package org.keycloak.authorization.admin.util;

import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import java.util.function.Function;
import java.util.stream.Collectors;
import javax.ws.rs.core.Response;
import org.keycloak.authorization.AuthorizationProvider;
import org.keycloak.authorization.ErrorCode;
import org.keycloak.authorization.admin.representation.PolicyRepresentation;
import org.keycloak.authorization.admin.representation.ResourceOwnerRepresentation;
import org.keycloak.authorization.admin.representation.ResourceRepresentation;
import org.keycloak.authorization.admin.representation.ResourceServerRepresentation;
import org.keycloak.authorization.admin.representation.ScopeRepresentation;
import org.keycloak.authorization.model.Policy;
import org.keycloak.authorization.model.Resource;
import org.keycloak.authorization.model.ResourceServer;
import org.keycloak.authorization.model.Scope;
import org.keycloak.authorization.store.PolicyStore;
import org.keycloak.authorization.store.StoreFactory;
import org.keycloak.models.ClientModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.services.ErrorResponseException;
import org.keycloak.util.JsonSerialization;

/* loaded from: input_file:org/keycloak/authorization/admin/util/Models.class */
public final class Models {
    public static ScopeRepresentation toRepresentation(Scope scope, AuthorizationProvider authorizationProvider) {
        ScopeRepresentation scopeRepresentation = new ScopeRepresentation();
        scopeRepresentation.setId(scope.getId());
        scopeRepresentation.setName(scope.getName());
        scopeRepresentation.setIconUri(scope.getIconUri());
        scopeRepresentation.setPolicies(new ArrayList());
        HashSet<Policy> hashSet = new HashSet();
        hashSet.addAll(authorizationProvider.getStoreFactory().getPolicyStore().findByScopeIds(Arrays.asList(scope.getId()), scope.getResourceServer().getId()));
        for (Policy policy : hashSet) {
            PolicyRepresentation policyRepresentation = new PolicyRepresentation();
            policyRepresentation.setId(policy.getId());
            policyRepresentation.setName(policy.getName());
            policyRepresentation.setType(policy.getType());
            if (!scopeRepresentation.getPolicies().contains(policyRepresentation)) {
                scopeRepresentation.getPolicies().add(policyRepresentation);
            }
        }
        return scopeRepresentation;
    }

    public static Scope toModel(ScopeRepresentation scopeRepresentation, ResourceServer resourceServer, AuthorizationProvider authorizationProvider) {
        StoreFactory storeFactory = authorizationProvider.getStoreFactory();
        Scope findByName = storeFactory.getScopeStore().findByName(scopeRepresentation.getName(), resourceServer.getId());
        if (findByName == null) {
            findByName = storeFactory.getScopeStore().create(scopeRepresentation.getName(), resourceServer);
            findByName.setIconUri(scopeRepresentation.getIconUri());
        }
        return findByName;
    }

    public static ResourceServerRepresentation toRepresentation(ResourceServer resourceServer, RealmModel realmModel) {
        ResourceServerRepresentation resourceServerRepresentation = new ResourceServerRepresentation();
        resourceServerRepresentation.setId(resourceServer.getId());
        resourceServerRepresentation.setClientId(resourceServer.getClientId());
        resourceServerRepresentation.setName(realmModel.getClientById(resourceServer.getClientId()).getClientId());
        resourceServerRepresentation.setAllowRemoteResourceManagement(resourceServer.isAllowRemoteResourceManagement());
        resourceServerRepresentation.setPolicyEnforcementMode(resourceServer.getPolicyEnforcementMode());
        return resourceServerRepresentation;
    }

