package org.keycloak.authorization;

import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.function.Consumer;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.keycloak.authorization.model.PermissionTicket;
import org.keycloak.authorization.model.Policy;
import org.keycloak.authorization.model.Resource;
import org.keycloak.authorization.model.ResourceServer;
import org.keycloak.authorization.model.Scope;
import org.keycloak.authorization.permission.evaluator.Evaluators;
import org.keycloak.authorization.policy.evaluation.PolicyEvaluator;
import org.keycloak.authorization.policy.provider.PolicyProvider;
import org.keycloak.authorization.policy.provider.PolicyProviderFactory;
import org.keycloak.authorization.store.PermissionTicketStore;
import org.keycloak.authorization.store.PolicyStore;
import org.keycloak.authorization.store.ResourceServerStore;
import org.keycloak.authorization.store.ResourceStore;
import org.keycloak.authorization.store.ScopeStore;
import org.keycloak.authorization.store.StoreFactory;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.cache.authorization.CachedStoreFactoryProvider;
import org.keycloak.models.utils.RepresentationToModel;
import org.keycloak.provider.Provider;
import org.keycloak.provider.ProviderFactory;
import org.keycloak.representations.idm.authorization.AbstractPolicyRepresentation;

/* loaded from: input_file:BOOT-INF/lib/keycloak-server-spi-private-8.0.0.jar:org/keycloak/authorization/AuthorizationProvider.class */
public final class AuthorizationProvider implements Provider {
    private final PolicyEvaluator policyEvaluator;
    private StoreFactory storeFactory;
    private StoreFactory storeFactoryDelegate;
    private final KeycloakSession keycloakSession;
    private final RealmModel realm;

    public AuthorizationProvider(KeycloakSession keycloakSession, RealmModel realmModel, PolicyEvaluator policyEvaluator) {
        this.keycloakSession = keycloakSession;
        this.realm = realmModel;
        this.policyEvaluator = policyEvaluator;
    }

    public Evaluators evaluators() {
        return new Evaluators(this);
    }

    public StoreFactory getStoreFactory() {
        if (this.storeFactory != null) {
            return this.storeFactory;
        }
        this.storeFactory = (StoreFactory) this.keycloakSession.getProvider(CachedStoreFactoryProvider.class);
        if (this.storeFactory == null) {
            this.storeFactory = getLocalStoreFactory();
        }
        this.storeFactory = createStoreFactory(this.storeFactory);
        return this.storeFactory;
    }

    public StoreFactory getLocalStoreFactory() {
        if (this.storeFactoryDelegate != null) {
            return this.storeFactoryDelegate;
        }
        this.storeFactoryDelegate = (StoreFactory) this.keycloakSession.getProvider(StoreFactory.class);
        return this.storeFactoryDelegate;
    }

    public Collection<PolicyProviderFactory> getProviderFactories() {
        Stream<ProviderFactory> stream = this.keycloakSession.getKeycloakSessionFactory().getProviderFactories(PolicyProvider.class).stream();
        Class<PolicyProviderFactory> cls = PolicyProviderFactory.class;
        PolicyProviderFactory.class.getClass();
        return (Collection) stream.map((v1) -> {
            return r1.cast(v1);
        }).collect(Collectors.toList());
    }

    public PolicyProviderFactory getProviderFactory(String str) {
        return (PolicyProviderFactory) this.keycloakSession.getKeycloakSessionFactory().getProviderFactory(PolicyProvider.class, str);
    }

    public <P extends PolicyProvider> P getProvider(String str) {
        PolicyProviderFactory providerFactory = getProviderFactory(str);
        if (providerFactory == null) {
            return null;
        }
        return (P) providerFactory.create(this);
    }

    public KeycloakSession getKeycloakSession() {
        return this.keycloakSession;
    }

    public RealmModel getRealm() {
        return this.realm;
    }

    public PolicyEvaluator getPolicyEvaluator() {
        return this.policyEvaluator;
    }

    @Override // org.keycloak.provider.Provider
    public void close() {
    }

    private StoreFactory createStoreFactory(final StoreFactory storeFactory) {
        return new StoreFactory() { // from class: org.keycloak.authorization.AuthorizationProvider.1
            ResourceStore resourceStore;
            ScopeStore scopeStore;
            PolicyStore policyStore;

            @Override // org.keycloak.authorization.store.StoreFactory
            public ResourceStore getResourceStore() {
                if (this.resourceStore == null) {
                    this.resourceStore = AuthorizationProvider.this.createResourceStoreWrapper(storeFactory);
                }
                return this.resourceStore;
            }

