package org.keycloak.models.utils;

import java.io.IOException;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.ListIterator;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import java.util.function.Function;
import java.util.stream.Collectors;
import org.jboss.logging.Logger;
import org.keycloak.Config;
import org.keycloak.authorization.AuthorizationProvider;
import org.keycloak.authorization.AuthorizationProviderFactory;
import org.keycloak.authorization.model.PermissionTicket;
import org.keycloak.authorization.model.Policy;
import org.keycloak.authorization.model.Resource;
import org.keycloak.authorization.model.ResourceServer;
import org.keycloak.authorization.model.Scope;
import org.keycloak.authorization.policy.provider.PolicyProviderFactory;
import org.keycloak.authorization.store.PermissionTicketStore;
import org.keycloak.authorization.store.PolicyStore;
import org.keycloak.authorization.store.ResourceServerStore;
import org.keycloak.authorization.store.ResourceStore;
import org.keycloak.authorization.store.ScopeStore;
import org.keycloak.authorization.store.StoreFactory;
import org.keycloak.broker.provider.IdentityProvider;
import org.keycloak.broker.provider.IdentityProviderFactory;
import org.keycloak.broker.social.SocialIdentityProvider;
import org.keycloak.common.Profile;
import org.keycloak.common.util.MultivaluedHashMap;
import org.keycloak.common.util.UriUtils;
import org.keycloak.component.ComponentModel;
import org.keycloak.credential.CredentialModel;
import org.keycloak.migration.migrators.MigrationUtils;
import org.keycloak.models.AuthenticationExecutionModel;
import org.keycloak.models.AuthenticationFlowModel;
import org.keycloak.models.AuthenticatorConfigModel;
import org.keycloak.models.ClientModel;
import org.keycloak.models.ClientScopeModel;
import org.keycloak.models.Constants;
import org.keycloak.models.FederatedIdentityModel;
import org.keycloak.models.GroupModel;
import org.keycloak.models.IdentityProviderMapperModel;
import org.keycloak.models.IdentityProviderModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.ModelException;
import org.keycloak.models.ProtocolMapperModel;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleModel;
import org.keycloak.models.UserConsentModel;
import org.keycloak.models.UserCredentialModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.UserProvider;
import org.keycloak.models.credential.dto.OTPCredentialData;
import org.keycloak.models.credential.dto.OTPSecretData;
import org.keycloak.models.credential.dto.PasswordCredentialData;
import org.keycloak.policy.PasswordPolicyNotMetException;
import org.keycloak.protocol.saml.util.ArtifactBindingUtils;
import org.keycloak.provider.ProviderConfigProperty;
import org.keycloak.representations.idm.AuthenticationExecutionRepresentation;
import org.keycloak.representations.idm.AuthenticationFlowRepresentation;
import org.keycloak.representations.idm.AuthenticatorConfigRepresentation;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.idm.ClientScopeRepresentation;
import org.keycloak.representations.idm.ComponentRepresentation;
import org.keycloak.representations.idm.CredentialRepresentation;
import org.keycloak.representations.idm.FederatedIdentityRepresentation;
import org.keycloak.representations.idm.GroupRepresentation;
import org.keycloak.representations.idm.IdentityProviderMapperRepresentation;
import org.keycloak.representations.idm.IdentityProviderRepresentation;
import org.keycloak.representations.idm.ProtocolMapperRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.RoleRepresentation;
import org.keycloak.representations.idm.RolesRepresentation;
import org.keycloak.representations.idm.UserConsentRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.representations.idm.authorization.AbstractPolicyRepresentation;
import org.keycloak.representations.idm.authorization.DecisionStrategy;
import org.keycloak.representations.idm.authorization.PermissionTicketRepresentation;
import org.keycloak.representations.idm.authorization.PolicyEnforcementMode;
import org.keycloak.representations.idm.authorization.PolicyRepresentation;
import org.keycloak.representations.idm.authorization.ResourceOwnerRepresentation;
import org.keycloak.representations.idm.authorization.ResourceRepresentation;
import org.keycloak.representations.idm.authorization.ResourceServerRepresentation;
import org.keycloak.representations.idm.authorization.ScopeRepresentation;
import org.keycloak.storage.DatastoreProvider;
import org.keycloak.util.JsonSerialization;

/* loaded from: input_file:BOOT-INF/lib/keycloak-server-spi-private-21.1.2.jar:org/keycloak/models/utils/RepresentationToModel.class */
public class RepresentationToModel {
    private static Logger logger = Logger.getLogger((Class<?>) RepresentationToModel.class);
    public static final String OIDC = "openid-connect";

    public static void importRealm(KeycloakSession keycloakSession, RealmRepresentation realmRepresentation, RealmModel realmModel, boolean z) {
        ((DatastoreProvider) keycloakSession.getProvider(DatastoreProvider.class)).getExportImportManager().importRealm(realmRepresentation, realmModel, z);
    }

    public static void importRoles(RolesRepresentation rolesRepresentation, RealmModel realmModel) {
        if (rolesRepresentation == null) {
            return;
        }
        if (rolesRepresentation.getRealm() != null) {
            for (RoleRepresentation roleRepresentation : rolesRepresentation.getRealm()) {
                if (!realmModel.getDefaultRole().getName().equals(roleRepresentation.getName())) {
                    createRole(realmModel, roleRepresentation);
                }
            }
        }
        if (rolesRepresentation.getClient() != null) {
            for (Map.Entry<String, List<RoleRepresentation>> entry : rolesRepresentation.getClient().entrySet()) {
                ClientModel clientByClientId = realmModel.getClientByClientId(entry.getKey());
                if (clientByClientId == null) {
                    throw new RuntimeException("App doesn't exist in role definitions: " + entry.getKey());
                }
                for (RoleRepresentation roleRepresentation2 : entry.getValue()) {
                    RoleModel addRole = roleRepresentation2.getId() != null ? clientByClientId.addRole(roleRepresentation2.getId(), roleRepresentation2.getName()) : clientByClientId.addRole(roleRepresentation2.getName());
                    addRole.setDescription(roleRepresentation2.getDescription());
                    if (roleRepresentation2.getAttributes() != null) {
                        roleRepresentation2.getAttributes().forEach((str, list) -> {
                            addRole.setAttribute(str, list);
                        });
                    }
                }
            }
        }
        if (rolesRepresentation.getRealm() != null) {
            for (RoleRepresentation roleRepresentation3 : rolesRepresentation.getRealm()) {
                addComposites(realmModel.getRole(roleRepresentation3.getName()), roleRepresentation3, realmModel);
            }
        }
        if (rolesRepresentation.getClient() != null) {
            for (Map.Entry<String, List<RoleRepresentation>> entry2 : rolesRepresentation.getClient().entrySet()) {
                ClientModel clientByClientId2 = realmModel.getClientByClientId(entry2.getKey());
                if (clientByClientId2 == null) {
                    throw new RuntimeException("App doesn't exist in role definitions: " + entry2.getKey());
                }
                for (RoleRepresentation roleRepresentation4 : entry2.getValue()) {
                    addComposites(clientByClientId2.getRole(roleRepresentation4.getName()), roleRepresentation4, realmModel);
                }
            }
        }
    }

    public static void importGroup(RealmModel realmModel, GroupModel groupModel, GroupRepresentation groupRepresentation) {
        GroupModel createGroup = realmModel.createGroup(groupRepresentation.getId(), groupRepresentation.getName(), groupModel);
        if (groupRepresentation.getAttributes() != null) {
            for (Map.Entry<String, List<String>> entry : groupRepresentation.getAttributes().entrySet()) {
                createGroup.setAttribute(entry.getKey(), entry.getValue());
            }
        }
        if (groupRepresentation.getRealmRoles() != null) {
            for (String str : groupRepresentation.getRealmRoles()) {
                RoleModel role = realmModel.getRole(str.trim());
                if (role == null) {
                    role = realmModel.addRole(str.trim());
                }
                createGroup.grantRole(role);
            }
        }
        if (groupRepresentation.getClientRoles() != null) {
            for (Map.Entry<String, List<String>> entry2 : groupRepresentation.getClientRoles().entrySet()) {
                ClientModel clientByClientId = realmModel.getClientByClientId(entry2.getKey());
                if (clientByClientId == null) {
                    throw new RuntimeException("Unable to find client role mappings for client: " + entry2.getKey());
                }
                for (String str2 : entry2.getValue()) {
                    RoleModel role2 = clientByClientId.getRole(str2.trim());
                    if (role2 == null) {
                        role2 = clientByClientId.addRole(str2.trim());
                    }
                    createGroup.grantRole(role2);
                }
            }
        }
        if (groupRepresentation.getSubGroups() != null) {
            Iterator<GroupRepresentation> it = groupRepresentation.getSubGroups().iterator();
            while (it.hasNext()) {
                importGroup(realmModel, createGroup, it.next());
            }
        }
    }

