package org.keycloak.authorization.admin;

import com.fasterxml.jackson.databind.ObjectMapper;
import java.io.IOException;
import java.util.HashSet;
import java.util.Iterator;
import java.util.stream.Collectors;
import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.core.Response;
import org.jboss.resteasy.annotations.cache.NoCache;
import org.jboss.resteasy.spi.ResteasyProviderFactory;
import org.keycloak.authorization.AuthorizationProvider;
import org.keycloak.authorization.admin.util.Models;
import org.keycloak.authorization.model.Policy;
import org.keycloak.authorization.model.Resource;
import org.keycloak.authorization.model.ResourceServer;
import org.keycloak.authorization.model.Scope;
import org.keycloak.authorization.policy.provider.PolicyProviderAdminService;
import org.keycloak.authorization.policy.provider.PolicyProviderFactory;
import org.keycloak.authorization.store.PolicyStore;
import org.keycloak.authorization.store.StoreFactory;
import org.keycloak.representations.idm.authorization.PolicyProviderRepresentation;
import org.keycloak.representations.idm.authorization.PolicyRepresentation;
import org.keycloak.services.resources.admin.RealmAuth;
import org.keycloak.social.stackoverflow.StackoverflowIdentityProvider;
import org.keycloak.utils.MediaType;

/* loaded from: input_file:org/keycloak/authorization/admin/PolicyService.class */
public class PolicyService {
    private final ResourceServer resourceServer;
    private final AuthorizationProvider authorization;
    private final RealmAuth auth;

    public PolicyService(ResourceServer resourceServer, AuthorizationProvider authorizationProvider, RealmAuth realmAuth) {
        this.resourceServer = resourceServer;
        this.authorization = authorizationProvider;
        this.auth = realmAuth;
    }

    @NoCache
    @Consumes({MediaType.APPLICATION_JSON})
    @POST
    @Produces({MediaType.APPLICATION_JSON})
    public Response create(PolicyRepresentation policyRepresentation) {
        this.auth.requireManage();
        Policy model = Models.toModel(policyRepresentation, this.resourceServer, this.authorization);
        updateResources(model, this.authorization);
        updateAssociatedPolicies(model);
        updateScopes(model, this.authorization);
        PolicyProviderAdminService policyProviderAdminResource = getPolicyProviderAdminResource(model.getType(), this.authorization);
        if (policyProviderAdminResource != null) {
            try {
                policyProviderAdminResource.onCreate(model);
            } catch (Exception e) {
                throw new RuntimeException(e);
            }
        }
        policyRepresentation.setId(model.getId());
        return Response.status(Response.Status.CREATED).entity(policyRepresentation).build();
    }

    @Path("{id}")
    @NoCache
    @Consumes({MediaType.APPLICATION_JSON})
    @Produces({MediaType.APPLICATION_JSON})
    @PUT
    public Response update(@PathParam("id") String str, PolicyRepresentation policyRepresentation) {
        this.auth.requireManage();
        policyRepresentation.setId(str);
        Policy findById = this.authorization.getStoreFactory().getPolicyStore().findById(policyRepresentation.getId());
        if (findById == null) {
            return Response.status(Response.Status.NOT_FOUND).build();
        }
        findById.setName(policyRepresentation.getName());
        findById.setDescription(policyRepresentation.getDescription());
        findById.setConfig(policyRepresentation.getConfig());
        findById.setDecisionStrategy(policyRepresentation.getDecisionStrategy());
        findById.setLogic(policyRepresentation.getLogic());
        updateResources(findById, this.authorization);
        updateAssociatedPolicies(findById);
        updateScopes(findById, this.authorization);
        PolicyProviderAdminService policyProviderAdminResource = getPolicyProviderAdminResource(findById.getType(), this.authorization);
        if (policyProviderAdminResource != null) {
            try {
                policyProviderAdminResource.onUpdate(findById);
            } catch (Exception e) {
                throw new RuntimeException(e);
            }
        }
        return Response.status(Response.Status.CREATED).build();
    }

