package org.keycloak.authorization;

import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import java.util.function.Consumer;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.keycloak.authorization.model.PermissionTicket;
import org.keycloak.authorization.model.Policy;
import org.keycloak.authorization.model.Resource;
import org.keycloak.authorization.model.ResourceServer;
import org.keycloak.authorization.model.Scope;
import org.keycloak.authorization.permission.evaluator.Evaluators;
import org.keycloak.authorization.policy.evaluation.PolicyEvaluator;
import org.keycloak.authorization.policy.provider.PolicyProvider;
import org.keycloak.authorization.policy.provider.PolicyProviderFactory;
import org.keycloak.authorization.store.PermissionTicketStore;
import org.keycloak.authorization.store.PolicyStore;
import org.keycloak.authorization.store.ResourceServerStore;
import org.keycloak.authorization.store.ResourceStore;
import org.keycloak.authorization.store.ScopeStore;
import org.keycloak.authorization.store.StoreFactory;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.cache.authorization.CachedStoreFactoryProvider;
import org.keycloak.models.utils.RepresentationToModel;
import org.keycloak.provider.Provider;
import org.keycloak.representations.idm.authorization.AbstractPolicyRepresentation;

/* loaded from: input_file:org/keycloak/authorization/AuthorizationProvider.class */
public final class AuthorizationProvider implements Provider {
    private final PolicyEvaluator policyEvaluator;
    private StoreFactory storeFactory;
    private StoreFactory storeFactoryDelegate;
    private final KeycloakSession keycloakSession;
    private final RealmModel realm;

    public AuthorizationProvider(KeycloakSession keycloakSession, RealmModel realmModel, PolicyEvaluator policyEvaluator) {
        this.keycloakSession = keycloakSession;
        this.realm = realmModel;
        this.policyEvaluator = policyEvaluator;
    }

    public Evaluators evaluators() {
        return new Evaluators(this);
    }

    public StoreFactory getStoreFactory() {
        if (this.storeFactory != null) {
            return this.storeFactory;
        }
        this.storeFactory = (StoreFactory) this.keycloakSession.getProvider(CachedStoreFactoryProvider.class);
        if (this.storeFactory == null) {
            this.storeFactory = getLocalStoreFactory();
        }
        this.storeFactory = createStoreFactory(this.storeFactory);
        return this.storeFactory;
    }

    public StoreFactory getLocalStoreFactory() {
        if (this.storeFactoryDelegate != null) {
            return this.storeFactoryDelegate;
        }
        this.storeFactoryDelegate = (StoreFactory) this.keycloakSession.getProvider(StoreFactory.class);
        return this.storeFactoryDelegate;
    }

    public Stream<PolicyProviderFactory> getProviderFactoriesStream() {
        Stream providerFactoriesStream = this.keycloakSession.getKeycloakSessionFactory().getProviderFactoriesStream(PolicyProvider.class);
        Class<PolicyProviderFactory> cls = PolicyProviderFactory.class;
        Objects.requireNonNull(PolicyProviderFactory.class);
        return providerFactoriesStream.map((v1) -> {
            return r1.cast(v1);
        });
    }

    public PolicyProviderFactory getProviderFactory(String str) {
        return (PolicyProviderFactory) this.keycloakSession.getKeycloakSessionFactory().getProviderFactory(PolicyProvider.class, str);
    }

    public <P extends PolicyProvider> P getProvider(String str) {
        PolicyProviderFactory providerFactory = getProviderFactory(str);
        if (providerFactory == null) {
            return null;
        }
        return (P) providerFactory.create(this);
    }

    public KeycloakSession getKeycloakSession() {
        return this.keycloakSession;
    }

    public RealmModel getRealm() {
        return this.realm;
    }

    public PolicyEvaluator getPolicyEvaluator() {
        return this.policyEvaluator;
    }

    public void close() {
    }

    private StoreFactory createStoreFactory(final StoreFactory storeFactory) {
        return new StoreFactory() { // from class: org.keycloak.authorization.AuthorizationProvider.1
            ResourceStore resourceStore;
            ScopeStore scopeStore;
            PolicyStore policyStore;

            @Override // org.keycloak.authorization.store.StoreFactory
            public ResourceStore getResourceStore() {
                if (this.resourceStore == null) {
                    this.resourceStore = AuthorizationProvider.this.createResourceStoreWrapper(storeFactory);
                }
                return this.resourceStore;
            }

            @Override // org.keycloak.authorization.store.StoreFactory
            public ResourceServerStore getResourceServerStore() {
                return storeFactory.getResourceServerStore();
            }