    private static void convertDeprecatedCredentialsFormat(UserRepresentation userRepresentation) {
        if (userRepresentation.getCredentials() != null) {
            for (CredentialRepresentation credentialRepresentation : userRepresentation.getCredentials()) {
                try {
                    if ((credentialRepresentation.getCredentialData() == null || credentialRepresentation.getSecretData() == null) && credentialRepresentation.getValue() == null) {
                        logger.warnf("Using deprecated 'credentials' format in JSON representation for user '%s'. It will be removed in future versions", userRepresentation.getUsername());
                        if ("password".equals(credentialRepresentation.getType()) || "password-history".equals(credentialRepresentation.getType())) {
                            credentialRepresentation.setCredentialData(JsonSerialization.writeValueAsString(new PasswordCredentialData(credentialRepresentation.getHashIterations().intValue(), credentialRepresentation.getAlgorithm())));
                            credentialRepresentation.setSecretData("{\"value\":\"" + credentialRepresentation.getHashedSaltedValue() + "\",\"salt\":\"" + credentialRepresentation.getSalt() + "\"}");
                            credentialRepresentation.setPriority(10);
                        } else if ("totp".equals(credentialRepresentation.getType()) || "hotp".equals(credentialRepresentation.getType())) {
                            OTPCredentialData oTPCredentialData = new OTPCredentialData(credentialRepresentation.getType(), credentialRepresentation.getDigits().intValue(), credentialRepresentation.getCounter().intValue(), credentialRepresentation.getPeriod().intValue(), credentialRepresentation.getAlgorithm());
                            OTPSecretData oTPSecretData = new OTPSecretData(credentialRepresentation.getHashedSaltedValue());
                            credentialRepresentation.setCredentialData(JsonSerialization.writeValueAsString(oTPCredentialData));
                            credentialRepresentation.setSecretData(JsonSerialization.writeValueAsString(oTPSecretData));
                            credentialRepresentation.setPriority(20);
                            credentialRepresentation.setType("otp");
                        }
                    }
                } catch (IOException e) {
                    throw new RuntimeException(e);
                }
            }
        }
    }

    public static void updateRealm(RealmRepresentation realmRepresentation, RealmModel realmModel, KeycloakSession keycloakSession) {
        ((DatastoreProvider) keycloakSession.getProvider(DatastoreProvider.class)).getExportImportManager().updateRealm(realmRepresentation, realmModel);
    }

    public static RoleModel createRole(RealmModel realmModel, RoleRepresentation roleRepresentation) {
        RoleModel addRole = roleRepresentation.getId() != null ? realmModel.addRole(roleRepresentation.getId(), roleRepresentation.getName()) : realmModel.addRole(roleRepresentation.getName());
        if (roleRepresentation.getDescription() != null) {
            addRole.setDescription(roleRepresentation.getDescription());
        }
        if (roleRepresentation.getAttributes() != null) {
            for (Map.Entry<String, List<String>> entry : roleRepresentation.getAttributes().entrySet()) {
                addRole.setAttribute(entry.getKey(), entry.getValue());
            }
        }
        return addRole;
    }

    private static void addComposites(RoleModel roleModel, RoleRepresentation roleRepresentation, RealmModel realmModel) {
        if (roleRepresentation.getComposites() == null) {
            return;
        }
        if (roleRepresentation.getComposites().getRealm() != null) {
            for (String str : roleRepresentation.getComposites().getRealm()) {
                RoleModel role = realmModel.getRole(str);
                if (role == null) {
                    throw new RuntimeException("Unable to find composite realm role: " + str);
                }
                roleModel.addCompositeRole(role);
            }
        }
        if (roleRepresentation.getComposites().getClient() != null) {
            for (Map.Entry<String, List<String>> entry : roleRepresentation.getComposites().getClient().entrySet()) {
                ClientModel clientByClientId = realmModel.getClientByClientId(entry.getKey());
                if (clientByClientId == null) {
                    throw new RuntimeException("App doesn't exist in role definitions: " + roleRepresentation.getName());
                }
                for (String str2 : entry.getValue()) {
                    RoleModel role2 = clientByClientId.getRole(str2);
                    if (role2 == null) {
                        throw new RuntimeException("Unable to find composite client role: " + str2);
                    }
                    roleModel.addCompositeRole(role2);
                }
            }
        }
    }

    public static ClientModel createClient(KeycloakSession keycloakSession, RealmModel realmModel, ClientRepresentation clientRepresentation) {
        return createClient(keycloakSession, realmModel, clientRepresentation, null);
    }