    @Path("{id}")
    @DELETE
    public Response delete(@PathParam("id") String str) {
        this.auth.requireManage();
        PolicyStore policyStore = this.authorization.getStoreFactory().getPolicyStore();
        Policy findById = policyStore.findById(str);
        if (findById == null) {
            return Response.status(Response.Status.NOT_FOUND).build();
        }
        PolicyProviderAdminService policyProviderAdminResource = getPolicyProviderAdminResource(findById.getType(), this.authorization);
        if (policyProviderAdminResource != null) {
            try {
                policyProviderAdminResource.onRemove(findById);
            } catch (Exception e) {
                throw new RuntimeException(e);
            }
        }
        policyStore.findDependentPolicies(str).forEach(policy -> {
            if (policy.getAssociatedPolicies().size() == 1) {
                policyStore.delete(policy.getId());
            } else {
                policy.removeAssociatedPolicy(findById);
            }
        });
        policyStore.delete(findById.getId());
        return Response.noContent().build();
    }

    @GET
    @Path("{id}")
    @NoCache
    @Produces({MediaType.APPLICATION_JSON})
    public Response findById(@PathParam("id") String str) {
        this.auth.requireView();
        Policy findById = this.authorization.getStoreFactory().getPolicyStore().findById(str);
        return findById == null ? Response.status(Response.Status.NOT_FOUND).build() : Response.ok(Models.toRepresentation(findById, this.authorization)).build();
    }

    @GET
    @Path("/search")
    @NoCache
    @Produces({MediaType.APPLICATION_JSON})
    public Response find(@QueryParam("name") String str) {
        this.auth.requireView();
        StoreFactory storeFactory = this.authorization.getStoreFactory();
        if (str == null) {
            return Response.status(Response.Status.BAD_REQUEST).build();
        }
        Policy findByName = storeFactory.getPolicyStore().findByName(str, this.resourceServer.getId());
        return findByName == null ? Response.status(Response.Status.OK).build() : Response.ok(Models.toRepresentation(findByName, this.authorization)).build();
    }

    @GET
    @Produces({MediaType.APPLICATION_JSON})
    @NoCache
    public Response findAll() {
        this.auth.requireView();
        return Response.ok(this.authorization.getStoreFactory().getPolicyStore().findByResourceServer(this.resourceServer.getId()).stream().map(policy -> {
            return Models.toRepresentation(policy, this.authorization);
        }).collect(Collectors.toList())).build();
    }

    @GET
    @Path("providers")
    @NoCache
    @Produces({MediaType.APPLICATION_JSON})
    public Response findPolicyProviders() {
        this.auth.requireView();
        return Response.ok(this.authorization.getProviderFactories().stream().map(policyProviderFactory -> {
            PolicyProviderRepresentation policyProviderRepresentation = new PolicyProviderRepresentation();
            policyProviderRepresentation.setName(policyProviderFactory.getName());
            policyProviderRepresentation.setGroup(policyProviderFactory.getGroup());
            policyProviderRepresentation.setType(policyProviderFactory.getId());
            return policyProviderRepresentation;
        }).collect(Collectors.toList())).build();
    }

    @Path("evaluate")
    public PolicyEvaluationService getPolicyEvaluateResource() {
        this.auth.requireView();
        PolicyEvaluationService policyEvaluationService = new PolicyEvaluationService(this.resourceServer, this.authorization);
        ResteasyProviderFactory.getInstance().injectProperties(policyEvaluationService);
        return policyEvaluationService;
    }

