package org.keycloak.authorization.store.syncronization;

import java.util.HashMap;
import java.util.Set;
import org.keycloak.authorization.AuthorizationProvider;
import org.keycloak.authorization.model.Policy;
import org.keycloak.authorization.model.ResourceServer;
import org.keycloak.authorization.policy.provider.PolicyProviderFactory;
import org.keycloak.authorization.store.PolicyStore;
import org.keycloak.authorization.store.ResourceServerStore;
import org.keycloak.authorization.store.ResourceStore;
import org.keycloak.authorization.store.StoreFactory;
import org.keycloak.models.KeycloakSessionFactory;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.representations.idm.authorization.UserPolicyRepresentation;

/* loaded from: input_file:org/keycloak/authorization/store/syncronization/UserSynchronizer.class */
public class UserSynchronizer implements Synchronizer<UserModel.UserRemovedEvent> {
    @Override // org.keycloak.authorization.store.syncronization.Synchronizer
    public void synchronize(UserModel.UserRemovedEvent userRemovedEvent, KeycloakSessionFactory keycloakSessionFactory) {
        AuthorizationProvider authorizationProvider = (AuthorizationProvider) keycloakSessionFactory.getProviderFactory(AuthorizationProvider.class).create(userRemovedEvent.getKeycloakSession());
        removeUserResources(userRemovedEvent, authorizationProvider);
        removeFromUserPolicies(userRemovedEvent, authorizationProvider);
    }

    private void removeFromUserPolicies(UserModel.UserRemovedEvent userRemovedEvent, AuthorizationProvider authorizationProvider) {
        PolicyStore policyStore = authorizationProvider.getStoreFactory().getPolicyStore();
        UserModel user = userRemovedEvent.getUser();
        HashMap hashMap = new HashMap();
        hashMap.put("type", new String[]{"user"});
        hashMap.put("config:users", new String[]{user.getId()});
        for (Policy policy : policyStore.findByResourceServer(hashMap, null, -1, -1)) {
            PolicyProviderFactory providerFactory = authorizationProvider.getProviderFactory(policy.getType());
            UserPolicyRepresentation userPolicyRepresentation = (UserPolicyRepresentation) UserPolicyRepresentation.class.cast(providerFactory.toRepresentation(policy, authorizationProvider));
            Set users = userPolicyRepresentation.getUsers();
            users.remove(user.getId());
            if (users.isEmpty()) {
                providerFactory.onRemove(policy, authorizationProvider);
                policyStore.delete(policy.getId());
            } else {
                providerFactory.onUpdate(policy, userPolicyRepresentation, authorizationProvider);
            }
        }
    }

    private void removeUserResources(UserModel.UserRemovedEvent userRemovedEvent, AuthorizationProvider authorizationProvider) {
        StoreFactory storeFactory = authorizationProvider.getStoreFactory();
        PolicyStore policyStore = storeFactory.getPolicyStore();
        ResourceStore resourceStore = storeFactory.getResourceStore();
        ResourceServerStore resourceServerStore = storeFactory.getResourceServerStore();
        RealmModel realm = userRemovedEvent.getRealm();
        UserModel user = userRemovedEvent.getUser();
        realm.getClients().forEach(clientModel -> {
            ResourceServer findById = resourceServerStore.findById(clientModel.getId());
            if (findById != null) {
                resourceStore.findByOwner(user.getId(), findById.getId()).forEach(resource -> {
                    String id = resource.getId();
                    policyStore.findByResource(id, findById.getId()).forEach(policy -> {
                        if (policy.getResources().size() == 1) {
                            policyStore.delete(policy.getId());
                        } else {
                            policy.removeResource(resource);
                        }
                    });
                    resourceStore.delete(id);
                });
            }
        });
    }
}
