package org.keycloak.authorization.policy.provider.role;

import org.keycloak.authorization.AuthorizationProvider;
import org.keycloak.authorization.identity.Identity;
import org.keycloak.authorization.model.Policy;
import org.keycloak.authorization.policy.evaluation.Evaluation;
import org.keycloak.authorization.policy.evaluation.EvaluationContext;
import org.keycloak.authorization.policy.provider.PolicyProvider;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleModel;

/* loaded from: input_file:org/keycloak/authorization/policy/provider/role/RolePolicyProvider.class */
public class RolePolicyProvider implements PolicyProvider {
    private final Policy policy;
    private final AuthorizationProvider authorization;

    public RolePolicyProvider(Policy policy, AuthorizationProvider authorizationProvider) {
        this.policy = policy;
        this.authorization = authorizationProvider;
    }

    public RolePolicyProvider() {
        this(null, null);
    }

    public void evaluate(Evaluation evaluation) {
        EvaluationContext context = evaluation.getContext();
        String[] roles = RolePolicyProviderFactory.getRoles(this.policy);
        if (roles.length > 0) {
            Identity identity = context.getIdentity();
            for (String str : roles) {
                RoleModel roleById = getCurrentRealm().getRoleById(str);
                if (roleById != null && identity.hasRole(roleById.getName())) {
                    evaluation.grant();
                    return;
                }
            }
        }
    }

    private RealmModel getCurrentRealm() {
        return this.authorization.getKeycloakSession().getContext().getRealm();
    }

    public void close() {
    }
}
