package org.keycloak.authorization.policy.provider.js;

import org.keycloak.Config;
import org.keycloak.authorization.AuthorizationProvider;
import org.keycloak.authorization.model.Policy;
import org.keycloak.authorization.policy.provider.PolicyProvider;
import org.keycloak.authorization.policy.provider.PolicyProviderFactory;
import org.keycloak.common.Profile;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.KeycloakSessionFactory;
import org.keycloak.models.RealmModel;
import org.keycloak.models.ScriptModel;
import org.keycloak.representations.idm.authorization.JSPolicyRepresentation;
import org.keycloak.representations.idm.authorization.PolicyRepresentation;
import org.keycloak.scripting.EvaluatableScriptAdapter;
import org.keycloak.scripting.ScriptingProvider;

/* loaded from: input_file:BOOT-INF/lib/keycloak-authz-policy-common-11.0.2.jar:org/keycloak/authorization/policy/provider/js/JSPolicyProviderFactory.class */
public class JSPolicyProviderFactory implements PolicyProviderFactory<JSPolicyRepresentation> {
    private final JSPolicyProvider provider = new JSPolicyProvider(this::getEvaluatableScript);
    private ScriptCache scriptCache;

    @Override // org.keycloak.authorization.policy.provider.PolicyProviderFactory
    public String getName() {
        return "JavaScript";
    }

    @Override // org.keycloak.authorization.policy.provider.PolicyProviderFactory
    public String getGroup() {
        return "Rule Based";
    }

    @Override // org.keycloak.authorization.policy.provider.PolicyProviderFactory
    public PolicyProvider create(AuthorizationProvider authorizationProvider) {
        return this.provider;
    }

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // org.keycloak.provider.ProviderFactory
    /* renamed from: create */
    public PolicyProvider create2(KeycloakSession keycloakSession) {
        return null;
    }

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // org.keycloak.authorization.policy.provider.PolicyProviderFactory
    public JSPolicyRepresentation toRepresentation(Policy policy, AuthorizationProvider authorizationProvider) {
        JSPolicyRepresentation jSPolicyRepresentation = new JSPolicyRepresentation();
        jSPolicyRepresentation.setCode(policy.getConfig().get("code"));
        return jSPolicyRepresentation;
    }

    @Override // org.keycloak.authorization.policy.provider.PolicyProviderFactory
    public Class<JSPolicyRepresentation> getRepresentationType() {
        return JSPolicyRepresentation.class;
    }

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // org.keycloak.authorization.policy.provider.PolicyProviderFactory
    public void onCreate(Policy policy, JSPolicyRepresentation jSPolicyRepresentation, AuthorizationProvider authorizationProvider) {
        updatePolicy(policy, jSPolicyRepresentation.getCode(), authorizationProvider);
    }

    @Override // org.keycloak.authorization.policy.provider.PolicyProviderFactory
    public void onUpdate(Policy policy, JSPolicyRepresentation jSPolicyRepresentation, AuthorizationProvider authorizationProvider) {
        updatePolicy(policy, jSPolicyRepresentation.getCode(), authorizationProvider);
    }

    @Override // org.keycloak.authorization.policy.provider.PolicyProviderFactory
    public void onImport(Policy policy, PolicyRepresentation policyRepresentation, AuthorizationProvider authorizationProvider) {
        updatePolicy(policy, policyRepresentation.getConfig().get("code"), authorizationProvider);
    }

    @Override // org.keycloak.authorization.policy.provider.PolicyProviderFactory
    public void onRemove(Policy policy, AuthorizationProvider authorizationProvider) {
        this.scriptCache.remove(policy.getId());
    }

    @Override // org.keycloak.provider.ProviderFactory
    public void init(Config.Scope scope) {
        this.scriptCache = new ScriptCache(Integer.parseInt(scope.get("cache-max-entries", "100")), Integer.parseInt(scope.get("cache-entry-max-age", "-1")));
    }

    @Override // org.keycloak.provider.ProviderFactory
    public void postInit(KeycloakSessionFactory keycloakSessionFactory) {
    }

    @Override // org.keycloak.provider.ProviderFactory
    public void close() {
    }

    @Override // org.keycloak.provider.ProviderFactory
    public String getId() {
        return "js";
    }

    @Override // org.keycloak.authorization.policy.provider.PolicyProviderFactory
    public boolean isInternal() {
        return !Profile.isFeatureEnabled(Profile.Feature.UPLOAD_SCRIPTS);
    }

    private EvaluatableScriptAdapter getEvaluatableScript(AuthorizationProvider authorizationProvider, Policy policy) {
        return this.scriptCache.computeIfAbsent(policy.getId(), str -> {
            ScriptingProvider scriptingProvider = (ScriptingProvider) authorizationProvider.getKeycloakSession().getProvider(ScriptingProvider.class);
            return scriptingProvider.prepareEvaluatableScript(getScriptModel(policy, authorizationProvider.getRealm(), scriptingProvider));
        });
    }

    protected ScriptModel getScriptModel(Policy policy, RealmModel realmModel, ScriptingProvider scriptingProvider) {
        return scriptingProvider.createScript(realmModel.getId(), ScriptModel.TEXT_JAVASCRIPT, policy.getName(), policy.getConfig().get("code"), policy.getDescription());
    }

    private void updatePolicy(Policy policy, String str, AuthorizationProvider authorizationProvider) {
        this.scriptCache.remove(policy.getId());
        if (!Profile.isFeatureEnabled(Profile.Feature.UPLOAD_SCRIPTS) && !((Boolean) authorizationProvider.getKeycloakSession().getAttributeOrDefault("ALLOW_CREATE_POLICY", false)).booleanValue() && !isDeployed()) {
            throw new RuntimeException("Script upload is disabled");
        }
        policy.putConfig("code", str);
    }

    protected boolean isDeployed() {
        return false;
    }
}
