package org.keycloak.services.clientpolicy;

import com.fasterxml.jackson.databind.JsonNode;
import java.io.IOException;
import java.io.InputStream;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Set;
import java.util.stream.Collectors;
import org.jboss.logging.Logger;
import org.keycloak.common.Profile;
import org.keycloak.component.JsonConfigComponentModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.representations.idm.ClientPoliciesRepresentation;
import org.keycloak.representations.idm.ClientPolicyConditionConfigurationRepresentation;
import org.keycloak.representations.idm.ClientPolicyConditionRepresentation;
import org.keycloak.representations.idm.ClientPolicyExecutorConfigurationRepresentation;
import org.keycloak.representations.idm.ClientPolicyExecutorRepresentation;
import org.keycloak.representations.idm.ClientPolicyRepresentation;
import org.keycloak.representations.idm.ClientProfileRepresentation;
import org.keycloak.representations.idm.ClientProfilesRepresentation;
import org.keycloak.services.clientpolicy.condition.ClientPolicyConditionProvider;
import org.keycloak.services.clientpolicy.executor.ClientPolicyExecutorProvider;
import org.keycloak.util.JsonSerialization;

/* loaded from: input_file:org/keycloak/services/clientpolicy/ClientPoliciesUtil.class */
public class ClientPoliciesUtil {
    private static final Logger logger = Logger.getLogger(ClientPoliciesUtil.class);

    /* JADX INFO: Access modifiers changed from: package-private */
    public static ClientProfilesRepresentation getClientProfilesRepresentation(KeycloakSession keycloakSession, RealmModel realmModel) throws ClientPolicyException {
        String clientProfilesJsonString = getClientProfilesJsonString(realmModel);
        return clientProfilesJsonString == null ? new ClientProfilesRepresentation() : convertClientProfilesJsonToRepresentation(clientProfilesJsonString);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static ClientProfile getClientProfileModel(KeycloakSession keycloakSession, RealmModel realmModel, ClientProfilesRepresentation clientProfilesRepresentation, List<ClientProfileRepresentation> list, String str) throws ClientPolicyException {
        List profiles = clientProfilesRepresentation.getProfiles();
        if (profiles == null) {
            profiles = new ArrayList();
        }
        profiles.addAll(list);
        ClientProfileRepresentation clientProfileRepresentation = (ClientProfileRepresentation) profiles.stream().filter(clientProfileRepresentation2 -> {
            return str.equals(clientProfileRepresentation2.getName());
        }).findFirst().orElse(null);
        if (clientProfileRepresentation == null) {
            return null;
        }
        ClientProfile clientProfile = new ClientProfile();
        clientProfile.setName(clientProfileRepresentation.getName());
        clientProfile.setDescription(clientProfileRepresentation.getDescription());
        if (clientProfileRepresentation.getExecutors() == null) {
            clientProfile.setExecutors(new ArrayList());
            return clientProfile;
        }
        ArrayList arrayList = new ArrayList();
        if (clientProfileRepresentation.getExecutors() != null) {
            for (ClientPolicyExecutorRepresentation clientPolicyExecutorRepresentation : clientProfileRepresentation.getExecutors()) {
                arrayList.add(getExecutorProvider(keycloakSession, realmModel, clientPolicyExecutorRepresentation.getExecutorProviderId(), clientPolicyExecutorRepresentation.getConfiguration()));
            }
        }
        clientProfile.setExecutors(arrayList);
        return clientProfile;
    }

