package org.keycloak.services.resources.admin;

import java.io.InputStream;
import java.net.URISyntaxException;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import javax.activation.FileTypeMap;
import javax.activation.MimetypesFileTypeMap;
import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.core.CacheControl;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriInfo;
import javax.ws.rs.ext.Providers;
import org.codehaus.jackson.annotate.JsonProperty;
import org.jboss.logging.Logger;
import org.jboss.resteasy.annotations.cache.NoCache;
import org.jboss.resteasy.spi.HttpRequest;
import org.jboss.resteasy.spi.HttpResponse;
import org.jboss.resteasy.spi.NotFoundException;
import org.keycloak.ClientConnection;
import org.keycloak.Config;
import org.keycloak.freemarker.BrowserSecurityHeaderSetup;
import org.keycloak.freemarker.Theme;
import org.keycloak.freemarker.ThemeProvider;
import org.keycloak.models.AdminRoles;
import org.keycloak.models.ApplicationModel;
import org.keycloak.models.Constants;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleModel;
import org.keycloak.models.UserModel;
import org.keycloak.protocol.oidc.OpenIDConnectService;
import org.keycloak.services.managers.AppAuthManager;
import org.keycloak.services.managers.ApplicationManager;
import org.keycloak.services.managers.AuthenticationManager;
import org.keycloak.services.managers.RealmManager;
import org.keycloak.services.resources.KeycloakApplication;
import org.picketlink.idm.model.basic.Group;
import twitter4j.internal.http.HttpResponseCode;

/* loaded from: input_file:WEB-INF/lib/keycloak-services-1.1.1.Final.jar:org/keycloak/services/resources/admin/AdminConsole.class */
public class AdminConsole {

    @Context
    protected UriInfo uriInfo;

    @Context
    protected ClientConnection clientConnection;

    @Context
    protected HttpRequest request;

    @Context
    protected HttpResponse response;

    @Context
    protected KeycloakSession session;

    @Context
    protected Providers providers;

    @Context
    protected KeycloakApplication keycloak;
    protected AppAuthManager authManager = new AppAuthManager();
    protected RealmModel realm;
    protected static final Logger logger = Logger.getLogger((Class<?>) AdminConsole.class);
    private static FileTypeMap mimeTypes = MimetypesFileTypeMap.getDefaultFileTypeMap();

    /* loaded from: input_file:WEB-INF/lib/keycloak-services-1.1.1.Final.jar:org/keycloak/services/resources/admin/AdminConsole$WhoAmI.class */
    public static class WhoAmI {
        protected String userId;
        protected String realm;
        protected String displayName;

        @JsonProperty("createRealm")
        protected boolean createRealm;

        @JsonProperty("realm_access")
        protected Map<String, Set<String>> realmAccess;

        public WhoAmI() {
            this.realmAccess = new HashMap();
        }

        public WhoAmI(String str, String str2, String str3, boolean z, Map<String, Set<String>> map) {
            this.realmAccess = new HashMap();
            this.userId = str;
            this.realm = str2;
            this.displayName = str3;
            this.createRealm = z;
            this.realmAccess = map;
        }

        public String getUserId() {
            return this.userId;
        }

        public void setUserId(String str) {
            this.userId = str;
        }

        public String getRealm() {
            return this.realm;
        }

        public void setRealm(String str) {
            this.realm = str;
        }

        public String getDisplayName() {
            return this.displayName;
        }

        public void setDisplayName(String str) {
            this.displayName = str;
        }

        public boolean isCreateRealm() {
            return this.createRealm;
        }

        public void setCreateRealm(boolean z) {
            this.createRealm = z;
        }

        public Map<String, Set<String>> getRealmAccess() {
            return this.realmAccess;
        }

        public void setRealmAccess(Map<String, Set<String>> map) {
            this.realmAccess = map;
        }
    }

    public AdminConsole(RealmModel realmModel) {
        this.realm = realmModel;
    }

    @GET
    @Path("config")
    @NoCache
    @Produces({"application/json"})
    public ApplicationManager.InstallationAdapterConfig config() {
        ApplicationModel applicationByName = this.realm.getApplicationByName(Constants.ADMIN_CONSOLE_APPLICATION);
        if (applicationByName == null) {
            throw new NotFoundException("Could not find admin console application");
        }
        return new ApplicationManager().toInstallationRepresentation(this.realm, applicationByName, this.keycloak.getBaseUri(this.uriInfo));
    }