            @Override // org.keycloak.authorization.store.StoreFactory
            public ResourceServerStore getResourceServerStore() {
                return storeFactory.getResourceServerStore();
            }

            @Override // org.keycloak.authorization.store.StoreFactory
            public ScopeStore getScopeStore() {
                if (this.scopeStore == null) {
                    this.scopeStore = AuthorizationProvider.this.createScopeWrapper(storeFactory);
                }
                return this.scopeStore;
            }

            @Override // org.keycloak.authorization.store.StoreFactory
            public PolicyStore getPolicyStore() {
                if (this.policyStore == null) {
                    this.policyStore = AuthorizationProvider.this.createPolicyWrapper(storeFactory);
                }
                return this.policyStore;
            }

            @Override // org.keycloak.authorization.store.StoreFactory
            public PermissionTicketStore getPermissionTicketStore() {
                return storeFactory.getPermissionTicketStore();
            }

            @Override // org.keycloak.provider.Provider
            public void close() {
                storeFactory.close();
            }

            @Override // org.keycloak.authorization.store.StoreFactory
            public void setReadOnly(boolean z) {
                storeFactory.setReadOnly(z);
            }

            @Override // org.keycloak.authorization.store.StoreFactory
            public boolean isReadOnly() {
                return storeFactory.isReadOnly();
            }
        };
    }

    /* JADX INFO: Access modifiers changed from: private */
    public ScopeStore createScopeWrapper(final StoreFactory storeFactory) {
        return new ScopeStore() { // from class: org.keycloak.authorization.AuthorizationProvider.2
            ScopeStore delegate;

            {
                this.delegate = storeFactory.getScopeStore();
            }

            @Override // org.keycloak.authorization.store.ScopeStore
            public Scope create(String str, ResourceServer resourceServer) {
                return this.delegate.create(str, resourceServer);
            }

            @Override // org.keycloak.authorization.store.ScopeStore
            public Scope create(String str, String str2, ResourceServer resourceServer) {
                return this.delegate.create(str, str2, resourceServer);
            }

            @Override // org.keycloak.authorization.store.ScopeStore
            public void delete(String str) {
                Scope findById = findById(str, null);
                PermissionTicketStore permissionTicketStore = AuthorizationProvider.this.getStoreFactory().getPermissionTicketStore();
                Iterator<PermissionTicket> it = permissionTicketStore.findByScope(str, findById.getResourceServer().getId()).iterator();
                while (it.hasNext()) {
                    permissionTicketStore.delete(it.next().getId());
                }
                this.delegate.delete(str);
            }

            @Override // org.keycloak.authorization.store.ScopeStore
            public Scope findById(String str, String str2) {
                return this.delegate.findById(str, str2);
            }

            @Override // org.keycloak.authorization.store.ScopeStore
            public Scope findByName(String str, String str2) {
                return this.delegate.findByName(str, str2);
            }

            @Override // org.keycloak.authorization.store.ScopeStore
            public List<Scope> findByResourceServer(String str) {
                return this.delegate.findByResourceServer(str);
            }

            @Override // org.keycloak.authorization.store.ScopeStore
            public List<Scope> findByResourceServer(Map<String, String[]> map, String str, int i, int i2) {
                return this.delegate.findByResourceServer(map, str, i, i2);
            }
        };
    }

    /* JADX INFO: Access modifiers changed from: private */
    public PolicyStore createPolicyWrapper(final StoreFactory storeFactory) {
        return new PolicyStore() { // from class: org.keycloak.authorization.AuthorizationProvider.3
            PolicyStore policyStore;

            {
                this.policyStore = storeFactory.getPolicyStore();
            }