    public static ClientModel createClient(KeycloakSession keycloakSession, RealmModel realmModel, ClientRepresentation clientRepresentation, Map<String, String> map) {
        logger.debugv("Create client: {0}", clientRepresentation.getClientId());
        ClientModel addClient = clientRepresentation.getId() != null ? realmModel.addClient(clientRepresentation.getId(), clientRepresentation.getClientId()) : realmModel.addClient(clientRepresentation.getClientId());
        if (clientRepresentation.getName() != null) {
            addClient.setName(clientRepresentation.getName());
        }
        if (clientRepresentation.getDescription() != null) {
            addClient.setDescription(clientRepresentation.getDescription());
        }
        if (clientRepresentation.isEnabled() != null) {
            addClient.setEnabled(clientRepresentation.isEnabled().booleanValue());
        }
        if (clientRepresentation.isAlwaysDisplayInConsole() != null) {
            addClient.setAlwaysDisplayInConsole(clientRepresentation.isAlwaysDisplayInConsole().booleanValue());
        }
        addClient.setManagementUrl(clientRepresentation.getAdminUrl());
        if (clientRepresentation.isSurrogateAuthRequired() != null) {
            addClient.setSurrogateAuthRequired(clientRepresentation.isSurrogateAuthRequired().booleanValue());
        }
        if (clientRepresentation.getRootUrl() != null) {
            addClient.setRootUrl(clientRepresentation.getRootUrl());
        }
        if (clientRepresentation.getBaseUrl() != null) {
            addClient.setBaseUrl(clientRepresentation.getBaseUrl());
        }
        if (clientRepresentation.isBearerOnly() != null) {
            addClient.setBearerOnly(clientRepresentation.isBearerOnly().booleanValue());
        }
        if (clientRepresentation.isConsentRequired() != null) {
            addClient.setConsentRequired(clientRepresentation.isConsentRequired().booleanValue());
        }
        if (clientRepresentation.isDirectGrantsOnly() != null) {
            logger.warn("Using deprecated 'directGrantsOnly' configuration in JSON representation. It will be removed in future versions");
            addClient.setStandardFlowEnabled(!clientRepresentation.isDirectGrantsOnly().booleanValue());
            addClient.setDirectAccessGrantsEnabled(clientRepresentation.isDirectGrantsOnly().booleanValue());
        }
        if (clientRepresentation.isStandardFlowEnabled() != null) {
            addClient.setStandardFlowEnabled(clientRepresentation.isStandardFlowEnabled().booleanValue());
        }
        if (clientRepresentation.isImplicitFlowEnabled() != null) {
            addClient.setImplicitFlowEnabled(clientRepresentation.isImplicitFlowEnabled().booleanValue());
        }
        if (clientRepresentation.isDirectAccessGrantsEnabled() != null) {
            addClient.setDirectAccessGrantsEnabled(clientRepresentation.isDirectAccessGrantsEnabled().booleanValue());
        }
        if (clientRepresentation.isServiceAccountsEnabled() != null) {
            addClient.setServiceAccountsEnabled(clientRepresentation.isServiceAccountsEnabled().booleanValue());
        }
        if (clientRepresentation.isPublicClient() != null) {
            addClient.setPublicClient(clientRepresentation.isPublicClient().booleanValue());
        }
        if (clientRepresentation.isFrontchannelLogout() != null) {
            addClient.setFrontchannelLogout(clientRepresentation.isFrontchannelLogout().booleanValue());
        }
        if (clientRepresentation.getProtocol() != null) {
            addClient.setProtocol(clientRepresentation.getProtocol());
        } else {
            addClient.setProtocol(OIDC);
        }
        if (clientRepresentation.getNodeReRegistrationTimeout() != null) {
            addClient.setNodeReRegistrationTimeout(clientRepresentation.getNodeReRegistrationTimeout().intValue());
        } else {
            addClient.setNodeReRegistrationTimeout(-1);
        }
        if (clientRepresentation.getNotBefore() != null) {
            addClient.setNotBefore(clientRepresentation.getNotBefore().intValue());
        }
        if (clientRepresentation.getClientAuthenticatorType() != null) {
            addClient.setClientAuthenticatorType(clientRepresentation.getClientAuthenticatorType());
        } else {
            addClient.setClientAuthenticatorType(KeycloakModelUtils.getDefaultClientAuthenticatorType());
        }
        if (Objects.nonNull(clientRepresentation.getSecret())) {
            addClient.setSecret(clientRepresentation.getSecret());
        } else if (addClient.isPublicClient() || addClient.isBearerOnly()) {
            addClient.setSecret(null);
        } else {
            KeycloakModelUtils.generateSecret(addClient);
        }
        if (clientRepresentation.getAttributes() != null) {
            for (Map.Entry<String, String> entry : clientRepresentation.getAttributes().entrySet()) {
                addClient.setAttribute(entry.getKey(), entry.getValue());
            }
        }
        if ("saml".equals(clientRepresentation.getProtocol()) && (clientRepresentation.getAttributes() == null || !clientRepresentation.getAttributes().containsKey("saml.artifact.binding.identifier"))) {
            addClient.setAttribute("saml.artifact.binding.identifier", ArtifactBindingUtils.computeArtifactBindingIdentifierString(clientRepresentation.getClientId()));
        }
        if (clientRepresentation.getAuthenticationFlowBindingOverrides() != null) {
            for (Map.Entry<String, String> entry2 : clientRepresentation.getAuthenticationFlowBindingOverrides().entrySet()) {
                if (entry2.getValue() != null && !entry2.getValue().trim().equals("")) {
                    String value = entry2.getValue();
                    if (map != null && map.containsKey(value)) {
                        value = map.get(value);
                    }
                    if (addClient.getRealm().getAuthenticationFlowById(value) == null) {
                        throw new RuntimeException("Unable to resolve auth flow binding override for: " + entry2.getKey());
                    }
                    addClient.setAuthenticationFlowBindingOverride(entry2.getKey(), value);
                }
            }
        }
        if (clientRepresentation.getRedirectUris() != null) {
            Iterator<String> it = clientRepresentation.getRedirectUris().iterator();
            while (it.hasNext()) {
                addClient.addRedirectUri(it.next());
            }
        }
        if (clientRepresentation.getWebOrigins() != null) {
            for (String str : clientRepresentation.getWebOrigins()) {
                logger.debugv("Client: {0} webOrigin: {1}", clientRepresentation.getClientId(), str);
                addClient.addWebOrigin(str);
            }
        } else if (clientRepresentation.getRedirectUris() != null) {
            HashSet hashSet = new HashSet();
            for (String str2 : clientRepresentation.getRedirectUris()) {
                logger.debugv("add redirect-uri to origin: {0}", str2);
                if (str2.startsWith("http")) {
                    String origin = UriUtils.getOrigin(str2);
                    logger.debugv("adding default client origin: {0}", origin);
                    hashSet.add(origin);
                }
            }
            if (hashSet.size() > 0) {
                addClient.setWebOrigins(hashSet);
            }
        }
        if (clientRepresentation.getRegisteredNodes() != null) {
            for (Map.Entry<String, Integer> entry3 : clientRepresentation.getRegisteredNodes().entrySet()) {
                addClient.registerNode(entry3.getKey(), entry3.getValue().intValue());
            }
        }
        if (clientRepresentation.getProtocolMappers() != null) {
            List list = (List) addClient.getProtocolMappersStream().collect(Collectors.toList());
            Objects.requireNonNull(addClient);
            list.forEach(addClient::removeProtocolMapper);
            Iterator<ProtocolMapperRepresentation> it2 = clientRepresentation.getProtocolMappers().iterator();
            while (it2.hasNext()) {
                addClient.addProtocolMapper(toModel(it2.next()));
            }
            MigrationUtils.updateProtocolMappers(addClient);
        }
        if (clientRepresentation.getClientTemplate() != null) {
            addClientScopeToClient(realmModel, addClient, KeycloakModelUtils.convertClientScopeName(clientRepresentation.getClientTemplate()), true);
        }
        if (clientRepresentation.getDefaultClientScopes() != null || clientRepresentation.getOptionalClientScopes() != null) {
            Iterator<ClientScopeModel> it3 = addClient.getClientScopes(true).values().iterator();
            while (it3.hasNext()) {
                addClient.removeClientScope(it3.next());
            }
            Iterator<ClientScopeModel> it4 = addClient.getClientScopes(false).values().iterator();
            while (it4.hasNext()) {
                addClient.removeClientScope(it4.next());
            }
        }
        if (clientRepresentation.getDefaultClientScopes() != null) {
            Iterator<String> it5 = clientRepresentation.getDefaultClientScopes().iterator();
            while (it5.hasNext()) {
                addClientScopeToClient(realmModel, addClient, it5.next(), true);
            }
        }
        if (clientRepresentation.getOptionalClientScopes() != null) {
            Iterator<String> it6 = clientRepresentation.getOptionalClientScopes().iterator();
            while (it6.hasNext()) {
                addClientScopeToClient(realmModel, addClient, it6.next(), false);
            }
        }
        if (clientRepresentation.isFullScopeAllowed() != null) {
            addClient.setFullScopeAllowed(clientRepresentation.isFullScopeAllowed().booleanValue());
        } else {
            addClient.setFullScopeAllowed(!addClient.isConsentRequired());
        }
        addClient.updateClient();
        clientRepresentation.setId(addClient.getId());
        return addClient;
    }

    private static void addClientScopeToClient(RealmModel realmModel, ClientModel clientModel, String str, boolean z) {
        ClientScopeModel clientScopeByName = KeycloakModelUtils.getClientScopeByName(realmModel, str);
        if (clientScopeByName != null) {
            clientModel.addClientScope(clientScopeByName, z);
        } else {
            logger.warnf("Referenced client scope '%s' doesn't exist. Ignoring", str);
        }
    }

    public static void updateClient(ClientRepresentation clientRepresentation, final ClientModel clientModel, final KeycloakSession keycloakSession) {
        final String clientId = clientRepresentation.getClientId();
        final String clientId2 = clientModel.getClientId();
        if (clientId != null) {
            clientModel.setClientId(clientId);
        }
        if (clientRepresentation.getName() != null) {
            clientModel.setName(clientRepresentation.getName());
        }
        if (clientRepresentation.getDescription() != null) {
            clientModel.setDescription(clientRepresentation.getDescription());
        }
        if (clientRepresentation.isEnabled() != null) {
            clientModel.setEnabled(clientRepresentation.isEnabled().booleanValue());
        }
        if (clientRepresentation.isAlwaysDisplayInConsole() != null) {
            clientModel.setAlwaysDisplayInConsole(clientRepresentation.isAlwaysDisplayInConsole().booleanValue());
        }
        if (clientRepresentation.isBearerOnly() != null) {
            clientModel.setBearerOnly(clientRepresentation.isBearerOnly().booleanValue());
        }
        if (clientRepresentation.isConsentRequired() != null) {
            clientModel.setConsentRequired(clientRepresentation.isConsentRequired().booleanValue());
        }
        if (clientRepresentation.isStandardFlowEnabled() != null) {
            clientModel.setStandardFlowEnabled(clientRepresentation.isStandardFlowEnabled().booleanValue());
        }
        if (clientRepresentation.isImplicitFlowEnabled() != null) {
            clientModel.setImplicitFlowEnabled(clientRepresentation.isImplicitFlowEnabled().booleanValue());
        }
        if (clientRepresentation.isDirectAccessGrantsEnabled() != null) {
            clientModel.setDirectAccessGrantsEnabled(clientRepresentation.isDirectAccessGrantsEnabled().booleanValue());
        }
        if (clientRepresentation.isServiceAccountsEnabled() != null) {
            clientModel.setServiceAccountsEnabled(clientRepresentation.isServiceAccountsEnabled().booleanValue());
        }
        if (clientRepresentation.isPublicClient() != null) {
            clientModel.setPublicClient(clientRepresentation.isPublicClient().booleanValue());
        }
        if (clientRepresentation.isFullScopeAllowed() != null) {
            clientModel.setFullScopeAllowed(clientRepresentation.isFullScopeAllowed().booleanValue());
        }
        if (clientRepresentation.isFrontchannelLogout() != null) {
            clientModel.setFrontchannelLogout(clientRepresentation.isFrontchannelLogout().booleanValue());
        }
        if (clientRepresentation.getRootUrl() != null) {
            clientModel.setRootUrl(clientRepresentation.getRootUrl());
        }
        if (clientRepresentation.getAdminUrl() != null) {
            clientModel.setManagementUrl(clientRepresentation.getAdminUrl());
        }
        if (clientRepresentation.getBaseUrl() != null) {
            clientModel.setBaseUrl(clientRepresentation.getBaseUrl());
        }
        if (clientRepresentation.isSurrogateAuthRequired() != null) {
            clientModel.setSurrogateAuthRequired(clientRepresentation.isSurrogateAuthRequired().booleanValue());
        }
        if (clientRepresentation.getNodeReRegistrationTimeout() != null) {
            clientModel.setNodeReRegistrationTimeout(clientRepresentation.getNodeReRegistrationTimeout().intValue());
        }
        if (clientRepresentation.getClientAuthenticatorType() != null) {
            clientModel.setClientAuthenticatorType(clientRepresentation.getClientAuthenticatorType());
        }
        if (clientRepresentation.getProtocol() != null) {
            clientModel.setProtocol(clientRepresentation.getProtocol());
        }
        if (clientRepresentation.getAttributes() != null) {
            for (Map.Entry<String, String> entry : clientRepresentation.getAttributes().entrySet()) {
                clientModel.setAttribute(entry.getKey(), entry.getValue());
            }
        }
        if (clientRepresentation.getAttributes() != null) {
            for (Map.Entry<String, String> entry2 : removeEmptyString(clientRepresentation.getAttributes()).entrySet()) {
                clientModel.setAttribute(entry2.getKey(), entry2.getValue());
            }
        }
        if ("saml".equals(clientRepresentation.getProtocol()) && (clientRepresentation.getAttributes() == null || !clientRepresentation.getAttributes().containsKey("saml.artifact.binding.identifier"))) {
            clientModel.setAttribute("saml.artifact.binding.identifier", ArtifactBindingUtils.computeArtifactBindingIdentifierString(clientId));
        }
        if (clientRepresentation.getAuthenticationFlowBindingOverrides() != null) {
            for (Map.Entry<String, String> entry3 : clientRepresentation.getAuthenticationFlowBindingOverrides().entrySet()) {
                if (entry3.getValue() == null || entry3.getValue().trim().equals("")) {
                    clientModel.removeAuthenticationFlowBindingOverride(entry3.getKey());
                } else {
                    if (clientModel.getRealm().getAuthenticationFlowById(entry3.getValue()) == null) {
                        throw new RuntimeException("Unable to resolve auth flow binding override for: " + entry3.getKey());
                    }
                    clientModel.setAuthenticationFlowBindingOverride(entry3.getKey(), entry3.getValue());
                }
            }
        }
        if (clientRepresentation.getNotBefore() != null) {
            clientModel.setNotBefore(clientRepresentation.getNotBefore().intValue());
        }
        List<String> redirectUris = clientRepresentation.getRedirectUris();
        if (redirectUris != null) {
            clientModel.setRedirectUris(new HashSet(redirectUris));
        }
        List<String> webOrigins = clientRepresentation.getWebOrigins();
        if (webOrigins != null) {
            clientModel.setWebOrigins(new HashSet(webOrigins));
        }
        if (clientRepresentation.getRegisteredNodes() != null) {
            for (Map.Entry<String, Integer> entry4 : clientRepresentation.getRegisteredNodes().entrySet()) {
                clientModel.registerNode(entry4.getKey(), entry4.getValue().intValue());
            }
        }
        if (clientModel.isPublicClient() || clientModel.isBearerOnly()) {
            clientModel.setSecret(null);
        } else {
            String secret = clientModel.getSecret();
            String secret2 = clientRepresentation.getSecret();
            if (secret2 == null && secret == null) {
                KeycloakModelUtils.generateSecret(clientModel);
            } else if (secret2 != null) {
                clientModel.setSecret(secret2);
            }
        }
        clientModel.updateClient();
        if (Objects.equals(clientId, clientId2)) {
            return;
        }
        keycloakSession.getKeycloakSessionFactory().publish(new ClientModel.ClientIdChangeEvent() { // from class: org.keycloak.models.utils.RepresentationToModel.1
            @Override // org.keycloak.models.ClientModel.ClientIdChangeEvent
            public ClientModel getUpdatedClient() {
                return ClientModel.this;
            }

