package org.keycloak.services.resources.admin;

import com.fasterxml.jackson.annotation.JsonProperty;
import java.util.LinkedList;
import java.util.List;
import javax.ws.rs.GET;
import javax.ws.rs.NotFoundException;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.core.UriInfo;
import org.jboss.logging.Logger;
import org.jboss.resteasy.annotations.cache.NoCache;
import org.keycloak.common.ClientConnection;
import org.keycloak.models.ClientModel;
import org.keycloak.models.ClientScopeModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.ProtocolMapperModel;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleContainerModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.UserSessionModel;
import org.keycloak.protocol.ProtocolMapperUtils;
import org.keycloak.protocol.oidc.OIDCLoginProtocol;
import org.keycloak.protocol.oidc.TokenManager;
import org.keycloak.representations.AccessToken;
import org.keycloak.services.Urls;
import org.keycloak.services.managers.AuthenticationManager;
import org.keycloak.services.managers.AuthenticationSessionManager;
import org.keycloak.services.resources.admin.permissions.AdminPermissionEvaluator;
import org.keycloak.sessions.AuthenticationSessionModel;

/* loaded from: input_file:BOOT-INF/lib/keycloak-services-11.0.2.jar:org/keycloak/services/resources/admin/ClientScopeEvaluateResource.class */
public class ClientScopeEvaluateResource {
    protected static final Logger logger = Logger.getLogger((Class<?>) ClientScopeEvaluateResource.class);
    private final RealmModel realm;
    private final ClientModel client;
    private final AdminPermissionEvaluator auth;
    private final UriInfo uriInfo;
    private final KeycloakSession session;
    private final ClientConnection clientConnection;

    /* loaded from: input_file:BOOT-INF/lib/keycloak-services-11.0.2.jar:org/keycloak/services/resources/admin/ClientScopeEvaluateResource$ProtocolMapperEvaluationRepresentation.class */
    public static class ProtocolMapperEvaluationRepresentation {

        @JsonProperty("mapperId")
        private String mapperId;

        @JsonProperty("mapperName")
        private String mapperName;

        @JsonProperty("containerId")
        private String containerId;

        @JsonProperty("containerName")
        private String containerName;

        @JsonProperty("containerType")
        private String containerType;

        @JsonProperty("protocolMapper")
        private String protocolMapper;

        public String getMapperId() {
            return this.mapperId;
        }

        public void setMapperId(String str) {
            this.mapperId = str;
        }

        public String getMapperName() {
            return this.mapperName;
        }

        public void setMapperName(String str) {
            this.mapperName = str;
        }

        public String getContainerId() {
            return this.containerId;
        }

        public void setContainerId(String str) {
            this.containerId = str;
        }

        public String getContainerName() {
            return this.containerName;
        }

        public void setContainerName(String str) {
            this.containerName = str;
        }

        public String getContainerType() {
            return this.containerType;
        }

        public void setContainerType(String str) {
            this.containerType = str;
        }

        public String getProtocolMapper() {
            return this.protocolMapper;
        }

        public void setProtocolMapper(String str) {
            this.protocolMapper = str;
        }
    }

    public ClientScopeEvaluateResource(KeycloakSession keycloakSession, UriInfo uriInfo, RealmModel realmModel, AdminPermissionEvaluator adminPermissionEvaluator, ClientModel clientModel, ClientConnection clientConnection) {
        this.uriInfo = uriInfo;
        this.realm = realmModel;
        this.client = clientModel;
        this.auth = adminPermissionEvaluator;
        this.session = keycloakSession;
        this.clientConnection = clientConnection;
    }

    @Path("scope-mappings/{roleContainerId}")
    public ClientScopeEvaluateScopeMappingsResource scopeMappings(@QueryParam("scope") String str, @PathParam("roleContainerId") String str2) {
        this.auth.clients().requireView(this.client);
        if (str2 == null) {
            throw new NotFoundException("No roleContainerId provided");
        }
        RoleContainerModel clientById = str2.equals(this.realm.getName()) ? this.realm : this.realm.getClientById(str2);
        if (clientById == null) {
            throw new NotFoundException("Role Container not found");
        }
        return new ClientScopeEvaluateScopeMappingsResource(clientById, this.auth, this.client, str, this.session);
    }

