package org.keycloak.forms.account.freemarker.model;

import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.stream.Collectors;
import javax.ws.rs.core.UriInfo;
import org.keycloak.authorization.AuthorizationProvider;
import org.keycloak.authorization.model.PermissionTicket;
import org.keycloak.authorization.model.Policy;
import org.keycloak.authorization.model.Resource;
import org.keycloak.authorization.model.Scope;
import org.keycloak.common.util.Time;
import org.keycloak.models.ClientModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.utils.ModelToRepresentation;
import org.keycloak.representations.idm.authorization.ScopeRepresentation;
import org.keycloak.services.util.ResolveRelative;

/* loaded from: input_file:org/keycloak/forms/account/freemarker/model/AuthorizationBean.class */
public class AuthorizationBean {
    private final KeycloakSession session;
    private final UserModel user;
    private final AuthorizationProvider authorization;
    private final UriInfo uriInfo;
    private ResourceBean resource;
    private List<ResourceBean> resources;
    private Collection<ResourceBean> userSharedResources;
    private Collection<ResourceBean> requestsWaitingPermission;
    private Collection<ResourceBean> resourcesWaitingOthersApproval;

    /* loaded from: input_file:org/keycloak/forms/account/freemarker/model/AuthorizationBean$ManagedPermissionBean.class */
    public class ManagedPermissionBean {
        private final Policy policy;
        private List<ManagedPermissionBean> policies;

        public ManagedPermissionBean(Policy policy) {
            this.policy = policy;
        }

        public String getId() {
            return this.policy.getId();
        }

        public Collection<ScopeRepresentation> getScopes() {
            return (Collection) this.policy.getScopes().stream().map(ModelToRepresentation::toRepresentation).collect(Collectors.toList());
        }

        public String getDescription() {
            return this.policy.getDescription();
        }

        public Collection<ManagedPermissionBean> getPolicies() {
            if (this.policies == null) {
                this.policies = (List) this.policy.getAssociatedPolicies().stream().map(policy -> {
                    return new ManagedPermissionBean(policy);
                }).collect(Collectors.toList());
            }
            return this.policies;
        }
    }

    /* loaded from: input_file:org/keycloak/forms/account/freemarker/model/AuthorizationBean$PermissionScopeBean.class */
    public static class PermissionScopeBean {
        private final Scope scope;
        private final PermissionTicket ticket;

        public PermissionScopeBean(PermissionTicket permissionTicket) {
            this.ticket = permissionTicket;
            this.scope = permissionTicket.getScope();
        }

        public String getId() {
            return this.ticket.getId();
        }

        public Scope getScope() {
            return this.scope;
        }

        public boolean isGranted() {
            return this.ticket.isGranted();
        }

        /* JADX INFO: Access modifiers changed from: private */
        public Date getGrantedDate() {
            if (isGranted()) {
                return Time.toDate(this.ticket.getGrantedTimestamp().longValue());
            }
            return null;
        }
    }

    /* loaded from: input_file:org/keycloak/forms/account/freemarker/model/AuthorizationBean$RequesterBean.class */
    public static class RequesterBean {
        private final Long createdTimestamp;
        private final Long grantedTimestamp;
        private UserModel requester;
        private List<PermissionScopeBean> scopes = new ArrayList();
        private boolean granted;

        public RequesterBean(PermissionTicket permissionTicket, AuthorizationProvider authorizationProvider) {
            this.requester = authorizationProvider.getKeycloakSession().users().getUserById(permissionTicket.getRequester(), authorizationProvider.getRealm());
            this.granted = permissionTicket.isGranted();
            this.createdTimestamp = permissionTicket.getCreatedTimestamp();
            this.grantedTimestamp = permissionTicket.getGrantedTimestamp();
        }

        public UserModel getRequester() {
            return this.requester;
        }

        public List<PermissionScopeBean> getScopes() {
            return this.scopes;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public void addScope(PermissionTicket permissionTicket) {
            if (permissionTicket != null) {
                this.scopes.add(new PermissionScopeBean(permissionTicket));
            }
        }

        public boolean isGranted() {
            return (this.granted && this.scopes.isEmpty()) || this.scopes.stream().filter(permissionScopeBean -> {
                return permissionScopeBean.isGranted();
            }).count() > 0;
        }

        public Date getCreatedDate() {
            return Time.toDate(this.createdTimestamp.longValue());
        }

        public Date getGrantedDate() {
            if (this.grantedTimestamp != null) {
                return Time.toDate(this.grantedTimestamp.longValue());
            }
            PermissionScopeBean orElse = this.scopes.stream().filter(permissionScopeBean -> {
                return permissionScopeBean.isGranted();
            }).findFirst().orElse(null);
            if (orElse == null) {
                return null;
            }
            return orElse.getGrantedDate();
        }
    }

