package org.keycloak.authorization.admin;

import java.io.IOException;
import java.util.stream.Collectors;
import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
import javax.ws.rs.GET;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriInfo;
import org.jboss.resteasy.annotations.cache.NoCache;
import org.keycloak.authorization.AuthorizationProvider;
import org.keycloak.authorization.model.Policy;
import org.keycloak.authorization.model.ResourceServer;
import org.keycloak.authorization.policy.provider.PolicyProviderFactory;
import org.keycloak.authorization.store.PolicyStore;
import org.keycloak.events.admin.OperationType;
import org.keycloak.events.admin.ResourceType;
import org.keycloak.models.utils.ModelToRepresentation;
import org.keycloak.models.utils.RepresentationToModel;
import org.keycloak.representations.idm.authorization.AbstractPolicyRepresentation;
import org.keycloak.representations.idm.authorization.PolicyRepresentation;
import org.keycloak.representations.idm.authorization.ResourceRepresentation;
import org.keycloak.representations.idm.authorization.ScopeRepresentation;
import org.keycloak.services.resources.Cors;
import org.keycloak.services.resources.admin.AdminEventBuilder;
import org.keycloak.services.resources.admin.permissions.AdminPermissionEvaluator;
import org.keycloak.util.JsonSerialization;
import org.keycloak.utils.MediaType;

/* loaded from: input_file:org/keycloak/authorization/admin/PolicyResourceService.class */
public class PolicyResourceService {
    private final Policy policy;
    protected final ResourceServer resourceServer;
    protected final AuthorizationProvider authorization;
    protected final AdminPermissionEvaluator auth;
    private final AdminEventBuilder adminEvent;

    public PolicyResourceService(Policy policy, ResourceServer resourceServer, AuthorizationProvider authorizationProvider, AdminPermissionEvaluator adminPermissionEvaluator, AdminEventBuilder adminEventBuilder) {
        this.policy = policy;
        this.resourceServer = resourceServer;
        this.authorization = authorizationProvider;
        this.auth = adminPermissionEvaluator;
        this.adminEvent = adminEventBuilder.resource(ResourceType.AUTHORIZATION_POLICY);
    }

    @NoCache
    @Consumes({MediaType.APPLICATION_JSON})
    @Produces({MediaType.APPLICATION_JSON})
    @PUT
    public Response update(String str) {
        if (this.auth != null) {
            this.auth.realm().requireManageAuthorization();
        }
        AbstractPolicyRepresentation doCreateRepresentation = doCreateRepresentation(str);
        if (this.policy == null) {
            return Response.status(Response.Status.NOT_FOUND).build();
        }
        doCreateRepresentation.setId(this.policy.getId());
        RepresentationToModel.toModel(doCreateRepresentation, this.authorization, this.policy);
        audit(doCreateRepresentation, OperationType.UPDATE);
        return Response.status(Response.Status.CREATED).build();
    }

    @DELETE
    public Response delete() {
        if (this.auth != null) {
            this.auth.realm().requireManageAuthorization();
        }
        if (this.policy == null) {
            return Response.status(Response.Status.NOT_FOUND).build();
        }
        PolicyStore policyStore = this.authorization.getStoreFactory().getPolicyStore();
        PolicyProviderFactory providerFactory = getProviderFactory(this.policy.getType());
        if (providerFactory != null) {
            providerFactory.onRemove(this.policy, this.authorization);
        }
        policyStore.delete(this.policy.getId());
        audit(toRepresentation(this.policy, this.authorization), OperationType.DELETE);
        return Response.noContent().build();
    }

    @GET
    @Produces({MediaType.APPLICATION_JSON})
    @NoCache
    public Response findById(@QueryParam("fields") String str) {
        if (this.auth != null) {
            this.auth.realm().requireViewAuthorization();
        }
        return this.policy == null ? Response.status(Response.Status.NOT_FOUND).build() : Response.ok(toRepresentation(this.policy, str, this.authorization)).build();
    }

    private AbstractPolicyRepresentation toRepresentation(Policy policy, AuthorizationProvider authorizationProvider) {
        return toRepresentation(policy, null, authorizationProvider);
    }

    protected AbstractPolicyRepresentation toRepresentation(Policy policy, String str, AuthorizationProvider authorizationProvider) {
        return ModelToRepresentation.toRepresentation(policy, authorizationProvider, true, false, str != null && str.equals(Cors.ACCESS_CONTROL_ALLOW_ORIGIN_WILDCARD));
    }

