package org.keycloak.authorization.admin;

import java.io.IOException;
import java.util.EnumMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.function.Predicate;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.ws.rs.Consumes;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriInfo;
import org.jboss.resteasy.annotations.cache.NoCache;
import org.keycloak.authorization.AuthorizationProvider;
import org.keycloak.authorization.model.Policy;
import org.keycloak.authorization.model.Resource;
import org.keycloak.authorization.model.ResourceServer;
import org.keycloak.authorization.model.Scope;
import org.keycloak.authorization.policy.provider.PolicyProviderAdminService;
import org.keycloak.authorization.policy.provider.PolicyProviderFactory;
import org.keycloak.authorization.store.PolicyStore;
import org.keycloak.authorization.store.ResourceStore;
import org.keycloak.authorization.store.ScopeStore;
import org.keycloak.authorization.store.StoreFactory;
import org.keycloak.events.admin.OperationType;
import org.keycloak.events.admin.ResourceType;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.utils.ModelToRepresentation;
import org.keycloak.representations.idm.authorization.AbstractPolicyRepresentation;
import org.keycloak.representations.idm.authorization.PolicyProviderRepresentation;
import org.keycloak.representations.idm.authorization.PolicyRepresentation;
import org.keycloak.services.ErrorResponseException;
import org.keycloak.services.resources.Cors;
import org.keycloak.services.resources.admin.AdminEventBuilder;
import org.keycloak.services.resources.admin.permissions.AdminPermissionEvaluator;
import org.keycloak.util.JsonSerialization;
import org.keycloak.utils.MediaType;

/* loaded from: input_file:org/keycloak/authorization/admin/PolicyService.class */
public class PolicyService {
    protected final ResourceServer resourceServer;
    protected final AuthorizationProvider authorization;
    protected final AdminPermissionEvaluator auth;
    protected final AdminEventBuilder adminEvent;

    public PolicyService(ResourceServer resourceServer, AuthorizationProvider authorizationProvider, AdminPermissionEvaluator adminPermissionEvaluator, AdminEventBuilder adminEventBuilder) {
        this.resourceServer = resourceServer;
        this.authorization = authorizationProvider;
        this.auth = adminPermissionEvaluator;
        this.adminEvent = adminEventBuilder.resource(ResourceType.AUTHORIZATION_POLICY);
    }

    @Path("{type}")
    public Object getResource(@PathParam("type") String str) {
        return getPolicyProviderFactory(str) != null ? doCreatePolicyTypeResource(str) : doCreatePolicyResource(this.authorization.getStoreFactory().getPolicyStore().findById(this.resourceServer.getRealm(), this.resourceServer, str));
    }

    protected PolicyTypeService doCreatePolicyTypeResource(String str) {
        return new PolicyTypeService(str, this.resourceServer, this.authorization, this.auth, this.adminEvent);
    }

    protected Object doCreatePolicyResource(Policy policy) {
        return new PolicyResourceService(policy, this.resourceServer, this.authorization, this.auth, this.adminEvent);
    }

    @NoCache
    @Consumes({MediaType.APPLICATION_JSON})
    @POST
    @Produces({MediaType.APPLICATION_JSON})
    public Response create(String str) {
        if (this.auth != null) {
            this.auth.realm().requireManageAuthorization();
        }
        AbstractPolicyRepresentation doCreateRepresentation = doCreateRepresentation(str);
        doCreateRepresentation.setId(create(doCreateRepresentation).getId());
        audit(doCreateRepresentation, doCreateRepresentation.getId(), OperationType.CREATE, this.authorization.getKeycloakSession());
        return Response.status(Response.Status.CREATED).entity(doCreateRepresentation).build();
    }

    protected AbstractPolicyRepresentation doCreateRepresentation(String str) {
        try {
            return (PolicyRepresentation) JsonSerialization.readValue(str, PolicyRepresentation.class);
        } catch (IOException e) {
            throw new RuntimeException("Failed to deserialize representation", e);
        }
    }

    public Policy create(AbstractPolicyRepresentation abstractPolicyRepresentation) {
        PolicyStore policyStore = this.authorization.getStoreFactory().getPolicyStore();
        if (policyStore.findByName(this.resourceServer, abstractPolicyRepresentation.getName()) != null) {
            throw new ErrorResponseException("Policy with name [" + abstractPolicyRepresentation.getName() + "] already exists", "Conflicting policy", Response.Status.CONFLICT);
        }
        return policyStore.create(this.resourceServer, abstractPolicyRepresentation);
    }

