package org.keycloak.authorization.policy.provider.group;

import java.util.function.BiFunction;
import org.jboss.logging.Logger;
import org.keycloak.authorization.AuthorizationProvider;
import org.keycloak.authorization.attribute.Attributes;
import org.keycloak.authorization.model.Policy;
import org.keycloak.authorization.policy.evaluation.Evaluation;
import org.keycloak.authorization.policy.provider.PolicyProvider;
import org.keycloak.models.GroupModel;
import org.keycloak.models.RealmModel;
import org.keycloak.models.utils.ModelToRepresentation;
import org.keycloak.representations.idm.authorization.GroupPolicyRepresentation;

/* loaded from: input_file:org/keycloak/authorization/policy/provider/group/GroupPolicyProvider.class */
public class GroupPolicyProvider implements PolicyProvider {
    private static final Logger logger = Logger.getLogger(GroupPolicyProvider.class);
    private final BiFunction<Policy, AuthorizationProvider, GroupPolicyRepresentation> representationFunction;

    public GroupPolicyProvider(BiFunction<Policy, AuthorizationProvider, GroupPolicyRepresentation> biFunction) {
        this.representationFunction = biFunction;
    }

    public void evaluate(Evaluation evaluation) {
        AuthorizationProvider authorizationProvider = evaluation.getAuthorizationProvider();
        GroupPolicyRepresentation apply = this.representationFunction.apply(evaluation.getPolicy(), authorizationProvider);
        RealmModel realm = authorizationProvider.getRealm();
        Attributes.Entry value = evaluation.getContext().getIdentity().getAttributes().getValue(apply.getGroupsClaim());
        if (value == null || value.isEmpty()) {
            value = new Attributes.Entry(apply.getGroupsClaim(), evaluation.getRealm().getUserGroups(evaluation.getContext().getIdentity().getId()));
        }
        for (GroupPolicyRepresentation.GroupDefinition groupDefinition : apply.getGroups()) {
            GroupModel groupById = realm.getGroupById(groupDefinition.getId());
            if (groupById != null) {
                for (int i = 0; i < value.size(); i++) {
                    String asString = value.asString(i);
                    if (asString.indexOf(47) != -1) {
                        String buildGroupPath = ModelToRepresentation.buildGroupPath(groupById);
                        if (asString.equals(buildGroupPath) || (groupDefinition.isExtendChildren() && asString.startsWith(buildGroupPath))) {
                            evaluation.grant();
                            return;
                        }
                    }
                    if (asString.equals(groupById.getName())) {
                        evaluation.grant();
                        return;
                    }
                }
            }
        }
        logger.debugf("Groups policy %s evaluated to %s with identity groups %s", apply.getName(), evaluation.getEffect(), value);
    }

    public void close() {
    }
}
