package org.keycloak.testsuite.domainextension.rest;

import jakarta.ws.rs.ForbiddenException;
import jakarta.ws.rs.NotAuthorizedException;
import jakarta.ws.rs.Path;
import org.keycloak.models.KeycloakSession;
import org.keycloak.services.managers.AppAuthManager;
import org.keycloak.services.managers.AuthenticationManager;

/* loaded from: input_file:org/keycloak/testsuite/domainextension/rest/ExampleRestResource.class */
public class ExampleRestResource {
    private final KeycloakSession session;
    private final AuthenticationManager.AuthResult auth;

    public ExampleRestResource(KeycloakSession keycloakSession) {
        this.session = keycloakSession;
        this.auth = new AppAuthManager.BearerTokenAuthenticator(keycloakSession).authenticate();
    }

    @Path("companies")
    public CompanyResource getCompanyResource() {
        return new CompanyResource(this.session);
    }

    @Path("companies-auth")
    public CompanyResource getCompanyResourceAuthenticated() {
        checkRealmAdmin();
        return new CompanyResource(this.session);
    }

    private void checkRealmAdmin() {
        if (this.auth == null) {
            throw new NotAuthorizedException("Bearer", new Object[0]);
        }
        if (this.auth.getToken().getRealmAccess() == null || !this.auth.getToken().getRealmAccess().isUserInRole("admin")) {
            throw new ForbiddenException("Does not have realm admin role");
        }
    }
}
