package org.keycloak.authorization.util;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashMap;
import java.util.List;
import java.util.concurrent.atomic.AtomicLong;
import java.util.stream.Collectors;
import org.keycloak.authorization.AuthorizationProvider;
import org.keycloak.authorization.identity.Identity;
import org.keycloak.authorization.model.PermissionTicket;
import org.keycloak.authorization.model.Resource;
import org.keycloak.authorization.model.ResourceServer;
import org.keycloak.authorization.model.Scope;
import org.keycloak.authorization.permission.ResourcePermission;
import org.keycloak.authorization.store.ResourceStore;
import org.keycloak.authorization.store.StoreFactory;
import org.keycloak.representations.idm.authorization.AuthorizationRequest;

/* loaded from: input_file:org/keycloak/authorization/util/Permissions.class */
public final class Permissions {
    public static ResourcePermission permission(ResourceServer resourceServer, Resource resource, Scope scope) {
        return new ResourcePermission(resource, new ArrayList(Arrays.asList(scope)), resourceServer);
    }

    public static List<ResourcePermission> all(ResourceServer resourceServer, Identity identity, AuthorizationProvider authorizationProvider, AuthorizationRequest authorizationRequest) {
        ArrayList arrayList = new ArrayList();
        StoreFactory storeFactory = authorizationProvider.getStoreFactory();
        ResourceStore resourceStore = storeFactory.getResourceStore();
        AuthorizationRequest.Metadata metadata = authorizationRequest.getMetadata();
        AtomicLong atomicLong = (metadata == null || metadata.getLimit() == null) ? new AtomicLong(Long.MAX_VALUE) : new AtomicLong(metadata.getLimit().intValue());
        AtomicLong atomicLong2 = atomicLong;
        resourceStore.findByOwner(resourceServer.getId(), resourceServer.getId(), resource -> {
            if (atomicLong2.decrementAndGet() >= 0) {
                arrayList.add(createResourcePermissions(resource, authorizationProvider, authorizationRequest));
            }
        });
        if (resourceServer.getId() != identity.getId()) {
            AtomicLong atomicLong3 = atomicLong;
            resourceStore.findByOwner(identity.getId(), resourceServer.getId(), resource2 -> {
                if (atomicLong3.decrementAndGet() >= 0) {
                    arrayList.add(createResourcePermissions(resource2, authorizationProvider, authorizationRequest));
                }
            });
        }
        List<PermissionTicket> findGranted = storeFactory.getPermissionTicketStore().findGranted(identity.getId(), resourceServer.getId());
        if (!findGranted.isEmpty()) {
            HashMap hashMap = new HashMap();
            for (PermissionTicket permissionTicket : findGranted) {
                if (((ResourcePermission) hashMap.get(permissionTicket.getResource().getId())) == null) {
                    hashMap.put(permissionTicket.getResource().getId(), new ResourcePermission(permissionTicket.getResource(), new ArrayList(), resourceServer, authorizationRequest.getClaims()));
                    atomicLong.decrementAndGet();
                }
                if (atomicLong.decrementAndGet() <= 0) {
                    break;
                }
            }
            arrayList.addAll(hashMap.values());
        }
        return arrayList;
    }

    public static ResourcePermission createResourcePermissions(Resource resource, Collection<Scope> collection, AuthorizationProvider authorizationProvider, AuthorizationRequest authorizationRequest) {
        return new ResourcePermission(resource, collection.isEmpty() ? populateTypedScopes(resource, authorizationProvider) : populateTypedScopes(resource, (List) collection.stream().filter(scope -> {
            return resource.getScopes().contains(scope);
        }).collect(Collectors.toList()), authorizationProvider), resource.getResourceServer(), authorizationRequest.getClaims());
    }

    public static ResourcePermission createResourcePermissions(Resource resource, AuthorizationProvider authorizationProvider, AuthorizationRequest authorizationRequest) {
        return resource.getScopes().isEmpty() ? new ResourcePermission(resource, populateTypedScopes(resource, authorizationProvider), resource.getResourceServer(), authorizationRequest.getClaims()) : new ResourcePermission(resource, resource.getResourceServer(), authorizationRequest.getClaims());
    }

    private static List<Scope> populateTypedScopes(Resource resource, AuthorizationProvider authorizationProvider) {
        return populateTypedScopes(resource, resource.getScopes(), authorizationProvider);
    }

    private static List<Scope> populateTypedScopes(Resource resource, List<Scope> list, AuthorizationProvider authorizationProvider) {
        String type = resource.getType();
        ResourceServer resourceServer = resource.getResourceServer();
        if (type == null || resource.getOwner().equals(resourceServer.getId())) {
            return new ArrayList(list);
        }
        ArrayList arrayList = new ArrayList(list);
        authorizationProvider.getStoreFactory().getResourceStore().findByType(type, resourceServer.getId(), resource2 -> {
            for (Scope scope : resource2.getScopes()) {
                if (!arrayList.contains(scope)) {
                    arrayList.add(scope);
                }
            }
        });
        return arrayList;
    }
}