            @Override // org.keycloak.authorization.store.StoreFactory
            public ScopeStore getScopeStore() {
                if (this.scopeStore == null) {
                    this.scopeStore = AuthorizationProvider.this.createScopeWrapper(storeFactory);
                }
                return this.scopeStore;
            }

            @Override // org.keycloak.authorization.store.StoreFactory
            public PolicyStore getPolicyStore() {
                if (this.policyStore == null) {
                    this.policyStore = AuthorizationProvider.this.createPolicyWrapper(storeFactory);
                }
                return this.policyStore;
            }

            @Override // org.keycloak.authorization.store.StoreFactory
            public PermissionTicketStore getPermissionTicketStore() {
                return storeFactory.getPermissionTicketStore();
            }

            public void close() {
                storeFactory.close();
            }

            @Override // org.keycloak.authorization.store.StoreFactory
            public void setReadOnly(boolean z) {
                storeFactory.setReadOnly(z);
            }

            @Override // org.keycloak.authorization.store.StoreFactory
            public boolean isReadOnly() {
                return storeFactory.isReadOnly();
            }
        };
    }

    private ScopeStore createScopeWrapper(final StoreFactory storeFactory) {
        return new ScopeStore() { // from class: org.keycloak.authorization.AuthorizationProvider.2
            ScopeStore delegate;

            {
                this.delegate = storeFactory.getScopeStore();
            }

            @Override // org.keycloak.authorization.store.ScopeStore
            public Scope create(ResourceServer resourceServer, String str) {
                return this.delegate.create(resourceServer, str);
            }

            @Override // org.keycloak.authorization.store.ScopeStore
            public Scope create(ResourceServer resourceServer, String str, String str2) {
                return this.delegate.create(resourceServer, str, str2);
            }

            @Override // org.keycloak.authorization.store.ScopeStore
            public void delete(String str) {
                Scope findById = findById(null, str);
                PermissionTicketStore permissionTicketStore = AuthorizationProvider.this.getStoreFactory().getPermissionTicketStore();
                Iterator<PermissionTicket> it = permissionTicketStore.findByScope(findById.getResourceServer(), findById).iterator();
                while (it.hasNext()) {
                    permissionTicketStore.delete(it.next().getId());
                }
                this.delegate.delete(str);
            }

            @Override // org.keycloak.authorization.store.ScopeStore
            public Scope findById(ResourceServer resourceServer, String str) {
                return this.delegate.findById(resourceServer, str);
            }

            @Override // org.keycloak.authorization.store.ScopeStore
            public Scope findByName(ResourceServer resourceServer, String str) {
                return this.delegate.findByName(resourceServer, str);
            }

            @Override // org.keycloak.authorization.store.ScopeStore
            public List<Scope> findByResourceServer(ResourceServer resourceServer) {
                return this.delegate.findByResourceServer(resourceServer);
            }

            @Override // org.keycloak.authorization.store.ScopeStore
            public List<Scope> findByResourceServer(ResourceServer resourceServer, Map<Scope.FilterOption, String[]> map, Integer num, Integer num2) {
                return this.delegate.findByResourceServer(resourceServer, map, num, num2);
            }
        };
    }

    private PolicyStore createPolicyWrapper(final StoreFactory storeFactory) {
        return new PolicyStore() { // from class: org.keycloak.authorization.AuthorizationProvider.3
            PolicyStore policyStore;

            {
                this.policyStore = storeFactory.getPolicyStore();
            }

            @Override // org.keycloak.authorization.store.PolicyStore
            public Policy create(ResourceServer resourceServer, AbstractPolicyRepresentation abstractPolicyRepresentation) {
                Set resources = abstractPolicyRepresentation.getResources();
                if (resources != null) {
                    Stream stream = resources.stream();
                    StoreFactory storeFactory2 = storeFactory;
                    abstractPolicyRepresentation.setResources((Set) stream.map(str -> {
                        Resource findById = storeFactory2.getResourceStore().findById(resourceServer, str);
                        if (findById == null) {
                            findById = storeFactory2.getResourceStore().findByName(resourceServer, str);
                        }
                        if (findById == null) {
                            throw new RuntimeException("Resource [" + str + "] does not exist or is not owned by the resource server.");
                        }
                        return findById.getId();
                    }).collect(Collectors.toSet()));
                }
                Set scopes = abstractPolicyRepresentation.getScopes();
                if (scopes != null) {
                    Stream stream2 = scopes.stream();
                    StoreFactory storeFactory3 = storeFactory;
                    abstractPolicyRepresentation.setScopes((Set) stream2.map(str2 -> {
                        Scope findById = storeFactory3.getScopeStore().findById(resourceServer, str2);
                        if (findById == null) {
                            findById = storeFactory3.getScopeStore().findByName(resourceServer, str2);
                        }
                        if (findById == null) {
                            throw new RuntimeException("Scope [" + str2 + "] does not exist");
                        }
                        return findById.getId();
                    }).collect(Collectors.toSet()));
                }
                Set policies = abstractPolicyRepresentation.getPolicies();
                if (policies != null) {
                    Stream stream3 = policies.stream();
                    StoreFactory storeFactory4 = storeFactory;
                    abstractPolicyRepresentation.setPolicies((Set) stream3.map(str3 -> {
                        Policy findById = storeFactory4.getPolicyStore().findById(resourceServer, str3);
                        if (findById == null) {
                            findById = storeFactory4.getPolicyStore().findByName(resourceServer, str3);
                        }
                        if (findById == null) {
                            throw new RuntimeException("Policy [" + str3 + "] does not exist");
                        }
                        return findById.getId();
                    }).collect(Collectors.toSet()));
                }
                return RepresentationToModel.toModel(abstractPolicyRepresentation, AuthorizationProvider.this, this.policyStore.create(resourceServer, abstractPolicyRepresentation));
            }

