package org.keycloak.authorization.store.syncronization;

import java.util.EnumMap;
import java.util.Iterator;
import java.util.Set;
import org.jgroups.demos.StompChat;
import org.keycloak.authorization.AuthorizationProvider;
import org.keycloak.authorization.model.PermissionTicket;
import org.keycloak.authorization.model.Policy;
import org.keycloak.authorization.policy.provider.PolicyProviderFactory;
import org.keycloak.authorization.store.PermissionTicketStore;
import org.keycloak.authorization.store.PolicyStore;
import org.keycloak.authorization.store.ResourceStore;
import org.keycloak.authorization.store.StoreFactory;
import org.keycloak.models.KeycloakSessionFactory;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.representations.idm.authorization.UserPolicyRepresentation;

/* loaded from: input_file:WEB-INF/lib/keycloak-server-spi-private-21.1.2.jar:org/keycloak/authorization/store/syncronization/UserSynchronizer.class */
public class UserSynchronizer implements Synchronizer<UserModel.UserRemovedEvent> {
    @Override // org.keycloak.authorization.store.syncronization.Synchronizer
    public void synchronize(UserModel.UserRemovedEvent userRemovedEvent, KeycloakSessionFactory keycloakSessionFactory) {
        AuthorizationProvider authorizationProvider = (AuthorizationProvider) keycloakSessionFactory.getProviderFactory(AuthorizationProvider.class).create(userRemovedEvent.getKeycloakSession());
        removeFromUserPermissionTickets(userRemovedEvent, authorizationProvider);
        removeUserResources(userRemovedEvent, authorizationProvider);
        removeFromUserPolicies(userRemovedEvent, authorizationProvider);
    }

    private void removeFromUserPolicies(UserModel.UserRemovedEvent userRemovedEvent, AuthorizationProvider authorizationProvider) {
        PolicyStore policyStore = authorizationProvider.getStoreFactory().getPolicyStore();
        UserModel user = userRemovedEvent.getUser();
        RealmModel realm = userRemovedEvent.getRealm();
        EnumMap enumMap = new EnumMap(Policy.FilterOption.class);
        enumMap.put((EnumMap) Policy.FilterOption.TYPE, (Policy.FilterOption) new String[]{"user"});
        enumMap.put((EnumMap) Policy.FilterOption.CONFIG, (Policy.FilterOption) new String[]{StompChat.USERS_KW, user.getId()});
        enumMap.put((EnumMap) Policy.FilterOption.ANY_OWNER, (Policy.FilterOption) new String[]{Boolean.TRUE.toString()});
        for (Policy policy : policyStore.find(realm, null, enumMap, null, null)) {
            PolicyProviderFactory providerFactory = authorizationProvider.getProviderFactory(policy.getType());
            UserPolicyRepresentation userPolicyRepresentation = (UserPolicyRepresentation) UserPolicyRepresentation.class.cast(providerFactory.toRepresentation(policy, authorizationProvider));
            Set<String> users = userPolicyRepresentation.getUsers();
            users.remove(user.getId());
            if (users.isEmpty()) {
                providerFactory.onRemove(policy, authorizationProvider);
                policyStore.delete(realm, policy.getId());
            } else {
                providerFactory.onUpdate(policy, userPolicyRepresentation, authorizationProvider);
            }
        }
    }

    private void removeUserResources(UserModel.UserRemovedEvent userRemovedEvent, AuthorizationProvider authorizationProvider) {
        StoreFactory storeFactory = authorizationProvider.getStoreFactory();
        PolicyStore policyStore = storeFactory.getPolicyStore();
        ResourceStore resourceStore = storeFactory.getResourceStore();
        UserModel user = userRemovedEvent.getUser();
        RealmModel realm = userRemovedEvent.getRealm();
        resourceStore.findByOwner(realm, null, user.getId(), resource -> {
            String id = resource.getId();
            policyStore.findByResource(resource.getResourceServer(), resource).forEach(policy -> {
                if (policy.getResources().size() == 1) {
                    policyStore.delete(realm, policy.getId());
                } else {
                    policy.removeResource(resource);
                }
            });
            resourceStore.delete(realm, id);
        });
    }

    private void removeFromUserPermissionTickets(UserModel.UserRemovedEvent userRemovedEvent, AuthorizationProvider authorizationProvider) {
        PermissionTicketStore permissionTicketStore = authorizationProvider.getStoreFactory().getPermissionTicketStore();
        UserModel user = userRemovedEvent.getUser();
        RealmModel realm = userRemovedEvent.getRealm();
        EnumMap enumMap = new EnumMap(PermissionTicket.FilterOption.class);
        enumMap.put((EnumMap) PermissionTicket.FilterOption.OWNER, (PermissionTicket.FilterOption) user.getId());
        Iterator<PermissionTicket> it = permissionTicketStore.find(realm, null, enumMap, null, null).iterator();
        while (it.hasNext()) {
            permissionTicketStore.delete(realm, it.next().getId());
        }
        enumMap.clear();
        enumMap.put((EnumMap) PermissionTicket.FilterOption.REQUESTER, (PermissionTicket.FilterOption) user.getId());
        Iterator<PermissionTicket> it2 = permissionTicketStore.find(realm, null, enumMap, null, null).iterator();
        while (it2.hasNext()) {
            permissionTicketStore.delete(realm, it2.next().getId());
        }
    }
}