            @Override // org.keycloak.authorization.store.PolicyStore
            public Policy create(AbstractPolicyRepresentation abstractPolicyRepresentation, ResourceServer resourceServer) {
                Set<String> resources = abstractPolicyRepresentation.getResources();
                if (resources != null) {
                    Stream<String> stream = resources.stream();
                    StoreFactory storeFactory2 = storeFactory;
                    abstractPolicyRepresentation.setResources((Set) stream.map(str -> {
                        Resource findById = storeFactory2.getResourceStore().findById(str, resourceServer.getId());
                        if (findById == null) {
                            findById = storeFactory2.getResourceStore().findByName(str, resourceServer.getId());
                        }
                        if (findById == null) {
                            throw new RuntimeException("Resource [" + str + "] does not exist or is not owned by the resource server.");
                        }
                        return findById.getId();
                    }).collect(Collectors.toSet()));
                }
                Set<String> scopes = abstractPolicyRepresentation.getScopes();
                if (scopes != null) {
                    Stream<String> stream2 = scopes.stream();
                    StoreFactory storeFactory3 = storeFactory;
                    abstractPolicyRepresentation.setScopes((Set) stream2.map(str2 -> {
                        Scope findById = storeFactory3.getScopeStore().findById(str2, resourceServer.getId());
                        if (findById == null) {
                            findById = storeFactory3.getScopeStore().findByName(str2, resourceServer.getId());
                        }
                        if (findById == null) {
                            throw new RuntimeException("Scope [" + str2 + "] does not exist");
                        }
                        return findById.getId();
                    }).collect(Collectors.toSet()));
                }
                Set<String> policies = abstractPolicyRepresentation.getPolicies();
                if (policies != null) {
                    Stream<String> stream3 = policies.stream();
                    StoreFactory storeFactory4 = storeFactory;
                    abstractPolicyRepresentation.setPolicies((Set) stream3.map(str3 -> {
                        Policy findById = storeFactory4.getPolicyStore().findById(str3, resourceServer.getId());
                        if (findById == null) {
                            findById = storeFactory4.getPolicyStore().findByName(str3, resourceServer.getId());
                        }
                        if (findById == null) {
                            throw new RuntimeException("Policy [" + str3 + "] does not exist");
                        }
                        return findById.getId();
                    }).collect(Collectors.toSet()));
                }
                return RepresentationToModel.toModel(abstractPolicyRepresentation, AuthorizationProvider.this, this.policyStore.create(abstractPolicyRepresentation, resourceServer));
            }

            @Override // org.keycloak.authorization.store.PolicyStore
            public void delete(String str) {
                Policy findById = findById(str, null);
                if (findById != null) {
                    findDependentPolicies(findById.getId(), findById.getResourceServer().getId()).forEach(policy -> {
                        policy.removeAssociatedPolicy(findById);
                        if (policy.getAssociatedPolicies().isEmpty()) {
                            delete(policy.getId());
                        }
                    });
                    this.policyStore.delete(str);
                }
            }

            @Override // org.keycloak.authorization.store.PolicyStore
            public Policy findById(String str, String str2) {
                return this.policyStore.findById(str, str2);
            }

            @Override // org.keycloak.authorization.store.PolicyStore
            public Policy findByName(String str, String str2) {
                return this.policyStore.findByName(str, str2);
            }

            @Override // org.keycloak.authorization.store.PolicyStore
            public List<Policy> findByResourceServer(String str) {
                return this.policyStore.findByResourceServer(str);
            }

            @Override // org.keycloak.authorization.store.PolicyStore
            public List<Policy> findByResourceServer(Map<String, String[]> map, String str, int i, int i2) {
                return this.policyStore.findByResourceServer(map, str, i, i2);
            }

            @Override // org.keycloak.authorization.store.PolicyStore
            public List<Policy> findByResource(String str, String str2) {
                return this.policyStore.findByResource(str, str2);
            }

            @Override // org.keycloak.authorization.store.PolicyStore
            public void findByResource(String str, String str2, Consumer<Policy> consumer) {
                this.policyStore.findByResource(str, str2, consumer);
            }

            @Override // org.keycloak.authorization.store.PolicyStore
            public List<Policy> findByResourceType(String str, String str2) {
                return this.policyStore.findByResourceType(str, str2);
            }

            @Override // org.keycloak.authorization.store.PolicyStore
            public List<Policy> findByScopeIds(List<String> list, String str) {
                return this.policyStore.findByScopeIds(list, str);
            }

            @Override // org.keycloak.authorization.store.PolicyStore
            public List<Policy> findByScopeIds(List<String> list, String str, String str2) {
                return this.policyStore.findByScopeIds(list, str, str2);
            }

            @Override // org.keycloak.authorization.store.PolicyStore
            public void findByScopeIds(List<String> list, String str, String str2, Consumer<Policy> consumer) {
                this.policyStore.findByScopeIds(list, str, str2, consumer);
            }

            @Override // org.keycloak.authorization.store.PolicyStore
            public List<Policy> findByType(String str, String str2) {
                return this.policyStore.findByType(str, str2);
            }

            @Override // org.keycloak.authorization.store.PolicyStore
            public List<Policy> findDependentPolicies(String str, String str2) {
                return this.policyStore.findDependentPolicies(str, str2);
            }

            @Override // org.keycloak.authorization.store.PolicyStore
            public void findByResourceType(String str, String str2, Consumer<Policy> consumer) {
                this.policyStore.findByResourceType(str, str2, consumer);
            }
        };
    }

    /* JADX INFO: Access modifiers changed from: private */
    public ResourceStore createResourceStoreWrapper(final StoreFactory storeFactory) {
        return new ResourceStore() { // from class: org.keycloak.authorization.AuthorizationProvider.4
            ResourceStore delegate;