            @Override // org.keycloak.models.ClientModel.ClientIdChangeEvent
            public String getPreviousClientId() {
                return clientId2;
            }

            @Override // org.keycloak.models.ClientModel.ClientIdChangeEvent
            public String getNewClientId() {
                return clientId;
            }

            @Override // org.keycloak.models.ClientModel.ClientIdChangeEvent
            public KeycloakSession getKeycloakSession() {
                return keycloakSession;
            }
        });
    }

    public static void updateClientProtocolMappers(ClientRepresentation clientRepresentation, ClientModel clientModel) {
        if (clientRepresentation.getProtocolMappers() != null) {
            Map map = (Map) clientModel.getProtocolMappersStream().collect(Collectors.toMap(protocolMapperModel -> {
                return generateProtocolNameKey(protocolMapperModel.getProtocol(), protocolMapperModel.getName());
            }, Function.identity()));
            for (ProtocolMapperRepresentation protocolMapperRepresentation : clientRepresentation.getProtocolMappers()) {
                String generateProtocolNameKey = generateProtocolNameKey(protocolMapperRepresentation.getProtocol(), protocolMapperRepresentation.getName());
                ProtocolMapperModel protocolMapperModel2 = (ProtocolMapperModel) map.get(generateProtocolNameKey);
                if (protocolMapperModel2 != null) {
                    ProtocolMapperModel model = toModel(protocolMapperRepresentation);
                    model.setId(protocolMapperModel2.getId());
                    clientModel.updateProtocolMapper(model);
                    map.remove(generateProtocolNameKey);
                } else {
                    clientModel.addProtocolMapper(toModel(protocolMapperRepresentation));
                }
            }
            Iterator it = map.entrySet().iterator();
            while (it.hasNext()) {
                clientModel.removeProtocolMapper((ProtocolMapperModel) ((Map.Entry) it.next()).getValue());
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static String generateProtocolNameKey(String str, String str2) {
        return String.format("%s%%%s", str, str2);
    }

    public static ClientScopeModel createClientScope(KeycloakSession keycloakSession, RealmModel realmModel, ClientScopeRepresentation clientScopeRepresentation) {
        logger.debugv("Create client scope: {0}", clientScopeRepresentation.getName());
        ClientScopeModel addClientScope = clientScopeRepresentation.getId() != null ? realmModel.addClientScope(clientScopeRepresentation.getId(), clientScopeRepresentation.getName()) : realmModel.addClientScope(clientScopeRepresentation.getName());
        if (clientScopeRepresentation.getName() != null) {
            addClientScope.setName(clientScopeRepresentation.getName());
        }
        if (clientScopeRepresentation.getDescription() != null) {
            addClientScope.setDescription(clientScopeRepresentation.getDescription());
        }
        if (clientScopeRepresentation.getProtocol() != null) {
            addClientScope.setProtocol(clientScopeRepresentation.getProtocol());
        }
        if (clientScopeRepresentation.getProtocolMappers() != null) {
            List list = (List) addClientScope.getProtocolMappersStream().collect(Collectors.toList());
            Objects.requireNonNull(addClientScope);
            list.forEach(addClientScope::removeProtocolMapper);
            Iterator<ProtocolMapperRepresentation> it = clientScopeRepresentation.getProtocolMappers().iterator();
            while (it.hasNext()) {
                addClientScope.addProtocolMapper(toModel(it.next()));
            }
            MigrationUtils.updateProtocolMappers(addClientScope);
        }
        if (clientScopeRepresentation.getAttributes() != null) {
            for (Map.Entry<String, String> entry : clientScopeRepresentation.getAttributes().entrySet()) {
                addClientScope.setAttribute(entry.getKey(), entry.getValue());
            }
        }
        return addClientScope;
    }

    public static void updateClientScope(ClientScopeRepresentation clientScopeRepresentation, ClientScopeModel clientScopeModel) {
        if (clientScopeRepresentation.getName() != null) {
            clientScopeModel.setName(clientScopeRepresentation.getName());
        }
        if (clientScopeRepresentation.getDescription() != null) {
            clientScopeModel.setDescription(clientScopeRepresentation.getDescription());
        }
        if (clientScopeRepresentation.getProtocol() != null) {
            clientScopeModel.setProtocol(clientScopeRepresentation.getProtocol());
        }
        if (clientScopeRepresentation.getAttributes() != null) {
            for (Map.Entry<String, String> entry : clientScopeRepresentation.getAttributes().entrySet()) {
                clientScopeModel.setAttribute(entry.getKey(), entry.getValue());
            }
        }
    }

    public static UserModel createUser(KeycloakSession keycloakSession, RealmModel realmModel, UserRepresentation userRepresentation) {
        return ((DatastoreProvider) keycloakSession.getProvider(DatastoreProvider.class)).getExportImportManager().createUser(realmModel, userRepresentation);
    }

    public static void createGroups(UserRepresentation userRepresentation, RealmModel realmModel, UserModel userModel) {
        if (userRepresentation.getGroups() != null) {
            for (String str : userRepresentation.getGroups()) {
                GroupModel findGroupByPath = KeycloakModelUtils.findGroupByPath(realmModel, str);
                if (findGroupByPath == null) {
                    throw new RuntimeException("Unable to find group specified by path: " + str);
                }
                userModel.joinGroup(findGroupByPath);
            }
        }
    }

    public static void createFederatedIdentities(UserRepresentation userRepresentation, KeycloakSession keycloakSession, RealmModel realmModel, UserModel userModel) {
        if (userRepresentation.getFederatedIdentities() != null) {
            for (FederatedIdentityRepresentation federatedIdentityRepresentation : userRepresentation.getFederatedIdentities()) {
                keycloakSession.users().addFederatedIdentity(realmModel, userModel, new FederatedIdentityModel(federatedIdentityRepresentation.getIdentityProvider(), federatedIdentityRepresentation.getUserId(), federatedIdentityRepresentation.getUserName()));
            }
        }
    }

