package org.keycloak.authorization.admin;

import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.stream.Collectors;
import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.core.Response;
import org.jboss.resteasy.annotations.cache.NoCache;
import org.jboss.resteasy.spi.ResteasyProviderFactory;
import org.keycloak.authorization.AuthorizationProvider;
import org.keycloak.authorization.model.Policy;
import org.keycloak.authorization.model.ResourceServer;
import org.keycloak.authorization.policy.provider.PolicyProviderAdminService;
import org.keycloak.authorization.policy.provider.PolicyProviderFactory;
import org.keycloak.authorization.store.PolicyStore;
import org.keycloak.authorization.store.StoreFactory;
import org.keycloak.models.utils.ModelToRepresentation;
import org.keycloak.models.utils.RepresentationToModel;
import org.keycloak.representations.idm.authorization.PolicyProviderRepresentation;
import org.keycloak.representations.idm.authorization.PolicyRepresentation;
import org.keycloak.services.resources.admin.RealmAuth;
import org.keycloak.social.stackoverflow.StackoverflowIdentityProvider;
import org.keycloak.utils.MediaType;

/* loaded from: input_file:org/keycloak/authorization/admin/PolicyService.class */
public class PolicyService {
    private final ResourceServer resourceServer;
    private final AuthorizationProvider authorization;
    private final RealmAuth auth;

    public PolicyService(ResourceServer resourceServer, AuthorizationProvider authorizationProvider, RealmAuth realmAuth) {
        this.resourceServer = resourceServer;
        this.authorization = authorizationProvider;
        this.auth = realmAuth;
    }

    @NoCache
    @Consumes({MediaType.APPLICATION_JSON})
    @POST
    @Produces({MediaType.APPLICATION_JSON})
    public Response create(PolicyRepresentation policyRepresentation) {
        this.auth.requireManage();
        Policy model = RepresentationToModel.toModel(policyRepresentation, this.resourceServer, this.authorization);
        PolicyProviderAdminService policyProviderAdminResource = getPolicyProviderAdminResource(model.getType(), this.authorization);
        if (policyProviderAdminResource != null) {
            try {
                policyProviderAdminResource.onCreate(model);
            } catch (Exception e) {
                throw new RuntimeException(e);
            }
        }
        policyRepresentation.setId(model.getId());
        return Response.status(Response.Status.CREATED).entity(policyRepresentation).build();
    }

    @Path("{id}")
    @NoCache
    @Consumes({MediaType.APPLICATION_JSON})
    @Produces({MediaType.APPLICATION_JSON})
    @PUT
    public Response update(@PathParam("id") String str, PolicyRepresentation policyRepresentation) {
        this.auth.requireManage();
        policyRepresentation.setId(str);
        if (this.authorization.getStoreFactory().getPolicyStore().findById(policyRepresentation.getId()) == null) {
            return Response.status(Response.Status.NOT_FOUND).build();
        }
        Policy model = RepresentationToModel.toModel(policyRepresentation, this.resourceServer, this.authorization);
        PolicyProviderAdminService policyProviderAdminResource = getPolicyProviderAdminResource(model.getType(), this.authorization);
        if (policyProviderAdminResource != null) {
            try {
                policyProviderAdminResource.onUpdate(model);
            } catch (Exception e) {
                throw new RuntimeException(e);
            }
        }
        return Response.status(Response.Status.CREATED).build();
    }

    @Path("{id}")
    @DELETE
    public Response delete(@PathParam("id") String str) {
        this.auth.requireManage();
        PolicyStore policyStore = this.authorization.getStoreFactory().getPolicyStore();
        Policy findById = policyStore.findById(str);
        if (findById == null) {
            return Response.status(Response.Status.NOT_FOUND).build();
        }
        PolicyProviderAdminService policyProviderAdminResource = getPolicyProviderAdminResource(findById.getType(), this.authorization);
        if (policyProviderAdminResource != null) {
            try {
                policyProviderAdminResource.onRemove(findById);
            } catch (Exception e) {
                throw new RuntimeException(e);
            }
        }
        policyStore.findDependentPolicies(str).forEach(policy -> {
            if (policy.getAssociatedPolicies().size() == 1) {
                policyStore.delete(policy.getId());
            } else {
                policy.removeAssociatedPolicy(findById);
            }
        });
        policyStore.delete(findById.getId());
        return Response.noContent().build();
    }

    @GET
    @Path("{id}")
    @NoCache
    @Produces({MediaType.APPLICATION_JSON})
    public Response findById(@PathParam("id") String str) {
        this.auth.requireView();
        Policy findById = this.authorization.getStoreFactory().getPolicyStore().findById(str);
        return findById == null ? Response.status(Response.Status.NOT_FOUND).build() : Response.ok(ModelToRepresentation.toRepresentation(findById, this.authorization)).build();
    }

