package org.keycloak.authorization.admin;

import java.io.IOException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.stream.Collectors;
import javax.ws.rs.Consumes;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriInfo;
import org.jboss.resteasy.spi.ResteasyProviderFactory;
import org.keycloak.authorization.AuthorizationProvider;
import org.keycloak.authorization.admin.util.Models;
import org.keycloak.authorization.model.Policy;
import org.keycloak.authorization.model.Resource;
import org.keycloak.authorization.model.ResourceServer;
import org.keycloak.authorization.model.Scope;
import org.keycloak.authorization.store.PolicyStore;
import org.keycloak.authorization.store.ResourceStore;
import org.keycloak.authorization.store.ScopeStore;
import org.keycloak.authorization.store.StoreFactory;
import org.keycloak.models.ClientModel;
import org.keycloak.models.Constants;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleModel;
import org.keycloak.models.UserFederationManager;
import org.keycloak.models.UserModel;
import org.keycloak.representations.idm.authorization.DecisionStrategy;
import org.keycloak.representations.idm.authorization.Logic;
import org.keycloak.representations.idm.authorization.PolicyRepresentation;
import org.keycloak.representations.idm.authorization.ResourceOwnerRepresentation;
import org.keycloak.representations.idm.authorization.ResourceRepresentation;
import org.keycloak.representations.idm.authorization.ResourceServerRepresentation;
import org.keycloak.representations.idm.authorization.ScopeRepresentation;
import org.keycloak.services.resources.admin.RealmAuth;
import org.keycloak.util.JsonSerialization;
import org.picketlink.config.http.PathConfiguration;

/* loaded from: input_file:wildfly-10.1.0.Final/modules/system/add-ons/keycloak/org/keycloak/keycloak-services/main/keycloak-services-2.1.0.Final.jar:org/keycloak/authorization/admin/ResourceServerService.class */
public class ResourceServerService {
    private final AuthorizationProvider authorization;
    private final RealmAuth auth;
    private final RealmModel realm;
    private final KeycloakSession session;
    private ResourceServer resourceServer;
    private final ClientModel client;

    public ResourceServerService(AuthorizationProvider authorizationProvider, ResourceServer resourceServer, ClientModel clientModel, RealmAuth realmAuth) {
        this.authorization = authorizationProvider;
        this.session = authorizationProvider.getKeycloakSession();
        this.client = clientModel;
        this.resourceServer = resourceServer;
        this.realm = clientModel.getRealm();
        this.auth = realmAuth;
    }

    public void create() {
        this.auth.requireManage();
        this.resourceServer = this.authorization.getStoreFactory().getResourceServerStore().create(this.client.getId());
        createDefaultRoles();
        createDefaultPermission(createDefaultResource(), createDefaultPolicy());
    }

    @Produces({"application/json"})
    @PUT
    @Consumes({"application/json"})
    public Response update(ResourceServerRepresentation resourceServerRepresentation) {
        this.auth.requireManage();
        this.resourceServer.setAllowRemoteResourceManagement(resourceServerRepresentation.isAllowRemoteResourceManagement());
        this.resourceServer.setPolicyEnforcementMode(resourceServerRepresentation.getPolicyEnforcementMode());
        return Response.noContent().build();
    }

    public void delete() {
        this.auth.requireManage();
        StoreFactory storeFactory = this.authorization.getStoreFactory();
        ResourceStore resourceStore = storeFactory.getResourceStore();
        String id = this.resourceServer.getId();
        resourceStore.findByResourceServer(id).forEach(resource -> {
            resourceStore.delete(resource.getId());
        });
        ScopeStore scopeStore = storeFactory.getScopeStore();
        scopeStore.findByResourceServer(id).forEach(scope -> {
            scopeStore.delete(scope.getId());
        });
        PolicyStore policyStore = storeFactory.getPolicyStore();
        policyStore.findByResourceServer(id).forEach(policy -> {
            policyStore.delete(policy.getId());
        });
        storeFactory.getResourceServerStore().delete(id);
    }

    @GET
    @Produces({"application/json"})
    public Response findById() {
        this.auth.requireView();
        return Response.ok(Models.toRepresentation(this.resourceServer, this.realm)).build();
    }