    private static ClientPolicyExecutorProvider getExecutorProvider(KeycloakSession keycloakSession, RealmModel realmModel, String str, JsonNode jsonNode) {
        JsonConfigComponentModel jsonConfigComponentModel = new JsonConfigComponentModel(ClientPolicyExecutorProvider.class, realmModel.getId(), str, jsonNode);
        ClientPolicyExecutorProvider componentProvider = keycloakSession.getComponentProvider(ClientPolicyExecutorProvider.class, jsonConfigComponentModel.getId(), keycloakSessionFactory -> {
            return jsonConfigComponentModel;
        });
        if (componentProvider == null) {
            throw new IllegalStateException("Executor with provider ID " + str + " not found");
        }
        componentProvider.setupConfiguration((ClientPolicyExecutorConfigurationRepresentation) JsonSerialization.mapper.convertValue(jsonNode, componentProvider.getExecutorConfigurationClass()));
        return componentProvider;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static List<ClientProfileRepresentation> getValidatedGlobalClientProfilesRepresentation(KeycloakSession keycloakSession, InputStream inputStream) throws ClientPolicyException {
        try {
            ClientProfilesRepresentation clientProfilesRepresentation = (ClientProfilesRepresentation) JsonSerialization.readValue(inputStream, ClientProfilesRepresentation.class);
            if (clientProfilesRepresentation == null) {
                return Collections.emptyList();
            }
            List profiles = clientProfilesRepresentation.getProfiles();
            if (profiles == null || profiles.isEmpty()) {
                return Collections.emptyList();
            }
            if (profiles.size() != profiles.stream().map(clientProfileRepresentation -> {
                return clientProfileRepresentation.getName();
            }).distinct().count()) {
                throw new ClientPolicyException("proposed global client profile name duplicated.");
            }
            LinkedList linkedList = new LinkedList();
            for (ClientProfileRepresentation clientProfileRepresentation2 : clientProfilesRepresentation.getProfiles()) {
                if (clientProfileRepresentation2.getName() == null) {
                    throw new ClientPolicyException("client profile without its name not allowed.");
                }
                ClientProfileRepresentation clientProfileRepresentation3 = new ClientProfileRepresentation();
                clientProfileRepresentation3.setName(clientProfileRepresentation2.getName());
                clientProfileRepresentation3.setDescription(clientProfileRepresentation2.getDescription());
                clientProfileRepresentation3.setExecutors(new ArrayList());
                if (clientProfileRepresentation2.getExecutors() != null) {
                    for (ClientPolicyExecutorRepresentation clientPolicyExecutorRepresentation : clientProfileRepresentation2.getExecutors()) {
                        if (Profile.isFeatureEnabled(Profile.Feature.CLIENT_POLICIES) && !isValidExecutor(keycloakSession, clientPolicyExecutorRepresentation.getExecutorProviderId())) {
                            throw new ClientPolicyException("proposed client profile contains the executor with its invalid configuration.");
                        }
                        clientProfileRepresentation3.getExecutors().add(clientPolicyExecutorRepresentation);
                    }
                }
                linkedList.add(clientProfileRepresentation3);
            }
            return linkedList;
        } catch (Exception e) {
            throw new ClientPolicyException("failed to deserialize global proposed client profiles json string.", e.getMessage());
        }
    }

    public static String convertClientProfilesRepresentationToJson(ClientProfilesRepresentation clientProfilesRepresentation) throws ClientPolicyException {
        try {
            return JsonSerialization.writeValueAsString(clientProfilesRepresentation);
        } catch (IOException e) {
            throw new ClientPolicyException(e.getMessage());
        }
    }

    private static ClientProfilesRepresentation convertClientProfilesJsonToRepresentation(String str) throws ClientPolicyException {
        try {
            return (ClientProfilesRepresentation) JsonSerialization.readValue(str, ClientProfilesRepresentation.class);
        } catch (IOException e) {
            throw new ClientPolicyException(e.getMessage());
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static ClientProfilesRepresentation getValidatedClientProfilesForUpdate(KeycloakSession keycloakSession, RealmModel realmModel, ClientProfilesRepresentation clientProfilesRepresentation, List<ClientProfileRepresentation> list) throws ClientPolicyException {
        if (realmModel == null) {
            throw new ClientPolicyException("realm not specified.");
        }
        List profiles = clientProfilesRepresentation.getProfiles();
        if (profiles == null || profiles.isEmpty()) {
            profiles = new ArrayList();
            clientProfilesRepresentation.setProfiles(new ArrayList());
        }
        if (profiles.stream().anyMatch(clientProfileRepresentation -> {
            return clientProfileRepresentation.getName() == null || clientProfileRepresentation.getName().isEmpty();
        })) {
            throw new ClientPolicyException("client profile without its name not allowed.");
        }
        if (profiles.size() != profiles.stream().map(clientProfileRepresentation2 -> {
            return clientProfileRepresentation2.getName();
        }).distinct().count()) {
            throw new ClientPolicyException("proposed client profile name duplicated.");
        }
        Set set = (Set) list.stream().map((v0) -> {
            return v0.getName();
        }).collect(Collectors.toSet());
        Iterator it = profiles.iterator();
        while (it.hasNext()) {
            if (set.contains(((ClientProfileRepresentation) it.next()).getName())) {
                throw new ClientPolicyException("Proposed profile name duplicated as the name of some global profile");
            }
        }
        for (ClientProfileRepresentation clientProfileRepresentation3 : clientProfilesRepresentation.getProfiles()) {
            if (clientProfileRepresentation3.getExecutors() != null) {
                Iterator it2 = clientProfileRepresentation3.getExecutors().iterator();
                while (it2.hasNext()) {
                    if (!isValidExecutor(keycloakSession, ((ClientPolicyExecutorRepresentation) it2.next()).getExecutorProviderId())) {
                        throw new ClientPolicyException("proposed client profile contains the executor, which does not have valid provider, or has invalid configuration.");
                    }
                }
            }
        }
        clientProfilesRepresentation.setGlobalProfiles((List) null);
        return clientProfilesRepresentation;
    }

