package org.keycloak.services.resources;

import java.util.Comparator;
import javax.ws.rs.GET;
import javax.ws.rs.NotFoundException;
import javax.ws.rs.OPTIONS;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriBuilder;
import javax.ws.rs.core.UriInfo;
import org.jboss.logging.Logger;
import org.keycloak.authorization.AuthorizationProvider;
import org.keycloak.authorization.AuthorizationService;
import org.keycloak.common.Profile;
import org.keycloak.common.util.KeycloakUriBuilder;
import org.keycloak.events.EventBuilder;
import org.keycloak.http.HttpRequest;
import org.keycloak.models.ClientModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.protocol.LoginProtocol;
import org.keycloak.protocol.LoginProtocolFactory;
import org.keycloak.services.CorsErrorResponseException;
import org.keycloak.services.clientregistration.ClientRegistrationService;
import org.keycloak.services.managers.RealmManager;
import org.keycloak.services.resource.RealmResourceProvider;
import org.keycloak.services.resources.account.AccountLoader;
import org.keycloak.services.util.CacheControlUtil;
import org.keycloak.services.util.ResolveRelative;
import org.keycloak.utils.MediaType;
import org.keycloak.utils.ProfileHelper;
import org.keycloak.wellknown.WellKnownProvider;
import org.keycloak.wellknown.WellKnownProviderFactory;

@Path("/realms")
/* loaded from: input_file:org/keycloak/services/resources/RealmsResource.class */
public class RealmsResource {
    protected static final Logger logger = Logger.getLogger(RealmsResource.class);

    @Context
    protected KeycloakSession session;

    public static UriBuilder realmBaseUrl(UriInfo uriInfo) {
        return realmBaseUrl(uriInfo.getBaseUriBuilder());
    }

    public static UriBuilder realmBaseUrl(UriBuilder uriBuilder) {
        return uriBuilder.path(RealmsResource.class).path(RealmsResource.class, "getRealmResource");
    }

    public static UriBuilder accountUrl(UriBuilder uriBuilder) {
        return uriBuilder.path(RealmsResource.class).path(RealmsResource.class, "getAccountService");
    }

    public static UriBuilder protocolUrl(UriInfo uriInfo) {
        return uriInfo.getBaseUriBuilder().path(RealmsResource.class).path(RealmsResource.class, "getProtocol");
    }

    public static UriBuilder protocolUrl(UriBuilder uriBuilder) {
        return uriBuilder.path(RealmsResource.class).path(RealmsResource.class, "getProtocol");
    }

    public static UriBuilder clientRegistrationUrl(UriInfo uriInfo) {
        return uriInfo.getBaseUriBuilder().path(RealmsResource.class).path(RealmsResource.class, "getClientsService");
    }

    public static UriBuilder brokerUrl(UriInfo uriInfo) {
        return uriInfo.getBaseUriBuilder().path(RealmsResource.class).path(RealmsResource.class, "getBrokerService");
    }

    public static UriBuilder wellKnownProviderUrl(UriBuilder uriBuilder) {
        return uriBuilder.path(RealmsResource.class).path(RealmsResource.class, "getWellKnown");
    }

    @Path("{realm}/protocol/{protocol}")
    public Object getProtocol(@PathParam("realm") String str, @PathParam("protocol") String str2) {
        resolveRealmAndUpdateSession(str);
        LoginProtocolFactory providerFactory = this.session.getKeycloakSessionFactory().getProviderFactory(LoginProtocol.class, str2);
        if (providerFactory == null) {
            logger.debugf("protocol %s not found", str2);
            throw new NotFoundException("Protocol not found");
        }
        return providerFactory.createProtocolEndpoint(this.session, new EventBuilder(this.session.getContext().getRealm(), this.session, this.session.getContext().getConnection()));
    }

    @GET
    @Path("{realm}/clients/{client_id}/redirect")
    public Response getRedirect(@PathParam("realm") String str, @PathParam("client_id") String str2) {
        resolveRealmAndUpdateSession(str);
        ClientModel clientByClientId = this.session.getContext().getRealm().getClientByClientId(str2);
        if (clientByClientId == null) {
            return null;
        }
        if (clientByClientId.getRootUrl() == null && clientByClientId.getBaseUrl() == null) {
            return null;
        }
        return Response.seeOther((clientByClientId.getRootUrl() == null || !(clientByClientId.getBaseUrl() == null || clientByClientId.getBaseUrl().isEmpty())) ? KeycloakUriBuilder.fromUri(ResolveRelative.resolveRelativeUri(this.session, clientByClientId.getRootUrl(), clientByClientId.getBaseUrl())).build(new Object[0]) : KeycloakUriBuilder.fromUri(clientByClientId.getRootUrl()).build(new Object[0])).build();
    }

    @Path("{realm}/login-actions")
    public LoginActionsService getLoginActionsService(@PathParam("realm") String str) {
        resolveRealmAndUpdateSession(str);
        return new LoginActionsService(this.session, new EventBuilder(this.session.getContext().getRealm(), this.session, this.session.getContext().getConnection()));
    }