    @GET
    @Path("/search")
    @NoCache
    @Produces({MediaType.APPLICATION_JSON})
    public Response findByName(@QueryParam("name") String str, @QueryParam("fields") String str2) {
        if (this.auth != null) {
            this.auth.realm().requireViewAuthorization();
        }
        StoreFactory storeFactory = this.authorization.getStoreFactory();
        if (str == null) {
            return Response.status(Response.Status.BAD_REQUEST).build();
        }
        Policy findByName = storeFactory.getPolicyStore().findByName(this.resourceServer, str);
        return findByName == null ? Response.noContent().build() : Response.ok(toRepresentation(findByName, str2, this.authorization)).build();
    }

    @GET
    @Produces({MediaType.APPLICATION_JSON})
    @NoCache
    public Response findAll(@QueryParam("policyId") String str, @QueryParam("name") String str2, @QueryParam("type") String str3, @QueryParam("resource") String str4, @QueryParam("scope") String str5, @QueryParam("permission") Boolean bool, @QueryParam("owner") String str6, @QueryParam("fields") String str7, @QueryParam("first") Integer num, @QueryParam("max") Integer num2) {
        if (this.auth != null) {
            this.auth.realm().requireViewAuthorization();
        }
        EnumMap enumMap = new EnumMap(Policy.FilterOption.class);
        if (str != null && !"".equals(str.trim())) {
            enumMap.put((EnumMap) Policy.FilterOption.ID, (Policy.FilterOption) new String[]{str});
        }
        if (str2 != null && !"".equals(str2.trim())) {
            enumMap.put((EnumMap) Policy.FilterOption.NAME, (Policy.FilterOption) new String[]{str2});
        }
        if (str3 != null && !"".equals(str3.trim())) {
            enumMap.put((EnumMap) Policy.FilterOption.TYPE, (Policy.FilterOption) new String[]{str3});
        }
        if (str6 != null && !"".equals(str6.trim())) {
            enumMap.put((EnumMap) Policy.FilterOption.OWNER, (Policy.FilterOption) new String[]{str6});
        }
        StoreFactory storeFactory = this.authorization.getStoreFactory();
        if (str4 != null && !"".equals(str4.trim())) {
            ResourceStore resourceStore = storeFactory.getResourceStore();
            Resource findById = resourceStore.findById(this.resourceServer.getRealm(), this.resourceServer, str4);
            if (findById == null) {
                EnumMap enumMap2 = new EnumMap(Resource.FilterOption.class);
                enumMap2.put((EnumMap) Resource.FilterOption.NAME, (Resource.FilterOption) new String[]{str4});
                if (str6 != null) {
                    enumMap2.put((EnumMap) Resource.FilterOption.OWNER, (Resource.FilterOption) new String[]{str6});
                }
                Set set = (Set) resourceStore.find(this.resourceServer.getRealm(), this.resourceServer, enumMap2, -1, 1).stream().map((v0) -> {
                    return v0.getId();
                }).collect(Collectors.toSet());
                if (set.isEmpty()) {
                    return Response.noContent().build();
                }
                enumMap.put((EnumMap) Policy.FilterOption.RESOURCE_ID, (Policy.FilterOption) set.toArray(new String[set.size()]));
            } else {
                enumMap.put((EnumMap) Policy.FilterOption.RESOURCE_ID, (Policy.FilterOption) new String[]{findById.getId()});
            }
        }
        if (str5 != null && !"".equals(str5.trim())) {
            ScopeStore scopeStore = storeFactory.getScopeStore();
            Scope findById2 = scopeStore.findById(this.resourceServer.getRealm(), this.resourceServer, str5);
            if (findById2 == null) {
                EnumMap enumMap3 = new EnumMap(Scope.FilterOption.class);
                enumMap3.put((EnumMap) Scope.FilterOption.NAME, (Scope.FilterOption) new String[]{str5});
                Set set2 = (Set) scopeStore.findByResourceServer(this.resourceServer, enumMap3, -1, 1).stream().map((v0) -> {
                    return v0.getId();
                }).collect(Collectors.toSet());
                if (set2.isEmpty()) {
                    return Response.noContent().build();
                }
                enumMap.put((EnumMap) Policy.FilterOption.SCOPE_ID, (Policy.FilterOption) set2.toArray(new String[set2.size()]));
            } else {
                enumMap.put((EnumMap) Policy.FilterOption.SCOPE_ID, (Policy.FilterOption) new String[]{findById2.getId()});
            }
        }
        if (bool != null) {
            enumMap.put((EnumMap) Policy.FilterOption.PERMISSION, (Policy.FilterOption) new String[]{bool.toString()});
        }
        return Response.ok(doSearch(num, num2, str7, enumMap)).build();
    }