            @Override // org.keycloak.authorization.store.PolicyStore
            public void delete(String str) {
                Policy findById = findById(null, str);
                if (findById != null) {
                    ResourceServer resourceServer = findById.getResourceServer();
                    if (findById.getOwner() != null) {
                        for (Policy policy : findById.getAssociatedPolicies()) {
                            if (policy.getOwner() != null) {
                                findById.removeAssociatedPolicy(policy);
                                this.policyStore.delete(policy.getId());
                            }
                        }
                    }
                    findDependentPolicies(resourceServer, findById.getId()).forEach(policy2 -> {
                        policy2.removeAssociatedPolicy(findById);
                        if (policy2.getAssociatedPolicies().isEmpty()) {
                            delete(policy2.getId());
                        }
                    });
                    this.policyStore.delete(str);
                }
            }

            @Override // org.keycloak.authorization.store.PolicyStore
            public Policy findById(ResourceServer resourceServer, String str) {
                return this.policyStore.findById(resourceServer, str);
            }

            @Override // org.keycloak.authorization.store.PolicyStore
            public Policy findByName(ResourceServer resourceServer, String str) {
                return this.policyStore.findByName(resourceServer, str);
            }

            @Override // org.keycloak.authorization.store.PolicyStore
            public List<Policy> findByResourceServer(ResourceServer resourceServer) {
                return this.policyStore.findByResourceServer(resourceServer);
            }

            @Override // org.keycloak.authorization.store.PolicyStore
            public List<Policy> find(ResourceServer resourceServer, Map<Policy.FilterOption, String[]> map, Integer num, Integer num2) {
                return this.policyStore.find(resourceServer, map, num, num2);
            }

            @Override // org.keycloak.authorization.store.PolicyStore
            public List<Policy> findByResource(ResourceServer resourceServer, Resource resource) {
                return this.policyStore.findByResource(resourceServer, resource);
            }

            @Override // org.keycloak.authorization.store.PolicyStore
            public void findByResource(ResourceServer resourceServer, Resource resource, Consumer<Policy> consumer) {
                this.policyStore.findByResource(resourceServer, resource, consumer);
            }

            @Override // org.keycloak.authorization.store.PolicyStore
            public List<Policy> findByResourceType(ResourceServer resourceServer, String str) {
                return this.policyStore.findByResourceType(resourceServer, str);
            }

            @Override // org.keycloak.authorization.store.PolicyStore
            public List<Policy> findByScopes(ResourceServer resourceServer, List<Scope> list) {
                return this.policyStore.findByScopes(resourceServer, list);
            }

            @Override // org.keycloak.authorization.store.PolicyStore
            public List<Policy> findByScopes(ResourceServer resourceServer, Resource resource, List<Scope> list) {
                return this.policyStore.findByScopes(resourceServer, resource, list);
            }

            @Override // org.keycloak.authorization.store.PolicyStore
            public void findByScopes(ResourceServer resourceServer, Resource resource, List<Scope> list, Consumer<Policy> consumer) {
                this.policyStore.findByScopes(resourceServer, resource, list, consumer);
            }

            @Override // org.keycloak.authorization.store.PolicyStore
            public List<Policy> findByType(ResourceServer resourceServer, String str) {
                return this.policyStore.findByType(resourceServer, str);
            }

            @Override // org.keycloak.authorization.store.PolicyStore
            public List<Policy> findDependentPolicies(ResourceServer resourceServer, String str) {
                return this.policyStore.findDependentPolicies(resourceServer, str);
            }