    public static void createCredentials(UserRepresentation userRepresentation, KeycloakSession keycloakSession, RealmModel realmModel, UserModel userModel, boolean z) {
        convertDeprecatedCredentialsFormat(userRepresentation);
        if (userRepresentation.getCredentials() != null) {
            for (CredentialRepresentation credentialRepresentation : userRepresentation.getCredentials()) {
                if (credentialRepresentation.getId() == null || userModel.credentialManager().getStoredCredentialById(credentialRepresentation.getId()) == null) {
                    if (credentialRepresentation.getValue() == null || credentialRepresentation.getValue().isEmpty()) {
                        userModel.credentialManager().createCredentialThroughProvider(toModel(credentialRepresentation));
                    } else {
                        RealmModel realm = keycloakSession.getContext().getRealm();
                        try {
                            try {
                                keycloakSession.getContext().setRealm(realmModel);
                                userModel.credentialManager().updateCredential(UserCredentialModel.password(credentialRepresentation.getValue(), false));
                                keycloakSession.getContext().setRealm(realm);
                            } catch (ModelException e) {
                                throw new PasswordPolicyNotMetException(e.getMessage(), userModel.getUsername(), e);
                            }
                        } catch (Throwable th) {
                            keycloakSession.getContext().setRealm(realm);
                            throw th;
                        }
                    }
                }
            }
        }
    }

    public static CredentialModel toModel(CredentialRepresentation credentialRepresentation) {
        CredentialModel credentialModel = new CredentialModel();
        credentialModel.setCreatedDate(credentialRepresentation.getCreatedDate());
        credentialModel.setType(credentialRepresentation.getType());
        credentialModel.setUserLabel(credentialRepresentation.getUserLabel());
        credentialModel.setSecretData(credentialRepresentation.getSecretData());
        credentialModel.setCredentialData(credentialRepresentation.getCredentialData());
        credentialModel.setId(credentialRepresentation.getId());
        return credentialModel;
    }

    public static void createRoleMappings(UserRepresentation userRepresentation, UserModel userModel, RealmModel realmModel) {
        if (userRepresentation.getRealmRoles() != null) {
            for (String str : userRepresentation.getRealmRoles()) {
                RoleModel role = realmModel.getRole(str.trim());
                if (role == null) {
                    role = realmModel.addRole(str.trim());
                }
                userModel.grantRole(role);
            }
        }
        if (userRepresentation.getClientRoles() != null) {
            for (Map.Entry<String, List<String>> entry : userRepresentation.getClientRoles().entrySet()) {
                ClientModel clientByClientId = realmModel.getClientByClientId(entry.getKey());
                if (clientByClientId == null) {
                    throw new RuntimeException("Unable to find client role mappings for client: " + entry.getKey());
                }
                createClientRoleMappings(clientByClientId, userModel, entry.getValue());
            }
        }
    }

    private static void createClientRoleMappings(ClientModel clientModel, UserModel userModel, List<String> list) {
        if (userModel == null) {
            throw new RuntimeException("User not found");
        }
        for (String str : list) {
            RoleModel role = clientModel.getRole(str.trim());
            if (role == null) {
                role = clientModel.addRole(str.trim());
            }
            userModel.grantRole(role);
        }
    }

    public static IdentityProviderModel toModel(RealmModel realmModel, IdentityProviderRepresentation identityProviderRepresentation, KeycloakSession keycloakSession) {
        IdentityProviderFactory identityProviderFactory = (IdentityProviderFactory) keycloakSession.getKeycloakSessionFactory().getProviderFactory(IdentityProvider.class, identityProviderRepresentation.getProviderId());
        if (identityProviderFactory == null) {
            identityProviderFactory = (IdentityProviderFactory) keycloakSession.getKeycloakSessionFactory().getProviderFactory(SocialIdentityProvider.class, identityProviderRepresentation.getProviderId());
        }
        if (identityProviderFactory == null) {
            throw new IllegalArgumentException("Invalid identity provider id [" + identityProviderRepresentation.getProviderId() + "]");
        }
        IdentityProviderModel createConfig = identityProviderFactory.createConfig();
        createConfig.setInternalId(identityProviderRepresentation.getInternalId());
        createConfig.setAlias(identityProviderRepresentation.getAlias());
        createConfig.setDisplayName(identityProviderRepresentation.getDisplayName());
        createConfig.setProviderId(identityProviderRepresentation.getProviderId());
        createConfig.setEnabled(identityProviderRepresentation.isEnabled());
        createConfig.setLinkOnly(identityProviderRepresentation.isLinkOnly());
        createConfig.setTrustEmail(identityProviderRepresentation.isTrustEmail());
        createConfig.setAuthenticateByDefault(identityProviderRepresentation.isAuthenticateByDefault());
        createConfig.setStoreToken(identityProviderRepresentation.isStoreToken());
        createConfig.setAddReadTokenRoleOnCreate(identityProviderRepresentation.isAddReadTokenRoleOnCreate());
        createConfig.setConfig(removeEmptyString(identityProviderRepresentation.getConfig()));
        String firstBrokerLoginFlowAlias = identityProviderRepresentation.getFirstBrokerLoginFlowAlias();
        if (firstBrokerLoginFlowAlias == null) {
            firstBrokerLoginFlowAlias = DefaultAuthenticationFlows.FIRST_BROKER_LOGIN_FLOW;
        }
        AuthenticationFlowModel flowByAlias = realmModel.getFlowByAlias(firstBrokerLoginFlowAlias);
        if (flowByAlias == null) {
            throw new ModelException("No available authentication flow with alias: " + firstBrokerLoginFlowAlias);
        }
        createConfig.setFirstBrokerLoginFlowId(flowByAlias.getId());
        String postBrokerLoginFlowAlias = identityProviderRepresentation.getPostBrokerLoginFlowAlias();
        if (postBrokerLoginFlowAlias == null || postBrokerLoginFlowAlias.trim().length() == 0) {
            createConfig.setPostBrokerLoginFlowId(null);
        } else {
            AuthenticationFlowModel flowByAlias2 = realmModel.getFlowByAlias(postBrokerLoginFlowAlias);
            if (flowByAlias2 == null) {
                throw new ModelException("No available authentication flow with alias: " + postBrokerLoginFlowAlias);
            }
            createConfig.setPostBrokerLoginFlowId(flowByAlias2.getId());
        }
        createConfig.validate(realmModel);
        return createConfig;
    }

    public static ProtocolMapperModel toModel(ProtocolMapperRepresentation protocolMapperRepresentation) {
        ProtocolMapperModel protocolMapperModel = new ProtocolMapperModel();
        protocolMapperModel.setId(protocolMapperRepresentation.getId());
        protocolMapperModel.setName(protocolMapperRepresentation.getName());
        protocolMapperModel.setProtocol(protocolMapperRepresentation.getProtocol());
        protocolMapperModel.setProtocolMapper(protocolMapperRepresentation.getProtocolMapper());
        protocolMapperModel.setConfig(removeEmptyString(protocolMapperRepresentation.getConfig()));
        return protocolMapperModel;
    }

    public static IdentityProviderMapperModel toModel(IdentityProviderMapperRepresentation identityProviderMapperRepresentation) {
        IdentityProviderMapperModel identityProviderMapperModel = new IdentityProviderMapperModel();
        identityProviderMapperModel.setId(identityProviderMapperRepresentation.getId());
        identityProviderMapperModel.setName(identityProviderMapperRepresentation.getName());
        identityProviderMapperModel.setIdentityProviderAlias(identityProviderMapperRepresentation.getIdentityProviderAlias());
        identityProviderMapperModel.setIdentityProviderMapper(identityProviderMapperRepresentation.getIdentityProviderMapper());
        identityProviderMapperModel.setConfig(removeEmptyString(identityProviderMapperRepresentation.getConfig()));
        return identityProviderMapperModel;
    }

    public static UserConsentModel toModel(RealmModel realmModel, UserConsentRepresentation userConsentRepresentation) {
        ClientModel clientByClientId = realmModel.getClientByClientId(userConsentRepresentation.getClientId());
        if (clientByClientId == null) {
            throw new RuntimeException("Unable to find client consent mappings for client: " + userConsentRepresentation.getClientId());
        }
        UserConsentModel userConsentModel = new UserConsentModel(clientByClientId);
        userConsentModel.setCreatedDate(userConsentRepresentation.getCreatedDate());
        userConsentModel.setLastUpdatedDate(userConsentRepresentation.getLastUpdatedDate());
        if (userConsentRepresentation.getGrantedClientScopes() != null) {
            for (String str : userConsentRepresentation.getGrantedClientScopes()) {
                ClientScopeModel clientScopeByName = KeycloakModelUtils.getClientScopeByName(realmModel, str);
                if (clientScopeByName == null) {
                    throw new RuntimeException("Unable to find client scope referenced in consent mappings of user. Client scope name: " + str);
                }
                userConsentModel.addGrantedClientScope(clientScopeByName);
            }
        }
        if (userConsentRepresentation.getGrantedRealmRoles() != null && userConsentRepresentation.getGrantedRealmRoles().contains("offline_access")) {
            ClientScopeModel clientScopeModel = clientByClientId.getClientScopes(false).get("offline_access");
            if (clientScopeModel == null) {
                logger.warn("Unable to find offline_access scope referenced in grantedRoles of user");
            }
            userConsentModel.addGrantedClientScope(clientScopeModel);
        }
        return userConsentModel;
    }

