package org.keycloak.services.resources.admin;

import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Set;
import java.util.stream.Collectors;
import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import org.jboss.resteasy.annotations.cache.NoCache;
import org.keycloak.models.ClientModel;
import org.keycloak.models.ClientScopeModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RoleContainerModel;
import org.keycloak.models.RoleModel;
import org.keycloak.models.utils.ModelToRepresentation;
import org.keycloak.protocol.oidc.TokenManager;
import org.keycloak.representations.idm.RoleRepresentation;
import org.keycloak.services.resources.admin.permissions.AdminPermissionEvaluator;
import org.keycloak.utils.MediaType;

/* loaded from: input_file:org/keycloak/services/resources/admin/ClientScopeEvaluateScopeMappingsResource.class */
public class ClientScopeEvaluateScopeMappingsResource {
    private final RoleContainerModel roleContainer;
    private final AdminPermissionEvaluator auth;
    private final ClientModel client;
    private final String scopeParam;
    private final KeycloakSession session;

    public ClientScopeEvaluateScopeMappingsResource(RoleContainerModel roleContainerModel, AdminPermissionEvaluator adminPermissionEvaluator, ClientModel clientModel, String str, KeycloakSession keycloakSession) {
        this.roleContainer = roleContainerModel;
        this.auth = adminPermissionEvaluator;
        this.client = clientModel;
        this.scopeParam = str;
        this.session = keycloakSession;
    }

    @GET
    @Path("/granted")
    @NoCache
    @Produces({MediaType.APPLICATION_JSON})
    public List<RoleRepresentation> getGrantedScopeMappings() {
        return (List) getGrantedRoles().stream().map(roleModel -> {
            return ModelToRepresentation.toBriefRepresentation(roleModel);
        }).collect(Collectors.toList());
    }

    @GET
    @Path("/not-granted")
    @NoCache
    @Produces({MediaType.APPLICATION_JSON})
    public List<RoleRepresentation> getNotGrantedScopeMappings() {
        List<RoleModel> grantedRoles = getGrantedRoles();
        return (List) this.roleContainer.getRoles().stream().filter(roleModel -> {
            return !grantedRoles.contains(roleModel);
        }).map(roleModel2 -> {
            return ModelToRepresentation.toBriefRepresentation(roleModel2);
        }).collect(Collectors.toList());
    }

    private List<RoleModel> getGrantedRoles() {
        if (this.client.isFullScopeAllowed()) {
            return new LinkedList(this.roleContainer.getRoles());
        }
        Set<ClientScopeModel> requestedClientScopes = TokenManager.getRequestedClientScopes(this.scopeParam, this.client);
        LinkedList linkedList = new LinkedList();
        for (RoleModel roleModel : this.roleContainer.getRoles()) {
            if (this.auth.roles().canView(roleModel)) {
                Iterator<ClientScopeModel> it = requestedClientScopes.iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    if (it.next().hasScope(roleModel)) {
                        linkedList.add(roleModel);
                        break;
                    }
                }
            }
        }
        return linkedList;
    }
}
