package org.keycloak.services.clientpolicy;

import java.util.List;
import java.util.Map;
import java.util.stream.Collectors;
import org.jboss.logging.Logger;
import org.keycloak.common.Profile;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.representations.idm.ClientPoliciesRepresentation;
import org.keycloak.representations.idm.ClientProfilesRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.services.clientpolicy.condition.ClientPolicyConditionProvider;
import org.keycloak.services.clientpolicy.executor.ClientPolicyExecutorProvider;

/* loaded from: input_file:org/keycloak/services/clientpolicy/DefaultClientPolicyManager.class */
public class DefaultClientPolicyManager implements ClientPolicyManager {
    private static final Logger logger = Logger.getLogger(DefaultClientPolicyManager.class);
    private final KeycloakSession session;
    public static final String CLIENT_PROFILES = "client-policies.profiles";
    public static final String CLIENT_POLICIES = "client-policies.policies";
    private static String builtinClientProfilesJson;
    private static String builtinClientPoliciesJson;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/keycloak/services/clientpolicy/DefaultClientPolicyManager$ClientConditionOperation.class */
    public interface ClientConditionOperation {
        ClientPolicyVote run(ClientPolicyConditionProvider clientPolicyConditionProvider) throws ClientPolicyException;
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/keycloak/services/clientpolicy/DefaultClientPolicyManager$ClientExecutorOperation.class */
    public interface ClientExecutorOperation {
        void run(ClientPolicyExecutorProvider clientPolicyExecutorProvider) throws ClientPolicyException;
    }

    public DefaultClientPolicyManager(KeycloakSession keycloakSession) {
        this.session = keycloakSession;
    }

    public void triggerOnEvent(ClientPolicyContext clientPolicyContext) throws ClientPolicyException {
        if (Profile.isFeatureEnabled(Profile.Feature.CLIENT_POLICIES)) {
            RealmModel realm = this.session.getContext().getRealm();
            logger.tracev("POLICY OPERATION :: context realm = {0}, event = {1}", realm.getName(), clientPolicyContext.getEvent());
            doPolicyOperation(clientPolicyConditionProvider -> {
                return clientPolicyConditionProvider.applyPolicy(clientPolicyContext);
            }, clientPolicyExecutorProvider -> {
                clientPolicyExecutorProvider.executeOnEvent(clientPolicyContext);
            }, realm);
        }
    }

    private void doPolicyOperation(ClientConditionOperation clientConditionOperation, ClientExecutorOperation clientExecutorOperation, RealmModel realmModel) throws ClientPolicyException {
        Map<String, ClientProfileModel> clientProfilesModel = ClientPoliciesUtil.getClientProfilesModel(this.session, realmModel);
        List<ClientPolicyModel> list = (List) ClientPoliciesUtil.getEnabledClientProfilesModel(this.session, realmModel).stream().collect(Collectors.toList());
        if (list == null || list.isEmpty()) {
            logger.trace("POLICY OPERATION :: No enabled policy.");
            return;
        }
        for (ClientPolicyModel clientPolicyModel : list) {
            logger.tracev("POLICY OPERATION :: policy name = {0}, isBuiltin = {1}", clientPolicyModel.getName(), Boolean.valueOf(clientPolicyModel.isBuiltin()));
            if (isSatisfied(clientPolicyModel, clientConditionOperation)) {
                logger.tracev("POLICY APPLIED :: policy name = {0}, isBuiltin = {1}", clientPolicyModel.getName(), Boolean.valueOf(clientPolicyModel.isBuiltin()));
                execute(clientPolicyModel, clientExecutorOperation, clientProfilesModel);
            } else {
                logger.tracev("POLICY UNSATISFIED :: policy name = {0}, isBuiltin = {1}", clientPolicyModel.getName(), Boolean.valueOf(clientPolicyModel.isBuiltin()));
            }
        }
    }

