package org.keycloak.authorization.policy.provider.permission;

import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import java.util.stream.Collectors;
import org.keycloak.Config;
import org.keycloak.authorization.AuthorizationProvider;
import org.keycloak.authorization.model.Policy;
import org.keycloak.authorization.policy.provider.PolicyProvider;
import org.keycloak.authorization.policy.provider.PolicyProviderFactory;
import org.keycloak.authorization.store.PolicyStore;
import org.keycloak.models.ClientModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.KeycloakSessionFactory;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleModel;
import org.keycloak.models.utils.KeycloakModelUtils;
import org.keycloak.models.utils.ModelToRepresentation;
import org.keycloak.models.utils.RepresentationToModel;
import org.keycloak.representations.idm.authorization.AbstractPolicyRepresentation;
import org.keycloak.representations.idm.authorization.ClientPolicyRepresentation;
import org.keycloak.representations.idm.authorization.GroupPolicyRepresentation;
import org.keycloak.representations.idm.authorization.JSPolicyRepresentation;
import org.keycloak.representations.idm.authorization.PolicyRepresentation;
import org.keycloak.representations.idm.authorization.RolePolicyRepresentation;
import org.keycloak.representations.idm.authorization.UmaPermissionRepresentation;
import org.keycloak.representations.idm.authorization.UserPolicyRepresentation;

/* loaded from: input_file:BOOT-INF/lib/keycloak-authz-policy-common-11.0.2.jar:org/keycloak/authorization/policy/provider/permission/UMAPolicyProviderFactory.class */
public class UMAPolicyProviderFactory implements PolicyProviderFactory<UmaPermissionRepresentation> {
    private UMAPolicyProvider provider = new UMAPolicyProvider();

    @Override // org.keycloak.authorization.policy.provider.PolicyProviderFactory
    public String getName() {
        return "UMA";
    }

    @Override // org.keycloak.authorization.policy.provider.PolicyProviderFactory
    public String getGroup() {
        return "Others";
    }

    @Override // org.keycloak.authorization.policy.provider.PolicyProviderFactory
    public boolean isInternal() {
        return true;
    }

    @Override // org.keycloak.authorization.policy.provider.PolicyProviderFactory
    public PolicyProvider create(AuthorizationProvider authorizationProvider) {
        return this.provider;
    }

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // org.keycloak.provider.ProviderFactory
    /* renamed from: create */
    public PolicyProvider create2(KeycloakSession keycloakSession) {
        return this.provider;
    }

    @Override // org.keycloak.authorization.policy.provider.PolicyProviderFactory
    public void onCreate(Policy policy, UmaPermissionRepresentation umaPermissionRepresentation, AuthorizationProvider authorizationProvider) {
        policy.setOwner(umaPermissionRepresentation.getOwner());
        PolicyStore policyStore = authorizationProvider.getStoreFactory().getPolicyStore();
        Set<String> roles = umaPermissionRepresentation.getRoles();
        if (roles != null) {
            Iterator<String> it = roles.iterator();
            while (it.hasNext()) {
                createRolePolicy(policy, policyStore, it.next(), umaPermissionRepresentation.getOwner());
            }
        }
        Set<String> groups = umaPermissionRepresentation.getGroups();
        if (groups != null) {
            Iterator<String> it2 = groups.iterator();
            while (it2.hasNext()) {
                createGroupPolicy(policy, policyStore, it2.next(), umaPermissionRepresentation.getOwner());
            }
        }
        Set<String> clients = umaPermissionRepresentation.getClients();
        if (clients != null) {
            Iterator<String> it3 = clients.iterator();
            while (it3.hasNext()) {
                createClientPolicy(policy, policyStore, it3.next(), umaPermissionRepresentation.getOwner());
            }
        }
        Set<String> users = umaPermissionRepresentation.getUsers();
        if (users != null) {
            Iterator<String> it4 = users.iterator();
            while (it4.hasNext()) {
                createUserPolicy(policy, policyStore, it4.next(), umaPermissionRepresentation.getOwner());
            }
        }
        String condition = umaPermissionRepresentation.getCondition();
        if (condition != null) {
            createJSPolicy(policy, policyStore, condition, umaPermissionRepresentation.getOwner());
        }
    }

