package org.keycloak.services.resources.account.resources;

import java.util.Calendar;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import javax.ws.rs.BadRequestException;
import javax.ws.rs.Consumes;
import javax.ws.rs.GET;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Response;
import org.jboss.resteasy.spi.HttpRequest;
import org.keycloak.authorization.model.PermissionTicket;
import org.keycloak.authorization.model.Resource;
import org.keycloak.authorization.model.ResourceServer;
import org.keycloak.authorization.model.Scope;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.UserModel;
import org.keycloak.models.UserProvider;
import org.keycloak.services.managers.Auth;
import org.keycloak.services.resources.account.resources.AbstractResourceService;

/* loaded from: input_file:BOOT-INF/lib/keycloak-services-8.0.0.jar:org/keycloak/services/resources/account/resources/ResourceService.class */
public class ResourceService extends AbstractResourceService {
    private final Resource resource;
    private final ResourceServer resourceServer;

    /* JADX INFO: Access modifiers changed from: package-private */
    public ResourceService(Resource resource, KeycloakSession keycloakSession, UserModel userModel, Auth auth, HttpRequest httpRequest) {
        super(keycloakSession, userModel, auth, httpRequest);
        this.resource = resource;
        this.resourceServer = resource.getResourceServer();
    }

    @GET
    @Produces({"application/json"})
    public Response getResource() {
        return cors(Response.ok(new AbstractResourceService.Resource(this.resource, this.provider)));
    }

    @GET
    @Produces({"application/json"})
    @Path("permissions")
    public Response toPermissions() {
        HashMap hashMap = new HashMap();
        hashMap.put(PermissionTicket.OWNER, this.user.getId());
        hashMap.put(PermissionTicket.GRANTED, Boolean.TRUE.toString());
        hashMap.put(PermissionTicket.RESOURCE, this.resource.getId());
        Collection<AbstractResourceService.ResourcePermission> permissions = toPermissions(this.ticketStore.find(hashMap, null, -1, -1));
        Object obj = Collections.EMPTY_LIST;
        if (!permissions.isEmpty()) {
            obj = permissions.iterator().next().getPermissions();
        }
        return cors(Response.ok(obj));
    }

    @Path("permissions")
    @Consumes({"application/json"})
    @Produces({"application/json"})
    @PUT
    public Response revoke(List<AbstractResourceService.Permission> list) {
        if (list == null || list.isEmpty()) {
            throw new BadRequestException("invalid_permissions");
        }
        ResourceServer resourceServer = this.resource.getResourceServer();
        HashMap hashMap = new HashMap();
        hashMap.put(PermissionTicket.RESOURCE, this.resource.getId());
        for (AbstractResourceService.Permission permission : list) {
            UserModel user = getUser(permission.getUsername());
            hashMap.put(PermissionTicket.REQUESTER, user.getId());
            List<PermissionTicket> find = this.ticketStore.find(hashMap, this.resource.getResourceServer().getId(), -1, -1);
            if (find.isEmpty()) {
                Iterator<String> it = permission.getScopes().iterator();
                while (it.hasNext()) {
                    grantPermission(user, it.next());
                }
            } else {
                Iterator<String> it2 = permission.getScopes().iterator();
                while (it2.hasNext()) {
                    Scope scope = getScope(it2.next(), resourceServer);
                    Iterator<PermissionTicket> it3 = find.iterator();
                    while (it3.hasNext()) {
                        PermissionTicket next = it3.next();
                        if (scope.getId().equals(next.getScope().getId())) {
                            if (!next.isGranted()) {
                                next.setGrantedTimestamp(Long.valueOf(System.currentTimeMillis()));
                            }
                            it3.remove();
                            it2.remove();
                        }
                    }
                }
                Iterator<String> it4 = permission.getScopes().iterator();
                while (it4.hasNext()) {
                    grantPermission(user, it4.next());
                }
                Iterator<PermissionTicket> it5 = find.iterator();
                while (it5.hasNext()) {
                    this.ticketStore.delete(it5.next().getId());
                }
            }
        }
        return cors(Response.noContent());
    }

    @GET
    @Produces({"application/json"})
    @Path("permissions/requests")
    public Response getPermissionRequests() {
        HashMap hashMap = new HashMap();
        hashMap.put(PermissionTicket.OWNER, this.user.getId());
        hashMap.put(PermissionTicket.GRANTED, Boolean.FALSE.toString());
        hashMap.put(PermissionTicket.RESOURCE, this.resource.getId());
        HashMap hashMap2 = new HashMap();
        for (PermissionTicket permissionTicket : this.ticketStore.find(hashMap, null, -1, -1)) {
            ((AbstractResourceService.Permission) hashMap2.computeIfAbsent(permissionTicket.getRequester(), str -> {
                return new AbstractResourceService.Permission(permissionTicket, this.provider);
            })).addScope(permissionTicket.getScope().getName());
        }
        return cors(Response.ok(hashMap2.values()));
    }

    private void grantPermission(UserModel userModel, String str) {
        this.ticketStore.create(this.resource.getId(), getScope(str, this.resourceServer).getId(), userModel.getId(), this.resourceServer).setGrantedTimestamp(Long.valueOf(Calendar.getInstance().getTimeInMillis()));
    }

    private Scope getScope(String str, ResourceServer resourceServer) {
        Scope findByName = this.scopeStore.findByName(str, resourceServer.getId());
        if (findByName == null) {
            findByName = this.scopeStore.findById(str, resourceServer.getId());
        }
        return findByName;
    }

    private UserModel getUser(String str) {
        UserProvider users = this.provider.getKeycloakSession().users();
        UserModel userByUsername = users.getUserByUsername(str, this.provider.getRealm());
        if (userByUsername == null) {
            userByUsername = users.getUserById(str, this.provider.getRealm());
        }
        return userByUsername;
    }

    private Collection<AbstractResourceService.ResourcePermission> toPermissions(List<PermissionTicket> list) {
        HashMap hashMap = new HashMap();
        for (PermissionTicket permissionTicket : list) {
            AbstractResourceService.ResourcePermission resourcePermission = (AbstractResourceService.ResourcePermission) hashMap.computeIfAbsent(permissionTicket.getResource().getId(), str -> {
                return new AbstractResourceService.ResourcePermission(permissionTicket, this.provider);
            });
            AbstractResourceService.Permission permission = resourcePermission.getPermission(permissionTicket.getRequester());
            if (permission == null) {
                String requester = permissionTicket.getRequester();
                AbstractResourceService.Permission permission2 = new AbstractResourceService.Permission(permissionTicket.getRequester(), this.provider);
                permission = permission2;
                resourcePermission.addPermission(requester, permission2);
            }
            permission.addScope(permissionTicket.getScope().getName());
        }
        return hashMap.values();
    }
}