    @GET
    @Path("/dependentPolicies")
    @NoCache
    @Produces({MediaType.APPLICATION_JSON})
    public Response getDependentPolicies() {
        if (this.auth != null) {
            this.auth.realm().requireViewAuthorization();
        }
        return this.policy == null ? Response.status(Response.Status.NOT_FOUND).build() : Response.ok(this.authorization.getStoreFactory().getPolicyStore().findDependentPolicies(this.resourceServer, this.policy.getId()).stream().map(policy -> {
            PolicyRepresentation policyRepresentation = new PolicyRepresentation();
            policyRepresentation.setId(policy.getId());
            policyRepresentation.setName(policy.getName());
            policyRepresentation.setType(policy.getType());
            return policyRepresentation;
        }).collect(Collectors.toList())).build();
    }

    @GET
    @Path("/scopes")
    @NoCache
    @Produces({MediaType.APPLICATION_JSON})
    public Response getScopes() {
        if (this.auth != null) {
            this.auth.realm().requireViewAuthorization();
        }
        return this.policy == null ? Response.status(Response.Status.NOT_FOUND).build() : Response.ok(this.policy.getScopes().stream().map(scope -> {
            ScopeRepresentation scopeRepresentation = new ScopeRepresentation();
            scopeRepresentation.setId(scope.getId());
            scopeRepresentation.setName(scope.getName());
            return scopeRepresentation;
        }).collect(Collectors.toList())).build();
    }

    @GET
    @Path("/resources")
    @NoCache
    @Produces({MediaType.APPLICATION_JSON})
    public Response getResources() {
        if (this.auth != null) {
            this.auth.realm().requireViewAuthorization();
        }
        return this.policy == null ? Response.status(Response.Status.NOT_FOUND).build() : Response.ok(this.policy.getResources().stream().map(resource -> {
            ResourceRepresentation resourceRepresentation = new ResourceRepresentation();
            resourceRepresentation.setId(resource.getId());
            resourceRepresentation.setName(resource.getName());
            return resourceRepresentation;
        }).collect(Collectors.toList())).build();
    }

    @GET
    @Path("/associatedPolicies")
    @NoCache
    @Produces({MediaType.APPLICATION_JSON})
    public Response getAssociatedPolicies() {
        if (this.auth != null) {
            this.auth.realm().requireViewAuthorization();
        }
        return this.policy == null ? Response.status(Response.Status.NOT_FOUND).build() : Response.ok(this.policy.getAssociatedPolicies().stream().map(policy -> {
            PolicyRepresentation policyRepresentation = new PolicyRepresentation();
            policyRepresentation.setId(policy.getId());
            policyRepresentation.setName(policy.getName());
            policyRepresentation.setType(policy.getType());
            policyRepresentation.setDescription(policy.getDescription());
            return policyRepresentation;
        }).collect(Collectors.toList())).build();
    }

    protected AbstractPolicyRepresentation doCreateRepresentation(String str) {
        try {
            return (PolicyRepresentation) JsonSerialization.readValue(str, PolicyRepresentation.class);
        } catch (IOException e) {
            throw new RuntimeException("Failed to deserialize representation", e);
        }
    }

    private PolicyProviderFactory getProviderFactory(String str) {
        return this.authorization.getProviderFactory(str);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Policy getPolicy() {
        return this.policy;
    }

    private void audit(AbstractPolicyRepresentation abstractPolicyRepresentation, OperationType operationType) {
        this.adminEvent.operation(operationType).resourcePath((UriInfo) this.authorization.getKeycloakSession().getContext().getUri()).representation(abstractPolicyRepresentation).success();
    }
}
