package org.openremote.manager.security;

import jakarta.ws.rs.ClientErrorException;
import jakarta.ws.rs.NotAllowedException;
import jakarta.ws.rs.WebApplicationException;
import jakarta.ws.rs.core.Response;
import java.util.Arrays;
import java.util.logging.Logger;
import org.openremote.container.timer.TimerService;
import org.openremote.manager.web.ManagerWebResource;
import org.openremote.model.Container;
import org.openremote.model.http.RequestParams;
import org.openremote.model.security.Realm;
import org.openremote.model.security.RealmResource;

/* loaded from: input_file:org/openremote/manager/security/RealmResourceImpl.class */
public class RealmResourceImpl extends ManagerWebResource implements RealmResource {
    private static final Logger LOG = Logger.getLogger(RealmResourceImpl.class.getName());
    protected Container container;

    public RealmResourceImpl(TimerService timerService, ManagerIdentityService managerIdentityService, Container container) {
        super(timerService, managerIdentityService);
        this.container = container;
    }

    public Realm[] getAll(RequestParams requestParams) {
        if (!isSuperUser()) {
            throw new WebApplicationException(Response.Status.FORBIDDEN);
        }
        try {
            return this.identityService.getIdentityProvider().getRealms();
        } catch (Exception e) {
            throw new WebApplicationException(e);
        } catch (ClientErrorException e2) {
            throw new WebApplicationException(e2.getCause(), e2.getResponse().getStatus());
        }
    }

    public Realm[] getAccessible(RequestParams requestParams) {
        Realm[] realmArr;
        try {
            if (isSuperUser()) {
                realmArr = this.identityService.getIdentityProvider().getRealms();
            } else {
                Realm[] realmArr2 = new Realm[1];
                realmArr2[0] = isAuthenticated() ? getAuthenticatedRealm() : getRequestRealm();
                realmArr = realmArr2;
            }
            return (Realm[]) Arrays.stream(realmArr).map(realm -> {
                return new Realm().setName(realm.getName()).setDisplayName(realm.getDisplayName());
            }).toArray(i -> {
                return new Realm[i];
            });
        } catch (ClientErrorException e) {
            throw new WebApplicationException(e.getCause(), e.getResponse().getStatus());
        } catch (Exception e2) {
            throw new WebApplicationException(e2);
        }
    }

    public Realm get(RequestParams requestParams, String str) {
        Realm realm = this.identityService.getIdentityProvider().getRealm(str);
        if (realm == null) {
            throw new WebApplicationException(Response.Status.NOT_FOUND);
        }
        if (isRealmActiveAndAccessible(realm)) {
            return realm;
        }
        LOG.info("Forbidden access for user '" + getUsername() + "': " + realm);
        throw new WebApplicationException(Response.Status.FORBIDDEN);
    }

    public void update(RequestParams requestParams, String str, Realm realm) {
        if (!isSuperUser()) {
            throw new WebApplicationException(Response.Status.FORBIDDEN);
        }
        throwIfIllegalMasterRealmMutation(str, realm);
        try {
            this.identityService.getIdentityProvider().updateRealm(realm);
        } catch (Exception e) {
            throw new WebApplicationException(e);
        } catch (ClientErrorException e2) {
            throw new WebApplicationException(e2.getCause(), e2.getResponse().getStatus());
        } catch (IllegalArgumentException e3) {
            throw new WebApplicationException(e3.getCause(), 409);
        }
    }

    public void create(RequestParams requestParams, Realm realm) {
        if (!isSuperUser()) {
            throw new WebApplicationException(Response.Status.FORBIDDEN);
        }
        try {
            this.identityService.getIdentityProvider().createRealm(realm);
        } catch (Exception e) {
            throw new WebApplicationException(e);
        } catch (ClientErrorException e2) {
            throw new WebApplicationException(e2.getCause(), e2.getResponse().getStatus());
        }
    }

    public void delete(RequestParams requestParams, String str) {
        if (!isSuperUser()) {
            throw new WebApplicationException(Response.Status.FORBIDDEN);
        }
        throwIfIllegalMasterRealmDeletion(str);
        try {
            this.identityService.getIdentityProvider().deleteRealm(str);
        } catch (Exception e) {
            throw new WebApplicationException(e);
        } catch (ClientErrorException e2) {
            throw new WebApplicationException(e2.getCause(), e2.getResponse().getStatus());
        }
    }

    protected void throwIfIllegalMasterRealmDeletion(String str) throws WebApplicationException {
        if (str.equals("master")) {
            throw new NotAllowedException("The master realm cannot be deleted", new String[0]);
        }
    }

    protected void throwIfIllegalMasterRealmMutation(String str, Realm realm) throws WebApplicationException {
        if (str.equals("master")) {
            if (realm.getEnabled() == null || !realm.getEnabled().booleanValue()) {
                throw new NotAllowedException("The master realmName cannot be disabled", new String[0]);
            }
            if (realm.getName() == null || !realm.getName().equals("master")) {
                throw new NotAllowedException("The master realmName identifier cannot be changed", new String[0]);
            }
        }
    }
}
