package org.keycloak.authorization.jpa.store;

import jakarta.persistence.EntityManager;
import jakarta.persistence.FlushModeType;
import jakarta.persistence.LockModeType;
import jakarta.persistence.TypedQuery;
import jakarta.persistence.criteria.CriteriaBuilder;
import jakarta.persistence.criteria.CriteriaQuery;
import jakarta.persistence.criteria.Order;
import jakarta.persistence.criteria.Predicate;
import jakarta.persistence.criteria.Root;
import java.util.ArrayList;
import java.util.Collections;
import java.util.EnumMap;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import org.keycloak.authorization.AuthorizationProvider;
import org.keycloak.authorization.jpa.entities.PermissionTicketEntity;
import org.keycloak.authorization.model.PermissionTicket;
import org.keycloak.authorization.model.Resource;
import org.keycloak.authorization.model.ResourceServer;
import org.keycloak.authorization.model.Scope;
import org.keycloak.authorization.store.PermissionTicketStore;
import org.keycloak.authorization.store.ResourceStore;
import org.keycloak.common.util.Time;
import org.keycloak.models.RealmModel;
import org.keycloak.models.jpa.JpaUserCredentialStore;
import org.keycloak.models.jpa.PaginationUtils;
import org.keycloak.models.utils.KeycloakModelUtils;
import org.keycloak.utils.StreamsUtil;

/* loaded from: input_file:org/keycloak/authorization/jpa/store/JPAPermissionTicketStore.class */
public class JPAPermissionTicketStore implements PermissionTicketStore {
    private final EntityManager entityManager;
    private final AuthorizationProvider provider;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.keycloak.authorization.jpa.store.JPAPermissionTicketStore$1, reason: invalid class name */
    /* loaded from: input_file:org/keycloak/authorization/jpa/store/JPAPermissionTicketStore$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$keycloak$authorization$model$PermissionTicket$FilterOption = new int[PermissionTicket.FilterOption.values().length];

        static {
            try {
                $SwitchMap$org$keycloak$authorization$model$PermissionTicket$FilterOption[PermissionTicket.FilterOption.ID.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$keycloak$authorization$model$PermissionTicket$FilterOption[PermissionTicket.FilterOption.OWNER.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$keycloak$authorization$model$PermissionTicket$FilterOption[PermissionTicket.FilterOption.REQUESTER.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$org$keycloak$authorization$model$PermissionTicket$FilterOption[PermissionTicket.FilterOption.SCOPE_ID.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$org$keycloak$authorization$model$PermissionTicket$FilterOption[PermissionTicket.FilterOption.RESOURCE_ID.ordinal()] = 5;
            } catch (NoSuchFieldError e5) {
            }
            try {
                $SwitchMap$org$keycloak$authorization$model$PermissionTicket$FilterOption[PermissionTicket.FilterOption.RESOURCE_NAME.ordinal()] = 6;
            } catch (NoSuchFieldError e6) {
            }
            try {
                $SwitchMap$org$keycloak$authorization$model$PermissionTicket$FilterOption[PermissionTicket.FilterOption.POLICY_ID.ordinal()] = 7;
            } catch (NoSuchFieldError e7) {
            }
            try {
                $SwitchMap$org$keycloak$authorization$model$PermissionTicket$FilterOption[PermissionTicket.FilterOption.SCOPE_IS_NULL.ordinal()] = 8;
            } catch (NoSuchFieldError e8) {
            }
            try {
                $SwitchMap$org$keycloak$authorization$model$PermissionTicket$FilterOption[PermissionTicket.FilterOption.GRANTED.ordinal()] = 9;
            } catch (NoSuchFieldError e9) {
            }
            try {
                $SwitchMap$org$keycloak$authorization$model$PermissionTicket$FilterOption[PermissionTicket.FilterOption.REQUESTER_IS_NULL.ordinal()] = 10;
            } catch (NoSuchFieldError e10) {
            }
            try {
                $SwitchMap$org$keycloak$authorization$model$PermissionTicket$FilterOption[PermissionTicket.FilterOption.POLICY_IS_NOT_NULL.ordinal()] = 11;
            } catch (NoSuchFieldError e11) {
            }
        }
    }

