package org.keycloak.authorization.admin;

import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.stream.Collectors;
import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.core.Response;
import org.jboss.resteasy.annotations.cache.NoCache;
import org.keycloak.authorization.AuthorizationProvider;
import org.keycloak.authorization.model.Policy;
import org.keycloak.authorization.model.Resource;
import org.keycloak.authorization.model.ResourceServer;
import org.keycloak.authorization.store.PolicyStore;
import org.keycloak.authorization.store.StoreFactory;
import org.keycloak.models.ClientModel;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.utils.ModelToRepresentation;
import org.keycloak.models.utils.RepresentationToModel;
import org.keycloak.representations.idm.authorization.ResourceRepresentation;
import org.keycloak.services.ErrorResponse;
import org.keycloak.services.resources.admin.RealmAuth;
import org.keycloak.social.stackoverflow.StackoverflowIdentityProvider;
import org.keycloak.utils.MediaType;

/* loaded from: input_file:org/keycloak/authorization/admin/ResourceSetService.class */
public class ResourceSetService {
    private final AuthorizationProvider authorization;
    private final RealmAuth auth;
    private ResourceServer resourceServer;

    public ResourceSetService(ResourceServer resourceServer, AuthorizationProvider authorizationProvider, RealmAuth realmAuth) {
        this.resourceServer = resourceServer;
        this.authorization = authorizationProvider;
        this.auth = realmAuth;
    }

    @POST
    @Produces({MediaType.APPLICATION_JSON})
    @Consumes({MediaType.APPLICATION_JSON})
    public Response create(ResourceRepresentation resourceRepresentation) {
        requireManage();
        Resource findByName = this.authorization.getStoreFactory().getResourceStore().findByName(resourceRepresentation.getName(), this.resourceServer.getId());
        if (findByName != null && findByName.getResourceServer().getId().equals(this.resourceServer.getId()) && findByName.getOwner().equals(resourceRepresentation.getOwner())) {
            return ErrorResponse.exists("Resource with name [" + resourceRepresentation.getName() + "] already exists.");
        }
        Resource model = RepresentationToModel.toModel(resourceRepresentation, this.resourceServer, this.authorization);
        ResourceRepresentation resourceRepresentation2 = new ResourceRepresentation();
        resourceRepresentation2.setId(model.getId());
        return Response.status(Response.Status.CREATED).entity(resourceRepresentation2).build();
    }

    @Path("{id}")
    @Consumes({MediaType.APPLICATION_JSON})
    @Produces({MediaType.APPLICATION_JSON})
    @PUT
    public Response update(@PathParam("id") String str, ResourceRepresentation resourceRepresentation) {
        requireManage();
        resourceRepresentation.setId(str);
        if (this.authorization.getStoreFactory().getResourceStore().findById(resourceRepresentation.getId()) == null) {
            return Response.status(Response.Status.NOT_FOUND).build();
        }
        RepresentationToModel.toModel(resourceRepresentation, this.resourceServer, this.authorization);
        return Response.noContent().build();
    }

    @Path("{id}")
    @DELETE
    public Response delete(@PathParam("id") String str) {
        requireManage();
        StoreFactory storeFactory = this.authorization.getStoreFactory();
        Resource findById = storeFactory.getResourceStore().findById(str);
        if (findById == null) {
            return Response.status(Response.Status.NOT_FOUND).build();
        }
        PolicyStore policyStore = storeFactory.getPolicyStore();
        for (Policy policy : policyStore.findByResource(str)) {
            if (policy.getResources().size() == 1) {
                policyStore.delete(policy.getId());
            } else {
                policy.addResource(findById);
            }
        }
        storeFactory.getResourceStore().delete(str);
        return Response.noContent().build();
    }

    @GET
    @Path("{id}")
    @NoCache
    @Produces({MediaType.APPLICATION_JSON})
    public Response findById(@PathParam("id") String str) {
        requireView();
        Resource findById = this.authorization.getStoreFactory().getResourceStore().findById(str);
        return findById == null ? Response.status(Response.Status.NOT_FOUND).build() : Response.ok(ModelToRepresentation.toRepresentation(findById, this.resourceServer, this.authorization)).build();
    }

    @GET
    @Path("/search")
    @NoCache
    @Produces({MediaType.APPLICATION_JSON})
    public Response find(@QueryParam("name") String str) {
        this.auth.requireView();
        StoreFactory storeFactory = this.authorization.getStoreFactory();
        if (str == null) {
            return Response.status(Response.Status.BAD_REQUEST).build();
        }
        Resource findByName = storeFactory.getResourceStore().findByName(str, this.resourceServer.getId());
        return findByName == null ? Response.status(Response.Status.OK).build() : Response.ok(ModelToRepresentation.toRepresentation(findByName, this.resourceServer, this.authorization)).build();
    }

    @GET
    @Produces({MediaType.APPLICATION_JSON})
    @NoCache
    public Response find(@QueryParam("name") String str, @QueryParam("uri") String str2, @QueryParam("owner") String str3, @QueryParam("type") String str4, @QueryParam("scope") String str5, @QueryParam("first") Integer num, @QueryParam("max") Integer num2) {
        requireView();
        StoreFactory storeFactory = this.authorization.getStoreFactory();
        HashMap hashMap = new HashMap();
        if (str != null && !StackoverflowIdentityProvider.DEFAULT_SCOPE.equals(str.trim())) {
            hashMap.put("name", new String[]{str});
        }
        if (str2 != null && !StackoverflowIdentityProvider.DEFAULT_SCOPE.equals(str2.trim())) {
            hashMap.put("uri", new String[]{str2});
        }
        if (str3 != null && !StackoverflowIdentityProvider.DEFAULT_SCOPE.equals(str3.trim())) {
            RealmModel realm = this.authorization.getKeycloakSession().getContext().getRealm();
            ClientModel clientByClientId = realm.getClientByClientId(str3);
            if (clientByClientId != null) {
                str3 = clientByClientId.getId();
            } else {
                UserModel userByUsername = this.authorization.getKeycloakSession().users().getUserByUsername(str3, realm);
                if (userByUsername != null) {
                    str3 = userByUsername.getId();
                }
            }
            hashMap.put("owner", new String[]{str3});
        }
        if (str4 != null && !StackoverflowIdentityProvider.DEFAULT_SCOPE.equals(str4.trim())) {
            hashMap.put("type", new String[]{str4});
        }
        if (str5 != null && !StackoverflowIdentityProvider.DEFAULT_SCOPE.equals(str5.trim())) {
            HashMap hashMap2 = new HashMap();
            hashMap2.put("name", new String[]{str5});
            List findByResourceServer = this.authorization.getStoreFactory().getScopeStore().findByResourceServer(hashMap2, this.resourceServer.getId(), -1, -1);
            if (findByResourceServer.isEmpty()) {
                return Response.ok(Collections.emptyList()).build();
            }
            hashMap.put("scope", findByResourceServer.stream().map((v0) -> {
                return v0.getId();
            }).toArray(i -> {
                return new String[i];
            }));
        }
        return Response.ok(storeFactory.getResourceStore().findByResourceServer(hashMap, this.resourceServer.getId(), num != null ? num.intValue() : -1, num2 != null ? num2.intValue() : -1).stream().map(resource -> {
            return ModelToRepresentation.toRepresentation(resource, this.resourceServer, this.authorization);
        }).collect(Collectors.toList())).build();
    }

    private void requireView() {
        if (this.auth != null) {
            this.auth.requireView();
        }
    }

    private void requireManage() {
        if (this.auth != null) {
            this.auth.requireManage();
        }
    }
}