    @GET
    @Path("whoami")
    @NoCache
    @Produces({"application/json"})
    public Response whoAmI(@Context HttpHeaders httpHeaders) {
        String username;
        RealmManager realmManager = new RealmManager(this.session);
        AuthenticationManager.AuthResult authenticateBearerToken = this.authManager.authenticateBearerToken(this.session, this.realm, this.uriInfo, this.clientConnection, httpHeaders);
        if (authenticateBearerToken == null) {
            return Response.status(HttpResponseCode.UNAUTHORIZED).build();
        }
        UserModel user = authenticateBearerToken.getUser();
        if ((user.getFirstName() == null || user.getFirstName().trim().equals("")) && (user.getLastName() == null || user.getLastName().trim().equals(""))) {
            username = user.getUsername();
        } else {
            username = user.getFirstName();
            if (user.getLastName() != null) {
                username = username != null ? username + " " + user.getLastName() : user.getLastName();
            }
        }
        RealmModel adminstrationRealm = getAdminstrationRealm(realmManager);
        HashMap hashMap = new HashMap();
        if (adminstrationRealm == null) {
            throw new NotFoundException("No realm found");
        }
        boolean z = false;
        if (this.realm.equals(adminstrationRealm)) {
            logger.debug("setting up realm access for a master realm user");
            z = user.hasRole(adminstrationRealm.getRole(AdminRoles.CREATE_REALM));
            addMasterRealmAccess(this.realm, user, hashMap);
        } else {
            logger.debug("setting up realm access for a realm user");
            addRealmAccess(this.realm, user, hashMap);
        }
        return hashMap.size() == 0 ? Response.status(HttpResponseCode.UNAUTHORIZED).build() : Response.ok(new WhoAmI(user.getId(), this.realm.getName(), username, z, hashMap)).build();
    }

    private void addRealmAccess(RealmModel realmModel, UserModel userModel, Map<String, Set<String>> map) {
        for (RoleModel roleModel : realmModel.getApplicationByName(new RealmManager(this.session).getRealmAdminApplicationName(realmModel)).getRoles()) {
            if (userModel.hasRole(roleModel)) {
                if (!map.containsKey(realmModel.getName())) {
                    map.put(realmModel.getName(), new HashSet());
                }
                map.get(realmModel.getName()).add(roleModel.getName());
            }
        }
    }

    private void addMasterRealmAccess(RealmModel realmModel, UserModel userModel, Map<String, Set<String>> map) {
        for (RealmModel realmModel2 : this.session.realms().getRealms()) {
            for (RoleModel roleModel : realmModel2.getMasterAdminApp().getRoles()) {
                if (userModel.hasRole(roleModel)) {
                    if (!map.containsKey(realmModel2.getName())) {
                        map.put(realmModel2.getName(), new HashSet());
                    }
                    map.get(realmModel2.getName()).add(roleModel.getName());
                }
            }
        }
    }

    @GET
    @Path("logout")
    @NoCache
    public Response logout() {
        return Response.status(HttpResponseCode.FOUND).location(OpenIDConnectService.logoutUrl(this.uriInfo).queryParam("redirect_uri", new Object[]{AdminRoot.adminConsoleUrl(this.uriInfo).path("index.html").build(new Object[]{this.realm.getName()}).toString()}).build(new Object[]{this.realm.getName()})).build();
    }

    protected RealmModel getAdminstrationRealm(RealmManager realmManager) {
        return realmManager.getKeycloakAdminstrationRealm();
    }

    @GET
    public Response getMainPage() throws URISyntaxException {
        return !this.uriInfo.getRequestUri().getPath().endsWith(Group.PATH_SEPARATOR) ? Response.status(HttpResponseCode.FOUND).location(this.uriInfo.getRequestUriBuilder().path(Group.PATH_SEPARATOR).build(new Object[0])).build() : getResource("index.html");
    }

    @GET
    @Produces({"text/javascript"})
    @Path("js/keycloak.js")
    public Response getKeycloakJs() {
        InputStream resourceAsStream = getClass().getClassLoader().getResourceAsStream("keycloak.js");
        if (resourceAsStream == null) {
            return Response.status(Response.Status.NOT_FOUND).build();
        }
        CacheControl cacheControl = new CacheControl();
        cacheControl.setNoTransform(false);
        cacheControl.setMaxAge(Config.scope("theme").getInt("staticMaxAge", -1).intValue());
        return Response.ok(resourceAsStream).type("text/javascript").cacheControl(cacheControl).build();
    }

    @GET
    @Path("{path:.+}")
    public Response getResource(@PathParam("path") String str) {
        if (str.equals("js/keycloak.js")) {
            return getKeycloakJs();
        }
        try {
            InputStream resourceAsStream = ((ThemeProvider) this.session.getProvider(ThemeProvider.class, "extending")).getTheme(this.realm.getAdminTheme(), Theme.Type.ADMIN).getResourceAsStream(str);
            if (resourceAsStream == null) {
                return Response.status(Response.Status.NOT_FOUND).build();
            }
            String contentType = mimeTypes.getContentType(str);
            CacheControl cacheControl = new CacheControl();
            cacheControl.setNoTransform(false);
            cacheControl.setMaxAge(Config.scope("theme").getInt("staticMaxAge", -1).intValue());
            Response.ResponseBuilder cacheControl2 = Response.ok(resourceAsStream).type(contentType).cacheControl(cacheControl);
            BrowserSecurityHeaderSetup.headers(cacheControl2, this.realm);
            return cacheControl2.build();
        } catch (Exception e) {
            logger.warn("Failed to get theme resource", e);
            return Response.serverError().build();
        }
    }
}