    public JPAPermissionTicketStore(EntityManager entityManager, AuthorizationProvider authorizationProvider) {
        this.entityManager = entityManager;
        this.provider = authorizationProvider;
    }

    public long count(ResourceServer resourceServer, Map<PermissionTicket.FilterOption, String> map) {
        CriteriaBuilder criteriaBuilder = this.entityManager.getCriteriaBuilder();
        CriteriaQuery createQuery = criteriaBuilder.createQuery(String.class);
        Root<PermissionTicketEntity> from = createQuery.from(PermissionTicketEntity.class);
        createQuery.select(from.get("id"));
        createQuery.where((Predicate[]) getPredicates(criteriaBuilder, from, resourceServer, map).toArray(new Predicate[0])).orderBy(new Order[]{criteriaBuilder.asc(from.get("id"))});
        return StreamsUtil.closing(this.entityManager.createQuery(createQuery).getResultStream()).count();
    }

    private List<Predicate> getPredicates(CriteriaBuilder criteriaBuilder, Root<PermissionTicketEntity> root, ResourceServer resourceServer, Map<PermissionTicket.FilterOption, String> map) {
        ArrayList arrayList = new ArrayList();
        if (resourceServer != null) {
            arrayList.add(criteriaBuilder.equal(root.get("resourceServer").get("id"), resourceServer.getId()));
        }
        map.forEach((filterOption, str) -> {
            switch (AnonymousClass1.$SwitchMap$org$keycloak$authorization$model$PermissionTicket$FilterOption[filterOption.ordinal()]) {
                case 1:
                case 2:
                case 3:
                    arrayList.add(criteriaBuilder.equal(root.get(filterOption.getName()), str));
                    return;
                case 4:
                case 5:
                case 6:
                case 7:
                    String[] split = filterOption.getName().split("\\.");
                    arrayList.add(root.join(split[0]).get(split[1]).in(new Object[]{str}));
                    return;
                case 8:
                    if (Boolean.parseBoolean(str)) {
                        arrayList.add(criteriaBuilder.isNull(root.get("scope")));
                        return;
                    } else {
                        arrayList.add(criteriaBuilder.isNotNull(root.get("scope")));
                        return;
                    }
                case 9:
                    if (Boolean.parseBoolean(str)) {
                        arrayList.add(criteriaBuilder.isNotNull(root.get("grantedTimestamp")));
                        return;
                    } else {
                        arrayList.add(criteriaBuilder.isNull(root.get("grantedTimestamp")));
                        return;
                    }
                case JpaUserCredentialStore.PRIORITY_DIFFERENCE /* 10 */:
                    arrayList.add(criteriaBuilder.isNull(root.get("requester")));
                    return;
                case 11:
                    arrayList.add(criteriaBuilder.isNotNull(root.get("policy")));
                    return;
                default:
                    throw new IllegalArgumentException("Unsupported filter [" + filterOption + "]");
            }
        });
        return arrayList;
    }

    public PermissionTicket create(ResourceServer resourceServer, Resource resource, Scope scope, String str) {
        PermissionTicketEntity permissionTicketEntity = new PermissionTicketEntity();
        permissionTicketEntity.setId(KeycloakModelUtils.generateId());
        permissionTicketEntity.setResource(ResourceAdapter.toEntity(this.entityManager, resource));
        permissionTicketEntity.setRequester(str);
        permissionTicketEntity.setCreatedTimestamp(Long.valueOf(Time.currentTimeMillis()));
        if (scope != null) {
            permissionTicketEntity.setScope(ScopeAdapter.toEntity(this.entityManager, scope));
        }
        permissionTicketEntity.setOwner(permissionTicketEntity.getResource().getOwner());
        permissionTicketEntity.setResourceServer(ResourceServerAdapter.toEntity(this.entityManager, resourceServer));
        this.entityManager.persist(permissionTicketEntity);
        this.entityManager.flush();
        return new PermissionTicketAdapter(permissionTicketEntity, this.entityManager, this.provider.getStoreFactory());
    }