            {
                this.delegate = storeFactory.getResourceStore();
            }

            @Override // org.keycloak.authorization.store.ResourceStore
            public Resource create(String str, ResourceServer resourceServer, String str2) {
                return this.delegate.create(str, resourceServer, str2);
            }

            @Override // org.keycloak.authorization.store.ResourceStore
            public Resource create(String str, String str2, ResourceServer resourceServer, String str3) {
                return this.delegate.create(str, str2, resourceServer, str3);
            }

            @Override // org.keycloak.authorization.store.ResourceStore
            public void delete(String str) {
                Resource findById = findById(str, null);
                StoreFactory storeFactory2 = AuthorizationProvider.this.getStoreFactory();
                PermissionTicketStore permissionTicketStore = storeFactory2.getPermissionTicketStore();
                Iterator<PermissionTicket> it = permissionTicketStore.findByResource(str, findById.getResourceServer().getId()).iterator();
                while (it.hasNext()) {
                    permissionTicketStore.delete(it.next().getId());
                }
                PolicyStore policyStore = storeFactory2.getPolicyStore();
                for (Policy policy : policyStore.findByResource(str, findById.getResourceServer().getId())) {
                    if (policy.getResources().size() == 1) {
                        policyStore.delete(policy.getId());
                    } else {
                        policy.removeResource(findById);
                    }
                }
                this.delegate.delete(str);
            }

            @Override // org.keycloak.authorization.store.ResourceStore
            public Resource findById(String str, String str2) {
                return this.delegate.findById(str, str2);
            }

            @Override // org.keycloak.authorization.store.ResourceStore
            public List<Resource> findByOwner(String str, String str2) {
                return this.delegate.findByOwner(str, str2);
            }

            @Override // org.keycloak.authorization.store.ResourceStore
            public void findByOwner(String str, String str2, Consumer<Resource> consumer) {
                this.delegate.findByOwner(str, str2, consumer);
            }

            @Override // org.keycloak.authorization.store.ResourceStore
            public List<Resource> findByOwner(String str, String str2, int i, int i2) {
                return this.delegate.findByOwner(str, str2, i, i2);
            }

            @Override // org.keycloak.authorization.store.ResourceStore
            public List<Resource> findByUri(String str, String str2) {
                return this.delegate.findByUri(str, str2);
            }

            @Override // org.keycloak.authorization.store.ResourceStore
            public List<Resource> findByResourceServer(String str) {
                return this.delegate.findByResourceServer(str);
            }

            @Override // org.keycloak.authorization.store.ResourceStore
            public List<Resource> findByResourceServer(Map<String, String[]> map, String str, int i, int i2) {
                return this.delegate.findByResourceServer(map, str, i, i2);
            }

            @Override // org.keycloak.authorization.store.ResourceStore
            public List<Resource> findByScope(List<String> list, String str) {
                return this.delegate.findByScope(list, str);
            }

            @Override // org.keycloak.authorization.store.ResourceStore
            public void findByScope(List<String> list, String str, Consumer<Resource> consumer) {
                this.delegate.findByScope(list, str, consumer);
            }

            @Override // org.keycloak.authorization.store.ResourceStore
            public Resource findByName(String str, String str2) {
                return this.delegate.findByName(str, str2);
            }

            @Override // org.keycloak.authorization.store.ResourceStore
            public Resource findByName(String str, String str2, String str3) {
                return this.delegate.findByName(str, str2, str3);
            }

            @Override // org.keycloak.authorization.store.ResourceStore
            public List<Resource> findByType(String str, String str2) {
                return this.delegate.findByType(str, str2);
            }

            @Override // org.keycloak.authorization.store.ResourceStore
            public void findByType(String str, String str2, Consumer<Resource> consumer) {
                this.delegate.findByType(str, str2, consumer);
            }

            @Override // org.keycloak.authorization.store.ResourceStore
            public void findByType(String str, String str2, String str3, Consumer<Resource> consumer) {
                this.delegate.findByType(str, str2, str3, consumer);
            }

            @Override // org.keycloak.authorization.store.ResourceStore
            public List<Resource> findByType(String str, String str2, String str3) {
                return this.delegate.findByType(str, str3);
            }

            @Override // org.keycloak.authorization.store.ResourceStore
            public List<Resource> findByTypeInstance(String str, String str2) {
                return this.delegate.findByTypeInstance(str, str2);
            }

            @Override // org.keycloak.authorization.store.ResourceStore
            public void findByTypeInstance(String str, String str2, Consumer<Resource> consumer) {
                this.delegate.findByTypeInstance(str, str2, consumer);
            }
        };
    }
}