    @GET
    @Produces({"application/json"})
    @Path("/settings")
    public Response exportSettings() {
        this.auth.requireManage();
        StoreFactory storeFactory = this.authorization.getStoreFactory();
        ResourceServerRepresentation representation = Models.toRepresentation(this.resourceServer, this.realm);
        representation.setId(null);
        representation.setName(null);
        representation.setClientId(null);
        representation.setResources((List) storeFactory.getResourceStore().findByResourceServer(this.resourceServer.getId()).stream().map(resource -> {
            ResourceRepresentation representation2 = Models.toRepresentation(resource, this.resourceServer, this.authorization);
            if (representation2.getOwner().getId().equals(this.resourceServer.getClientId())) {
                representation2.setOwner(null);
            } else {
                representation2.getOwner().setId(null);
            }
            representation2.setId(null);
            representation2.setPolicies(null);
            representation2.getScopes().forEach(scopeRepresentation -> {
                scopeRepresentation.setId(null);
                scopeRepresentation.setIconUri(null);
            });
            return representation2;
        }).collect(Collectors.toList()));
        ArrayList arrayList = new ArrayList();
        PolicyStore policyStore = storeFactory.getPolicyStore();
        arrayList.addAll((Collection) policyStore.findByResourceServer(this.resourceServer.getId()).stream().filter(policy -> {
            return (policy.getType().equals("resource") || policy.getType().equals("scope")) ? false : true;
        }).map(policy2 -> {
            return createPolicyRepresentation(storeFactory, policy2);
        }).collect(Collectors.toList()));
        arrayList.addAll((Collection) policyStore.findByResourceServer(this.resourceServer.getId()).stream().filter(policy3 -> {
            return policy3.getType().equals("resource") || policy3.getType().equals("scope");
        }).map(policy4 -> {
            return createPolicyRepresentation(storeFactory, policy4);
        }).collect(Collectors.toList()));
        representation.setPolicies(arrayList);
        representation.setScopes((List) storeFactory.getScopeStore().findByResourceServer(this.resourceServer.getId()).stream().map(scope -> {
            ScopeRepresentation representation2 = Models.toRepresentation(scope, this.authorization);
            representation2.setId(null);
            representation2.setPolicies(null);
            representation2.setResources(null);
            return representation2;
        }).collect(Collectors.toList()));
        return Response.ok(representation).build();
    }

