package org.keycloak.organization.admin.resource;

import jakarta.ws.rs.Consumes;
import jakarta.ws.rs.DELETE;
import jakarta.ws.rs.GET;
import jakarta.ws.rs.POST;
import jakarta.ws.rs.Path;
import jakarta.ws.rs.PathParam;
import jakarta.ws.rs.Produces;
import jakarta.ws.rs.core.Response;
import java.util.stream.Stream;
import org.eclipse.microprofile.openapi.annotations.Operation;
import org.eclipse.microprofile.openapi.annotations.enums.SchemaType;
import org.eclipse.microprofile.openapi.annotations.extensions.Extension;
import org.eclipse.microprofile.openapi.annotations.media.Content;
import org.eclipse.microprofile.openapi.annotations.media.Schema;
import org.eclipse.microprofile.openapi.annotations.parameters.RequestBody;
import org.eclipse.microprofile.openapi.annotations.responses.APIResponse;
import org.eclipse.microprofile.openapi.annotations.responses.APIResponses;
import org.eclipse.microprofile.openapi.annotations.tags.Tag;
import org.jboss.resteasy.reactive.NoCache;
import org.keycloak.models.IdentityProviderModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.ModelException;
import org.keycloak.models.OrganizationModel;
import org.keycloak.models.RealmModel;
import org.keycloak.models.utils.ModelToRepresentation;
import org.keycloak.models.utils.StripSecretsUtils;
import org.keycloak.organization.OrganizationProvider;
import org.keycloak.representations.idm.IdentityProviderRepresentation;
import org.keycloak.services.ErrorResponse;
import org.keycloak.services.resources.KeycloakOpenAPI;
import org.keycloak.services.resources.admin.AdminEventBuilder;
import org.keycloak.utils.MediaType;

@Extension(name = KeycloakOpenAPI.Profiles.ADMIN, value = "")
/* loaded from: input_file:org/keycloak/organization/admin/resource/OrganizationIdentityProvidersResource.class */
public class OrganizationIdentityProvidersResource {
    private final RealmModel realm;
    private final KeycloakSession session;
    private final OrganizationProvider organizationProvider;
    private final OrganizationModel organization;

    public OrganizationIdentityProvidersResource(KeycloakSession keycloakSession, OrganizationModel organizationModel, AdminEventBuilder adminEventBuilder) {
        this.realm = keycloakSession == null ? null : keycloakSession.getContext().getRealm();
        this.session = keycloakSession;
        this.organizationProvider = keycloakSession == null ? null : keycloakSession.getProvider(OrganizationProvider.class);
        this.organization = organizationModel;
    }

    @APIResponses({@APIResponse(responseCode = "204", description = "No Content"), @APIResponse(responseCode = "400", description = "Bad Request"), @APIResponse(responseCode = "403", description = "Forbidden"), @APIResponse(responseCode = "409", description = "Conflict")})
    @Tag(name = KeycloakOpenAPI.Admin.Tags.ORGANIZATIONS)
    @Operation(summary = "Adds the identity provider with the specified id to the organization", description = "Adds, or associates, an existing identity provider with the organization. If no identity provider is found, or if it is already associated with the organization, an error response is returned")
    @POST
    @Consumes({MediaType.APPLICATION_JSON})
    @RequestBody(description = "Payload should contain only id or alias of the identity provider to be associated with the organization (id or alias with or without quotes). Surrounding whitespace characters will be trimmed.", required = true)
    public Response addIdentityProvider(String str) {
        try {
            IdentityProviderModel byIdOrAlias = this.session.identityProviders().getByIdOrAlias(str.trim().replaceAll("^\"|\"$", ""));
            if (byIdOrAlias == null) {
                throw ErrorResponse.error("Identity provider not found with the given alias", Response.Status.BAD_REQUEST);
            }
            if (this.organizationProvider.addIdentityProvider(this.organization, byIdOrAlias)) {
                return Response.noContent().build();
            }
            throw ErrorResponse.error("Identity provider already associated to the organization", Response.Status.CONFLICT);
        } catch (ModelException e) {
            throw ErrorResponse.error(e.getMessage(), Response.Status.BAD_REQUEST);
        }
    }

    @APIResponses({@APIResponse(responseCode = "200", description = "", content = {@Content(schema = @Schema(implementation = IdentityProviderRepresentation.class, type = SchemaType.ARRAY))})})
    @Produces({MediaType.APPLICATION_JSON})
    @NoCache
    @Tag(name = KeycloakOpenAPI.Admin.Tags.ORGANIZATIONS)
    @Operation(summary = "Returns all identity providers associated with the organization")
    @GET
    public Stream<IdentityProviderRepresentation> getIdentityProviders() {
        return this.organization.getIdentityProviders().map(this::toRepresentation);
    }

    @APIResponses({@APIResponse(responseCode = "200", description = "", content = {@Content(schema = @Schema(implementation = IdentityProviderRepresentation.class))}), @APIResponse(responseCode = "404", description = "Not Found")})
    @NoCache
    @Tag(name = KeycloakOpenAPI.Admin.Tags.ORGANIZATIONS)
    @Path("{alias}")
    @Produces({MediaType.APPLICATION_JSON})
    @Operation(summary = "Returns the identity provider associated with the organization that has the specified alias", description = "Searches for an identity provider with the given alias. If one is found and is associated with the organization, it is returned. Otherwise, an error response with status NOT_FOUND is returned")
    @GET
    public IdentityProviderRepresentation getIdentityProvider(@PathParam("alias") String str) {
        IdentityProviderModel byAlias = this.session.identityProviders().getByAlias(str);
        if (isOrganizationBroker(byAlias)) {
            return toRepresentation(byAlias);
        }
        throw ErrorResponse.error("Identity provider not associated with the organization", Response.Status.NOT_FOUND);
    }

    @APIResponses({@APIResponse(responseCode = "204", description = "No Content"), @APIResponse(responseCode = "400", description = "Bad Request"), @APIResponse(responseCode = "404", description = "Not Found")})
    @Produces({MediaType.APPLICATION_JSON})
    @Tag(name = KeycloakOpenAPI.Admin.Tags.ORGANIZATIONS)
    @Operation(summary = "Removes the identity provider with the specified alias from the organization", description = "Breaks the association between the identity provider and the organization. The provider itself is not deleted. If no provider is found, or if it is not currently associated with the org, an error response is returned")
    @Path("{alias}")
    @DELETE
    public Response delete(@PathParam("alias") String str) {
        IdentityProviderModel byAlias = this.session.identityProviders().getByAlias(str);
        if (!isOrganizationBroker(byAlias)) {
            throw ErrorResponse.error("Identity provider not found with the given alias", Response.Status.NOT_FOUND);
        }
        if (this.organizationProvider.removeIdentityProvider(this.organization, byAlias)) {
            return Response.noContent().build();
        }
        throw ErrorResponse.error("Identity provider not associated with the organization", Response.Status.BAD_REQUEST);
    }

    private IdentityProviderRepresentation toRepresentation(IdentityProviderModel identityProviderModel) {
        return (IdentityProviderRepresentation) StripSecretsUtils.stripSecrets(this.session, ModelToRepresentation.toRepresentation(this.realm, identityProviderModel));
    }

    private boolean isOrganizationBroker(IdentityProviderModel identityProviderModel) {
        return identityProviderModel != null && this.organization.getId().equals(identityProviderModel.getOrganizationId());
    }
}
