package org.keycloak.authorization.admin;

import jakarta.ws.rs.Consumes;
import jakarta.ws.rs.DELETE;
import jakarta.ws.rs.GET;
import jakarta.ws.rs.POST;
import jakarta.ws.rs.PUT;
import jakarta.ws.rs.Path;
import jakarta.ws.rs.PathParam;
import jakarta.ws.rs.Produces;
import jakarta.ws.rs.QueryParam;
import jakarta.ws.rs.core.Response;
import jakarta.ws.rs.core.UriInfo;
import java.util.Collections;
import java.util.EnumMap;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.eclipse.microprofile.openapi.annotations.enums.SchemaType;
import org.eclipse.microprofile.openapi.annotations.extensions.Extension;
import org.eclipse.microprofile.openapi.annotations.media.Content;
import org.eclipse.microprofile.openapi.annotations.media.Schema;
import org.eclipse.microprofile.openapi.annotations.responses.APIResponse;
import org.eclipse.microprofile.openapi.annotations.responses.APIResponses;
import org.jboss.resteasy.reactive.NoCache;
import org.keycloak.authorization.AuthorizationProvider;
import org.keycloak.authorization.model.Policy;
import org.keycloak.authorization.model.ResourceServer;
import org.keycloak.authorization.model.Scope;
import org.keycloak.authorization.store.PolicyStore;
import org.keycloak.authorization.store.StoreFactory;
import org.keycloak.events.admin.OperationType;
import org.keycloak.events.admin.ResourceType;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.utils.ModelToRepresentation;
import org.keycloak.models.utils.RepresentationToModel;
import org.keycloak.representations.idm.authorization.PolicyRepresentation;
import org.keycloak.representations.idm.authorization.ResourceRepresentation;
import org.keycloak.representations.idm.authorization.ScopeRepresentation;
import org.keycloak.services.ErrorResponse;
import org.keycloak.services.resources.KeycloakOpenAPI;
import org.keycloak.services.resources.admin.AdminEventBuilder;
import org.keycloak.services.resources.admin.permissions.AdminPermissionEvaluator;
import org.keycloak.utils.MediaType;

@Extension(name = KeycloakOpenAPI.Profiles.ADMIN, value = "")
/* loaded from: input_file:org/keycloak/authorization/admin/ScopeService.class */
public class ScopeService {
    private final AuthorizationProvider authorization;
    private final AdminPermissionEvaluator auth;
    private final AdminEventBuilder adminEvent;
    private KeycloakSession session;
    private ResourceServer resourceServer;

    public ScopeService(KeycloakSession keycloakSession, ResourceServer resourceServer, AuthorizationProvider authorizationProvider, AdminPermissionEvaluator adminPermissionEvaluator, AdminEventBuilder adminEventBuilder) {
        this.session = keycloakSession;
        this.resourceServer = resourceServer;
        this.authorization = authorizationProvider;
        this.auth = adminPermissionEvaluator;
        this.adminEvent = adminEventBuilder.resource(ResourceType.AUTHORIZATION_SCOPE);
    }

    @NoCache
    @Produces({MediaType.APPLICATION_JSON})
    @POST
    @Consumes({MediaType.APPLICATION_JSON})
    public Response create(ScopeRepresentation scopeRepresentation) {
        this.auth.realm().requireManageAuthorization();
        scopeRepresentation.setId(RepresentationToModel.toModel(scopeRepresentation, this.resourceServer, this.authorization).getId());
        audit(scopeRepresentation, scopeRepresentation.getId(), OperationType.CREATE);
        return Response.status(Response.Status.CREATED).entity(scopeRepresentation).build();
    }

    @Produces({MediaType.APPLICATION_JSON})
    @PUT
    @Path("{scope-id}")
    @Consumes({MediaType.APPLICATION_JSON})
    public Response update(@PathParam("scope-id") String str, ScopeRepresentation scopeRepresentation) {
        this.auth.realm().requireManageAuthorization();
        scopeRepresentation.setId(str);
        if (this.authorization.getStoreFactory().getScopeStore().findById(this.resourceServer, scopeRepresentation.getId()) == null) {
            return Response.status(Response.Status.NOT_FOUND).build();
        }
        RepresentationToModel.toModel(scopeRepresentation, this.resourceServer, this.authorization);
        audit(scopeRepresentation, OperationType.UPDATE);
        return Response.noContent().build();
    }

