package org.keycloak.services.clientpolicy;

import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.stream.Collectors;
import org.jboss.logging.Logger;
import org.keycloak.common.Profile;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.services.clientpolicy.condition.ClientPolicyConditionProvider;
import org.keycloak.services.clientpolicy.executor.ClientPolicyExecutorProvider;

/* loaded from: input_file:org/keycloak/services/clientpolicy/DefaultClientPolicyManager.class */
public class DefaultClientPolicyManager implements ClientPolicyManager {
    private static final Logger logger = Logger.getLogger(DefaultClientPolicyManager.class);
    private final KeycloakSession session;
    private final Map<String, List<ClientPolicyProvider>> providersMap = new HashMap();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/keycloak/services/clientpolicy/DefaultClientPolicyManager$ClientConditionOperation.class */
    public interface ClientConditionOperation {
        ClientPolicyVote run(ClientPolicyConditionProvider clientPolicyConditionProvider) throws ClientPolicyException;
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/keycloak/services/clientpolicy/DefaultClientPolicyManager$ClientExecutorOperation.class */
    public interface ClientExecutorOperation {
        void run(ClientPolicyExecutorProvider clientPolicyExecutorProvider) throws ClientPolicyException;
    }

    public DefaultClientPolicyManager(KeycloakSession keycloakSession) {
        this.session = keycloakSession;
    }

    public void triggerOnEvent(ClientPolicyContext clientPolicyContext) throws ClientPolicyException {
        if (Profile.isFeatureEnabled(Profile.Feature.CLIENT_POLICIES)) {
            ClientPolicyLogger.logv(logger, "Client Policy Operation : event = {0}", clientPolicyContext.getEvent());
            doPolicyOperation(clientPolicyConditionProvider -> {
                return clientPolicyConditionProvider.applyPolicy(clientPolicyContext);
            }, clientPolicyExecutorProvider -> {
                clientPolicyExecutorProvider.executeOnEvent(clientPolicyContext);
            });
        }
    }

    private void doPolicyOperation(ClientConditionOperation clientConditionOperation, ClientExecutorOperation clientExecutorOperation) throws ClientPolicyException {
        for (ClientPolicyProvider clientPolicyProvider : getProviders(this.session.getContext().getRealm())) {
            ClientPolicyLogger.logv(logger, "Policy Operation : name = {0}, provider id = {1}", clientPolicyProvider.getName(), clientPolicyProvider.getProviderId());
            if (isSatisfied(clientPolicyProvider, clientConditionOperation)) {
                execute(clientPolicyProvider, clientExecutorOperation);
            }
        }
    }

    private List<ClientPolicyProvider> getProviders(RealmModel realmModel) {
        List<ClientPolicyProvider> list = this.providersMap.get(realmModel.getId());
        if (list == null) {
            list = (List) realmModel.getComponentsStream(realmModel.getId(), ClientPolicyProvider.class.getName()).map(componentModel -> {
                try {
                    ClientPolicyProvider provider = this.session.getProvider(ClientPolicyProvider.class, componentModel);
                    ClientPolicyLogger.logv(logger, "Loaded Policy Name = {0}", componentModel.getName());
                    this.session.enlistForClose(provider);
                    return provider;
                } catch (Throwable th) {
                    logger.errorv(th, "Failed to load provider {0}", componentModel.getId());
                    return null;
                }
            }).filter((v0) -> {
                return Objects.nonNull(v0);
            }).collect(Collectors.toList());
            this.providersMap.put(realmModel.getId(), list);
        } else {
            ClientPolicyLogger.log(logger, "Use cached policies.");
        }
        return list;
    }

    private boolean isSatisfied(ClientPolicyProvider clientPolicyProvider, ClientConditionOperation clientConditionOperation) throws ClientPolicyException {
        List<ClientPolicyConditionProvider> conditions = clientPolicyProvider.getConditions();
        if (conditions == null || conditions.isEmpty()) {
            ClientPolicyLogger.log(logger, "NEGATIVE :: This policy is not applied. No condition exists.");
            return false;
        }
        boolean z = false;
        for (ClientPolicyConditionProvider clientPolicyConditionProvider : conditions) {
            try {
                ClientPolicyVote run = clientConditionOperation.run(clientPolicyConditionProvider);
                if (run == ClientPolicyVote.ABSTAIN) {
                    ClientPolicyLogger.logv(logger, "SKIP : This condition is not evaluated due to its nature. name = {0}, provider id = {1}", clientPolicyConditionProvider.getName(), clientPolicyConditionProvider.getProviderId());
                } else {
                    if (run == ClientPolicyVote.NO) {
                        ClientPolicyLogger.logv(logger, "NEGATIVE :: This policy is not applied. condition not satisfied. name = {0}, provider id = {1}, ", clientPolicyConditionProvider.getName(), clientPolicyConditionProvider.getProviderId());
                        return false;
                    }
                    z = true;
                }
            } catch (ClientPolicyException e) {
                ClientPolicyLogger.logv(logger, "CONDITION EXCEPTION : name = {0}, provider id = {1}, error = {2}, error_detail = {3}", clientPolicyConditionProvider.getName(), clientPolicyConditionProvider.getProviderId(), e.getError(), e.getErrorDetail());
                throw e;
            }
        }
        if (z) {
            ClientPolicyLogger.log(logger, "POSITIVE :: This policy is applied.");
        } else {
            ClientPolicyLogger.log(logger, "NEGATIVE :: This policy is not applied. No condition is evaluated.");
        }
        return z;
    }

    private void execute(ClientPolicyProvider clientPolicyProvider, ClientExecutorOperation clientExecutorOperation) throws ClientPolicyException {
        List<ClientPolicyExecutorProvider> executors = clientPolicyProvider.getExecutors();
        if (executors == null || executors.isEmpty()) {
            ClientPolicyLogger.log(logger, "NEGATIVE :: This executor is not executed. No executor executable.");
            return;
        }
        for (ClientPolicyExecutorProvider clientPolicyExecutorProvider : executors) {
            try {
                clientExecutorOperation.run(clientPolicyExecutorProvider);
            } catch (ClientPolicyException e) {
                ClientPolicyLogger.logv(logger, "EXECUTOR EXCEPTION : name = {0}, provider id = {1}, error = {2}, error_detail = {3}", clientPolicyExecutorProvider.getName(), clientPolicyExecutorProvider.getProviderId(), e.getError(), e.getErrorDetail());
                throw e;
            }
        }
    }
}
