package org.keycloak.services.resources.admin.permissions;

import java.util.HashMap;
import org.keycloak.authorization.AuthorizationProvider;
import org.keycloak.authorization.model.Policy;
import org.keycloak.authorization.model.Resource;
import org.keycloak.authorization.model.ResourceServer;
import org.keycloak.authorization.model.Scope;
import org.keycloak.models.ClientModel;
import org.keycloak.models.RoleModel;
import org.keycloak.protocol.oidc.OIDCLoginProtocolFactory;
import org.keycloak.representations.idm.authorization.DecisionStrategy;
import org.keycloak.representations.idm.authorization.Logic;
import org.keycloak.representations.idm.authorization.PolicyRepresentation;
import org.keycloak.representations.idm.authorization.ScopePermissionRepresentation;

/* loaded from: input_file:org/keycloak/services/resources/admin/permissions/Helper.class */
class Helper {
    Helper() {
    }

    public static Policy addScopePermission(AuthorizationProvider authorizationProvider, ResourceServer resourceServer, String str, Resource resource, Scope scope, Policy policy) {
        ScopePermissionRepresentation scopePermissionRepresentation = new ScopePermissionRepresentation();
        scopePermissionRepresentation.setName(str);
        scopePermissionRepresentation.setDecisionStrategy(DecisionStrategy.UNANIMOUS);
        scopePermissionRepresentation.setLogic(Logic.POSITIVE);
        scopePermissionRepresentation.addResource(resource.getName());
        scopePermissionRepresentation.addScope(new String[]{scope.getName()});
        scopePermissionRepresentation.addPolicy(new String[]{policy.getName()});
        return authorizationProvider.getStoreFactory().getPolicyStore().create(scopePermissionRepresentation, resourceServer);
    }

    public static Policy addEmptyScopePermission(AuthorizationProvider authorizationProvider, ResourceServer resourceServer, String str, Resource resource, Scope scope) {
        ScopePermissionRepresentation scopePermissionRepresentation = new ScopePermissionRepresentation();
        scopePermissionRepresentation.setName(str);
        scopePermissionRepresentation.setDecisionStrategy(DecisionStrategy.UNANIMOUS);
        scopePermissionRepresentation.setLogic(Logic.POSITIVE);
        scopePermissionRepresentation.addResource(resource.getName());
        scopePermissionRepresentation.addScope(new String[]{scope.getName()});
        return authorizationProvider.getStoreFactory().getPolicyStore().create(scopePermissionRepresentation, resourceServer);
    }

    public static Policy createRolePolicy(AuthorizationProvider authorizationProvider, ResourceServer resourceServer, RoleModel roleModel) {
        return createRolePolicy(authorizationProvider, resourceServer, roleModel, getRolePolicyName(roleModel));
    }

    public static Policy createRolePolicy(AuthorizationProvider authorizationProvider, ResourceServer resourceServer, RoleModel roleModel, String str) {
        PolicyRepresentation policyRepresentation = new PolicyRepresentation();
        policyRepresentation.setName(str);
        policyRepresentation.setType("role");
        policyRepresentation.setDecisionStrategy(DecisionStrategy.UNANIMOUS);
        policyRepresentation.setLogic(Logic.POSITIVE);
        String str2 = "[{\"id\":\"" + roleModel.getId() + "\",\"required\": true}]";
        HashMap hashMap = new HashMap();
        hashMap.put(OIDCLoginProtocolFactory.ROLES_SCOPE, str2);
        policyRepresentation.setConfig(hashMap);
        return authorizationProvider.getStoreFactory().getPolicyStore().create(policyRepresentation, resourceServer);
    }

    public static String getRolePolicyName(RoleModel roleModel) {
        String name;
        if (roleModel.getContainer() instanceof ClientModel) {
            name = roleModel.getContainer().getClientId() + "." + roleModel.getName();
        } else {
            name = roleModel.getName();
        }
        return "role.policy." + name;
    }
}