    @POST
    @Path("/import")
    @Consumes({"application/json"})
    public Response importSettings(@Context UriInfo uriInfo, ResourceServerRepresentation resourceServerRepresentation) throws IOException {
        this.auth.requireManage();
        this.resourceServer.setPolicyEnforcementMode(resourceServerRepresentation.getPolicyEnforcementMode());
        this.resourceServer.setAllowRemoteResourceManagement(resourceServerRepresentation.isAllowRemoteResourceManagement());
        StoreFactory storeFactory = this.authorization.getStoreFactory();
        ResourceStore resourceStore = storeFactory.getResourceStore();
        ScopeStore scopeStore = storeFactory.getScopeStore();
        ScopeService scopeService = new ScopeService(this.resourceServer, this.authorization, this.auth);
        ResteasyProviderFactory.getInstance().injectProperties(scopeService);
        resourceServerRepresentation.getScopes().forEach(scopeRepresentation -> {
            Scope findByName = scopeStore.findByName(scopeRepresentation.getName(), this.resourceServer.getId());
            if (findByName != null) {
                scopeService.update(findByName.getId(), scopeRepresentation);
            } else {
                scopeService.create(scopeRepresentation);
            }
        });
        ResourceSetService resourceSetService = new ResourceSetService(this.resourceServer, this.authorization, this.auth);
        resourceServerRepresentation.getResources().forEach(resourceRepresentation -> {
            UserModel userByUsername;
            ResourceOwnerRepresentation owner = resourceRepresentation.getOwner();
            if (owner == null) {
                owner = new ResourceOwnerRepresentation();
            }
            owner.setId(this.resourceServer.getClientId());
            if (owner.getName() != null && (userByUsername = this.session.users().getUserByUsername(owner.getName(), this.realm)) != null) {
                owner.setId(userByUsername.getId());
            }
            Resource findByName = resourceStore.findByName(resourceRepresentation.getName(), this.resourceServer.getId());
            if (findByName != null) {
                resourceSetService.update(findByName.getId(), resourceRepresentation);
            } else {
                resourceSetService.create(resourceRepresentation);
            }
        });
        PolicyStore policyStore = storeFactory.getPolicyStore();
        PolicyService policyService = new PolicyService(this.resourceServer, this.authorization, this.auth);
        ResteasyProviderFactory.getInstance().injectProperties(policyService);
        resourceServerRepresentation.getPolicies().forEach(policyRepresentation -> {
            Map<String, String> config = policyRepresentation.getConfig();
            String str = config.get("roles");
            if (str != null && !str.isEmpty()) {
                try {
                    config.put("roles", JsonSerialization.writeValueAsString(((List) JsonSerialization.readValue(str, List.class)).stream().map(map -> {
                        String obj = map.get("id").toString();
                        String str2 = null;
                        int indexOf = obj.indexOf("/");
                        if (indexOf != -1) {
                            str2 = obj.substring(0, indexOf);
                            obj = obj.substring(indexOf + 1);
                        }
                        RoleModel role = str2 == null ? this.realm.getRole(obj) : this.realm.getClientByClientId(str2).getRole(obj);
                        if (role == null) {
                            String str3 = obj;
                            role = (RoleModel) this.realm.getClients().stream().map(clientModel -> {
                                return clientModel.getRole(str3);
                            }).filter(roleModel -> {
                                return roleModel != null;
                            }).findFirst().orElse(null);
                        }
                        if (role == null) {
                            throw new RuntimeException("Error while importing configuration. Role [" + role + "] could not be found.");
                        }
                        map.put("id", role.getId());
                        return map;
                    }).collect(Collectors.toList())));
                } catch (Exception e) {
                    throw new RuntimeException("Error while exporting policy [" + policyRepresentation.getName() + "].", e);
                }
            }
            String str2 = config.get("users");
            if (str2 != null && !str2.isEmpty()) {
                try {
                    config.put("users", JsonSerialization.writeValueAsString(((List) JsonSerialization.readValue(str2, List.class)).stream().map(str3 -> {
                        return this.session.users().getUserByUsername(str3, this.realm).getId();
                    }).collect(Collectors.toList())));
                } catch (Exception e2) {
                    throw new RuntimeException("Error while exporting policy [" + policyRepresentation.getName() + "].", e2);
                }
            }
            String str4 = config.get("scopes");
            if (str4 != null && !str4.isEmpty()) {
                try {
                    config.put("scopes", JsonSerialization.writeValueAsString(((List) JsonSerialization.readValue(str4, List.class)).stream().map(str5 -> {
                        Scope findByName = scopeStore.findByName(str5, this.resourceServer.getId());
                        if (findByName == null) {
                            throw new RuntimeException("Scope with name [" + str5 + "] not defined.");
                        }
                        return findByName.getId();
                    }).collect(Collectors.toList())));
                } catch (Exception e3) {
                    throw new RuntimeException("Error while exporting policy [" + policyRepresentation.getName() + "].", e3);
                }
            }
            String str6 = config.get("resources");
            if (str6 != null && !str6.isEmpty()) {
                try {
                    config.put("resources", JsonSerialization.writeValueAsString(((List) JsonSerialization.readValue(str6, List.class)).stream().map(str7 -> {
                        return storeFactory.getResourceStore().findByName(str7, this.resourceServer.getId()).getId();
                    }).collect(Collectors.toList())));
                } catch (Exception e4) {
                    throw new RuntimeException("Error while exporting policy [" + policyRepresentation.getName() + "].", e4);
                }
            }
            String str8 = config.get("applyPolicies");
            if (str8 != null && !str8.isEmpty()) {
                try {
                    config.put("applyPolicies", JsonSerialization.writeValueAsString(((List) JsonSerialization.readValue(str8, List.class)).stream().map(str9 -> {
                        Policy findByName = policyStore.findByName(str9, this.resourceServer.getId());
                        if (findByName == null) {
                            throw new RuntimeException("Policy with name [" + str9 + "] not defined.");
                        }
                        return findByName.getId();
                    }).collect(Collectors.toList())));
                } catch (Exception e5) {
                    throw new RuntimeException("Error while exporting policy [" + policyRepresentation.getName() + "].", e5);
                }
            }
            Policy findByName = policyStore.findByName(policyRepresentation.getName(), this.resourceServer.getId());
            if (findByName != null) {
                policyService.update(findByName.getId(), policyRepresentation);
            } else {
                policyService.create(policyRepresentation);
            }
        });
        return Response.noContent().build();
    }

    @Path("/resource")
    public ResourceSetService getResourceSetResource() {
        ResourceSetService resourceSetService = new ResourceSetService(this.resourceServer, this.authorization, this.auth);
        ResteasyProviderFactory.getInstance().injectProperties(resourceSetService);
        return resourceSetService;
    }

    @Path("/scope")
    public ScopeService getScopeResource() {
        ScopeService scopeService = new ScopeService(this.resourceServer, this.authorization, this.auth);
        ResteasyProviderFactory.getInstance().injectProperties(scopeService);
        return scopeService;
    }