    protected AbstractPolicyRepresentation toRepresentation(Policy policy, String str, AuthorizationProvider authorizationProvider) {
        return ModelToRepresentation.toRepresentation(policy, authorizationProvider, true, false, str != null && str.equals(Cors.ACCESS_CONTROL_ALLOW_ORIGIN_WILDCARD));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public List<Object> doSearch(Integer num, Integer num2, String str, Map<Policy.FilterOption, String[]> map) {
        return (List) this.authorization.getStoreFactory().getPolicyStore().find(this.resourceServer.getRealm(), this.resourceServer, map, Integer.valueOf(num != null ? num.intValue() : -1), Integer.valueOf(num2 != null ? num2.intValue() : 100)).stream().map(policy -> {
            return toRepresentation(policy, str, this.authorization);
        }).collect(Collectors.toList());
    }

    @GET
    @Path("providers")
    @NoCache
    @Produces({MediaType.APPLICATION_JSON})
    public Response findPolicyProviders() {
        if (this.auth != null) {
            this.auth.realm().requireViewAuthorization();
        }
        Stream providerFactoriesStream = this.authorization.getProviderFactoriesStream();
        Predicate predicate = (v0) -> {
            return v0.isInternal();
        };
        return Response.ok(providerFactoriesStream.filter(predicate.negate()).map(policyProviderFactory -> {
            PolicyProviderRepresentation policyProviderRepresentation = new PolicyProviderRepresentation();
            policyProviderRepresentation.setName(policyProviderFactory.getName());
            policyProviderRepresentation.setGroup(policyProviderFactory.getGroup());
            policyProviderRepresentation.setType(policyProviderFactory.getId());
            return policyProviderRepresentation;
        }).collect(Collectors.toList())).build();
    }

    @Path("evaluate")
    public PolicyEvaluationService getPolicyEvaluateResource() {
        if (this.auth != null) {
            this.auth.realm().requireViewAuthorization();
        }
        return new PolicyEvaluationService(this.resourceServer, this.authorization, this.auth);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public PolicyProviderAdminService getPolicyProviderAdminResource(String str) {
        return getPolicyProviderFactory(str).getAdminResource(this.resourceServer, this.authorization);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public PolicyProviderFactory getPolicyProviderFactory(String str) {
        return this.authorization.getProviderFactory(str);
    }

    private void audit(AbstractPolicyRepresentation abstractPolicyRepresentation, String str, OperationType operationType, KeycloakSession keycloakSession) {
        if (str != null) {
            this.adminEvent.operation(operationType).resourcePath(keycloakSession.getContext().getUri(), str).representation(abstractPolicyRepresentation).success();
        } else {
            this.adminEvent.operation(operationType).resourcePath((UriInfo) keycloakSession.getContext().getUri()).representation(abstractPolicyRepresentation).success();
        }
    }
}
