package org.keycloak.authorization.admin;

import java.util.Arrays;
import java.util.HashMap;
import java.util.stream.Collectors;
import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriInfo;
import org.jboss.resteasy.annotations.cache.NoCache;
import org.keycloak.authorization.AuthorizationProvider;
import org.keycloak.authorization.model.Policy;
import org.keycloak.authorization.model.ResourceServer;
import org.keycloak.authorization.model.Scope;
import org.keycloak.authorization.store.PolicyStore;
import org.keycloak.authorization.store.StoreFactory;
import org.keycloak.events.admin.OperationType;
import org.keycloak.events.admin.ResourceType;
import org.keycloak.models.utils.ModelToRepresentation;
import org.keycloak.models.utils.RepresentationToModel;
import org.keycloak.representations.idm.authorization.PolicyRepresentation;
import org.keycloak.representations.idm.authorization.ResourceRepresentation;
import org.keycloak.representations.idm.authorization.ScopeRepresentation;
import org.keycloak.services.ErrorResponse;
import org.keycloak.services.resources.admin.AdminEventBuilder;
import org.keycloak.services.resources.admin.permissions.AdminPermissionEvaluator;
import org.keycloak.social.stackoverflow.StackoverflowIdentityProvider;
import org.keycloak.utils.MediaType;

/* loaded from: input_file:org/keycloak/authorization/admin/ScopeService.class */
public class ScopeService {
    private final AuthorizationProvider authorization;
    private final AdminPermissionEvaluator auth;
    private final AdminEventBuilder adminEvent;
    private ResourceServer resourceServer;

    public ScopeService(ResourceServer resourceServer, AuthorizationProvider authorizationProvider, AdminPermissionEvaluator adminPermissionEvaluator, AdminEventBuilder adminEventBuilder) {
        this.resourceServer = resourceServer;
        this.authorization = authorizationProvider;
        this.auth = adminPermissionEvaluator;
        this.adminEvent = adminEventBuilder.resource(ResourceType.AUTHORIZATION_SCOPE);
    }

    @NoCache
    @Consumes({MediaType.APPLICATION_JSON})
    @POST
    @Produces({MediaType.APPLICATION_JSON})
    public Response create(@Context UriInfo uriInfo, ScopeRepresentation scopeRepresentation) {
        this.auth.realm().requireManageAuthorization();
        scopeRepresentation.setId(RepresentationToModel.toModel(scopeRepresentation, this.resourceServer, this.authorization).getId());
        audit(uriInfo, scopeRepresentation, scopeRepresentation.getId(), OperationType.CREATE);
        return Response.status(Response.Status.CREATED).entity(scopeRepresentation).build();
    }

    @Path("{id}")
    @Consumes({MediaType.APPLICATION_JSON})
    @Produces({MediaType.APPLICATION_JSON})
    @PUT
    public Response update(@Context UriInfo uriInfo, @PathParam("id") String str, ScopeRepresentation scopeRepresentation) {
        this.auth.realm().requireManageAuthorization();
        scopeRepresentation.setId(str);
        if (this.authorization.getStoreFactory().getScopeStore().findById(scopeRepresentation.getId(), this.resourceServer.getId()) == null) {
            return Response.status(Response.Status.NOT_FOUND).build();
        }
        RepresentationToModel.toModel(scopeRepresentation, this.resourceServer, this.authorization);
        audit(uriInfo, scopeRepresentation, OperationType.UPDATE);
        return Response.noContent().build();
    }

    @Path("{id}")
    @DELETE
    public Response delete(@Context UriInfo uriInfo, @PathParam("id") String str) {
        this.auth.realm().requireManageAuthorization();
        StoreFactory storeFactory = this.authorization.getStoreFactory();
        if (!storeFactory.getResourceStore().findByScope(Arrays.asList(str), this.resourceServer.getId()).isEmpty()) {
            return ErrorResponse.exists("Scopes can not be removed while associated with resources.");
        }
        Scope findById = storeFactory.getScopeStore().findById(str, this.resourceServer.getId());
        if (findById == null) {
            return Response.status(Response.Status.NOT_FOUND).build();
        }
        PolicyStore policyStore = storeFactory.getPolicyStore();
        for (Policy policy : policyStore.findByScopeIds(Arrays.asList(findById.getId()), this.resourceServer.getId())) {
            if (policy.getScopes().size() == 1) {
                policyStore.delete(policy.getId());
            } else {
                policy.removeScope(findById);
            }
        }
        storeFactory.getScopeStore().delete(str);
        if (this.authorization.getRealm().isAdminEventsEnabled()) {
            audit(uriInfo, ModelToRepresentation.toRepresentation(findById), OperationType.DELETE);
        }
        return Response.noContent().build();
    }