    @Path("{realm}/clients-registrations")
    public ClientRegistrationService getClientsService(@PathParam("realm") String str) {
        resolveRealmAndUpdateSession(str);
        return new ClientRegistrationService(this.session, new EventBuilder(this.session.getContext().getRealm(), this.session, this.session.getContext().getConnection()));
    }

    @Path("{realm}/clients-managements")
    public ClientsManagementService getClientsManagementService(@PathParam("realm") String str) {
        resolveRealmAndUpdateSession(str);
        return new ClientsManagementService(this.session, new EventBuilder(this.session.getContext().getRealm(), this.session, this.session.getContext().getConnection()));
    }

    private void resolveRealmAndUpdateSession(String str) {
        RealmModel realmByName = new RealmManager(this.session).getRealmByName(str);
        if (realmByName == null) {
            throw new NotFoundException("Realm does not exist");
        }
        this.session.getContext().setRealm(realmByName);
    }

    @Path("{realm}/account")
    public Object getAccountService(@PathParam("realm") String str) {
        resolveRealmAndUpdateSession(str);
        return new AccountLoader(this.session, new EventBuilder(this.session.getContext().getRealm(), this.session, this.session.getContext().getConnection()));
    }

    @Path("{realm}")
    public PublicRealmResource getRealmResource(@PathParam("realm") String str) {
        resolveRealmAndUpdateSession(str);
        return new PublicRealmResource(this.session);
    }

    @Path("{realm}/broker")
    public IdentityBrokerService getBrokerService(@PathParam("realm") String str) {
        resolveRealmAndUpdateSession(str);
        IdentityBrokerService identityBrokerService = new IdentityBrokerService(this.session);
        identityBrokerService.init();
        return identityBrokerService;
    }

    @Produces({MediaType.APPLICATION_JSON})
    @Path("{realm}/.well-known/{provider}")
    @OPTIONS
    public Response getVersionPreflight(@PathParam("realm") String str, @PathParam("provider") String str2) {
        return Cors.add(this.session.getContext().getHttpRequest(), Response.ok()).allowedMethods("GET").preflight().auth().build();
    }

    @GET
    @Produces({MediaType.APPLICATION_JSON})
    @Path("{realm}/.well-known/{alias}")
    public Response getWellKnown(@PathParam("realm") String str, @PathParam("alias") String str2) {
        resolveRealmAndUpdateSession(str);
        checkSsl(this.session.getContext().getRealm());
        WellKnownProviderFactory wellKnownProviderFactory = (WellKnownProviderFactory) this.session.getKeycloakSessionFactory().getProviderFactoriesStream(WellKnownProvider.class).map(providerFactory -> {
            return (WellKnownProviderFactory) providerFactory;
        }).filter(wellKnownProviderFactory2 -> {
            return str2.equals(wellKnownProviderFactory2.getAlias());
        }).sorted(Comparator.comparingInt((v0) -> {
            return v0.getPriority();
        })).findFirst().orElseThrow(NotFoundException::new);
        logger.tracef("Use provider with ID '%s' for well-known alias '%s'", wellKnownProviderFactory.getId(), str2);
        WellKnownProvider wellKnownProvider = (WellKnownProvider) this.session.getProvider(WellKnownProvider.class, wellKnownProviderFactory.getId());
        if (wellKnownProvider != null) {
            return Cors.add(this.session.getContext().getHttpRequest(), Response.ok(wellKnownProvider.getConfig()).cacheControl(CacheControlUtil.noCache())).allowedOrigins(Cors.ACCESS_CONTROL_ALLOW_ORIGIN_WILDCARD).auth().build();
        }
        throw new NotFoundException();
    }

    @Path("{realm}/authz")
    public Object getAuthorizationService(@PathParam("realm") String str) {
        ProfileHelper.requireFeature(Profile.Feature.AUTHORIZATION);
        resolveRealmAndUpdateSession(str);
        return new AuthorizationService(this.session.getProvider(AuthorizationProvider.class));
    }

    @Path("{realm}/{extension}")
    public Object resolveRealmExtension(@PathParam("realm") String str, @PathParam("extension") String str2) {
        Object resource;
        resolveRealmAndUpdateSession(str);
        RealmResourceProvider provider = this.session.getProvider(RealmResourceProvider.class, str2);
        if (provider == null || (resource = provider.getResource()) == null) {
            throw new NotFoundException();
        }
        return resource;
    }

    private void checkSsl(RealmModel realmModel) {
        if ("https".equals(this.session.getContext().getUri().getBaseUri().getScheme()) || !realmModel.getSslRequired().isRequired(this.session.getContext().getConnection())) {
            return;
        }
        HttpRequest httpRequest = this.session.getContext().getHttpRequest();
        throw new CorsErrorResponseException(Cors.add(httpRequest).auth().allowedMethods(httpRequest.getHttpMethod()).auth().exposedHeaders(Cors.ACCESS_CONTROL_ALLOW_METHODS).allowAllOrigins(), "invalid_request", "HTTPS required", Response.Status.FORBIDDEN);
    }
}
