package org.keycloak.services.clientpolicy.condition;

import com.fasterxml.jackson.annotation.JsonProperty;
import java.util.Collections;
import java.util.List;
import org.jboss.logging.Logger;
import org.keycloak.models.KeycloakSession;
import org.keycloak.representations.JsonWebToken;
import org.keycloak.representations.idm.ClientPolicyConditionConfigurationRepresentation;
import org.keycloak.services.clientpolicy.ClientPolicyContext;
import org.keycloak.services.clientpolicy.ClientPolicyEvent;
import org.keycloak.services.clientpolicy.ClientPolicyException;
import org.keycloak.services.clientpolicy.ClientPolicyVote;
import org.keycloak.services.clientpolicy.context.ClientCRUDContext;
import org.keycloak.services.clientregistration.ClientRegistrationTokenUtils;

/* loaded from: input_file:org/keycloak/services/clientpolicy/condition/ClientUpdaterContextCondition.class */
public class ClientUpdaterContextCondition extends AbstractClientPolicyConditionProvider<Configuration> {
    private static final Logger logger = Logger.getLogger(ClientUpdaterContextCondition.class);

    /* renamed from: org.keycloak.services.clientpolicy.condition.ClientUpdaterContextCondition$1, reason: invalid class name */
    /* loaded from: input_file:org/keycloak/services/clientpolicy/condition/ClientUpdaterContextCondition$1.class */
    static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$keycloak$services$clientpolicy$ClientPolicyEvent = new int[ClientPolicyEvent.values().length];

        static {
            try {
                $SwitchMap$org$keycloak$services$clientpolicy$ClientPolicyEvent[ClientPolicyEvent.REGISTER.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$keycloak$services$clientpolicy$ClientPolicyEvent[ClientPolicyEvent.UPDATE.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
        }
    }

    /* loaded from: input_file:org/keycloak/services/clientpolicy/condition/ClientUpdaterContextCondition$Configuration.class */
    public static class Configuration extends ClientPolicyConditionConfigurationRepresentation {

        @JsonProperty(ClientUpdaterContextConditionFactory.UPDATE_CLIENT_SOURCE)
        protected List<String> updateClientSource;

        public List<String> getUpdateClientSource() {
            return this.updateClientSource;
        }

        public void setUpdateClientSource(List<String> list) {
            this.updateClientSource = list;
        }
    }

    public ClientUpdaterContextCondition(KeycloakSession keycloakSession) {
        super(keycloakSession);
    }

    public Class<Configuration> getConditionConfigurationClass() {
        return Configuration.class;
    }

    public String getProviderId() {
        return ClientUpdaterContextConditionFactory.PROVIDER_ID;
    }

    public ClientPolicyVote applyPolicy(ClientPolicyContext clientPolicyContext) throws ClientPolicyException {
        switch (AnonymousClass1.$SwitchMap$org$keycloak$services$clientpolicy$ClientPolicyEvent[clientPolicyContext.getEvent().ordinal()]) {
            case 1:
            case 2:
                return isAuthMethodMatched((ClientCRUDContext) clientPolicyContext) ? ClientPolicyVote.YES : ClientPolicyVote.NO;
            default:
                return ClientPolicyVote.ABSTAIN;
        }
    }

    private boolean isAuthMethodMatched(String str) {
        if (str == null) {
            return false;
        }
        List<String> updateClientSource = ((Configuration) this.configuration).getUpdateClientSource();
        if (updateClientSource == null) {
            updateClientSource = Collections.emptyList();
        }
        if (logger.isTraceEnabled()) {
            logger.tracev("auth method = {0}", str);
            updateClientSource.stream().forEach(str2 -> {
                logger.tracev("auth method expected = {0}", str2);
            });
        }
        return updateClientSource.stream().anyMatch(str3 -> {
            return str3.equals(str);
        });
    }

    private boolean isAuthMethodMatched(ClientCRUDContext clientCRUDContext) {
        String str = null;
        if (clientCRUDContext.getToken() == null) {
            str = ClientUpdaterContextConditionFactory.BY_ANONYMOUS;
        } else if (isInitialAccessToken(clientCRUDContext.getToken())) {
            str = ClientUpdaterContextConditionFactory.BY_INITIAL_ACCESS_TOKEN;
        } else if (isRegistrationAccessToken(clientCRUDContext.getToken())) {
            str = ClientUpdaterContextConditionFactory.BY_REGISTRATION_ACCESS_TOKEN;
        } else if (isBearerToken(clientCRUDContext.getToken())) {
            str = (clientCRUDContext.getAuthenticatedUser() == null && clientCRUDContext.getAuthenticatedClient() == null) ? ClientUpdaterContextConditionFactory.BY_ANONYMOUS : ClientUpdaterContextConditionFactory.BY_AUTHENTICATED_USER;
        }
        return isAuthMethodMatched(str);
    }

    private boolean isInitialAccessToken(JsonWebToken jsonWebToken) {
        return jsonWebToken != null && ClientRegistrationTokenUtils.TYPE_INITIAL_ACCESS_TOKEN.equals(jsonWebToken.getType());
    }

    private boolean isRegistrationAccessToken(JsonWebToken jsonWebToken) {
        return jsonWebToken != null && ClientRegistrationTokenUtils.TYPE_REGISTRATION_ACCESS_TOKEN.equals(jsonWebToken.getType());
    }

    private boolean isBearerToken(JsonWebToken jsonWebToken) {
        return jsonWebToken != null && "Bearer".equals(jsonWebToken.getType());
    }
}