    private boolean isSatisfied(ClientPolicyModel clientPolicyModel, ClientConditionOperation clientConditionOperation) throws ClientPolicyException {
        if (clientPolicyModel.getConditions() == null || clientPolicyModel.getConditions().isEmpty()) {
            logger.tracev("NO CONDITION :: policy name = {0}", clientPolicyModel.getName());
            return false;
        }
        boolean z = false;
        for (ClientPolicyConditionProvider clientPolicyConditionProvider : clientPolicyModel.getConditions()) {
            logger.tracev("CONDITION OPERATION :: policy name = {0}, condition name = {1}, provider id = {2}", clientPolicyModel.getName(), clientPolicyConditionProvider.getName(), clientPolicyConditionProvider.getProviderId());
            try {
                ClientPolicyVote run = clientConditionOperation.run(clientPolicyConditionProvider);
                if (clientPolicyConditionProvider.isNegativeLogic()) {
                    if (run == ClientPolicyVote.YES) {
                        run = ClientPolicyVote.NO;
                    } else if (run == ClientPolicyVote.NO) {
                        run = ClientPolicyVote.YES;
                    }
                }
                if (run == ClientPolicyVote.ABSTAIN) {
                    logger.tracev("CONDITION SKIP :: policy name = {0}, condition name = {1}, provider id = {2}", clientPolicyModel.getName(), clientPolicyConditionProvider.getName(), clientPolicyConditionProvider.getProviderId());
                } else {
                    if (run == ClientPolicyVote.NO) {
                        logger.tracev("CONDITION NEGATIVE :: policy name = {0}, condition name = {1}, provider id = {2}", clientPolicyModel.getName(), clientPolicyConditionProvider.getName(), clientPolicyConditionProvider.getProviderId());
                        return false;
                    }
                    z = true;
                }
            } catch (ClientPolicyException e) {
                logger.tracev("CONDITION EXCEPTION :: policy name = {0}, provider id = {1}, error = {2}, error detail = {3}", new Object[]{clientPolicyConditionProvider.getName(), clientPolicyConditionProvider.getProviderId(), e.getError(), e.getErrorDetail()});
                throw e;
            }
        }
        if (z) {
            logger.tracev("CONDITIONS SATISFIED :: policy name = {0}", clientPolicyModel.getName());
        } else {
            logger.tracev("CONDITIONS UNSATISFIED :: policy name = {0}", clientPolicyModel.getName());
        }
        return z;
    }

    private void execute(ClientPolicyModel clientPolicyModel, ClientExecutorOperation clientExecutorOperation, Map<String, ClientProfileModel> map) throws ClientPolicyException {
        if (clientPolicyModel.getProfiles() == null || clientPolicyModel.getProfiles().isEmpty()) {
            logger.tracev("NO PROFILE :: policy name = {0}", clientPolicyModel.getName());
        }
        for (String str : clientPolicyModel.getProfiles()) {
            ClientProfileModel clientProfileModel = map.get(str);
            if (clientProfileModel == null) {
                logger.tracev("PROFILE NOT FOUND :: policy name = {0}, profile name = {1}", clientPolicyModel.getName(), str);
            } else if (clientProfileModel.getExecutors() == null || clientProfileModel.getExecutors().isEmpty()) {
                logger.tracev("PROFILE NO EXECUTOR :: policy name = {0}, profile name = {1}", clientPolicyModel.getName(), str);
            } else {
                for (ClientPolicyExecutorProvider clientPolicyExecutorProvider : clientProfileModel.getExecutors()) {
                    logger.tracev("EXECUTION :: policy name = {0}, profile name = {1}, executor name = {2}, provider id = {3}", new Object[]{clientPolicyModel.getName(), str, clientPolicyExecutorProvider.getName(), clientPolicyExecutorProvider.getProviderId()});
                    try {
                        clientExecutorOperation.run(clientPolicyExecutorProvider);
                    } catch (ClientPolicyException e) {
                        logger.tracev("EXECUTOR EXCEPTION :: executor name = {0}, provider id = {1}, error = {2}, error detail = {3}", new Object[]{clientPolicyExecutorProvider.getName(), clientPolicyExecutorProvider.getProviderId(), e.getError(), e.getErrorDetail()});
                        throw e;
                    }
                }
            }
        }
    }

