package org.keycloak.authorization.jpa.store;

import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import javax.persistence.EntityManager;
import javax.persistence.FlushModeType;
import javax.persistence.LockModeType;
import javax.persistence.TypedQuery;
import javax.persistence.criteria.CriteriaBuilder;
import javax.persistence.criteria.CriteriaQuery;
import javax.persistence.criteria.Predicate;
import javax.persistence.criteria.Root;
import org.keycloak.authorization.AuthorizationProvider;
import org.keycloak.authorization.jpa.entities.PermissionTicketEntity;
import org.keycloak.authorization.model.PermissionTicket;
import org.keycloak.authorization.model.Resource;
import org.keycloak.authorization.model.ResourceServer;
import org.keycloak.authorization.store.PermissionTicketStore;
import org.keycloak.authorization.store.ResourceStore;
import org.keycloak.models.utils.KeycloakModelUtils;
import org.springframework.aop.framework.autoproxy.target.QuickTargetSourceCreator;

/* loaded from: input_file:BOOT-INF/lib/keycloak-model-jpa-11.0.2.jar:org/keycloak/authorization/jpa/store/JPAPermissionTicketStore.class */
public class JPAPermissionTicketStore implements PermissionTicketStore {
    private final EntityManager entityManager;
    private final AuthorizationProvider provider;

    public JPAPermissionTicketStore(EntityManager entityManager, AuthorizationProvider authorizationProvider) {
        this.entityManager = entityManager;
        this.provider = authorizationProvider;
    }

    @Override // org.keycloak.authorization.store.PermissionTicketStore
    public PermissionTicket create(String str, String str2, String str3, ResourceServer resourceServer) {
        PermissionTicketEntity permissionTicketEntity = new PermissionTicketEntity();
        permissionTicketEntity.setId(KeycloakModelUtils.generateId());
        permissionTicketEntity.setResource(ResourceAdapter.toEntity(this.entityManager, this.provider.getStoreFactory().getResourceStore().findById(str, resourceServer.getId())));
        permissionTicketEntity.setRequester(str3);
        permissionTicketEntity.setCreatedTimestamp(Long.valueOf(System.currentTimeMillis()));
        if (str2 != null) {
            permissionTicketEntity.setScope(ScopeAdapter.toEntity(this.entityManager, this.provider.getStoreFactory().getScopeStore().findById(str2, resourceServer.getId())));
        }
        permissionTicketEntity.setOwner(permissionTicketEntity.getResource().getOwner());
        permissionTicketEntity.setResourceServer(ResourceServerAdapter.toEntity(this.entityManager, resourceServer));
        this.entityManager.persist(permissionTicketEntity);
        this.entityManager.flush();
        return new PermissionTicketAdapter(permissionTicketEntity, this.entityManager, this.provider.getStoreFactory());
    }

    @Override // org.keycloak.authorization.store.PermissionTicketStore
    public void delete(String str) {
        PermissionTicketEntity permissionTicketEntity = (PermissionTicketEntity) this.entityManager.find(PermissionTicketEntity.class, str, LockModeType.PESSIMISTIC_WRITE);
        if (permissionTicketEntity != null) {
            this.entityManager.remove(permissionTicketEntity);
        }
    }

    @Override // org.keycloak.authorization.store.PermissionTicketStore
    public PermissionTicket findById(String str, String str2) {
        PermissionTicketEntity permissionTicketEntity;
        if (str == null || (permissionTicketEntity = (PermissionTicketEntity) this.entityManager.find(PermissionTicketEntity.class, str)) == null) {
            return null;
        }
        return new PermissionTicketAdapter(permissionTicketEntity, this.entityManager, this.provider.getStoreFactory());
    }

    @Override // org.keycloak.authorization.store.PermissionTicketStore
    public List<PermissionTicket> findByResourceServer(String str) {
        TypedQuery createNamedQuery = this.entityManager.createNamedQuery("findPolicyIdByServerId", String.class);
        createNamedQuery.setParameter("serverId", (Object) str);
        List resultList = createNamedQuery.getResultList();
        LinkedList linkedList = new LinkedList();
        PermissionTicketStore permissionTicketStore = this.provider.getStoreFactory().getPermissionTicketStore();
        Iterator it = resultList.iterator();
        while (it.hasNext()) {
            PermissionTicket findById = permissionTicketStore.findById((String) it.next(), str);
            if (Objects.nonNull(findById)) {
                linkedList.add(findById);
            }
        }
        return linkedList;
    }