    @Path("/policy")
    public PolicyService getPolicyResource() {
        PolicyService policyService = new PolicyService(this.resourceServer, this.authorization, this.auth);
        ResteasyProviderFactory.getInstance().injectProperties(policyService);
        return policyService;
    }

    private void createDefaultPermission(ResourceRepresentation resourceRepresentation, PolicyRepresentation policyRepresentation) {
        PolicyRepresentation policyRepresentation2 = new PolicyRepresentation();
        policyRepresentation2.setName("Default Permission");
        policyRepresentation2.setType("resource");
        policyRepresentation2.setDescription("A permission that applies to the default resource type");
        policyRepresentation2.setDecisionStrategy(DecisionStrategy.UNANIMOUS);
        policyRepresentation2.setLogic(Logic.POSITIVE);
        HashMap hashMap = new HashMap();
        hashMap.put("default", "true");
        hashMap.put("defaultResourceType", resourceRepresentation.getType());
        hashMap.put("applyPolicies", "[\"" + policyRepresentation.getName() + "\"]");
        policyRepresentation2.setConfig(hashMap);
        getPolicyResource().create(policyRepresentation2);
    }

    private PolicyRepresentation createDefaultPolicy() {
        PolicyRepresentation policyRepresentation = new PolicyRepresentation();
        policyRepresentation.setName("Default Policy");
        policyRepresentation.setDescription("A policy that grants access only for users within this realm");
        policyRepresentation.setType("js");
        policyRepresentation.setDecisionStrategy(DecisionStrategy.AFFIRMATIVE);
        policyRepresentation.setLogic(Logic.POSITIVE);
        HashMap hashMap = new HashMap();
        hashMap.put("code", "// by default, grants any permission associated with this policy\n$evaluation.grant();\n");
        policyRepresentation.setConfig(hashMap);
        getPolicyResource().create(policyRepresentation);
        return policyRepresentation;
    }

    private ResourceRepresentation createDefaultResource() {
        ResourceRepresentation resourceRepresentation = new ResourceRepresentation();
        resourceRepresentation.setName("Default Resource");
        resourceRepresentation.setUri(PathConfiguration.URI_ALL);
        resourceRepresentation.setType("urn:" + this.client.getClientId() + ":resources:default");
        getResourceSetResource().create(resourceRepresentation);
        return resourceRepresentation;
    }

    private void createDefaultRoles() {
        RoleModel role = this.client.getRole(Constants.AUTHZ_UMA_PROTECTION);
        if (role == null) {
            role = this.client.addRole(Constants.AUTHZ_UMA_PROTECTION);
        }
        UserModel serviceAccount = this.session.users().getServiceAccount(this.client);
        if (serviceAccount.hasRole(role)) {
            return;
        }
        serviceAccount.grantRole(role);
    }

    private PolicyRepresentation createPolicyRepresentation(StoreFactory storeFactory, Policy policy) {
        try {
            PolicyRepresentation representation = Models.toRepresentation(policy, this.authorization);
            representation.setId(null);
            representation.setDependentPolicies(null);
            Map<String, String> config = representation.getConfig();
            String str = config.get("roles");
            if (str != null && !str.isEmpty()) {
                config.put("roles", JsonSerialization.writeValueAsString(((List) JsonSerialization.readValue(str, List.class)).stream().map(map -> {
                    map.put("id", this.realm.getRoleById(map.get("id").toString()).getName());
                    return map;
                }).collect(Collectors.toList())));
            }
            String str2 = config.get("users");
            if (str2 != null && !str2.isEmpty()) {
                UserFederationManager users = this.session.users();
                config.put("users", JsonSerialization.writeValueAsString(((List) JsonSerialization.readValue(str2, List.class)).stream().map(str3 -> {
                    return users.getUserById(str3, this.realm).getUsername();
                }).collect(Collectors.toList())));
            }
            String str4 = config.get("scopes");
            if (str4 != null && !str4.isEmpty()) {
                ScopeStore scopeStore = storeFactory.getScopeStore();
                config.put("scopes", JsonSerialization.writeValueAsString(((List) JsonSerialization.readValue(str4, List.class)).stream().map(str5 -> {
                    return scopeStore.findById(str5).getName();
                }).collect(Collectors.toList())));
            }
            String str6 = config.get("resources");
            if (str6 != null && !str6.isEmpty()) {
                ResourceStore resourceStore = storeFactory.getResourceStore();
                config.put("resources", JsonSerialization.writeValueAsString(((List) JsonSerialization.readValue(str6, List.class)).stream().map(str7 -> {
                    return resourceStore.findById(str7).getName();
                }).collect(Collectors.toList())));
            }
            Set associatedPolicies = policy.getAssociatedPolicies();
            if (!associatedPolicies.isEmpty()) {
                config.put("applyPolicies", JsonSerialization.writeValueAsString(associatedPolicies.stream().map(policy2 -> {
                    return policy2.getName();
                }).collect(Collectors.toList())));
            }
            representation.setAssociatedPolicies(null);
            return representation;
        } catch (Exception e) {
            throw new RuntimeException("Error while exporting policy [" + policy.getName() + "].", e);
        }
    }
}