    @Override // org.keycloak.authorization.policy.provider.PolicyProviderFactory
    public void onUpdate(Policy policy, UmaPermissionRepresentation umaPermissionRepresentation, AuthorizationProvider authorizationProvider) {
        PolicyStore policyStore = authorizationProvider.getStoreFactory().getPolicyStore();
        Set<Policy> associatedPolicies = policy.getAssociatedPolicies();
        for (Policy policy2 : associatedPolicies) {
            AbstractPolicyRepresentation representation = ModelToRepresentation.toRepresentation(policy2, authorizationProvider, false, false);
            if ("role".equals(representation.getType())) {
                RolePolicyRepresentation rolePolicyRepresentation = (RolePolicyRepresentation) RolePolicyRepresentation.class.cast(representation);
                rolePolicyRepresentation.setRoles(new HashSet());
                Set<String> roles = umaPermissionRepresentation.getRoles();
                if (roles != null) {
                    Iterator<String> it = roles.iterator();
                    while (it.hasNext()) {
                        rolePolicyRepresentation.addRole(it.next());
                    }
                }
                if (rolePolicyRepresentation.getRoles().isEmpty()) {
                    policyStore.delete(policy2.getId());
                } else {
                    RepresentationToModel.toModel(rolePolicyRepresentation, authorizationProvider, policy2);
                }
            } else if ("js".equals(representation.getType())) {
                JSPolicyRepresentation jSPolicyRepresentation = (JSPolicyRepresentation) JSPolicyRepresentation.class.cast(representation);
                if (umaPermissionRepresentation.getCondition() != null) {
                    jSPolicyRepresentation.setCode(umaPermissionRepresentation.getCondition());
                    RepresentationToModel.toModel(jSPolicyRepresentation, authorizationProvider, policy2);
                } else {
                    policyStore.delete(policy2.getId());
                }
            } else if ("group".equals(representation.getType())) {
                GroupPolicyRepresentation groupPolicyRepresentation = (GroupPolicyRepresentation) GroupPolicyRepresentation.class.cast(representation);
                groupPolicyRepresentation.setGroups(new HashSet());
                Set<String> groups = umaPermissionRepresentation.getGroups();
                if (groups != null) {
                    Iterator<String> it2 = groups.iterator();
                    while (it2.hasNext()) {
                        groupPolicyRepresentation.addGroupPath(it2.next());
                    }
                }
                if (groupPolicyRepresentation.getGroups().isEmpty()) {
                    policyStore.delete(policy2.getId());
                } else {
                    RepresentationToModel.toModel(groupPolicyRepresentation, authorizationProvider, policy2);
                }
            } else if ("client".equals(representation.getType())) {
                ClientPolicyRepresentation clientPolicyRepresentation = (ClientPolicyRepresentation) ClientPolicyRepresentation.class.cast(representation);
                clientPolicyRepresentation.setClients(new HashSet());
                Set<String> clients = umaPermissionRepresentation.getClients();
                if (clients != null) {
                    Iterator<String> it3 = clients.iterator();
                    while (it3.hasNext()) {
                        clientPolicyRepresentation.addClient(it3.next());
                    }
                }
                if (clientPolicyRepresentation.getClients().isEmpty()) {
                    policyStore.delete(policy2.getId());
                } else {
                    RepresentationToModel.toModel(clientPolicyRepresentation, authorizationProvider, policy2);
                }
            } else if ("user".equals(representation.getType())) {
                UserPolicyRepresentation userPolicyRepresentation = (UserPolicyRepresentation) UserPolicyRepresentation.class.cast(representation);
                userPolicyRepresentation.setUsers(new HashSet());
                Set<String> users = umaPermissionRepresentation.getUsers();
                if (users != null) {
                    Iterator<String> it4 = users.iterator();
                    while (it4.hasNext()) {
                        userPolicyRepresentation.addUser(it4.next());
                    }
                }
                if (userPolicyRepresentation.getUsers().isEmpty()) {
                    policyStore.delete(policy2.getId());
                } else {
                    RepresentationToModel.toModel(userPolicyRepresentation, authorizationProvider, policy2);
                }
            }
        }
        Set<String> roles2 = umaPermissionRepresentation.getRoles();
        if (roles2 != null) {
            boolean z = true;
            Iterator<Policy> it5 = associatedPolicies.iterator();
            while (it5.hasNext()) {
                if ("role".equals(it5.next().getType())) {
                    z = false;
                }
            }
            if (z) {
                Iterator<String> it6 = roles2.iterator();
                while (it6.hasNext()) {
                    createRolePolicy(policy, policyStore, it6.next(), policy.getOwner());
                }
            }
        }
        Set<String> groups2 = umaPermissionRepresentation.getGroups();
        if (groups2 != null) {
            boolean z2 = true;
            Iterator<Policy> it7 = associatedPolicies.iterator();
            while (it7.hasNext()) {
                if ("group".equals(it7.next().getType())) {
                    z2 = false;
                }
            }
            if (z2) {
                Iterator<String> it8 = groups2.iterator();
                while (it8.hasNext()) {
                    createGroupPolicy(policy, policyStore, it8.next(), policy.getOwner());
                }
            }
        }
        Set<String> clients2 = umaPermissionRepresentation.getClients();
        if (clients2 != null) {
            boolean z3 = true;
            Iterator<Policy> it9 = associatedPolicies.iterator();
            while (it9.hasNext()) {
                if ("client".equals(it9.next().getType())) {
                    z3 = false;
                }
            }
            if (z3) {
                Iterator<String> it10 = clients2.iterator();
                while (it10.hasNext()) {
                    createClientPolicy(policy, policyStore, it10.next(), policy.getOwner());
                }
            }
        }
        Set<String> users2 = umaPermissionRepresentation.getUsers();
        if (users2 != null) {
            boolean z4 = true;
            Iterator<Policy> it11 = associatedPolicies.iterator();
            while (it11.hasNext()) {
                if ("user".equals(it11.next().getType())) {
                    z4 = false;
                }
            }
            if (z4) {
                Iterator<String> it12 = users2.iterator();
                while (it12.hasNext()) {
                    createUserPolicy(policy, policyStore, it12.next(), policy.getOwner());
                }
            }
        }
        String condition = umaPermissionRepresentation.getCondition();
        if (condition != null) {
            boolean z5 = true;
            Iterator<Policy> it13 = associatedPolicies.iterator();
            while (it13.hasNext()) {
                if ("js".equals(it13.next().getType())) {
                    z5 = false;
                }
            }
            if (z5) {
                createJSPolicy(policy, policyStore, condition, policy.getOwner());
            }
        }
    }