            @Override // org.keycloak.authorization.store.PolicyStore
            public void findByResourceType(ResourceServer resourceServer, String str, Consumer<Policy> consumer) {
                this.policyStore.findByResourceType(resourceServer, str, consumer);
            }
        };
    }

    private ResourceStore createResourceStoreWrapper(final StoreFactory storeFactory) {
        return new ResourceStore() { // from class: org.keycloak.authorization.AuthorizationProvider.4
            ResourceStore delegate;

            {
                this.delegate = storeFactory.getResourceStore();
            }

            @Override // org.keycloak.authorization.store.ResourceStore
            public Resource create(ResourceServer resourceServer, String str, String str2) {
                return this.delegate.create(resourceServer, str, str2);
            }

            @Override // org.keycloak.authorization.store.ResourceStore
            public Resource create(ResourceServer resourceServer, String str, String str2, String str3) {
                return this.delegate.create(resourceServer, str, str2, str3);
            }

            @Override // org.keycloak.authorization.store.ResourceStore
            public void delete(String str) {
                Resource findById = findById(null, str);
                StoreFactory storeFactory2 = AuthorizationProvider.this.getStoreFactory();
                PermissionTicketStore permissionTicketStore = storeFactory2.getPermissionTicketStore();
                Iterator<PermissionTicket> it = permissionTicketStore.findByResource(findById.getResourceServer(), findById).iterator();
                while (it.hasNext()) {
                    permissionTicketStore.delete(it.next().getId());
                }
                PolicyStore policyStore = storeFactory2.getPolicyStore();
                for (Policy policy : policyStore.findByResource(findById.getResourceServer(), findById)) {
                    if (policy.getResources().size() == 1) {
                        policyStore.delete(policy.getId());
                    } else {
                        policy.removeResource(findById);
                    }
                }
                this.delegate.delete(str);
            }

            @Override // org.keycloak.authorization.store.ResourceStore
            public Resource findById(ResourceServer resourceServer, String str) {
                return this.delegate.findById(resourceServer, str);
            }

            @Override // org.keycloak.authorization.store.ResourceStore
            public List<Resource> findByOwner(ResourceServer resourceServer, String str) {
                return this.delegate.findByOwner(resourceServer, str);
            }

            @Override // org.keycloak.authorization.store.ResourceStore
            public void findByOwner(ResourceServer resourceServer, String str, Consumer<Resource> consumer) {
                this.delegate.findByOwner(resourceServer, str, consumer);
            }

            @Override // org.keycloak.authorization.store.ResourceStore
            public List<Resource> findByResourceServer(ResourceServer resourceServer) {
                return this.delegate.findByResourceServer(resourceServer);
            }

            @Override // org.keycloak.authorization.store.ResourceStore
            public List<Resource> find(ResourceServer resourceServer, Map<Resource.FilterOption, String[]> map, Integer num, Integer num2) {
                return this.delegate.find(resourceServer, map, num, num2);
            }

            @Override // org.keycloak.authorization.store.ResourceStore
            public List<Resource> findByScopes(ResourceServer resourceServer, Set<Scope> set) {
                return this.delegate.findByScopes(resourceServer, set);
            }

            @Override // org.keycloak.authorization.store.ResourceStore
            public void findByScopes(ResourceServer resourceServer, Set<Scope> set, Consumer<Resource> consumer) {
                this.delegate.findByScopes(resourceServer, set, consumer);
            }

            @Override // org.keycloak.authorization.store.ResourceStore
            public Resource findByName(ResourceServer resourceServer, String str, String str2) {
                return this.delegate.findByName(resourceServer, str, str2);
            }

            @Override // org.keycloak.authorization.store.ResourceStore
            public List<Resource> findByType(ResourceServer resourceServer, String str) {
                return this.delegate.findByType(resourceServer, str);
            }

            @Override // org.keycloak.authorization.store.ResourceStore
            public void findByType(ResourceServer resourceServer, String str, Consumer<Resource> consumer) {
                this.delegate.findByType(resourceServer, str, consumer);
            }

            @Override // org.keycloak.authorization.store.ResourceStore
            public void findByType(ResourceServer resourceServer, String str, String str2, Consumer<Resource> consumer) {
                this.delegate.findByType(resourceServer, str, str2, consumer);
            }

            @Override // org.keycloak.authorization.store.ResourceStore
            public void findByTypeInstance(ResourceServer resourceServer, String str, Consumer<Resource> consumer) {
                this.delegate.findByTypeInstance(resourceServer, str, consumer);
            }
        };
    }
}