    public void delete(RealmModel realmModel, String str) {
        PermissionTicketEntity permissionTicketEntity = (PermissionTicketEntity) this.entityManager.find(PermissionTicketEntity.class, str, LockModeType.PESSIMISTIC_WRITE);
        if (permissionTicketEntity != null) {
            this.entityManager.remove(permissionTicketEntity);
        }
    }

    public PermissionTicket findById(RealmModel realmModel, ResourceServer resourceServer, String str) {
        PermissionTicketEntity permissionTicketEntity;
        if (str == null || (permissionTicketEntity = (PermissionTicketEntity) this.entityManager.find(PermissionTicketEntity.class, str)) == null) {
            return null;
        }
        return new PermissionTicketAdapter(permissionTicketEntity, this.entityManager, this.provider.getStoreFactory());
    }

    public List<PermissionTicket> findByResource(ResourceServer resourceServer, Resource resource) {
        TypedQuery createNamedQuery = this.entityManager.createNamedQuery("findPermissionIdByResource", String.class);
        createNamedQuery.setFlushMode(FlushModeType.COMMIT);
        createNamedQuery.setParameter("resourceId", resource.getId());
        createNamedQuery.setParameter("serverId", resourceServer == null ? null : resourceServer.getId());
        List resultList = createNamedQuery.getResultList();
        LinkedList linkedList = new LinkedList();
        PermissionTicketStore permissionTicketStore = this.provider.getStoreFactory().getPermissionTicketStore();
        Iterator it = resultList.iterator();
        while (it.hasNext()) {
            PermissionTicket findById = permissionTicketStore.findById(JPAAuthorizationStoreFactory.NULL_REALM, resourceServer, (String) it.next());
            if (Objects.nonNull(findById)) {
                linkedList.add(findById);
            }
        }
        return linkedList;
    }

    public List<PermissionTicket> findByScope(ResourceServer resourceServer, Scope scope) {
        if (scope == null) {
            return Collections.emptyList();
        }
        TypedQuery createNamedQuery = this.entityManager.createNamedQuery("findPermissionIdByScope", String.class);
        createNamedQuery.setFlushMode(FlushModeType.COMMIT);
        createNamedQuery.setParameter("scopeId", scope.getId());
        createNamedQuery.setParameter("serverId", resourceServer == null ? null : resourceServer.getId());
        List resultList = createNamedQuery.getResultList();
        LinkedList linkedList = new LinkedList();
        PermissionTicketStore permissionTicketStore = this.provider.getStoreFactory().getPermissionTicketStore();
        Iterator it = resultList.iterator();
        while (it.hasNext()) {
            PermissionTicket findById = permissionTicketStore.findById(JPAAuthorizationStoreFactory.NULL_REALM, resourceServer, (String) it.next());
            if (Objects.nonNull(findById)) {
                linkedList.add(findById);
            }
        }
        return linkedList;
    }

    public List<PermissionTicket> find(RealmModel realmModel, ResourceServer resourceServer, Map<PermissionTicket.FilterOption, String> map, Integer num, Integer num2) {
        CriteriaBuilder criteriaBuilder = this.entityManager.getCriteriaBuilder();
        CriteriaQuery createQuery = criteriaBuilder.createQuery(String.class);
        Root<PermissionTicketEntity> from = createQuery.from(PermissionTicketEntity.class);
        createQuery.select(from.get("id"));
        List<Predicate> predicates = getPredicates(criteriaBuilder, from, resourceServer, map);
        createQuery.where((Predicate[]) predicates.toArray(new Predicate[predicates.size()])).orderBy(new Order[]{criteriaBuilder.asc(from.get("id"))});
        List resultList = PaginationUtils.paginateQuery(this.entityManager.createQuery(createQuery), num, num2).getResultList();
        LinkedList linkedList = new LinkedList();
        PermissionTicketStore permissionTicketStore = this.provider.getStoreFactory().getPermissionTicketStore();
        Iterator it = resultList.iterator();
        while (it.hasNext()) {
            PermissionTicket findById = permissionTicketStore.findById(realmModel, resourceServer, (String) it.next());
            if (Objects.nonNull(findById)) {
                linkedList.add(findById);
            }
        }
        return linkedList;
    }

