package org.keycloak.forms.account.freemarker.model;

import java.util.ArrayList;
import java.util.LinkedList;
import java.util.List;
import java.util.Objects;
import java.util.Set;
import java.util.function.Predicate;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.keycloak.common.util.MultivaluedHashMap;
import org.keycloak.models.ClientModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.OrderedModel;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleModel;
import org.keycloak.models.UserConsentModel;
import org.keycloak.models.UserModel;
import org.keycloak.protocol.oidc.TokenManager;
import org.keycloak.services.managers.UserSessionManager;
import org.keycloak.services.resources.admin.permissions.AdminPermissions;
import org.keycloak.services.util.ResolveRelative;
import org.keycloak.storage.StorageId;

/* loaded from: input_file:org/keycloak/forms/account/freemarker/model/ApplicationsBean.class */
public class ApplicationsBean {
    private List<ApplicationEntry> applications;

    /* loaded from: input_file:org/keycloak/forms/account/freemarker/model/ApplicationsBean$ApplicationEntry.class */
    public static class ApplicationEntry {
        private KeycloakSession session;
        private final List<RoleModel> realmRolesAvailable;
        private final MultivaluedHashMap<String, ClientRoleEntry> resourceRolesAvailable;
        private final ClientModel client;
        private final List<String> clientScopesGranted;
        private final List<String> additionalGrants;

        public ApplicationEntry(KeycloakSession keycloakSession, List<RoleModel> list, MultivaluedHashMap<String, ClientRoleEntry> multivaluedHashMap, ClientModel clientModel, List<String> list2, List<String> list3) {
            this.session = keycloakSession;
            this.realmRolesAvailable = list;
            this.resourceRolesAvailable = multivaluedHashMap;
            this.client = clientModel;
            this.clientScopesGranted = list2;
            this.additionalGrants = list3;
        }

        public List<RoleModel> getRealmRolesAvailable() {
            return this.realmRolesAvailable;
        }

        public MultivaluedHashMap<String, ClientRoleEntry> getResourceRolesAvailable() {
            return this.resourceRolesAvailable;
        }

        public List<String> getClientScopesGranted() {
            return this.clientScopesGranted;
        }

        public String getEffectiveUrl() {
            return ResolveRelative.resolveRelativeUri(this.session, getClient().getRootUrl(), getClient().getBaseUrl());
        }

        public ClientModel getClient() {
            return this.client;
        }

        public List<String> getAdditionalGrants() {
            return this.additionalGrants;
        }
    }

    /* loaded from: input_file:org/keycloak/forms/account/freemarker/model/ApplicationsBean$ClientRoleEntry.class */
    public static class ClientRoleEntry {
        private final String clientId;
        private final String clientName;
        private final String roleName;
        private final String roleDescription;

        public ClientRoleEntry(String str, String str2, String str3, String str4) {
            this.clientId = str;
            this.clientName = str2;
            this.roleName = str3;
            this.roleDescription = str4;
        }

        public String getClientId() {
            return this.clientId;
        }

        public String getClientName() {
            return this.clientName;
        }

        public String getRoleName() {
            return this.roleName;
        }

        public String getRoleDescription() {
            return this.roleDescription;
        }
    }

    public ApplicationsBean(KeycloakSession keycloakSession, RealmModel realmModel, UserModel userModel) {
        this.applications = new LinkedList();
        Set<ClientModel> findClientsWithOfflineToken = new UserSessionManager(keycloakSession).findClientsWithOfflineToken(realmModel, userModel);
        this.applications = (List) getApplications(keycloakSession, realmModel, userModel).filter(clientModel -> {
            return !isAdminClient(clientModel) || AdminPermissions.realms(keycloakSession, realmModel, userModel).isAdmin();
        }).map(clientModel2 -> {
            return toApplicationEntry(keycloakSession, realmModel, userModel, clientModel2, findClientsWithOfflineToken);
        }).filter((v0) -> {
            return Objects.nonNull(v0);
        }).collect(Collectors.toList());
    }

    public static boolean isAdminClient(ClientModel clientModel) {
        return clientModel.getClientId().equals("admin-cli") || clientModel.getClientId().equals("security-admin-console");
    }

    private Stream<ClientModel> getApplications(KeycloakSession keycloakSession, RealmModel realmModel, UserModel userModel) {
        Predicate predicate = (v0) -> {
            return v0.isBearerOnly();
        };
        Stream filter = realmModel.getClientsStream().filter(predicate.negate());
        Predicate predicate2 = clientModel -> {
            return new StorageId(clientModel.getId()).isLocal();
        };
        return Stream.concat(filter, keycloakSession.users().getConsentsStream(realmModel, userModel.getId()).map((v0) -> {
            return v0.getClient();
        }).filter(predicate2.negate())).distinct();
    }

    private void processRoles(Set<RoleModel> set, List<RoleModel> list, MultivaluedHashMap<String, ClientRoleEntry> multivaluedHashMap) {
        for (RoleModel roleModel : set) {
            if (roleModel.getContainer() instanceof RealmModel) {
                list.add(roleModel);
            } else {
                ClientModel container = roleModel.getContainer();
                multivaluedHashMap.add(container.getClientId(), new ClientRoleEntry(container.getClientId(), container.getName(), roleModel.getName(), roleModel.getDescription()));
            }
        }
    }

    public List<ApplicationEntry> getApplications() {
        return this.applications;
    }

    private ApplicationEntry toApplicationEntry(KeycloakSession keycloakSession, RealmModel realmModel, UserModel userModel, ClientModel clientModel, Set<ClientModel> set) {
        UserConsentModel consentByClient;
        Set<RoleModel> access = TokenManager.getAccess(userModel, clientModel, Stream.concat(Stream.concat(clientModel.getClientScopes(true, true).values().stream(), clientModel.getClientScopes(false, true).values().stream()), Stream.of(clientModel)).distinct());
        if (!isAdminClient(clientModel) && access.isEmpty() && !clientModel.isConsentRequired()) {
            return null;
        }
        LinkedList linkedList = new LinkedList();
        MultivaluedHashMap<String, ClientRoleEntry> multivaluedHashMap = new MultivaluedHashMap<>();
        processRoles(access, linkedList, multivaluedHashMap);
        LinkedList linkedList2 = new LinkedList();
        if (clientModel.isConsentRequired() && (consentByClient = keycloakSession.users().getConsentByClient(realmModel, userModel.getId(), clientModel.getId())) != null) {
            linkedList2.addAll(consentByClient.getGrantedClientScopes());
        }
        List list = (List) linkedList2.stream().sorted(OrderedModel.OrderedModelComparator.getInstance()).map((v0) -> {
            return v0.getConsentScreenText();
        }).collect(Collectors.toList());
        ArrayList arrayList = new ArrayList();
        if (set.contains(clientModel)) {
            arrayList.add("${offlineToken}");
        }
        return new ApplicationEntry(keycloakSession, linkedList, multivaluedHashMap, clientModel, list, arrayList);
    }
}
