package org.keycloak.authorization;

import java.util.Arrays;
import java.util.HashSet;
import org.keycloak.authorization.model.Resource;
import org.keycloak.authorization.model.ResourceServer;
import org.keycloak.authorization.store.StoreFactory;
import org.keycloak.models.ClientModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.representations.idm.authorization.AuthorizationSchema;
import org.keycloak.representations.idm.authorization.ResourceType;

/* loaded from: input_file:org/keycloak/authorization/AdminPermissionsAuthorizationSchema.class */
public class AdminPermissionsAuthorizationSchema extends AuthorizationSchema {
    public static final ResourceType USERS = new ResourceType("Users", new HashSet(Arrays.asList("manage")));
    public static final AdminPermissionsAuthorizationSchema INSTANCE = new AdminPermissionsAuthorizationSchema();

    private AdminPermissionsAuthorizationSchema() {
        super(new ResourceType[]{USERS});
    }

    public Resource getOrCreateResource(KeycloakSession keycloakSession, ResourceServer resourceServer, String str, String str2) {
        if (!supportsAuthorizationSchema(keycloakSession, resourceServer)) {
            return null;
        }
        String str3 = null;
        if (USERS.getType().equals(str)) {
            str3 = resolveUser(keycloakSession, str2);
        }
        if (str3 == null) {
            throw new IllegalStateException("Could not map resource object with type [" + str + "] and id [" + str2 + "]");
        }
        return getOrCreateResource(keycloakSession, resourceServer, str3);
    }

    public boolean isSupportedPolicyType(KeycloakSession keycloakSession, ResourceServer resourceServer, String str) {
        return (supportsAuthorizationSchema(keycloakSession, resourceServer) && str.equals("resource")) ? false : true;
    }

    private boolean supportsAuthorizationSchema(KeycloakSession keycloakSession, ResourceServer resourceServer) {
        RealmModel realm = keycloakSession.getContext().getRealm();
        if (!realm.isAdminPermissionsEnabled()) {
            return false;
        }
        ClientModel adminPermissionsClient = realm.getAdminPermissionsClient();
        if (adminPermissionsClient == null) {
            throw new IllegalStateException("Permission client not found");
        }
        return resourceServer.getId().equals(adminPermissionsClient.getId());
    }

    private Resource getOrCreateResource(KeycloakSession keycloakSession, ResourceServer resourceServer, String str) {
        StoreFactory storeFactory = getStoreFactory(keycloakSession);
        Resource findByName = storeFactory.getResourceStore().findByName(resourceServer, str);
        return findByName == null ? storeFactory.getResourceStore().create(resourceServer, str, resourceServer.getClientId()) : findByName;
    }

    private String resolveUser(KeycloakSession keycloakSession, String str) {
        RealmModel realm = keycloakSession.getContext().getRealm();
        UserModel userById = keycloakSession.users().getUserById(realm, str);
        if (userById == null) {
            userById = keycloakSession.users().getUserByUsername(realm, str);
        }
        if (userById == null) {
            return null;
        }
        return userById.getId();
    }

    private StoreFactory getStoreFactory(KeycloakSession keycloakSession) {
        return ((AuthorizationProvider) keycloakSession.getProvider(AuthorizationProvider.class)).getStoreFactory();
    }
}