    @GET
    @Path("/search")
    @NoCache
    @Produces({MediaType.APPLICATION_JSON})
    public Response find(@QueryParam("name") String str) {
        this.auth.requireView();
        StoreFactory storeFactory = this.authorization.getStoreFactory();
        if (str == null) {
            return Response.status(Response.Status.BAD_REQUEST).build();
        }
        Policy findByName = storeFactory.getPolicyStore().findByName(str, this.resourceServer.getId());
        return findByName == null ? Response.status(Response.Status.OK).build() : Response.ok(ModelToRepresentation.toRepresentation(findByName, this.authorization)).build();
    }

    @GET
    @Produces({MediaType.APPLICATION_JSON})
    @NoCache
    public Response findAll(@QueryParam("name") String str, @QueryParam("type") String str2, @QueryParam("resource") String str3, @QueryParam("permission") Boolean bool, @QueryParam("first") Integer num, @QueryParam("max") Integer num2) {
        this.auth.requireView();
        HashMap hashMap = new HashMap();
        if (str != null && !StackoverflowIdentityProvider.DEFAULT_SCOPE.equals(str.trim())) {
            hashMap.put("name", new String[]{str});
        }
        if (str2 != null && !StackoverflowIdentityProvider.DEFAULT_SCOPE.equals(str2.trim())) {
            hashMap.put("type", new String[]{str2});
        }
        StoreFactory storeFactory = this.authorization.getStoreFactory();
        if (str3 != null && !StackoverflowIdentityProvider.DEFAULT_SCOPE.equals(str3.trim())) {
            ArrayList arrayList = new ArrayList();
            HashMap hashMap2 = new HashMap();
            hashMap2.put("name", new String[]{str3});
            storeFactory.getResourceStore().findByResourceServer(hashMap2, this.resourceServer.getId(), -1, -1).forEach(resource -> {
                ModelToRepresentation.toRepresentation(resource, this.resourceServer, this.authorization).getPolicies().forEach(policyRepresentation -> {
                    Policy findById = storeFactory.getPolicyStore().findById(policyRepresentation.getId());
                    arrayList.add(findById);
                    findAssociatedPolicies(findById, arrayList);
                });
            });
            if (arrayList.isEmpty()) {
                return Response.ok(Collections.emptyList()).build();
            }
            hashMap.put("id", arrayList.stream().map((v0) -> {
                return v0.getId();
            }).toArray(i -> {
                return new String[i];
            }));
        }
        if (bool != null) {
            hashMap.put("permission", new String[]{bool.toString()});
        }
        return Response.ok(storeFactory.getPolicyStore().findByResourceServer(hashMap, this.resourceServer.getId(), num != null ? num.intValue() : -1, num2 != null ? num2.intValue() : 100).stream().map(policy -> {
            return ModelToRepresentation.toRepresentation(policy, this.authorization);
        }).collect(Collectors.toList())).build();
    }

    @GET
    @Path("providers")
    @NoCache
    @Produces({MediaType.APPLICATION_JSON})
    public Response findPolicyProviders() {
        this.auth.requireView();
        return Response.ok(this.authorization.getProviderFactories().stream().map(policyProviderFactory -> {
            PolicyProviderRepresentation policyProviderRepresentation = new PolicyProviderRepresentation();
            policyProviderRepresentation.setName(policyProviderFactory.getName());
            policyProviderRepresentation.setGroup(policyProviderFactory.getGroup());
            policyProviderRepresentation.setType(policyProviderFactory.getId());
            return policyProviderRepresentation;
        }).collect(Collectors.toList())).build();
    }

    @Path("evaluate")
    public PolicyEvaluationService getPolicyEvaluateResource() {
        this.auth.requireView();
        PolicyEvaluationService policyEvaluationService = new PolicyEvaluationService(this.resourceServer, this.authorization, this.auth);
        ResteasyProviderFactory.getInstance().injectProperties(policyEvaluationService);
        return policyEvaluationService;
    }

    @Path("{policyType}")
    public Object getPolicyTypeResource(@PathParam("policyType") String str) {
        this.auth.requireView();
        return getPolicyProviderAdminResource(str, this.authorization);
    }

    private PolicyProviderAdminService getPolicyProviderAdminResource(String str, AuthorizationProvider authorizationProvider) {
        PolicyProviderFactory providerFactory = authorizationProvider.getProviderFactory(str);
        if (providerFactory != null) {
            return providerFactory.getAdminResource(this.resourceServer);
        }
        return null;
    }

    private void findAssociatedPolicies(Policy policy, List<Policy> list) {
        policy.getAssociatedPolicies().forEach(policy2 -> {
            list.add(policy2);
            findAssociatedPolicies(policy2, list);
        });
    }
}