    public static ResourceServer toModel(ResourceServerRepresentation resourceServerRepresentation, AuthorizationProvider authorizationProvider) {
        RealmModel realm = authorizationProvider.getKeycloakSession().getContext().getRealm();
        ClientModel clientById = realm.getClientById(resourceServerRepresentation.getClientId());
        if (clientById == null) {
            throw new ErrorResponseException(ErrorCode.INVALID_CLIENT_ID, "Client with id [" + resourceServerRepresentation.getClientId() + "] not found in realm [" + realm.getName() + "].", Response.Status.BAD_REQUEST);
        }
        if (!clientById.isServiceAccountsEnabled()) {
            throw new ErrorResponseException(ErrorCode.INVALID_CLIENT_ID, "Client with id [" + resourceServerRepresentation.getClientId() + "] must have a service account.", Response.Status.BAD_REQUEST);
        }
        if (authorizationProvider.getStoreFactory().getResourceServerStore().findByClient(clientById.getId()) != null) {
            throw new ErrorResponseException(ErrorCode.INVALID_CLIENT_ID, "Resource server already exists with client id [" + resourceServerRepresentation.getClientId() + "].", Response.Status.BAD_REQUEST);
        }
        if (resourceServerRepresentation.getName() == null) {
            resourceServerRepresentation.setName(clientById.getName());
        }
        ResourceServer create = authorizationProvider.getStoreFactory().getResourceServerStore().create(clientById.getId());
        create.setAllowRemoteResourceManagement(resourceServerRepresentation.isAllowRemoteResourceManagement());
        create.setPolicyEnforcementMode(resourceServerRepresentation.getPolicyEnforcementMode());
        return create;
    }

    public static PolicyRepresentation toRepresentation(Policy policy, AuthorizationProvider authorizationProvider) {
        PolicyRepresentation policyRepresentation = new PolicyRepresentation();
        policyRepresentation.setId(policy.getId());
        policyRepresentation.setName(policy.getName());
        policyRepresentation.setDescription(policy.getDescription());
        policyRepresentation.setType(policy.getType());
        policyRepresentation.setDecisionStrategy(policy.getDecisionStrategy());
        policyRepresentation.setLogic(policy.getLogic());
        policyRepresentation.setConfig(new HashMap(policy.getConfig()));
        policyRepresentation.setDependentPolicies((List) authorizationProvider.getStoreFactory().getPolicyStore().findDependentPolicies(policy.getId()).stream().map(policy2 -> {
            PolicyRepresentation policyRepresentation2 = new PolicyRepresentation();
            policyRepresentation2.setId(policy2.getId());
            policyRepresentation2.setName(policy2.getName());
            return policyRepresentation2;
        }).collect(Collectors.toList()));
        try {
            policyRepresentation.getConfig().put("applyPolicies", JsonSerialization.writeValueAsString((List) policy.getAssociatedPolicies().stream().map(new Function<Policy, String>() { // from class: org.keycloak.authorization.admin.util.Models.1
                @Override // java.util.function.Function
                public String apply(Policy policy3) {
                    return policy3.getId();
                }
            }).collect(Collectors.toList())));
        } catch (IOException e) {
            e.printStackTrace();
        }
        return policyRepresentation;
    }

    public static Policy toModel(PolicyRepresentation policyRepresentation, ResourceServer resourceServer, AuthorizationProvider authorizationProvider) {
        Policy create = authorizationProvider.getStoreFactory().getPolicyStore().create(policyRepresentation.getName(), policyRepresentation.getType(), resourceServer);
        create.setDescription(policyRepresentation.getDescription());
        create.setDecisionStrategy(policyRepresentation.getDecisionStrategy());
        create.setLogic(policyRepresentation.getLogic());
        create.setConfig(policyRepresentation.getConfig());
        return create;
    }