    public List<PermissionTicket> findGranted(ResourceServer resourceServer, String str) {
        EnumMap enumMap = new EnumMap(PermissionTicket.FilterOption.class);
        enumMap.put((EnumMap) PermissionTicket.FilterOption.GRANTED, (PermissionTicket.FilterOption) Boolean.TRUE.toString());
        enumMap.put((EnumMap) PermissionTicket.FilterOption.REQUESTER, (PermissionTicket.FilterOption) str);
        return find(JPAAuthorizationStoreFactory.NULL_REALM, resourceServer, enumMap, null, null);
    }

    public List<PermissionTicket> findGranted(ResourceServer resourceServer, String str, String str2) {
        EnumMap enumMap = new EnumMap(PermissionTicket.FilterOption.class);
        enumMap.put((EnumMap) PermissionTicket.FilterOption.RESOURCE_NAME, (PermissionTicket.FilterOption) str);
        enumMap.put((EnumMap) PermissionTicket.FilterOption.GRANTED, (PermissionTicket.FilterOption) Boolean.TRUE.toString());
        enumMap.put((EnumMap) PermissionTicket.FilterOption.REQUESTER, (PermissionTicket.FilterOption) str2);
        return find(JPAAuthorizationStoreFactory.NULL_REALM, resourceServer, enumMap, null, null);
    }

    public List<Resource> findGrantedResources(RealmModel realmModel, String str, String str2, Integer num, Integer num2) {
        TypedQuery createNamedQuery = str2 == null ? this.entityManager.createNamedQuery("findGrantedResources", String.class) : this.entityManager.createNamedQuery("findGrantedResourcesByName", String.class);
        createNamedQuery.setFlushMode(FlushModeType.COMMIT);
        createNamedQuery.setParameter("requester", str);
        if (str2 != null) {
            createNamedQuery.setParameter("resourceName", "%" + str2.toLowerCase() + "%");
        }
        List resultList = PaginationUtils.paginateQuery(createNamedQuery, num, num2).getResultList();
        LinkedList linkedList = new LinkedList();
        ResourceStore resourceStore = this.provider.getStoreFactory().getResourceStore();
        Iterator it = resultList.iterator();
        while (it.hasNext()) {
            Resource findById = resourceStore.findById(realmModel, (ResourceServer) null, (String) it.next());
            if (Objects.nonNull(findById)) {
                linkedList.add(findById);
            }
        }
        return linkedList;
    }

    public List<Resource> findGrantedOwnerResources(RealmModel realmModel, String str, Integer num, Integer num2) {
        TypedQuery createNamedQuery = this.entityManager.createNamedQuery("findGrantedOwnerResources", String.class);
        createNamedQuery.setFlushMode(FlushModeType.COMMIT);
        createNamedQuery.setParameter("owner", str);
        List resultList = PaginationUtils.paginateQuery(createNamedQuery, num, num2).getResultList();
        LinkedList linkedList = new LinkedList();
        ResourceStore resourceStore = this.provider.getStoreFactory().getResourceStore();
        Iterator it = resultList.iterator();
        while (it.hasNext()) {
            Resource findById = resourceStore.findById(realmModel, (ResourceServer) null, (String) it.next());
            if (Objects.nonNull(findById)) {
                linkedList.add(findById);
            }
        }
        return linkedList;
    }
}
