package org.keycloak.authorization.policy.provider.role;

import java.io.IOException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Map;
import org.keycloak.Config;
import org.keycloak.authorization.AuthorizationProvider;
import org.keycloak.authorization.model.Policy;
import org.keycloak.authorization.model.ResourceServer;
import org.keycloak.authorization.policy.provider.PolicyProvider;
import org.keycloak.authorization.policy.provider.PolicyProviderAdminService;
import org.keycloak.authorization.policy.provider.PolicyProviderFactory;
import org.keycloak.authorization.store.PolicyStore;
import org.keycloak.authorization.store.ResourceServerStore;
import org.keycloak.authorization.store.StoreFactory;
import org.keycloak.models.ClientModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.KeycloakSessionFactory;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleContainerModel;
import org.keycloak.models.RoleModel;
import org.keycloak.util.JsonSerialization;

/* loaded from: input_file:wildfly-10.1.0.Final/modules/system/add-ons/keycloak/org/keycloak/keycloak-authz-policy-common/main/keycloak-authz-policy-common-2.5.5.Final.jar:org/keycloak/authorization/policy/provider/role/RolePolicyProviderFactory.class */
public class RolePolicyProviderFactory implements PolicyProviderFactory {
    private RolePolicyProvider provider = new RolePolicyProvider();

    @Override // org.keycloak.authorization.policy.provider.PolicyProviderFactory
    public String getName() {
        return "Role";
    }

    @Override // org.keycloak.authorization.policy.provider.PolicyProviderFactory
    public String getGroup() {
        return "Identity Based";
    }

    @Override // org.keycloak.authorization.policy.provider.PolicyProviderFactory
    public PolicyProvider create(AuthorizationProvider authorizationProvider) {
        return this.provider;
    }

    @Override // org.keycloak.authorization.policy.provider.PolicyProviderFactory
    public PolicyProviderAdminService getAdminResource(ResourceServer resourceServer) {
        return null;
    }

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // org.keycloak.provider.ProviderFactory
    /* renamed from: create */
    public PolicyProvider create2(KeycloakSession keycloakSession) {
        return new RolePolicyProvider();
    }

    @Override // org.keycloak.provider.ProviderFactory
    public void init(Config.Scope scope) {
    }

    @Override // org.keycloak.provider.ProviderFactory
    public void postInit(KeycloakSessionFactory keycloakSessionFactory) {
        keycloakSessionFactory.register(providerEvent -> {
            if (providerEvent instanceof RoleContainerModel.RoleRemovedEvent) {
                StoreFactory storeFactory = ((AuthorizationProvider) ((RoleContainerModel.RoleRemovedEvent) providerEvent).getKeycloakSession().getProvider(AuthorizationProvider.class)).getStoreFactory();
                PolicyStore policyStore = storeFactory.getPolicyStore();
                RoleModel role = ((RoleContainerModel.RoleRemovedEvent) providerEvent).getRole();
                RoleContainerModel container = role.getContainer();
                ResourceServerStore resourceServerStore = storeFactory.getResourceServerStore();
                if (container instanceof RealmModel) {
                    ((RealmModel) container).getClients().forEach(clientModel -> {
                        updateResourceServer(clientModel, role, resourceServerStore, policyStore);
                    });
                } else {
                    updateResourceServer((ClientModel) container, role, resourceServerStore, policyStore);
                }
            }
        });
    }

    private void updateResourceServer(ClientModel clientModel, RoleModel roleModel, ResourceServerStore resourceServerStore, PolicyStore policyStore) {
        ResourceServer findByClient = resourceServerStore.findByClient(clientModel.getId());
        if (findByClient != null) {
            policyStore.findByType(getId(), findByClient.getId()).forEach(policy -> {
                ArrayList arrayList = new ArrayList();
                for (Map<String, Object> map : getRoles(policy)) {
                    if (!map.get("id").equals(roleModel.getId())) {
                        HashMap hashMap = new HashMap();
                        hashMap.put("id", map.get("id"));
                        Object obj = map.get("required");
                        if (obj != null) {
                            hashMap.put("required", obj);
                        }
                        arrayList.add(hashMap);
                    }
                }
                try {
                    if (arrayList.isEmpty()) {
                        policyStore.findDependentPolicies(policy.getId(), findByClient.getId()).forEach(policy -> {
                            policy.removeAssociatedPolicy(policy);
                            if (policy.getAssociatedPolicies().isEmpty()) {
                                policyStore.delete(policy.getId());
                            }
                        });
                        policyStore.delete(policy.getId());
                    } else {
                        Map<String, String> config = policy.getConfig();
                        config.put("roles", JsonSerialization.writeValueAsString(arrayList));
                        policy.setConfig(config);
                    }
                } catch (IOException e) {
                    throw new RuntimeException("Error while synchronizing roles with policy [" + policy.getName() + "].", e);
                }
            });
        }
    }

    @Override // org.keycloak.provider.ProviderFactory
    public void close() {
    }

    @Override // org.keycloak.provider.ProviderFactory
    public String getId() {
        return "role";
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Map<String, Object>[] getRoles(Policy policy) {
        String str = policy.getConfig().get("roles");
        if (str == null) {
            return new Map[0];
        }
        try {
            return (Map[]) JsonSerialization.readValue(str.getBytes(), Map[].class);
        } catch (IOException e) {
            throw new RuntimeException("Could not parse roles [" + str + "] from policy config [" + policy.getName() + ".", e);
        }
    }
}