    /* loaded from: input_file:org/keycloak/forms/account/freemarker/model/AuthorizationBean$ResourceBean.class */
    public class ResourceBean {
        private final ResourceServerBean resourceServer;
        private final String ownerName;
        private final UserModel userOwner;
        private ClientModel clientOwner;
        private Resource resource;
        private Map<String, RequesterBean> permissions = new HashMap();
        private Collection<RequesterBean> shares;

        public ResourceBean(Resource resource) {
            RealmModel realm = AuthorizationBean.this.authorization.getRealm();
            this.resourceServer = new ResourceServerBean(realm.getClientById(resource.getResourceServer()));
            this.resource = resource;
            this.userOwner = AuthorizationBean.this.authorization.getKeycloakSession().users().getUserById(resource.getOwner(), realm);
            if (this.userOwner == null) {
                this.clientOwner = realm.getClientById(resource.getOwner());
                this.ownerName = this.clientOwner.getClientId();
            } else if (this.userOwner.getEmail() != null) {
                this.ownerName = this.userOwner.getEmail();
            } else {
                this.ownerName = this.userOwner.getUsername();
            }
        }

        public String getId() {
            return this.resource.getId();
        }

        public String getName() {
            return this.resource.getName();
        }

        public String getDisplayName() {
            return this.resource.getDisplayName();
        }

        public String getIconUri() {
            return this.resource.getIconUri();
        }

        public String getOwnerName() {
            return this.ownerName;
        }

        public UserModel getUserOwner() {
            return this.userOwner;
        }

        public ClientModel getClientOwner() {
            return this.clientOwner;
        }

        public List<ScopeRepresentation> getScopes() {
            return (List) this.resource.getScopes().stream().map(ModelToRepresentation::toRepresentation).collect(Collectors.toList());
        }

        public Collection<RequesterBean> getShares() {
            if (this.shares == null) {
                HashMap hashMap = new HashMap();
                hashMap.put("resource.id", this.resource.getId());
                hashMap.put("granted", Boolean.TRUE.toString());
                this.shares = AuthorizationBean.this.toPermissionRepresentation(AuthorizationBean.this.findPermissions(hashMap));
            }
            return this.shares;
        }

        public Collection<ManagedPermissionBean> getPolicies() {
            HashMap hashMap = new HashMap();
            hashMap.put("type", new String[]{"uma"});
            hashMap.put("resource", new String[]{this.resource.getId()});
            if (getUserOwner() != null) {
                hashMap.put("owner", new String[]{getUserOwner().getId()});
            } else {
                hashMap.put("owner", new String[]{getClientOwner().getId()});
            }
            List findByResourceServer = AuthorizationBean.this.authorization.getStoreFactory().getPolicyStore().findByResourceServer(hashMap, getResourceServer().getId(), -1, -1);
            return findByResourceServer.isEmpty() ? Collections.emptyList() : (Collection) findByResourceServer.stream().filter(policy -> {
                HashMap hashMap2 = new HashMap();
                hashMap2.put("policy", policy.getId());
                return AuthorizationBean.this.authorization.getStoreFactory().getPermissionTicketStore().find(hashMap2, this.resourceServer.getId(), -1, 1).isEmpty();
            }).map(policy2 -> {
                return new ManagedPermissionBean(policy2);
            }).collect(Collectors.toList());
        }

        public ResourceServerBean getResourceServer() {
            return this.resourceServer;
        }

        public Collection<RequesterBean> getPermissions() {
            return this.permissions.values();
        }

        /* JADX INFO: Access modifiers changed from: private */
        public void addPermission(PermissionTicket permissionTicket, AuthorizationProvider authorizationProvider) {
            this.permissions.computeIfAbsent(permissionTicket.getRequester(), str -> {
                return new RequesterBean(permissionTicket, authorizationProvider);
            }).addScope(permissionTicket);
        }
    }