    public static AuthenticationFlowModel toModel(AuthenticationFlowRepresentation authenticationFlowRepresentation) {
        AuthenticationFlowModel authenticationFlowModel = new AuthenticationFlowModel();
        authenticationFlowModel.setId(authenticationFlowRepresentation.getId());
        authenticationFlowModel.setBuiltIn(authenticationFlowRepresentation.isBuiltIn());
        authenticationFlowModel.setTopLevel(authenticationFlowRepresentation.isTopLevel());
        authenticationFlowModel.setProviderId(authenticationFlowRepresentation.getProviderId());
        authenticationFlowModel.setAlias(authenticationFlowRepresentation.getAlias());
        authenticationFlowModel.setDescription(authenticationFlowRepresentation.getDescription());
        return authenticationFlowModel;
    }

    public static AuthenticationExecutionModel toModel(RealmModel realmModel, AuthenticationExecutionRepresentation authenticationExecutionRepresentation) {
        AuthenticationExecutionModel authenticationExecutionModel = new AuthenticationExecutionModel();
        authenticationExecutionModel.setId(authenticationExecutionRepresentation.getId());
        authenticationExecutionModel.setFlowId(authenticationExecutionRepresentation.getFlowId());
        authenticationExecutionModel.setAuthenticator(authenticationExecutionRepresentation.getAuthenticator());
        authenticationExecutionModel.setPriority(authenticationExecutionRepresentation.getPriority());
        authenticationExecutionModel.setParentFlow(authenticationExecutionRepresentation.getParentFlow());
        authenticationExecutionModel.setAuthenticatorFlow(authenticationExecutionRepresentation.isAuthenticatorFlow());
        authenticationExecutionModel.setRequirement(AuthenticationExecutionModel.Requirement.valueOf(authenticationExecutionRepresentation.getRequirement()));
        if (authenticationExecutionRepresentation.getAuthenticatorConfig() != null) {
            authenticationExecutionModel.setAuthenticatorConfig(realmModel.getAuthenticatorConfigByAlias(authenticationExecutionRepresentation.getAuthenticatorConfig()).getId());
        }
        return authenticationExecutionModel;
    }

    public static AuthenticatorConfigModel toModel(AuthenticatorConfigRepresentation authenticatorConfigRepresentation) {
        AuthenticatorConfigModel authenticatorConfigModel = new AuthenticatorConfigModel();
        authenticatorConfigModel.setId(authenticatorConfigRepresentation.getId());
        authenticatorConfigModel.setAlias(authenticatorConfigRepresentation.getAlias());
        authenticatorConfigModel.setConfig(removeEmptyString(authenticatorConfigRepresentation.getConfig()));
        return authenticatorConfigModel;
    }

    public static ComponentModel toModel(KeycloakSession keycloakSession, ComponentRepresentation componentRepresentation) {
        ComponentModel componentModel = new ComponentModel();
        componentModel.setId(componentRepresentation.getId());
        componentModel.setParentId(componentRepresentation.getParentId());
        componentModel.setProviderType(componentRepresentation.getProviderType());
        componentModel.setProviderId(componentRepresentation.getProviderId());
        componentModel.setConfig(new MultivaluedHashMap<>());
        componentModel.setName(componentRepresentation.getName());
        componentModel.setSubType(componentRepresentation.getSubType());
        if (componentRepresentation.getConfig() != null) {
            for (String str : new HashSet(componentRepresentation.getConfig().keySet())) {
                List list = (List) componentRepresentation.getConfig().get(str);
                if (list != null) {
                    ListIterator listIterator = list.listIterator();
                    while (listIterator.hasNext()) {
                        String str2 = (String) listIterator.next();
                        if (str2 == null || str2.trim().isEmpty()) {
                            listIterator.remove();
                        }
                    }
                    if (!list.isEmpty()) {
                        componentModel.getConfig().put(str, list);
                    }
                }
            }
        }
        return componentModel;
    }

    public static void updateComponent(KeycloakSession keycloakSession, ComponentRepresentation componentRepresentation, ComponentModel componentModel, boolean z) {
        if (componentRepresentation.getName() != null) {
            componentModel.setName(componentRepresentation.getName());
        }
        if (componentRepresentation.getParentId() != null) {
            componentModel.setParentId(componentRepresentation.getParentId());
        }
        if (componentRepresentation.getProviderType() != null) {
            componentModel.setProviderType(componentRepresentation.getProviderType());
        }
        if (componentRepresentation.getProviderId() != null) {
            componentModel.setProviderId(componentRepresentation.getProviderId());
        }
        if (componentRepresentation.getSubType() != null) {
            componentModel.setSubType(componentRepresentation.getSubType());
        }
        Map<String, ProviderConfigProperty> componentConfigProperties = z ? null : ComponentUtil.getComponentConfigProperties(keycloakSession, componentModel);
        if (componentRepresentation.getConfig() != null) {
            for (String str : new HashSet(componentRepresentation.getConfig().keySet())) {
                if (!z && !componentConfigProperties.containsKey(str)) {
                    return;
                }
                List list = (List) componentRepresentation.getConfig().get(str);
                if (list == null || list.isEmpty() || list.get(0) == null || ((String) list.get(0)).trim().isEmpty()) {
                    componentModel.getConfig().remove(str);
                } else {
                    ListIterator listIterator = list.listIterator();
                    while (listIterator.hasNext()) {
                        String str2 = (String) listIterator.next();
                        if (str2 == null || str2.trim().isEmpty() || str2.equals(ComponentRepresentation.SECRET_VALUE)) {
                            listIterator.remove();
                        }
                    }
                    if (!list.isEmpty()) {
                        componentModel.getConfig().put(str, list);
                    }
                }
            }
        }
    }

    public static void importAuthorizationSettings(ClientRepresentation clientRepresentation, ClientModel clientModel, KeycloakSession keycloakSession) {
        if (Profile.isFeatureEnabled(Profile.Feature.AUTHORIZATION) && Boolean.TRUE.equals(clientRepresentation.getAuthorizationServicesEnabled())) {
            AuthorizationProvider create = ((AuthorizationProviderFactory) keycloakSession.getKeycloakSessionFactory().getProviderFactory(AuthorizationProvider.class)).create(keycloakSession, clientModel.getRealm());
            clientModel.setServiceAccountsEnabled(true);
            clientModel.setBearerOnly(false);
            clientModel.setPublicClient(false);
            ResourceServerRepresentation authorizationSettings = clientRepresentation.getAuthorizationSettings();
            if (authorizationSettings == null) {
                authorizationSettings = new ResourceServerRepresentation();
            }
            authorizationSettings.setClientId(clientModel.getId());
            toModel(authorizationSettings, create, clientModel);
        }
    }

    public static ResourceServer toModel(ResourceServerRepresentation resourceServerRepresentation, AuthorizationProvider authorizationProvider, ClientModel clientModel) {
        ResourceServer resourceServer;
        UserModel userByUsername;
        ResourceServerStore resourceServerStore = authorizationProvider.getStoreFactory().getResourceServerStore();
        ResourceServer findByClient = resourceServerStore.findByClient(clientModel);
        if (findByClient == null) {
            resourceServer = resourceServerStore.create(clientModel);
            resourceServer.setAllowRemoteResourceManagement(true);
            resourceServer.setPolicyEnforcementMode(PolicyEnforcementMode.ENFORCING);
        } else {
            resourceServer = findByClient;
        }
        resourceServer.setPolicyEnforcementMode(resourceServerRepresentation.getPolicyEnforcementMode());
        resourceServer.setAllowRemoteResourceManagement(resourceServerRepresentation.isAllowRemoteResourceManagement());
        DecisionStrategy decisionStrategy = resourceServerRepresentation.getDecisionStrategy();
        if (decisionStrategy == null) {
            decisionStrategy = DecisionStrategy.UNANIMOUS;
        }
        resourceServer.setDecisionStrategy(decisionStrategy);
        Iterator<ScopeRepresentation> it = resourceServerRepresentation.getScopes().iterator();
        while (it.hasNext()) {
            toModel(it.next(), resourceServer, authorizationProvider);
        }
        KeycloakSession keycloakSession = authorizationProvider.getKeycloakSession();
        RealmModel realm = authorizationProvider.getRealm();
        for (ResourceRepresentation resourceRepresentation : resourceServerRepresentation.getResources()) {
            ResourceOwnerRepresentation owner = resourceRepresentation.getOwner();
            if (owner == null) {
                ResourceOwnerRepresentation resourceOwnerRepresentation = new ResourceOwnerRepresentation();
                resourceOwnerRepresentation.setId(resourceServer.getClientId());
                resourceRepresentation.setOwner(resourceOwnerRepresentation);
            } else if (owner.getName() != null && (userByUsername = keycloakSession.users().getUserByUsername(realm, owner.getName())) != null) {
                owner.setId(userByUsername.getId());
            }
            toModel(resourceRepresentation, resourceServer, authorizationProvider);
        }
        importPolicies(authorizationProvider, resourceServer, resourceServerRepresentation.getPolicies(), null);
        return resourceServer;
    }