    public void setupClientPoliciesOnKeycloakApp(String str, String str2) {
        logger.trace("LOAD BUILTIN PROFILE POLICIES ON KEYCLOAK");
        try {
            try {
                builtinClientProfilesJson = ClientPoliciesUtil.convertClientProfilesRepresentationToJson(ClientPoliciesUtil.getValidatedBuiltinClientProfilesRepresentation(this.session, getClass().getResourceAsStream(str)));
                try {
                    try {
                        builtinClientPoliciesJson = ClientPoliciesUtil.convertClientPoliciesRepresentationToJson(ClientPoliciesUtil.getValidatedBuiltinClientPoliciesRepresentation(this.session, getClass().getResourceAsStream(str2)));
                    } catch (ClientPolicyException e) {
                        logger.warnv("VALIDATE SERIALIZE BUILTIN POLICIES ON KEYCLOAK FAILED :: error = {0}, error detail = {1}", e.getError(), e.getErrorDetail());
                        builtinClientProfilesJson = null;
                    }
                } catch (ClientPolicyException e2) {
                    logger.warnv("LOAD BUILTIN POLICIES ON KEYCLOAK FAILED :: error = {0}, error detail = {1}", e2.getError(), e2.getErrorDetail());
                    builtinClientProfilesJson = null;
                }
            } catch (ClientPolicyException e3) {
                logger.warnv("VALIDATE SERIALIZE BUILTIN PROFILES ON KEYCLOAK FAILED :: error = {0}, error detail = {1}", e3.getError(), e3.getErrorDetail());
            }
        } catch (ClientPolicyException e4) {
            logger.warnv("LOAD BUILTIN PROFILES ON KEYCLOAK FAILED :: error = {0}, error detail = {1}", e4.getError(), e4.getErrorDetail());
        }
    }

    public void setupClientPoliciesOnCreatedRealm(RealmModel realmModel) {
        logger.tracev("LOAD BUILTIN PROFILE POLICIES ON CREATED REALM :: realm = {0}", realmModel.getName());
        setClientProfilesJsonString(realmModel, builtinClientProfilesJson);
        setClientPoliciesJsonString(realmModel, builtinClientPoliciesJson);
    }

    public void setupClientPoliciesOnImportedRealm(RealmModel realmModel, RealmRepresentation realmRepresentation) {
        String str;
        String str2;
        logger.tracev("LOAD PROFILE POLICIES ON IMPORTED REALM :: realm = {0}", realmModel.getName());
        setClientProfilesJsonString(realmModel, builtinClientProfilesJson);
        setClientPoliciesJsonString(realmModel, builtinClientPoliciesJson);
        try {
            str = ClientPoliciesUtil.getValidatedClientProfilesJson(this.session, realmModel, realmRepresentation.getClientProfiles());
        } catch (ClientPolicyException e) {
            logger.warnv("VALIDATE SERIALIZE IMPORTED REALM PROFILES FAILED :: error = {0}, error detail = {1}", e.getError(), e.getErrorDetail());
            str = builtinClientProfilesJson;
        }
        setClientProfilesJsonString(realmModel, str);
        try {
            str2 = ClientPoliciesUtil.getValidatedClientPoliciesJson(this.session, realmModel, realmRepresentation.getClientPolicies());
        } catch (ClientPolicyException e2) {
            logger.warnv("VALIDATE SERIALIZE IMPORTED REALM POLICIES FAILED :: error = {0}, error detail = {1}", e2.getError(), e2.getErrorDetail());
            str2 = builtinClientPoliciesJson;
        }
        setClientPoliciesJsonString(realmModel, str2);
    }

    public void updateClientProfiles(RealmModel realmModel, String str) throws ClientPolicyException {
        logger.tracev("UPDATE PROFILES :: realm = {0}, PUT = {1}", realmModel.getName(), str);
        try {
            String validatedClientProfilesJson = getValidatedClientProfilesJson(realmModel, str);
            setClientProfilesJsonString(realmModel, validatedClientProfilesJson);
            logger.tracev("UPDATE PROFILES :: realm = {0}, validated and modified PUT = {1}", realmModel.getName(), validatedClientProfilesJson);
        } catch (ClientPolicyException e) {
            logger.warnv("VALIDATE SERIALIZE PROFILES FAILED :: error = {0}, error detail = {1}", e.getError(), e.getErrorDetail());
            throw e;
        }
    }

    public String getClientProfiles(RealmModel realmModel) {
        String clientProfilesJsonString = getClientProfilesJsonString(realmModel);
        logger.tracev("GET PROFILES :: realm = {0}, GET = {1}", realmModel.getName(), clientProfilesJsonString);
        return clientProfilesJsonString;
    }