    @GET
    @Path("{id}")
    @NoCache
    @Produces({MediaType.APPLICATION_JSON})
    public Response findById(@PathParam("id") String str) {
        this.auth.realm().requireViewAuthorization();
        Scope findById = this.authorization.getStoreFactory().getScopeStore().findById(str, this.resourceServer.getId());
        return findById == null ? Response.status(Response.Status.NOT_FOUND).build() : Response.ok(ModelToRepresentation.toRepresentation(findById)).build();
    }

    @GET
    @Path("{id}/resources")
    @NoCache
    @Produces({MediaType.APPLICATION_JSON})
    public Response getResources(@PathParam("id") String str) {
        this.auth.realm().requireViewAuthorization();
        StoreFactory storeFactory = this.authorization.getStoreFactory();
        Scope findById = storeFactory.getScopeStore().findById(str, this.resourceServer.getId());
        return findById == null ? Response.status(Response.Status.NOT_FOUND).build() : Response.ok(storeFactory.getResourceStore().findByScope(Arrays.asList(findById.getId()), this.resourceServer.getId()).stream().map(resource -> {
            ResourceRepresentation resourceRepresentation = new ResourceRepresentation();
            resourceRepresentation.setId(resource.getId());
            resourceRepresentation.setName(resource.getName());
            return resourceRepresentation;
        }).collect(Collectors.toList())).build();
    }

    @GET
    @Path("{id}/permissions")
    @NoCache
    @Produces({MediaType.APPLICATION_JSON})
    public Response getPermissions(@PathParam("id") String str) {
        this.auth.realm().requireViewAuthorization();
        StoreFactory storeFactory = this.authorization.getStoreFactory();
        Scope findById = storeFactory.getScopeStore().findById(str, this.resourceServer.getId());
        return findById == null ? Response.status(Response.Status.NOT_FOUND).build() : Response.ok(storeFactory.getPolicyStore().findByScopeIds(Arrays.asList(findById.getId()), this.resourceServer.getId()).stream().map(policy -> {
            PolicyRepresentation policyRepresentation = new PolicyRepresentation();
            policyRepresentation.setId(policy.getId());
            policyRepresentation.setName(policy.getName());
            policyRepresentation.setType(policy.getType());
            return policyRepresentation;
        }).collect(Collectors.toList())).build();
    }

    @GET
    @Path("/search")
    @NoCache
    @Produces({MediaType.APPLICATION_JSON})
    public Response find(@QueryParam("name") String str) {
        this.auth.realm().requireViewAuthorization();
        StoreFactory storeFactory = this.authorization.getStoreFactory();
        if (str == null) {
            return Response.status(Response.Status.BAD_REQUEST).build();
        }
        Scope findByName = storeFactory.getScopeStore().findByName(str, this.resourceServer.getId());
        return findByName == null ? Response.status(Response.Status.OK).build() : Response.ok(ModelToRepresentation.toRepresentation(findByName)).build();
    }

    @GET
    @Produces({MediaType.APPLICATION_JSON})
    @NoCache
    public Response findAll(@QueryParam("scopeId") String str, @QueryParam("name") String str2, @QueryParam("first") Integer num, @QueryParam("max") Integer num2) {
        this.auth.realm().requireViewAuthorization();
        HashMap hashMap = new HashMap();
        if (str != null && !StackoverflowIdentityProvider.DEFAULT_SCOPE.equals(str.trim())) {
            hashMap.put("id", new String[]{str});
        }
        if (str2 != null && !StackoverflowIdentityProvider.DEFAULT_SCOPE.equals(str2.trim())) {
            hashMap.put("name", new String[]{str2});
        }
        return Response.ok(this.authorization.getStoreFactory().getScopeStore().findByResourceServer(hashMap, this.resourceServer.getId(), num != null ? num.intValue() : -1, num2 != null ? num2.intValue() : 100).stream().map(scope -> {
            return ModelToRepresentation.toRepresentation(scope);
        }).collect(Collectors.toList())).build();
    }

    private void audit(@Context UriInfo uriInfo, ScopeRepresentation scopeRepresentation, OperationType operationType) {
        audit(uriInfo, scopeRepresentation, null, operationType);
    }

    private void audit(@Context UriInfo uriInfo, ScopeRepresentation scopeRepresentation, String str, OperationType operationType) {
        if (this.authorization.getRealm().isAdminEventsEnabled()) {
            if (str != null) {
                this.adminEvent.operation(operationType).resourcePath(uriInfo, str).representation(scopeRepresentation).success();
            } else {
                this.adminEvent.operation(operationType).resourcePath(uriInfo).representation(scopeRepresentation).success();
            }
        }
    }
}