    private static Policy importPolicies(AuthorizationProvider authorizationProvider, ResourceServer resourceServer, List<PolicyRepresentation> list, String str) {
        StoreFactory storeFactory = authorizationProvider.getStoreFactory();
        RealmModel realm = resourceServer.getRealm();
        for (PolicyRepresentation policyRepresentation : list) {
            if (str == null || str.equals(policyRepresentation.getName())) {
                Map<String, String> config = policyRepresentation.getConfig();
                String str2 = config.get("applyPolicies");
                if (str2 != null && !str2.isEmpty()) {
                    PolicyStore policyStore = storeFactory.getPolicyStore();
                    try {
                        List<String> list2 = (List) JsonSerialization.readValue(str2, List.class);
                        HashSet hashSet = new HashSet();
                        for (String str3 : list2) {
                            Policy findByName = policyStore.findByName(resourceServer, str3);
                            if (findByName == null) {
                                findByName = policyStore.findById(realm, resourceServer, str3);
                            }
                            if (findByName == null) {
                                findByName = importPolicies(authorizationProvider, resourceServer, list, str3);
                                if (findByName == null) {
                                    throw new RuntimeException("Policy with name [" + str3 + "] not defined.");
                                }
                            }
                            hashSet.add(findByName.getId());
                        }
                        config.put("applyPolicies", JsonSerialization.writeValueAsString(hashSet));
                    } catch (Exception e) {
                        throw new RuntimeException("Error while importing policy [" + policyRepresentation.getName() + "].", e);
                    }
                }
                PolicyStore policyStore2 = storeFactory.getPolicyStore();
                Policy findById = policyStore2.findById(realm, resourceServer, policyRepresentation.getId());
                if (findById == null) {
                    findById = policyStore2.findByName(resourceServer, policyRepresentation.getName());
                }
                Policy create = findById == null ? policyStore2.create(resourceServer, policyRepresentation) : toModel(policyRepresentation, authorizationProvider, findById);
                if (str != null && str.equals(policyRepresentation.getName())) {
                    return create;
                }
            }
        }
        return null;
    }

    public static Policy toModel(AbstractPolicyRepresentation abstractPolicyRepresentation, AuthorizationProvider authorizationProvider, Policy policy) {
        String str;
        String str2;
        String str3;
        policy.setName(abstractPolicyRepresentation.getName());
        policy.setDescription(abstractPolicyRepresentation.getDescription());
        policy.setDecisionStrategy(abstractPolicyRepresentation.getDecisionStrategy());
        policy.setLogic(abstractPolicyRepresentation.getLogic());
        Set<String> resources = abstractPolicyRepresentation.getResources();
        Set<String> scopes = abstractPolicyRepresentation.getScopes();
        Set<String> policies = abstractPolicyRepresentation.getPolicies();
        if (abstractPolicyRepresentation instanceof PolicyRepresentation) {
            PolicyRepresentation policyRepresentation = (PolicyRepresentation) PolicyRepresentation.class.cast(abstractPolicyRepresentation);
            if (resources == null && (str3 = policyRepresentation.getConfig().get("resources")) != null) {
                try {
                    resources = (Set) JsonSerialization.readValue(str3, Set.class);
                } catch (IOException e) {
                    throw new RuntimeException(e);
                }
            }
            if (scopes == null && (str2 = policyRepresentation.getConfig().get("scopes")) != null) {
                try {
                    scopes = (Set) JsonSerialization.readValue(str2, Set.class);
                } catch (IOException e2) {
                    throw new RuntimeException(e2);
                }
            }
            if (policies == null && (str = policyRepresentation.getConfig().get("applyPolicies")) != null) {
                try {
                    policies = (Set) JsonSerialization.readValue(str, Set.class);
                } catch (IOException e3) {
                    throw new RuntimeException(e3);
                }
            }
            policy.setConfig(policyRepresentation.getConfig());
        }
        StoreFactory storeFactory = authorizationProvider.getStoreFactory();
        updateResources(resources, policy, storeFactory);
        updateScopes(scopes, policy, storeFactory);
        updateAssociatedPolicies(policies, policy, storeFactory);
        PolicyProviderFactory providerFactory = authorizationProvider.getProviderFactory(policy.getType());
        if (providerFactory == null) {
            throw new RuntimeException("Could find policy provider with type [" + policy.getType() + "]");
        }
        if (abstractPolicyRepresentation instanceof PolicyRepresentation) {
            providerFactory.onImport(policy, (PolicyRepresentation) PolicyRepresentation.class.cast(abstractPolicyRepresentation), authorizationProvider);
        } else if (abstractPolicyRepresentation.getId() == null) {
            providerFactory.onCreate(policy, abstractPolicyRepresentation, authorizationProvider);
        } else {
            providerFactory.onUpdate(policy, abstractPolicyRepresentation, authorizationProvider);
        }
        abstractPolicyRepresentation.setId(policy.getId());
        return policy;
    }

    private static void updateScopes(Set<String> set, Policy policy, StoreFactory storeFactory) {
        if (set != null) {
            if (set.isEmpty()) {
                Iterator it = new HashSet(policy.getScopes()).iterator();
                while (it.hasNext()) {
                    policy.removeScope((Scope) it.next());
                }
                return;
            }
            ResourceServer resourceServer = policy.getResourceServer();
            RealmModel realm = resourceServer.getRealm();
            for (String str : set) {
                boolean z = false;
                Iterator it2 = new HashSet(policy.getScopes()).iterator();
                while (it2.hasNext()) {
                    Scope scope = (Scope) it2.next();
                    if (scope.getId().equals(str) || scope.getName().equals(str)) {
                        z = true;
                    }
                }
                if (!z) {
                    Scope findById = storeFactory.getScopeStore().findById(realm, resourceServer, str);
                    if (findById == null) {
                        findById = storeFactory.getScopeStore().findByName(resourceServer, str);
                        if (findById == null) {
                            throw new RuntimeException("Scope with id or name [" + str + "] does not exist");
                        }
                    }
                    policy.addScope(findById);
                }
            }
            Iterator it3 = new HashSet(policy.getScopes()).iterator();
            while (it3.hasNext()) {
                Scope scope2 = (Scope) it3.next();
                boolean z2 = false;
                for (String str2 : set) {
                    if (scope2.getId().equals(str2) || scope2.getName().equals(str2)) {
                        z2 = true;
                    }
                }
                if (!z2) {
                    policy.removeScope(scope2);
                }
            }
        }
        policy.removeConfig("scopes");
    }

    private static void updateAssociatedPolicies(Set<String> set, Policy policy, StoreFactory storeFactory) {
        ResourceServer resourceServer = policy.getResourceServer();
        RealmModel realm = resourceServer.getRealm();
        if (set != null) {
            if (set.isEmpty()) {
                Iterator it = new HashSet(policy.getAssociatedPolicies()).iterator();
                while (it.hasNext()) {
                    policy.removeAssociatedPolicy((Policy) it.next());
                }
                return;
            }
            PolicyStore policyStore = storeFactory.getPolicyStore();
            for (String str : set) {
                boolean z = false;
                Iterator it2 = new HashSet(policy.getAssociatedPolicies()).iterator();
                while (it2.hasNext()) {
                    Policy policy2 = (Policy) it2.next();
                    if (policy2.getId().equals(str) || policy2.getName().equals(str)) {
                        z = true;
                    }
                }
                if (!z) {
                    Policy findById = policyStore.findById(realm, resourceServer, str);
                    if (findById == null) {
                        findById = policyStore.findByName(resourceServer, str);
                        if (findById == null) {
                            throw new RuntimeException("Policy with id or name [" + str + "] does not exist");
                        }
                    }
                    policy.addAssociatedPolicy(findById);
                }
            }
            Iterator it3 = new HashSet(policy.getAssociatedPolicies()).iterator();
            while (it3.hasNext()) {
                Policy policy3 = (Policy) it3.next();
                boolean z2 = false;
                for (String str2 : set) {
                    if (policy3.getId().equals(str2) || policy3.getName().equals(str2)) {
                        z2 = true;
                    }
                }
                if (!z2) {
                    policy.removeAssociatedPolicy(policy3);
                }
            }
        }
        policy.removeConfig("applyPolicies");
    }