    @Override // org.keycloak.authorization.store.PermissionTicketStore
    public List<PermissionTicket> findByResource(String str, String str2) {
        TypedQuery createNamedQuery = this.entityManager.createNamedQuery("findPermissionIdByResource", String.class);
        createNamedQuery.setFlushMode(FlushModeType.COMMIT);
        createNamedQuery.setParameter("resourceId", (Object) str);
        createNamedQuery.setParameter("serverId", (Object) str2);
        List resultList = createNamedQuery.getResultList();
        LinkedList linkedList = new LinkedList();
        PermissionTicketStore permissionTicketStore = this.provider.getStoreFactory().getPermissionTicketStore();
        Iterator it = resultList.iterator();
        while (it.hasNext()) {
            PermissionTicket findById = permissionTicketStore.findById((String) it.next(), str2);
            if (Objects.nonNull(findById)) {
                linkedList.add(findById);
            }
        }
        return linkedList;
    }

    @Override // org.keycloak.authorization.store.PermissionTicketStore
    public List<PermissionTicket> findByScope(String str, String str2) {
        if (str == null) {
            return Collections.emptyList();
        }
        TypedQuery createNamedQuery = this.entityManager.createNamedQuery("findPermissionIdByScope", String.class);
        createNamedQuery.setFlushMode(FlushModeType.COMMIT);
        createNamedQuery.setParameter("scopeId", (Object) str);
        createNamedQuery.setParameter("serverId", (Object) str2);
        List resultList = createNamedQuery.getResultList();
        LinkedList linkedList = new LinkedList();
        PermissionTicketStore permissionTicketStore = this.provider.getStoreFactory().getPermissionTicketStore();
        Iterator it = resultList.iterator();
        while (it.hasNext()) {
            PermissionTicket findById = permissionTicketStore.findById((String) it.next(), str2);
            if (Objects.nonNull(findById)) {
                linkedList.add(findById);
            }
        }
        return linkedList;
    }

    @Override // org.keycloak.authorization.store.PermissionTicketStore
    public List<PermissionTicket> find(Map<String, String> map, String str, int i, int i2) {
        CriteriaBuilder criteriaBuilder = this.entityManager.getCriteriaBuilder();
        CriteriaQuery createQuery = criteriaBuilder.createQuery(PermissionTicketEntity.class);
        Root<X> from = createQuery.from(PermissionTicketEntity.class);
        createQuery.select(from.get("id"));
        ArrayList arrayList = new ArrayList();
        if (str != null) {
            arrayList.add(criteriaBuilder.equal(from.get("resourceServer").get("id"), str));
        }
        map.forEach((str2, str3) -> {
            if ("id".equals(str2)) {
                arrayList.add(from.get(str2).in(str3));
                return;
            }
            if (PermissionTicket.SCOPE.equals(str2)) {
                arrayList.add(from.join("scope").get("id").in(str3));
                return;
            }
            if (PermissionTicket.SCOPE_IS_NULL.equals(str2)) {
                if (Boolean.valueOf(str3).booleanValue()) {
                    arrayList.add(criteriaBuilder.isNull(from.get("scope")));
                    return;
                } else {
                    arrayList.add(criteriaBuilder.isNotNull(from.get("scope")));
                    return;
                }
            }
            if (PermissionTicket.RESOURCE.equals(str2)) {
                arrayList.add(from.join("resource").get("id").in(str3));
                return;
            }
            if (PermissionTicket.RESOURCE_NAME.equals(str2)) {
                arrayList.add(from.join("resource").get("name").in(str3));
                return;
            }
            if (PermissionTicket.OWNER.equals(str2)) {
                arrayList.add(criteriaBuilder.equal(from.get(PermissionTicket.OWNER), str3));
                return;
            }
            if (PermissionTicket.REQUESTER.equals(str2)) {
                arrayList.add(criteriaBuilder.equal(from.get(PermissionTicket.REQUESTER), str3));
                return;
            }
            if (PermissionTicket.GRANTED.equals(str2)) {
                if (Boolean.valueOf(str3).booleanValue()) {
                    arrayList.add(criteriaBuilder.isNotNull(from.get("grantedTimestamp")));
                    return;
                } else {
                    arrayList.add(criteriaBuilder.isNull(from.get("grantedTimestamp")));
                    return;
                }
            }
            if (PermissionTicket.REQUESTER_IS_NULL.equals(str2)) {
                arrayList.add(criteriaBuilder.isNull(from.get(PermissionTicket.REQUESTER)));
            } else if (PermissionTicket.POLICY_IS_NOT_NULL.equals(str2)) {
                arrayList.add(criteriaBuilder.isNotNull(from.get(PermissionTicket.POLICY)));
            } else {
                if (!PermissionTicket.POLICY.equals(str2)) {
                    throw new RuntimeException("Unsupported filter [" + str2 + "]");
                }
                arrayList.add(from.join(PermissionTicket.POLICY).get("id").in(str3));
            }
        });
        createQuery.where((Predicate[]) arrayList.toArray(new Predicate[arrayList.size()])).orderBy(criteriaBuilder.asc(from.get("id")));
        TypedQuery createQuery2 = this.entityManager.createQuery(createQuery);
        if (i != -1) {
            createQuery2.setFirstResult(i);
        }
        if (i2 != -1) {
            createQuery2.setMaxResults(i2);
        }
        List resultList = createQuery2.getResultList();
        LinkedList linkedList = new LinkedList();
        PermissionTicketStore permissionTicketStore = this.provider.getStoreFactory().getPermissionTicketStore();
        Iterator it = resultList.iterator();
        while (it.hasNext()) {
            PermissionTicket findById = permissionTicketStore.findById((String) it.next(), str);
            if (Objects.nonNull(findById)) {
                linkedList.add(findById);
            }
        }
        return linkedList;
    }

