package org.keycloak.admin.ui.rest;

import jakarta.ws.rs.Consumes;
import jakarta.ws.rs.DefaultValue;
import jakarta.ws.rs.GET;
import jakarta.ws.rs.Path;
import jakarta.ws.rs.PathParam;
import jakarta.ws.rs.Produces;
import jakarta.ws.rs.QueryParam;
import java.util.List;
import java.util.Objects;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.eclipse.microprofile.openapi.annotations.Operation;
import org.eclipse.microprofile.openapi.annotations.enums.SchemaType;
import org.eclipse.microprofile.openapi.annotations.media.Content;
import org.eclipse.microprofile.openapi.annotations.media.Schema;
import org.eclipse.microprofile.openapi.annotations.responses.APIResponse;
import org.eclipse.microprofile.openapi.annotations.tags.Tag;
import org.jboss.resteasy.reactive.NoCache;
import org.keycloak.admin.ui.rest.model.Authentication;
import org.keycloak.admin.ui.rest.model.AuthenticationMapper;
import org.keycloak.admin.ui.rest.model.ConfigurableRequiredActionProviderRepresentation;
import org.keycloak.authentication.RequiredActionProvider;
import org.keycloak.models.AuthenticationFlowModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RequiredActionProviderModel;
import org.keycloak.representations.idm.RequiredActionProviderRepresentation;
import org.keycloak.services.resources.admin.permissions.AdminPermissionEvaluator;

/* loaded from: input_file:org/keycloak/admin/ui/rest/AuthenticationManagementResource.class */
public class AuthenticationManagementResource extends RoleMappingResource {
    public AuthenticationManagementResource(KeycloakSession keycloakSession, RealmModel realmModel, AdminPermissionEvaluator adminPermissionEvaluator) {
        super(keycloakSession, realmModel, adminPermissionEvaluator);
    }

    @Produces({"application/json"})
    @Operation(summary = "List all authentication flows for this realm", description = "This endpoint returns all the authentication flows and lists if there they are used.")
    @APIResponse(responseCode = "200", description = "", content = {@Content(schema = @Schema(implementation = Authentication.class, type = SchemaType.ARRAY))})
    @GET
    @Path("/flows")
    @Consumes({"application/json"})
    public final List<Authentication> listIdentityProviders() {
        this.auth.realm().requireViewAuthenticationFlows();
        return (List) this.realm.getAuthenticationFlowsStream().filter(authenticationFlowModel -> {
            return authenticationFlowModel.isTopLevel() && !Objects.equals(authenticationFlowModel.getAlias(), "saml ecp");
        }).map(authenticationFlowModel2 -> {
            return AuthenticationMapper.convertToModel(authenticationFlowModel2, this.realm);
        }).collect(Collectors.toList());
    }

    @Produces({"application/json"})
    @Operation(summary = "List all clients or identity providers that this flow is used by", description = "List all the clients or identity providers this flow is used by as a paginated list")
    @APIResponse(responseCode = "200", description = "", content = {@Content(schema = @Schema(implementation = String.class, type = SchemaType.ARRAY))})
    @GET
    @Path("/{type}/{id}")
    @Consumes({"application/json"})
    public final List<String> listUsed(@PathParam("id") String str, @PathParam("type") String str2, @QueryParam("first") @DefaultValue("0") long j, @QueryParam("max") @DefaultValue("10") long j2, @QueryParam("search") @DefaultValue("") String str3) {
        this.auth.realm().requireViewAuthenticationFlows();
        AuthenticationFlowModel authenticationFlowModel = (AuthenticationFlowModel) ((List) this.realm.getAuthenticationFlowsStream().filter(authenticationFlowModel2 -> {
            return str.equals(authenticationFlowModel2.getId());
        }).collect(Collectors.toList())).get(0);
        if ("clients".equals(str2)) {
            return (List) this.realm.getClientsStream().filter(clientModel -> {
                return (clientModel.getAuthenticationFlowBindingOverrides().get("browser") != null && ((String) clientModel.getAuthenticationFlowBindingOverrides().get("browser")).equals(authenticationFlowModel.getId())) || (clientModel.getAuthenticationFlowBindingOverrides().get("direct_grant") != null && ((String) clientModel.getAuthenticationFlowBindingOverrides().get("direct_grant")).equals(authenticationFlowModel.getId()));
            }).map((v0) -> {
                return v0.getClientId();
            }).filter(str4 -> {
                return str4.contains(str3);
            }).skip("".equals(str3) ? j : 0L).limit(j2).collect(Collectors.toList());
        }
        if ("idp".equals(str2)) {
            return (List) this.realm.getIdentityProvidersStream().filter(identityProviderModel -> {
                return authenticationFlowModel.getId().equals(identityProviderModel.getFirstBrokerLoginFlowId()) || authenticationFlowModel.getId().equals(identityProviderModel.getPostBrokerLoginFlowId());
            }).map((v0) -> {
                return v0.getAlias();
            }).filter(str5 -> {
                return str5.contains(str3);
            }).skip("".equals(str3) ? j : 0L).limit(j2).collect(Collectors.toList());
        }
        throw new IllegalArgumentException("Invalid type");
    }

    @Produces({"application/json"})
    @NoCache
    @Tag(name = "Authentication Management")
    @Operation(summary = "List all required actions for this realm.", description = "List all required actions for this realm with Admin UI specific metadata.")
    @Path("required-actions")
    @GET
    public Stream<RequiredActionProviderRepresentation> getRequiredActions() {
        this.auth.realm().requireViewRequiredActions();
        return this.realm.getRequiredActionProvidersStream().map(this::toRepresentation);
    }

    public ConfigurableRequiredActionProviderRepresentation toRepresentation(RequiredActionProviderModel requiredActionProviderModel) {
        ConfigurableRequiredActionProviderRepresentation configurableRequiredActionProviderRepresentation = new ConfigurableRequiredActionProviderRepresentation();
        configurableRequiredActionProviderRepresentation.setAlias(requiredActionProviderModel.getAlias());
        configurableRequiredActionProviderRepresentation.setProviderId(requiredActionProviderModel.getProviderId());
        configurableRequiredActionProviderRepresentation.setName(requiredActionProviderModel.getName());
        configurableRequiredActionProviderRepresentation.setDefaultAction(requiredActionProviderModel.isDefaultAction());
        configurableRequiredActionProviderRepresentation.setPriority(requiredActionProviderModel.getPriority());
        configurableRequiredActionProviderRepresentation.setEnabled(requiredActionProviderModel.isEnabled());
        configurableRequiredActionProviderRepresentation.setConfig(requiredActionProviderModel.getConfig());
        configurableRequiredActionProviderRepresentation.setConfigurable(this.session.getKeycloakSessionFactory().getProviderFactory(RequiredActionProvider.class, requiredActionProviderModel.getProviderId()).isConfigurable());
        return configurableRequiredActionProviderRepresentation;
    }
}
