package org.keycloak.services.clientpolicy.condition;

import java.util.HashSet;
import java.util.List;
import java.util.Set;
import java.util.stream.Collectors;
import org.jboss.logging.Logger;
import org.keycloak.component.ComponentModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.UserModel;
import org.keycloak.representations.JsonWebToken;
import org.keycloak.services.clientpolicy.AdminClientRegisterContext;
import org.keycloak.services.clientpolicy.AdminClientUpdateContext;
import org.keycloak.services.clientpolicy.ClientPolicyContext;
import org.keycloak.services.clientpolicy.ClientPolicyEvent;
import org.keycloak.services.clientpolicy.ClientPolicyException;
import org.keycloak.services.clientpolicy.ClientPolicyLogger;
import org.keycloak.services.clientpolicy.ClientPolicyVote;
import org.keycloak.services.clientpolicy.ClientUpdateContext;
import org.keycloak.services.clientpolicy.DynamicClientRegisterContext;
import org.keycloak.services.clientpolicy.DynamicClientUpdateContext;

/* loaded from: input_file:org/keycloak/services/clientpolicy/condition/ClientUpdateSourceGroupsCondition.class */
public class ClientUpdateSourceGroupsCondition implements ClientPolicyConditionProvider {
    private static final Logger logger = Logger.getLogger(ClientUpdateSourceGroupsCondition.class);
    private final KeycloakSession session;
    private final ComponentModel componentModel;

    /* renamed from: org.keycloak.services.clientpolicy.condition.ClientUpdateSourceGroupsCondition$1, reason: invalid class name */
    /* loaded from: input_file:org/keycloak/services/clientpolicy/condition/ClientUpdateSourceGroupsCondition$1.class */
    static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$keycloak$services$clientpolicy$ClientPolicyEvent = new int[ClientPolicyEvent.values().length];

        static {
            try {
                $SwitchMap$org$keycloak$services$clientpolicy$ClientPolicyEvent[ClientPolicyEvent.REGISTER.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$keycloak$services$clientpolicy$ClientPolicyEvent[ClientPolicyEvent.UPDATE.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
        }
    }

    public ClientUpdateSourceGroupsCondition(KeycloakSession keycloakSession, ComponentModel componentModel) {
        this.session = keycloakSession;
        this.componentModel = componentModel;
    }

    public String getName() {
        return this.componentModel.getName();
    }

    public String getProviderId() {
        return this.componentModel.getProviderId();
    }

    public ClientPolicyVote applyPolicy(ClientPolicyContext clientPolicyContext) throws ClientPolicyException {
        switch (AnonymousClass1.$SwitchMap$org$keycloak$services$clientpolicy$ClientPolicyEvent[clientPolicyContext.getEvent().ordinal()]) {
            case 1:
                if (clientPolicyContext instanceof AdminClientRegisterContext) {
                    return getVoteForGroupsMatched(((ClientUpdateContext) clientPolicyContext).getAuthenticatedUser());
                }
                if (clientPolicyContext instanceof DynamicClientRegisterContext) {
                    return getVoteForGroupsMatched(((ClientUpdateContext) clientPolicyContext).getToken());
                }
                throw new ClientPolicyException("server_error", "unexpected context type.");
            case 2:
                if (clientPolicyContext instanceof AdminClientUpdateContext) {
                    return getVoteForGroupsMatched(((ClientUpdateContext) clientPolicyContext).getAuthenticatedUser());
                }
                if (clientPolicyContext instanceof DynamicClientUpdateContext) {
                    return getVoteForGroupsMatched(((ClientUpdateContext) clientPolicyContext).getToken());
                }
                throw new ClientPolicyException("server_error", "unexpected context type.");
            default:
                return ClientPolicyVote.ABSTAIN;
        }
    }

    private ClientPolicyVote getVoteForGroupsMatched(UserModel userModel) {
        return isGroupsMatched(userModel) ? ClientPolicyVote.YES : ClientPolicyVote.NO;
    }

    private ClientPolicyVote getVoteForGroupsMatched(JsonWebToken jsonWebToken) {
        if (jsonWebToken != null && isGroupMatched(jsonWebToken.getSubject())) {
            return ClientPolicyVote.YES;
        }
        return ClientPolicyVote.NO;
    }

    private boolean isGroupMatched(String str) {
        if (str == null) {
            return false;
        }
        return isGroupsMatched(this.session.users().getUserById(str, this.session.getContext().getRealm()));
    }

    private boolean isGroupsMatched(UserModel userModel) {
        Set<String> instantiateGroupsForMatching;
        if (userModel == null || (instantiateGroupsForMatching = instantiateGroupsForMatching()) == null) {
            return false;
        }
        Set set = (Set) userModel.getGroupsStream().map((v0) -> {
            return v0.getName();
        }).collect(Collectors.toSet());
        if (logger.isTraceEnabled()) {
            set.stream().forEach(str -> {
                ClientPolicyLogger.log(logger, " user group = " + str);
            });
            instantiateGroupsForMatching.stream().forEach(str2 -> {
                ClientPolicyLogger.log(logger, "groups expected = " + str2);
            });
        }
        boolean removeAll = instantiateGroupsForMatching.removeAll(set);
        if (removeAll) {
            ClientPolicyLogger.log(logger, "group matched.");
        } else {
            ClientPolicyLogger.log(logger, "group unmatched.");
        }
        return removeAll;
    }

    private Set<String> instantiateGroupsForMatching() {
        List list;
        if (this.componentModel.getConfig() == null || (list = (List) this.componentModel.getConfig().get("groups")) == null) {
            return null;
        }
        return new HashSet(list);
    }
}