    private static boolean isValidExecutor(KeycloakSession keycloakSession, String str) {
        Set listProviderIds = keycloakSession.listProviderIds(ClientPolicyExecutorProvider.class);
        if (listProviderIds != null && listProviderIds.contains(str)) {
            return true;
        }
        logger.warnv("no executor provider found. providerId = {0}", str);
        return false;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static ClientPoliciesRepresentation getClientPoliciesRepresentation(KeycloakSession keycloakSession, RealmModel realmModel) throws ClientPolicyException {
        String clientPoliciesJsonString = getClientPoliciesJsonString(realmModel);
        return clientPoliciesJsonString == null ? new ClientPoliciesRepresentation() : convertClientPoliciesJsonToRepresentation(clientPoliciesJsonString);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static List<ClientPolicy> getEnabledClientPolicies(KeycloakSession keycloakSession, RealmModel realmModel) {
        String clientPoliciesJsonString = getClientPoliciesJsonString(realmModel);
        if (clientPoliciesJsonString == null) {
            return Collections.emptyList();
        }
        try {
            ClientPoliciesRepresentation convertClientPoliciesJsonToRepresentation = convertClientPoliciesJsonToRepresentation(clientPoliciesJsonString);
            if (convertClientPoliciesJsonToRepresentation == null || convertClientPoliciesJsonToRepresentation.getPolicies() == null) {
                return Collections.emptyList();
            }
            ArrayList arrayList = new ArrayList();
            for (ClientPolicyRepresentation clientPolicyRepresentation : convertClientPoliciesJsonToRepresentation.getPolicies()) {
                if (clientPolicyRepresentation.getName() == null) {
                    logger.warnf("Ignored client policy without name in the realm %s", realmModel.getName());
                } else if (clientPolicyRepresentation.isEnabled() != null && clientPolicyRepresentation.isEnabled().booleanValue()) {
                    ClientPolicy clientPolicy = new ClientPolicy();
                    clientPolicy.setName(clientPolicyRepresentation.getName());
                    clientPolicy.setDescription(clientPolicyRepresentation.getDescription());
                    clientPolicy.setEnable(true);
                    ArrayList arrayList2 = new ArrayList();
                    if (clientPolicyRepresentation.getConditions() != null) {
                        for (ClientPolicyConditionRepresentation clientPolicyConditionRepresentation : clientPolicyRepresentation.getConditions()) {
                            arrayList2.add(getConditionProvider(keycloakSession, realmModel, clientPolicyConditionRepresentation.getConditionProviderId(), clientPolicyConditionRepresentation.getConfiguration()));
                        }
                    }
                    clientPolicy.setConditions(arrayList2);
                    if (clientPolicyRepresentation.getProfiles() != null) {
                        clientPolicy.setProfiles((List) clientPolicyRepresentation.getProfiles().stream().collect(Collectors.toList()));
                    }
                    arrayList.add(clientPolicy);
                }
            }
            return arrayList;
        } catch (ClientPolicyException e) {
            logger.warnv("Failed to serialize client policies json string. err={0}, errDetail={1}", e.getError(), e.getErrorDetail());
            return Collections.emptyList();
        }
    }

    private static ClientPolicyConditionProvider getConditionProvider(KeycloakSession keycloakSession, RealmModel realmModel, String str, JsonNode jsonNode) {
        JsonConfigComponentModel jsonConfigComponentModel = new JsonConfigComponentModel(ClientPolicyConditionProvider.class, realmModel.getId(), str, jsonNode);
        ClientPolicyConditionProvider componentProvider = keycloakSession.getComponentProvider(ClientPolicyConditionProvider.class, jsonConfigComponentModel.getId(), keycloakSessionFactory -> {
            return jsonConfigComponentModel;
        });
        if (componentProvider == null) {
            throw new IllegalStateException("Condition with provider ID " + str + " not found");
        }
        componentProvider.setupConfiguration((ClientPolicyConditionConfigurationRepresentation) JsonSerialization.mapper.convertValue(jsonNode, componentProvider.getConditionConfigurationClass()));
        return componentProvider;
    }

    public static String convertClientPoliciesRepresentationToJson(ClientPoliciesRepresentation clientPoliciesRepresentation) throws ClientPolicyException {
        try {
            return JsonSerialization.writeValueAsString(clientPoliciesRepresentation);
        } catch (IOException e) {
            throw new ClientPolicyException(e.getMessage());
        }
    }