    @Path("{policyType}")
    public Object getPolicyTypeResource(@PathParam("policyType") String str) {
        this.auth.requireView();
        return getPolicyProviderAdminResource(str, this.authorization);
    }

    private PolicyProviderAdminService getPolicyProviderAdminResource(String str, AuthorizationProvider authorizationProvider) {
        PolicyProviderFactory providerFactory = authorizationProvider.getProviderFactory(str);
        if (providerFactory != null) {
            return providerFactory.getAdminResource(this.resourceServer);
        }
        return null;
    }

    private void updateScopes(Policy policy, AuthorizationProvider authorizationProvider) {
        String str = (String) policy.getConfig().get("scopes");
        if (str != null) {
            try {
                String[] strArr = (String[]) new ObjectMapper().readValue(str, String[].class);
                StoreFactory storeFactory = authorizationProvider.getStoreFactory();
                for (String str2 : strArr) {
                    boolean z = false;
                    Iterator it = new HashSet(policy.getScopes()).iterator();
                    while (it.hasNext()) {
                        if (((Scope) it.next()).getId().equals(str2)) {
                            z = true;
                        }
                    }
                    if (!z) {
                        policy.addScope(storeFactory.getScopeStore().findById(str2));
                    }
                }
                Iterator it2 = new HashSet(policy.getScopes()).iterator();
                while (it2.hasNext()) {
                    Scope scope = (Scope) it2.next();
                    boolean z2 = false;
                    for (String str3 : strArr) {
                        if (scope.getId().equals(str3)) {
                            z2 = true;
                        }
                    }
                    if (!z2) {
                        policy.removeScope(scope);
                    }
                }
            } catch (IOException e) {
                throw new RuntimeException(e);
            }
        }
    }

    private void updateAssociatedPolicies(Policy policy) {
        String str = (String) policy.getConfig().get("applyPolicies");
        if (str != null) {
            try {
                String[] strArr = (String[]) new ObjectMapper().readValue(str, String[].class);
                PolicyStore policyStore = this.authorization.getStoreFactory().getPolicyStore();
                for (String str2 : strArr) {
                    boolean z = false;
                    Iterator it = new HashSet(policy.getAssociatedPolicies()).iterator();
                    while (it.hasNext()) {
                        Policy policy2 = (Policy) it.next();
                        if (policy2.getId().equals(str2) || policy2.getName().equals(str2)) {
                            z = true;
                        }
                    }
                    if (!z) {
                        Policy findById = policyStore.findById(str2);
                        if (findById == null) {
                            findById = policyStore.findByName(str2, this.resourceServer.getId());
                        }
                        policy.addAssociatedPolicy(findById);
                    }
                }
                Iterator it2 = new HashSet(policy.getAssociatedPolicies()).iterator();
                while (it2.hasNext()) {
                    Policy policy3 = (Policy) it2.next();
                    boolean z2 = false;
                    for (String str3 : strArr) {
                        if (policy3.getId().equals(str3) || policy3.getName().equals(str3)) {
                            z2 = true;
                        }
                    }
                    if (!z2) {
                        policy.removeAssociatedPolicy(policy3);
                    }
                }
            } catch (IOException e) {
                throw new RuntimeException(e);
            }
        }
    }

    private void updateResources(Policy policy, AuthorizationProvider authorizationProvider) {
        String str = (String) policy.getConfig().get("resources");
        if (str != null) {
            try {
                String[] strArr = (String[]) new ObjectMapper().readValue(str, String[].class);
                StoreFactory storeFactory = authorizationProvider.getStoreFactory();
                for (String str2 : strArr) {
                    boolean z = false;
                    Iterator it = new HashSet(policy.getResources()).iterator();
                    while (it.hasNext()) {
                        if (((Resource) it.next()).getId().equals(str2)) {
                            z = true;
                        }
                    }
                    if (!z && !StackoverflowIdentityProvider.DEFAULT_SCOPE.equals(str2)) {
                        policy.addResource(storeFactory.getResourceStore().findById(str2));
                    }
                }
                Iterator it2 = new HashSet(policy.getResources()).iterator();
                while (it2.hasNext()) {
                    Resource resource = (Resource) it2.next();
                    boolean z2 = false;
                    for (String str3 : strArr) {
                        if (resource.getId().equals(str3)) {
                            z2 = true;
                        }
                    }
                    if (!z2) {
                        policy.removeResource(resource);
                    }
                }
            } catch (IOException e) {
                throw new RuntimeException(e);
            }
        }
    }
}