    @Override // org.keycloak.authorization.policy.provider.PolicyProviderFactory
    public void onImport(Policy policy, PolicyRepresentation policyRepresentation, AuthorizationProvider authorizationProvider) {
    }

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // org.keycloak.authorization.policy.provider.PolicyProviderFactory
    public UmaPermissionRepresentation toRepresentation(Policy policy, AuthorizationProvider authorizationProvider) {
        UmaPermissionRepresentation umaPermissionRepresentation = new UmaPermissionRepresentation();
        umaPermissionRepresentation.setScopes((Set) policy.getScopes().stream().map((v0) -> {
            return v0.getName();
        }).collect(Collectors.toSet()));
        umaPermissionRepresentation.setOwner(policy.getOwner());
        for (Policy policy2 : policy.getAssociatedPolicies()) {
            AbstractPolicyRepresentation representation = ModelToRepresentation.toRepresentation(policy2, authorizationProvider, false, false);
            RealmModel realm = authorizationProvider.getRealm();
            if ("role".equals(representation.getType())) {
                Iterator<RolePolicyRepresentation.RoleDefinition> it = ((RolePolicyRepresentation) RolePolicyRepresentation.class.cast(representation)).getRoles().iterator();
                while (it.hasNext()) {
                    RoleModel roleById = realm.getRoleById(it.next().getId());
                    if (roleById.isClientRole()) {
                        umaPermissionRepresentation.addClientRole(((ClientModel) ClientModel.class.cast(roleById.getContainer())).getClientId(), roleById.getName());
                    } else {
                        umaPermissionRepresentation.addRole(roleById.getName());
                    }
                }
            } else if ("js".equals(representation.getType())) {
                umaPermissionRepresentation.setCondition(((JSPolicyRepresentation) JSPolicyRepresentation.class.cast(representation)).getCode());
            } else if ("group".equals(representation.getType())) {
                Iterator<GroupPolicyRepresentation.GroupDefinition> it2 = ((GroupPolicyRepresentation) GroupPolicyRepresentation.class.cast(representation)).getGroups().iterator();
                while (it2.hasNext()) {
                    umaPermissionRepresentation.addGroup(ModelToRepresentation.buildGroupPath(realm.getGroupById(it2.next().getId())));
                }
            } else if ("client".equals(representation.getType())) {
                Iterator<String> it3 = ((ClientPolicyRepresentation) ClientPolicyRepresentation.class.cast(representation)).getClients().iterator();
                while (it3.hasNext()) {
                    umaPermissionRepresentation.addClient(realm.getClientById(it3.next()).getClientId());
                }
            } else if ("user".equals(policy2.getType())) {
                Iterator<String> it4 = ((UserPolicyRepresentation) UserPolicyRepresentation.class.cast(representation)).getUsers().iterator();
                while (it4.hasNext()) {
                    umaPermissionRepresentation.addUser(authorizationProvider.getKeycloakSession().users().getUserById(it4.next(), realm).getUsername());
                }
            }
        }
        return umaPermissionRepresentation;
    }