    public void updateClientPolicies(RealmModel realmModel, String str) throws ClientPolicyException {
        logger.tracev("UPDATE POLICIES :: realm = {0}, PUT = {1}", realmModel.getName(), str);
        try {
            String validatedClientPoliciesJson = getValidatedClientPoliciesJson(realmModel, str);
            setClientPoliciesJsonString(realmModel, validatedClientPoliciesJson);
            logger.tracev("UPDATE POLICIES :: realm = {0}, validated and modified PUT = {1}", realmModel.getName(), validatedClientPoliciesJson);
        } catch (ClientPolicyException e) {
            logger.warnv("VALIDATE SERIALIZE POLICIES FAILED :: error = {0}, error detail = {1}", e.getError(), e.getErrorDetail());
            throw e;
        }
    }

    public void setupClientPoliciesOnExportingRealm(RealmModel realmModel, RealmRepresentation realmRepresentation) {
        ClientProfilesRepresentation clientProfilesRepresentation = null;
        try {
            clientProfilesRepresentation = getClientProfilesForExport(realmModel);
        } catch (ClientPolicyException e) {
        }
        realmRepresentation.setClientProfiles(clientProfilesRepresentation);
        ClientPoliciesRepresentation clientPoliciesRepresentation = null;
        try {
            clientPoliciesRepresentation = getClientPoliciesForExport(realmModel);
        } catch (ClientPolicyException e2) {
        }
        realmRepresentation.setClientPolicies(clientPoliciesRepresentation);
    }

    public String getClientPolicies(RealmModel realmModel) {
        String clientPoliciesJsonString = getClientPoliciesJsonString(realmModel);
        logger.tracev("GET POLICIES :: realm = {0}, GET = {1}", realmModel.getName(), clientPoliciesJsonString);
        return clientPoliciesJsonString;
    }

    public String getClientProfilesOnKeycloakApp() {
        return builtinClientProfilesJson;
    }

    public String getClientPoliciesOnKeycloakApp() {
        return builtinClientPoliciesJson;
    }

    public String getClientProfilesJsonString(RealmModel realmModel) {
        return realmModel.getAttribute(CLIENT_PROFILES);
    }

    public String getClientPoliciesJsonString(RealmModel realmModel) {
        return realmModel.getAttribute(CLIENT_POLICIES);
    }

    private void setClientProfilesJsonString(RealmModel realmModel, String str) {
        realmModel.setAttribute(CLIENT_PROFILES, str);
    }

    private void setClientPoliciesJsonString(RealmModel realmModel, String str) {
        realmModel.setAttribute(CLIENT_POLICIES, str);
    }

    private String getValidatedClientProfilesJson(RealmModel realmModel, String str) throws ClientPolicyException {
        return ClientPoliciesUtil.convertClientProfilesRepresentationToJson(ClientPoliciesUtil.getValidatedClientProfilesRepresentation(this.session, realmModel, str));
    }

    private String getValidatedClientPoliciesJson(RealmModel realmModel, String str) throws ClientPolicyException {
        return ClientPoliciesUtil.convertClientPoliciesRepresentationToJson(ClientPoliciesUtil.getValidatedClientPoliciesRepresentation(this.session, realmModel, str));
    }

    private ClientProfilesRepresentation getClientProfilesForExport(RealmModel realmModel) throws ClientPolicyException {
        ClientProfilesRepresentation clientProfilesRepresentation = ClientPoliciesUtil.getClientProfilesRepresentation(this.session, realmModel);
        if (clientProfilesRepresentation == null || clientProfilesRepresentation.getProfiles() == null) {
            return new ClientProfilesRepresentation();
        }
        clientProfilesRepresentation.setProfiles((List) clientProfilesRepresentation.getProfiles().stream().filter(clientProfileRepresentation -> {
            return !clientProfileRepresentation.isBuiltin().booleanValue();
        }).collect(Collectors.toList()));
        return clientProfilesRepresentation;
    }

    private ClientPoliciesRepresentation getClientPoliciesForExport(RealmModel realmModel) throws ClientPolicyException {
        ClientPoliciesRepresentation clientPoliciesRepresentation = ClientPoliciesUtil.getClientPoliciesRepresentation(this.session, realmModel);
        if (clientPoliciesRepresentation == null || clientPoliciesRepresentation.getPolicies() == null) {
            return new ClientPoliciesRepresentation();
        }
        clientPoliciesRepresentation.getPolicies().stream().forEach(clientPolicyRepresentation -> {
            if (clientPolicyRepresentation.isBuiltin().booleanValue()) {
                clientPolicyRepresentation.setDescription((String) null);
                clientPolicyRepresentation.setConditions((List) null);
                clientPolicyRepresentation.setProfiles((List) null);
            }
        });
        return clientPoliciesRepresentation;
    }
}