    private static void updateResources(Set<String> set, Policy policy, StoreFactory storeFactory) {
        if (set != null) {
            if (set.isEmpty()) {
                Iterator it = new HashSet(policy.getResources()).iterator();
                while (it.hasNext()) {
                    policy.removeResource((Resource) it.next());
                }
            }
            ResourceServer resourceServer = policy.getResourceServer();
            RealmModel realm = resourceServer.getRealm();
            for (String str : set) {
                boolean z = false;
                Iterator it2 = new HashSet(policy.getResources()).iterator();
                while (it2.hasNext()) {
                    Resource resource = (Resource) it2.next();
                    if (resource.getId().equals(str) || resource.getName().equals(str)) {
                        z = true;
                    }
                }
                if (!z && !"".equals(str)) {
                    Resource findById = storeFactory.getResourceStore().findById(realm, resourceServer, str);
                    if (findById == null) {
                        findById = storeFactory.getResourceStore().findByName(resourceServer, str);
                        if (findById == null) {
                            throw new RuntimeException("Resource with id or name [" + str + "] does not exist or is not owned by the resource server");
                        }
                    }
                    policy.addResource(findById);
                }
            }
            Iterator it3 = new HashSet(policy.getResources()).iterator();
            while (it3.hasNext()) {
                Resource resource2 = (Resource) it3.next();
                boolean z2 = false;
                for (String str2 : set) {
                    if (resource2.getId().equals(str2) || resource2.getName().equals(str2)) {
                        z2 = true;
                    }
                }
                if (!z2) {
                    policy.removeResource(resource2);
                }
            }
        }
        policy.removeConfig("resources");
    }

    public static Resource toModel(ResourceRepresentation resourceRepresentation, ResourceServer resourceServer, AuthorizationProvider authorizationProvider) {
        ResourceStore resourceStore = authorizationProvider.getStoreFactory().getResourceStore();
        RealmModel realm = authorizationProvider.getRealm();
        ResourceOwnerRepresentation owner = resourceRepresentation.getOwner();
        if (owner == null) {
            owner = new ResourceOwnerRepresentation();
            owner.setId(resourceServer.getClientId());
        }
        String id = owner.getId();
        if (id == null) {
            id = resourceServer.getClientId();
        }
        if (!resourceServer.getClientId().equals(id)) {
            UserProvider users = authorizationProvider.getKeycloakSession().users();
            UserModel userById = users.getUserById(realm, id);
            if (userById == null) {
                userById = users.getUserByUsername(realm, id);
            }
            if (userById == null) {
                throw new RuntimeException("Owner must be a valid username or user identifier. If the resource server, the client id or null.");
            }
            id = userById.getId();
        }
        Resource findById = resourceRepresentation.getId() != null ? resourceStore.findById(realm, resourceServer, resourceRepresentation.getId()) : resourceStore.findByName(resourceServer, resourceRepresentation.getName(), id);
        if (findById == null) {
            Resource create = resourceStore.create(resourceServer, resourceRepresentation.getId(), resourceRepresentation.getName(), id);
            create.setDisplayName(resourceRepresentation.getDisplayName());
            create.setType(resourceRepresentation.getType());
            create.updateUris(resourceRepresentation.getUris());
            create.setIconUri(resourceRepresentation.getIconUri());
            create.setOwnerManagedAccess(Boolean.TRUE.equals(resourceRepresentation.getOwnerManagedAccess()));
            Set<ScopeRepresentation> scopes = resourceRepresentation.getScopes();
            if (scopes != null) {
                create.updateScopes((Set) scopes.stream().map(scopeRepresentation -> {
                    return toModel(scopeRepresentation, resourceServer, authorizationProvider, false);
                }).collect(Collectors.toSet()));
            }
            Map<String, List<String>> attributes = resourceRepresentation.getAttributes();
            if (attributes != null) {
                for (Map.Entry<String, List<String>> entry : attributes.entrySet()) {
                    create.setAttribute(entry.getKey(), entry.getValue());
                }
            }
            resourceRepresentation.setId(create.getId());
            return create;
        }
        findById.setName(resourceRepresentation.getName());
        findById.setDisplayName(resourceRepresentation.getDisplayName());
        findById.setType(resourceRepresentation.getType());
        findById.updateUris(resourceRepresentation.getUris());
        findById.setIconUri(resourceRepresentation.getIconUri());
        findById.setOwnerManagedAccess(Boolean.TRUE.equals(resourceRepresentation.getOwnerManagedAccess()));
        findById.updateScopes((Set) resourceRepresentation.getScopes().stream().map(scopeRepresentation2 -> {
            return toModel(scopeRepresentation2, resourceServer, authorizationProvider, false);
        }).collect(Collectors.toSet()));
        Map<String, List<String>> attributes2 = resourceRepresentation.getAttributes();
        if (attributes2 != null) {
            for (String str : findById.getAttributes().keySet()) {
                if (attributes2.containsKey(str)) {
                    findById.setAttribute(str, attributes2.get(str));
                    attributes2.remove(str);
                } else {
                    findById.removeAttribute(str);
                }
            }
            for (String str2 : attributes2.keySet()) {
                findById.setAttribute(str2, attributes2.get(str2));
            }
        }
        return findById;
    }

    public static Scope toModel(ScopeRepresentation scopeRepresentation, ResourceServer resourceServer, AuthorizationProvider authorizationProvider) {
        return toModel(scopeRepresentation, resourceServer, authorizationProvider, true);
    }

    public static Scope toModel(ScopeRepresentation scopeRepresentation, ResourceServer resourceServer, AuthorizationProvider authorizationProvider, boolean z) {
        ScopeStore scopeStore = authorizationProvider.getStoreFactory().getScopeStore();
        Scope findById = scopeRepresentation.getId() != null ? scopeStore.findById(resourceServer.getRealm(), resourceServer, scopeRepresentation.getId()) : scopeStore.findByName(resourceServer, scopeRepresentation.getName());
        if (findById != null) {
            if (z) {
                findById.setName(scopeRepresentation.getName());
                findById.setDisplayName(scopeRepresentation.getDisplayName());
                findById.setIconUri(scopeRepresentation.getIconUri());
            }
            return findById;
        }
        Scope create = scopeStore.create(resourceServer, scopeRepresentation.getId(), scopeRepresentation.getName());
        create.setDisplayName(scopeRepresentation.getDisplayName());
        create.setIconUri(scopeRepresentation.getIconUri());
        scopeRepresentation.setId(create.getId());
        return create;
    }

    public static PermissionTicket toModel(PermissionTicketRepresentation permissionTicketRepresentation, ResourceServer resourceServer, AuthorizationProvider authorizationProvider) {
        PermissionTicketStore permissionTicketStore = authorizationProvider.getStoreFactory().getPermissionTicketStore();
        PermissionTicket findById = permissionTicketStore.findById(resourceServer.getRealm(), resourceServer, permissionTicketRepresentation.getId());
        boolean isGranted = permissionTicketRepresentation.isGranted();
        if (isGranted && !findById.isGranted()) {
            findById.setGrantedTimestamp(Long.valueOf(System.currentTimeMillis()));
        } else if (!isGranted) {
            permissionTicketStore.delete(resourceServer.getRealm(), findById.getId());
        }
        return findById;
    }

    public static Map<String, String> removeEmptyString(Map<String, String> map) {
        if (map == null) {
            return null;
        }
        HashMap hashMap = new HashMap(map);
        Iterator it = hashMap.entrySet().iterator();
        while (it.hasNext()) {
            Map.Entry entry = (Map.Entry) it.next();
            if (entry.getValue() == null || ((String) entry.getValue()).equals("")) {
                it.remove();
            }
        }
        return hashMap;
    }

    public static ResourceServer createResourceServer(ClientModel clientModel, KeycloakSession keycloakSession, boolean z) {
        if ((clientModel.isBearerOnly() || clientModel.isPublicClient()) && !clientModel.getClientId().equals(Config.getAdminRealm() + "-realm") && !clientModel.getClientId().equals(Constants.REALM_MANAGEMENT_CLIENT_ID)) {
            throw new RuntimeException("Only confidential clients are allowed to set authorization settings");
        }
        AuthorizationProvider authorizationProvider = (AuthorizationProvider) keycloakSession.getProvider(AuthorizationProvider.class);
        UserModel serviceAccount = keycloakSession.users().getServiceAccount(clientModel);
        if (serviceAccount == null) {
            clientModel.setServiceAccountsEnabled(true);
        }
        if (z) {
            RoleModel role = clientModel.getRole(Constants.AUTHZ_UMA_PROTECTION);
            if (role == null) {
                role = clientModel.addRole(Constants.AUTHZ_UMA_PROTECTION);
            }
            if (serviceAccount != null) {
                serviceAccount.grantRole(role);
            }
        }
        ResourceServerRepresentation resourceServerRepresentation = new ResourceServerRepresentation();
        resourceServerRepresentation.setAllowRemoteResourceManagement(true);
        resourceServerRepresentation.setClientId(clientModel.getId());
        return toModel(resourceServerRepresentation, authorizationProvider, clientModel);
    }
}