    @Override // org.keycloak.authorization.store.PermissionTicketStore
    public List<PermissionTicket> findGranted(String str, String str2) {
        HashMap hashMap = new HashMap();
        hashMap.put(PermissionTicket.GRANTED, Boolean.TRUE.toString());
        hashMap.put(PermissionTicket.REQUESTER, str);
        return find(hashMap, str2, -1, -1);
    }

    @Override // org.keycloak.authorization.store.PermissionTicketStore
    public List<PermissionTicket> findGranted(String str, String str2, String str3) {
        HashMap hashMap = new HashMap();
        hashMap.put(PermissionTicket.RESOURCE_NAME, str);
        hashMap.put(PermissionTicket.GRANTED, Boolean.TRUE.toString());
        hashMap.put(PermissionTicket.REQUESTER, str2);
        return find(hashMap, str3, -1, -1);
    }

    @Override // org.keycloak.authorization.store.PermissionTicketStore
    public List<Resource> findGrantedResources(String str, String str2, int i, int i2) {
        TypedQuery createNamedQuery = str2 == null ? this.entityManager.createNamedQuery("findGrantedResources", String.class) : this.entityManager.createNamedQuery("findGrantedResourcesByName", String.class);
        createNamedQuery.setFlushMode(FlushModeType.COMMIT);
        createNamedQuery.setParameter(PermissionTicket.REQUESTER, (Object) str);
        if (str2 != null) {
            createNamedQuery.setParameter("resourceName", (Object) (QuickTargetSourceCreator.PREFIX_THREAD_LOCAL + str2.toLowerCase() + QuickTargetSourceCreator.PREFIX_THREAD_LOCAL));
        }
        if (i > -1 && i2 > -1) {
            createNamedQuery.setFirstResult(i);
            createNamedQuery.setMaxResults(i2);
        }
        List resultList = createNamedQuery.getResultList();
        LinkedList linkedList = new LinkedList();
        ResourceStore resourceStore = this.provider.getStoreFactory().getResourceStore();
        Iterator it = resultList.iterator();
        while (it.hasNext()) {
            Resource findById = resourceStore.findById((String) it.next(), null);
            if (Objects.nonNull(findById)) {
                linkedList.add(findById);
            }
        }
        return linkedList;
    }

    @Override // org.keycloak.authorization.store.PermissionTicketStore
    public List<Resource> findGrantedOwnerResources(String str, int i, int i2) {
        TypedQuery createNamedQuery = this.entityManager.createNamedQuery("findGrantedOwnerResources", String.class);
        createNamedQuery.setFlushMode(FlushModeType.COMMIT);
        createNamedQuery.setParameter(PermissionTicket.OWNER, (Object) str);
        if (i > -1 && i2 > -1) {
            createNamedQuery.setFirstResult(i);
            createNamedQuery.setMaxResults(i2);
        }
        List resultList = createNamedQuery.getResultList();
        LinkedList linkedList = new LinkedList();
        ResourceStore resourceStore = this.provider.getStoreFactory().getResourceStore();
        Iterator it = resultList.iterator();
        while (it.hasNext()) {
            Resource findById = resourceStore.findById((String) it.next(), null);
            if (Objects.nonNull(findById)) {
                linkedList.add(findById);
            }
        }
        return linkedList;
    }

    @Override // org.keycloak.authorization.store.PermissionTicketStore
    public List<PermissionTicket> findByOwner(String str, String str2) {
        TypedQuery createNamedQuery = this.entityManager.createNamedQuery("findPolicyIdByType", String.class);
        createNamedQuery.setFlushMode(FlushModeType.COMMIT);
        createNamedQuery.setParameter("serverId", (Object) str2);
        createNamedQuery.setParameter(PermissionTicket.OWNER, (Object) str);
        List resultList = createNamedQuery.getResultList();
        LinkedList linkedList = new LinkedList();
        PermissionTicketStore permissionTicketStore = this.provider.getStoreFactory().getPermissionTicketStore();
        Iterator it = resultList.iterator();
        while (it.hasNext()) {
            PermissionTicket findById = permissionTicketStore.findById((String) it.next(), str2);
            if (Objects.nonNull(findById)) {
                linkedList.add(findById);
            }
        }
        return linkedList;
    }
}