    public static ResourceRepresentation toRepresentation(Resource resource, ResourceServer resourceServer, AuthorizationProvider authorizationProvider) {
        ResourceRepresentation resourceRepresentation = new ResourceRepresentation();
        resourceRepresentation.setId(resource.getId());
        resourceRepresentation.setType(resource.getType());
        resourceRepresentation.setName(resource.getName());
        resourceRepresentation.setUri(resource.getUri());
        resourceRepresentation.setIconUri(resource.getIconUri());
        ResourceOwnerRepresentation resourceOwnerRepresentation = new ResourceOwnerRepresentation();
        resourceOwnerRepresentation.setId(resource.getOwner());
        KeycloakSession keycloakSession = authorizationProvider.getKeycloakSession();
        RealmModel realm = keycloakSession.getContext().getRealm();
        if (resourceOwnerRepresentation.getId().equals(resourceServer.getClientId())) {
            resourceOwnerRepresentation.setName(realm.getClientById(resourceServer.getClientId()).getClientId());
        } else {
            UserModel userById = keycloakSession.users().getUserById(resourceOwnerRepresentation.getId(), realm);
            if (userById == null) {
                throw new ErrorResponseException("invalid_owner", "Could not find the user [" + resourceOwnerRepresentation.getId() + "] who owns the Resource [" + resourceRepresentation.getId() + "].", Response.Status.BAD_REQUEST);
            }
            resourceOwnerRepresentation.setName(userById.getUsername());
        }
        resourceRepresentation.setOwner(resourceOwnerRepresentation);
        resourceRepresentation.setScopes((Set) resource.getScopes().stream().map(scope -> {
            ScopeRepresentation scopeRepresentation = new ScopeRepresentation();
            scopeRepresentation.setId(scope.getId());
            scopeRepresentation.setName(scope.getName());
            String iconUri = scope.getIconUri();
            if (iconUri != null) {
                scopeRepresentation.setIconUri(iconUri);
            }
            return scopeRepresentation;
        }).collect(Collectors.toSet()));
        resourceRepresentation.setPolicies(new ArrayList());
        HashSet<Policy> hashSet = new HashSet();
        PolicyStore policyStore = authorizationProvider.getStoreFactory().getPolicyStore();
        hashSet.addAll(policyStore.findByResource(resourceRepresentation.getId()));
        hashSet.addAll(policyStore.findByResourceType(resourceRepresentation.getType(), resourceServer.getId()));
        hashSet.addAll(policyStore.findByScopeIds((List) resourceRepresentation.getScopes().stream().map(scopeRepresentation -> {
            return scopeRepresentation.getId();
        }).collect(Collectors.toList()), resourceServer.getId()));
        for (Policy policy : hashSet) {
            PolicyRepresentation policyRepresentation = new PolicyRepresentation();
            policyRepresentation.setId(policy.getId());
            policyRepresentation.setName(policy.getName());
            policyRepresentation.setType(policy.getType());
            if (!resourceRepresentation.getPolicies().contains(policyRepresentation)) {
                resourceRepresentation.getPolicies().add(policyRepresentation);
            }
        }
        return resourceRepresentation;
    }

    public static Resource toModel(ResourceRepresentation resourceRepresentation, ResourceServer resourceServer, AuthorizationProvider authorizationProvider) {
        ResourceOwnerRepresentation owner = resourceRepresentation.getOwner();
        if (owner == null) {
            owner = new ResourceOwnerRepresentation();
            owner.setId(resourceServer.getClientId());
        }
        if (owner.getId() == null) {
            throw new ErrorResponseException("invalid_owner", "No owner specified for resource [" + resourceRepresentation.getName() + "].", Response.Status.BAD_REQUEST);
        }
        Resource create = authorizationProvider.getStoreFactory().getResourceStore().create(resourceRepresentation.getName(), resourceServer, owner.getId());
        create.setType(resourceRepresentation.getType());
        create.setUri(resourceRepresentation.getUri());
        create.setIconUri(resourceRepresentation.getIconUri());
        Set<ScopeRepresentation> scopes = resourceRepresentation.getScopes();
        if (scopes != null) {
            create.updateScopes((Set) scopes.stream().map(scopeRepresentation -> {
                return toModel(scopeRepresentation, resourceServer, authorizationProvider);
            }).collect(Collectors.toSet()));
        }
        return create;
    }
}