    /* loaded from: input_file:org/keycloak/forms/account/freemarker/model/AuthorizationBean$ResourceServerBean.class */
    public class ResourceServerBean {
        private ClientModel clientModel;

        public ResourceServerBean(ClientModel clientModel) {
            this.clientModel = clientModel;
        }

        public String getId() {
            return this.clientModel.getId();
        }

        public String getName() {
            String name = this.clientModel.getName();
            return name != null ? name : this.clientModel.getClientId();
        }

        public String getClientId() {
            return this.clientModel.getClientId();
        }

        public String getRedirectUri() {
            Set redirectUris = this.clientModel.getRedirectUris();
            if (redirectUris.isEmpty()) {
                return null;
            }
            return (String) redirectUris.iterator().next();
        }

        public String getBaseUri() {
            return ResolveRelative.resolveRelativeUri(AuthorizationBean.this.session, this.clientModel.getRootUrl(), this.clientModel.getBaseUrl());
        }
    }

    public AuthorizationBean(KeycloakSession keycloakSession, UserModel userModel, UriInfo uriInfo) {
        Resource findById;
        this.session = keycloakSession;
        this.user = userModel;
        this.uriInfo = uriInfo;
        this.authorization = keycloakSession.getProvider(AuthorizationProvider.class);
        List list = (List) uriInfo.getPathParameters().get("resource_id");
        if (list != null && !list.isEmpty() && (findById = this.authorization.getStoreFactory().getResourceStore().findById((String) list.get(0), (String) null)) != null && !findById.getOwner().equals(userModel.getId())) {
            throw new RuntimeException("User [" + userModel.getUsername() + "] can not access resource [" + findById.getId() + "]");
        }
    }

    public Collection<ResourceBean> getResourcesWaitingOthersApproval() {
        if (this.resourcesWaitingOthersApproval == null) {
            HashMap hashMap = new HashMap();
            hashMap.put("requester", this.user.getId());
            hashMap.put("granted", Boolean.FALSE.toString());
            this.resourcesWaitingOthersApproval = toResourceRepresentation(findPermissions(hashMap));
        }
        return this.resourcesWaitingOthersApproval;
    }

    public Collection<ResourceBean> getResourcesWaitingApproval() {
        if (this.requestsWaitingPermission == null) {
            HashMap hashMap = new HashMap();
            hashMap.put("owner", this.user.getId());
            hashMap.put("granted", Boolean.FALSE.toString());
            this.requestsWaitingPermission = toResourceRepresentation(findPermissions(hashMap));
        }
        return this.requestsWaitingPermission;
    }

    public List<ResourceBean> getResources() {
        if (this.resources == null) {
            this.resources = (List) this.authorization.getStoreFactory().getResourceStore().findByOwner(this.user.getId(), (String) null).stream().filter((v0) -> {
                return v0.isOwnerManagedAccess();
            }).map(resource -> {
                return new ResourceBean(resource);
            }).collect(Collectors.toList());
        }
        return this.resources;
    }

    public Collection<ResourceBean> getSharedResources() {
        if (this.userSharedResources == null) {
            HashMap hashMap = new HashMap();
            hashMap.put("requester", this.user.getId());
            hashMap.put("granted", Boolean.TRUE.toString());
            this.userSharedResources = toResourceRepresentation(this.authorization.getStoreFactory().getPermissionTicketStore().find(hashMap, (String) null, -1, -1));
        }
        return this.userSharedResources;
    }

    public ResourceBean getResource() {
        String str;
        if (this.resource == null && (str = (String) this.uriInfo.getPathParameters().getFirst("resource_id")) != null) {
            this.resource = getResource(str);
        }
        return this.resource;
    }

    private ResourceBean getResource(String str) {
        return new ResourceBean(this.authorization.getStoreFactory().getResourceStore().findById(str, (String) null));
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Collection<RequesterBean> toPermissionRepresentation(List<PermissionTicket> list) {
        HashMap hashMap = new HashMap();
        for (PermissionTicket permissionTicket : list) {
            if (permissionTicket.getResource().isOwnerManagedAccess()) {
                ((RequesterBean) hashMap.computeIfAbsent(permissionTicket.getRequester(), str -> {
                    return new RequesterBean(permissionTicket, this.authorization);
                })).addScope(permissionTicket);
            }
        }
        return hashMap.values();
    }

    private Collection<ResourceBean> toResourceRepresentation(List<PermissionTicket> list) {
        HashMap hashMap = new HashMap();
        for (PermissionTicket permissionTicket : list) {
            Resource resource = permissionTicket.getResource();
            if (resource.isOwnerManagedAccess()) {
                ((ResourceBean) hashMap.computeIfAbsent(resource.getId(), str -> {
                    return getResource(str);
                })).addPermission(permissionTicket, this.authorization);
            }
        }
        return hashMap.values();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public List<PermissionTicket> findPermissions(Map<String, String> map) {
        return this.authorization.getStoreFactory().getPermissionTicketStore().find(map, (String) null, -1, -1);
    }
}