    @GET
    @Path("protocol-mappers")
    @NoCache
    @Produces({"application/json"})
    public List<ProtocolMapperEvaluationRepresentation> getGrantedProtocolMappers(@QueryParam("scope") String str) {
        this.auth.clients().requireView(this.client);
        LinkedList linkedList = new LinkedList();
        for (ClientScopeModel clientScopeModel : TokenManager.getRequestedClientScopes(str, this.client)) {
            for (ProtocolMapperModel protocolMapperModel : clientScopeModel.getProtocolMappers()) {
                if (ProtocolMapperUtils.isEnabled(this.session, protocolMapperModel) && protocolMapperModel.getProtocol().equals(this.client.getProtocol())) {
                    ProtocolMapperEvaluationRepresentation protocolMapperEvaluationRepresentation = new ProtocolMapperEvaluationRepresentation();
                    protocolMapperEvaluationRepresentation.setMapperId(protocolMapperModel.getId());
                    protocolMapperEvaluationRepresentation.setMapperName(protocolMapperModel.getName());
                    protocolMapperEvaluationRepresentation.setProtocolMapper(protocolMapperModel.getProtocolMapper());
                    if (clientScopeModel.getId().equals(this.client.getId())) {
                        protocolMapperEvaluationRepresentation.setContainerId(this.client.getId());
                        protocolMapperEvaluationRepresentation.setContainerName("");
                        protocolMapperEvaluationRepresentation.setContainerType("client");
                    } else {
                        protocolMapperEvaluationRepresentation.setContainerId(clientScopeModel.getId());
                        protocolMapperEvaluationRepresentation.setContainerName(clientScopeModel.getName());
                        protocolMapperEvaluationRepresentation.setContainerType("client-scope");
                    }
                    linkedList.add(protocolMapperEvaluationRepresentation);
                }
            }
        }
        return linkedList;
    }

    @GET
    @Path("generate-example-access-token")
    @NoCache
    @Produces({"application/json"})
    public AccessToken generateExampleAccessToken(@QueryParam("scope") String str, @QueryParam("userId") String str2) {
        this.auth.clients().requireView(this.client);
        if (str2 == null) {
            throw new NotFoundException("No userId provided");
        }
        UserModel userById = this.session.users().getUserById(str2, this.realm);
        if (userById == null) {
            throw new NotFoundException("No user found");
        }
        logger.debugf("generateExampleAccessToken invoked. User: %s, Scope param: %s", userById.getUsername(), str);
        return generateToken(userById, str);
    }

    private AccessToken generateToken(UserModel userModel, String str) {
        AuthenticationSessionModel authenticationSessionModel = null;
        UserSessionModel userSessionModel = null;
        AuthenticationSessionManager authenticationSessionManager = new AuthenticationSessionManager(this.session);
        try {
            authenticationSessionModel = authenticationSessionManager.createAuthenticationSession(this.realm, false).createAuthenticationSession(this.client);
            authenticationSessionModel.setAuthenticatedUser(userModel);
            authenticationSessionModel.setProtocol("openid-connect");
            authenticationSessionModel.setClientNote(OIDCLoginProtocol.ISSUER, Urls.realmIssuer(this.uriInfo.getBaseUri(), this.realm.getName()));
            authenticationSessionModel.setClientNote("scope", str);
            userSessionModel = this.session.sessions().createUserSession(authenticationSessionModel.getParentSession().getId(), this.realm, userModel, userModel.getUsername(), this.clientConnection.getRemoteAddr(), "example-auth", false, null, null);
            AuthenticationManager.setClientScopesInSession(authenticationSessionModel);
            AccessToken accessToken = new TokenManager().responseBuilder(this.realm, this.client, null, this.session, userSessionModel, TokenManager.attachAuthenticationSession(this.session, userSessionModel, authenticationSessionModel)).generateAccessToken().getAccessToken();
            if (authenticationSessionModel != null) {
                authenticationSessionManager.removeAuthenticationSession(this.realm, authenticationSessionModel, false);
            }
            if (userSessionModel != null) {
                this.session.sessions().removeUserSession(this.realm, userSessionModel);
            }
            return accessToken;
        } catch (Throwable th) {
            if (authenticationSessionModel != null) {
                authenticationSessionManager.removeAuthenticationSession(this.realm, authenticationSessionModel, false);
            }
            if (userSessionModel != null) {
                this.session.sessions().removeUserSession(this.realm, userSessionModel);
            }
            throw th;
        }
    }
}
