleModel : roles) {
            if (this.roleMapper.hasRole(roleModel)) {
                arrayList.add(ModelToRepresentation.toBriefRepresentation(roleModel));
            }
        }
        return arrayList;
    }

    @GET
    @Path("realm/available")
    @NoCache
    @Produces({MediaType.APPLICATION_JSON})
    public List<RoleRepresentation> getAvailableRealmRoleMappings() {
        this.viewPermission.require();
        return ClientRoleMappingsResource.getAvailableRoles(this.roleMapper, (Set) this.realm.getRoles().stream().filter(roleModel -> {
            return canMapRole(roleModel);
        }).collect(Collectors.toSet()));
    }

    @POST
    @Path("realm")
    @Consumes({MediaType.APPLICATION_JSON})
    public void addRealmRoleMappings(List<RoleRepresentation> list) {
        this.managePermission.require();
        logger.debugv("** addRealmRoleMappings: {0}", list);
        for (RoleRepresentation roleRepresentation : list) {
            RoleModel role = this.realm.getRole(roleRepresentation.getName());
            if (role == null || !role.getId().equals(roleRepresentation.getId())) {
                throw new NotFoundException("Role not found");
            }
            this.auth.roles().requireMapRole(role);
            this.roleMapper.grantRole(role);
        }
        this.adminEvent.operation(OperationType.CREATE).resourcePath((UriInfo) this.session.getContext().getUri()).representation(list).success();
    }

    @Path("realm")
    @Consumes({MediaType.APPLICATION_JSON})
    @DELETE
    public void deleteRealmRoleMappings(List<RoleRepresentation> list) {
        this.managePermission.require();
        logger.debug("deleteRealmRoleMappings");
        if (list == null) {
            Set<RoleModel> realmRoleMappings = this.roleMapper.getRealmRoleMappings();
            list = new LinkedList();
            for (RoleModel roleModel : realmRoleMappings) {
                this.auth.roles().requireMapRole(roleModel);
                this.roleMapper.deleteRoleMapping(roleModel);
                list.add(ModelToRepresentation.toBriefRepresentation(roleModel));
            }
        } else {
            for (RoleRepresentation roleRepresentation : list) {
                RoleModel role = this.realm.getRole(roleRepresentation.getName());
                if (role == null || !role.getId().equals(roleRepresentation.getId())) {
                    throw new NotFoundException("Role not found");
                }
                this.auth.roles().requireMapRole(role);
                try {
                    this.roleMapper.deleteRoleMapping(role);
                } catch (ModelException e) {
                    throw new ErrorResponseException(e.getMessage(), MessageFormat.format(AdminRoot.getMessages(this.session, this.realm, this.auth.adminAuth().getToken().getLocale()).getProperty(e.getMessage(), e.getMessage()), e.getParameters()), Response.Status.BAD_REQUEST);
                }
            }
        }
        this.adminEvent.operation(OperationType.DELETE).resourcePath((UriInfo) this.session.getContext().getUri()).representation(list).success();
    }

    private boolean canMapRole(RoleModel roleModel) {
        return this.auth.roles().canMapRole(roleModel);
    }

    @Path("clients/{client}")
    public ClientRoleMappingsResource getUserClientRoleMappingsResource(@PathParam("client") String str) {
        ClientModel clientById = this.realm.getClientById(str);
        if (clientById == null) {
            throw new NotFoundException("Client not found");
        }
        return new ClientRoleMappingsResource(this.session.getContext().getUri(), this.session, this.realm, this.auth, this.roleMapper, clientById, this.adminEvent, this.managePermission, this.viewPermission);
    }
}
