package io.phasetwo.service.resource;

import io.phasetwo.service.Orgs;
import io.phasetwo.service.model.OrganizationModel;
import io.phasetwo.service.util.IdentityProviders;
import jakarta.ws.rs.Consumes;
import jakarta.ws.rs.DELETE;
import jakarta.ws.rs.GET;
import jakarta.ws.rs.NotAuthorizedException;
import jakarta.ws.rs.NotFoundException;
import jakarta.ws.rs.POST;
import jakarta.ws.rs.PUT;
import jakarta.ws.rs.Path;
import jakarta.ws.rs.PathParam;
import jakarta.ws.rs.Produces;
import jakarta.ws.rs.core.Response;
import java.util.Set;
import java.util.stream.Stream;
import org.jboss.logging.Logger;
import org.keycloak.models.IdentityProviderModel;
import org.keycloak.representations.idm.IdentityProviderMapperRepresentation;
import org.keycloak.representations.idm.IdentityProviderRepresentation;

/* loaded from: input_file:io/phasetwo/service/resource/IdentityProviderResource.class */
public class IdentityProviderResource extends OrganizationAdminResource {
    private static final Logger log = Logger.getLogger(IdentityProviderResource.class);
    private final OrganizationModel organization;
    private final String alias;
    private final org.keycloak.services.resources.admin.IdentityProviderResource kcResource;

    public IdentityProviderResource(OrganizationAdminResource organizationAdminResource, OrganizationModel organizationModel, String str, org.keycloak.services.resources.admin.IdentityProviderResource identityProviderResource) {
        super(organizationAdminResource);
        this.organization = organizationModel;
        this.alias = str;
        this.kcResource = identityProviderResource;
    }

    @Produces({"application/json"})
    @GET
    public IdentityProviderRepresentation getIdentityProvider() {
        return this.kcResource.getIdentityProvider();
    }

    @DELETE
    public Response delete() {
        requireManage();
        return this.kcResource.delete();
    }

    @POST
    @Path("unlink")
    public Response unlinkIdp() {
        if (!((OrganizationAdminAuth) this.auth).hasManageOrgs()) {
            throw new NotAuthorizedException(String.format("Insufficient permission to unlink identity provider for %s", this.organization.getId()), new Object[0]);
        }
        IdentityProviderModel identityProviderByAlias = this.realm.getIdentityProviderByAlias(this.alias);
        if (identityProviderByAlias == null) {
            throw new NotFoundException(String.format("No IdP found with alias %s", this.alias));
        }
        IdentityProviders.removeOrganization(this.organization.getId(), identityProviderByAlias);
        this.realm.updateIdentityProvider(identityProviderByAlias);
        return Response.noContent().build();
    }

    @PUT
    @Consumes({"application/json"})
    public Response update(IdentityProviderRepresentation identityProviderRepresentation) {
        requireManage();
        IdentityProviderModel identityProviderByAlias = this.realm.getIdentityProviderByAlias(this.alias);
        if (identityProviderByAlias == null) {
            throw new NotFoundException(String.format("No IdP found with alias %s", this.alias));
        }
        Set<String> attributeMultivalued = IdentityProviders.getAttributeMultivalued(identityProviderByAlias.getConfig(), Orgs.ORG_OWNER_CONFIG_KEY);
        identityProviderRepresentation.getConfig().put("hideOnLoginPage", "true");
        IdentityProviders.setAttributeMultivalued(identityProviderRepresentation.getConfig(), Orgs.ORG_OWNER_CONFIG_KEY, attributeMultivalued);
        identityProviderRepresentation.getConfig().put(Orgs.ORG_SHARED_IDP_KEY, (String) identityProviderByAlias.getConfig().get(Orgs.ORG_SHARED_IDP_KEY));
        identityProviderRepresentation.setAlias(this.alias);
        return this.kcResource.update(identityProviderRepresentation);
    }

    @Produces({"application/json"})
    @GET
    @Path("mappers")
    public Stream<IdentityProviderMapperRepresentation> getMappers() {
        return this.kcResource.getMappers();
    }

    @POST
    @Path("mappers")
    @Consumes({"application/json"})
    public Response addMapper(IdentityProviderMapperRepresentation identityProviderMapperRepresentation) {
        requireManage();
        return this.kcResource.addMapper(identityProviderMapperRepresentation);
    }

    @Produces({"application/json"})
    @GET
    @Path("mappers/{id}")
    public IdentityProviderMapperRepresentation getMapperById(@PathParam("id") String str) {
        return this.kcResource.getMapperById(str);
    }

    @PUT
    @Path("mappers/{id}")
    @Consumes({"application/json"})
    public void update(@PathParam("id") String str, IdentityProviderMapperRepresentation identityProviderMapperRepresentation) {
        requireManage();
        this.kcResource.update(str, identityProviderMapperRepresentation);
    }

    @DELETE
    @Path("mappers/{id}")
    public void delete(@PathParam("id") String str) {
        requireManage();
        this.kcResource.delete(str);
    }

    private void requireManage() {
        if (!((OrganizationAdminAuth) this.auth).hasManageOrgs() && !((OrganizationAdminAuth) this.auth).hasOrgManageIdentityProviders(this.organization)) {
            throw new NotAuthorizedException(String.format("Insufficient permission to manage identity providers for %s", this.organization.getId()), new Object[0]);
        }
    }
}