    private static ClientPoliciesRepresentation convertClientPoliciesJsonToRepresentation(String str) throws ClientPolicyException {
        try {
            return (ClientPoliciesRepresentation) JsonSerialization.readValue(str, ClientPoliciesRepresentation.class);
        } catch (IOException e) {
            throw new ClientPolicyException(e.getMessage());
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static ClientPoliciesRepresentation getValidatedClientPoliciesForUpdate(KeycloakSession keycloakSession, RealmModel realmModel, ClientPoliciesRepresentation clientPoliciesRepresentation, List<ClientProfileRepresentation> list) throws ClientPolicyException {
        if (realmModel == null) {
            throw new ClientPolicyException("realm not specified.");
        }
        List policies = clientPoliciesRepresentation.getPolicies();
        if (policies == null || policies.isEmpty()) {
            policies = new ArrayList();
            clientPoliciesRepresentation.setPolicies(new ArrayList());
        }
        if (policies.stream().anyMatch(clientPolicyRepresentation -> {
            return clientPolicyRepresentation.getName() == null || clientPolicyRepresentation.getName().isEmpty();
        })) {
            throw new ClientPolicyException("proposed client policy name missing.");
        }
        if (policies.size() != policies.stream().map(clientPolicyRepresentation2 -> {
            return clientPolicyRepresentation2.getName();
        }).distinct().count()) {
            throw new ClientPolicyException("proposed client policy name duplicated.");
        }
        ClientPoliciesRepresentation clientPoliciesRepresentation2 = new ClientPoliciesRepresentation();
        clientPoliciesRepresentation2.setPolicies(new ArrayList());
        List policies2 = clientPoliciesRepresentation2.getPolicies();
        for (ClientPolicyRepresentation clientPolicyRepresentation3 : clientPoliciesRepresentation.getPolicies()) {
            Boolean isEnabled = clientPolicyRepresentation3.isEnabled() != null ? clientPolicyRepresentation3.isEnabled() : Boolean.FALSE;
            ClientPolicyRepresentation clientPolicyRepresentation4 = new ClientPolicyRepresentation();
            clientPolicyRepresentation4.setName(clientPolicyRepresentation3.getName());
            clientPolicyRepresentation4.setDescription(clientPolicyRepresentation3.getDescription());
            clientPolicyRepresentation4.setEnabled(isEnabled);
            clientPolicyRepresentation4.setConditions(new ArrayList());
            if (clientPolicyRepresentation3.getConditions() != null) {
                for (ClientPolicyConditionRepresentation clientPolicyConditionRepresentation : clientPolicyRepresentation3.getConditions()) {
                    if (!isValidCondition(keycloakSession, clientPolicyConditionRepresentation.getConditionProviderId())) {
                        throw new ClientPolicyException("the proposed client policy contains the condition with its invalid configuration.");
                    }
                    clientPolicyRepresentation4.getConditions().add(clientPolicyConditionRepresentation);
                }
            }
            Set set = (Set) list.stream().map((v0) -> {
                return v0.getName();
            }).collect(Collectors.toSet());
            ClientProfilesRepresentation clientProfilesRepresentation = getClientProfilesRepresentation(keycloakSession, realmModel);
            clientPolicyRepresentation4.setProfiles(new ArrayList());
            if (clientProfilesRepresentation.getProfiles() != null) {
                set.addAll((Collection) clientProfilesRepresentation.getProfiles().stream().map((v0) -> {
                    return v0.getName();
                }).collect(Collectors.toSet()));
            }
            if (clientPolicyRepresentation3.getProfiles() != null) {
                Iterator it = clientPolicyRepresentation3.getProfiles().iterator();
                while (it.hasNext()) {
                    if (!set.contains((String) it.next())) {
                        logger.warnf("Client policy %s referred not existing profile %s", new Object[0]);
                        throw new ClientPolicyException("referring not existing client profile not allowed.");
                    }
                }
                clientPolicyRepresentation3.getProfiles().stream().distinct().forEach(str -> {
                    clientPolicyRepresentation4.getProfiles().add(str);
                });
            }
            policies2.add(clientPolicyRepresentation4);
        }
        return clientPoliciesRepresentation2;
    }

    private static boolean isValidCondition(KeycloakSession keycloakSession, String str) {
        Set listProviderIds = keycloakSession.listProviderIds(ClientPolicyConditionProvider.class);
        if (listProviderIds != null && listProviderIds.contains(str)) {
            return true;
        }
        logger.warnv("no condition provider found. providerId = {0}", str);
        return false;
    }

    static String getClientProfilesJsonString(RealmModel realmModel) {
        return realmModel.getAttribute("client-policies.profiles");
    }

    static String getClientPoliciesJsonString(RealmModel realmModel) {
        return realmModel.getAttribute("client-policies.policies");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void setClientProfilesJsonString(RealmModel realmModel, String str) {
        realmModel.setAttribute("client-policies.profiles", str);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void setClientPoliciesJsonString(RealmModel realmModel, String str) {
        realmModel.setAttribute("client-policies.policies", str);
    }
}