    @Override // org.keycloak.authorization.policy.provider.PolicyProviderFactory
    public Class<UmaPermissionRepresentation> getRepresentationType() {
        return UmaPermissionRepresentation.class;
    }

    @Override // org.keycloak.authorization.policy.provider.PolicyProviderFactory
    public void onRemove(Policy policy, AuthorizationProvider authorizationProvider) {
        PolicyStore policyStore = authorizationProvider.getStoreFactory().getPolicyStore();
        Iterator<Policy> it = policy.getAssociatedPolicies().iterator();
        while (it.hasNext()) {
            policyStore.delete(it.next().getId());
        }
    }

    @Override // org.keycloak.provider.ProviderFactory
    public void init(Config.Scope scope) {
    }

    @Override // org.keycloak.provider.ProviderFactory
    public void postInit(KeycloakSessionFactory keycloakSessionFactory) {
    }

    @Override // org.keycloak.provider.ProviderFactory
    public void close() {
    }

    @Override // org.keycloak.provider.ProviderFactory
    public String getId() {
        return "uma";
    }

    private void createJSPolicy(Policy policy, PolicyStore policyStore, String str, String str2) {
        JSPolicyRepresentation jSPolicyRepresentation = new JSPolicyRepresentation();
        jSPolicyRepresentation.setName(KeycloakModelUtils.generateId());
        jSPolicyRepresentation.setCode(str);
        Policy create = policyStore.create(jSPolicyRepresentation, policy.getResourceServer());
        create.setOwner(str2);
        policy.addAssociatedPolicy(create);
    }

    private void createClientPolicy(Policy policy, PolicyStore policyStore, String str, String str2) {
        ClientPolicyRepresentation clientPolicyRepresentation = new ClientPolicyRepresentation();
        clientPolicyRepresentation.setName(KeycloakModelUtils.generateId());
        clientPolicyRepresentation.addClient(str);
        Policy create = policyStore.create(clientPolicyRepresentation, policy.getResourceServer());
        create.setOwner(str2);
        policy.addAssociatedPolicy(create);
    }

    private void createGroupPolicy(Policy policy, PolicyStore policyStore, String str, String str2) {
        GroupPolicyRepresentation groupPolicyRepresentation = new GroupPolicyRepresentation();
        groupPolicyRepresentation.setName(KeycloakModelUtils.generateId());
        groupPolicyRepresentation.addGroupPath(str);
        Policy create = policyStore.create(groupPolicyRepresentation, policy.getResourceServer());
        create.setOwner(str2);
        policy.addAssociatedPolicy(create);
    }

    private void createRolePolicy(Policy policy, PolicyStore policyStore, String str, String str2) {
        RolePolicyRepresentation rolePolicyRepresentation = new RolePolicyRepresentation();
        rolePolicyRepresentation.setName(KeycloakModelUtils.generateId());
        rolePolicyRepresentation.addRole(str, false);
        Policy create = policyStore.create(rolePolicyRepresentation, policy.getResourceServer());
        create.setOwner(str2);
        policy.addAssociatedPolicy(create);
    }

    private void createUserPolicy(Policy policy, PolicyStore policyStore, String str, String str2) {
        UserPolicyRepresentation userPolicyRepresentation = new UserPolicyRepresentation();
        userPolicyRepresentation.setName(KeycloakModelUtils.generateId());
        userPolicyRepresentation.addUser(str);
        Policy create = policyStore.create(userPolicyRepresentation, policy.getResourceServer());
        create.setOwner(str2);
        policy.addAssociatedPolicy(create);
    }
}