    @Path("{scope-id}")
    @DELETE
    public Response delete(@PathParam("scope-id") String str) {
        this.auth.realm().requireManageAuthorization();
        StoreFactory storeFactory = this.authorization.getStoreFactory();
        Scope findById = storeFactory.getScopeStore().findById(this.resourceServer, str);
        if (findById == null) {
            return Response.status(Response.Status.NOT_FOUND).build();
        }
        if (!storeFactory.getResourceStore().findByScopes(this.resourceServer, Collections.singleton(findById)).isEmpty()) {
            throw ErrorResponse.error("Scopes can not be removed while associated with resources.", Response.Status.BAD_REQUEST);
        }
        PolicyStore policyStore = storeFactory.getPolicyStore();
        for (Policy policy : policyStore.findByScopes(this.resourceServer, Collections.singletonList(findById))) {
            if (policy.getScopes().size() == 1) {
                policyStore.delete(policy.getId());
            } else {
                policy.removeScope(findById);
            }
        }
        ScopeRepresentation representation = ModelToRepresentation.toRepresentation(findById);
        storeFactory.getScopeStore().delete(str);
        audit(representation, OperationType.DELETE);
        return Response.noContent().build();
    }

    @APIResponses({@APIResponse(responseCode = "200", content = {@Content(schema = @Schema(implementation = ScopeRepresentation.class))}), @APIResponse(responseCode = "404", description = "Not found")})
    @NoCache
    @Produces({MediaType.APPLICATION_JSON})
    @Path("{scope-id}")
    @GET
    public Response findById(@PathParam("scope-id") String str) {
        this.auth.realm().requireViewAuthorization();
        Scope findById = this.authorization.getStoreFactory().getScopeStore().findById(this.resourceServer, str);
        return findById == null ? Response.status(Response.Status.NOT_FOUND).build() : Response.ok(ModelToRepresentation.toRepresentation(findById)).build();
    }

    @APIResponses({@APIResponse(responseCode = "200", content = {@Content(schema = @Schema(implementation = ResourceRepresentation.class, type = SchemaType.ARRAY))}), @APIResponse(responseCode = "404", description = "Not found")})
    @NoCache
    @Produces({MediaType.APPLICATION_JSON})
    @Path("{scope-id}/resources")
    @GET
    public Response getResources(@PathParam("scope-id") String str) {
        this.auth.realm().requireViewAuthorization();
        StoreFactory storeFactory = this.authorization.getStoreFactory();
        Scope findById = storeFactory.getScopeStore().findById(this.resourceServer, str);
        return findById == null ? Response.status(Response.Status.NOT_FOUND).build() : Response.ok(storeFactory.getResourceStore().findByScopes(this.resourceServer, Collections.singleton(findById)).stream().map(resource -> {
            ResourceRepresentation resourceRepresentation = new ResourceRepresentation();
            resourceRepresentation.setId(resource.getId());
            resourceRepresentation.setName(resource.getName());
            return resourceRepresentation;
        }).collect(Collectors.toList())).build();
    }

    @APIResponses({@APIResponse(responseCode = "200", content = {@Content(schema = @Schema(implementation = PolicyRepresentation.class, type = SchemaType.ARRAY))}), @APIResponse(responseCode = "404", description = "Not found")})
    @NoCache
    @Produces({MediaType.APPLICATION_JSON})
    @Path("{scope-id}/permissions")
    @GET
    public Response getPermissions(@PathParam("scope-id") String str) {
        this.auth.realm().requireViewAuthorization();
        StoreFactory storeFactory = this.authorization.getStoreFactory();
        Scope findById = storeFactory.getScopeStore().findById(this.resourceServer, str);
        return findById == null ? Response.status(Response.Status.NOT_FOUND).build() : Response.ok(storeFactory.getPolicyStore().findByScopes(this.resourceServer, Collections.singletonList(findById)).stream().map(policy -> {
            PolicyRepresentation policyRepresentation = new PolicyRepresentation();
            policyRepresentation.setId(policy.getId());
            policyRepresentation.setName(policy.getName());
            policyRepresentation.setType(policy.getType());
            return policyRepresentation;
        }).collect(Collectors.toList())).build();
    }

    @APIResponses({@APIResponse(responseCode = "200", content = {@Content(schema = @Schema(implementation = ScopeRepresentation.class, type = SchemaType.ARRAY))}), @APIResponse(responseCode = "204", description = "No Content"), @APIResponse(responseCode = "400", description = "Bad Request")})
    @Produces({MediaType.APPLICATION_JSON})
    @NoCache
    @Path("/search")
    @GET
    public Response find(@QueryParam("name") String str) {
        this.auth.realm().requireViewAuthorization();
        StoreFactory storeFactory = this.authorization.getStoreFactory();
        if (str == null) {
            return Response.status(Response.Status.BAD_REQUEST).build();
        }
        Scope findByName = storeFactory.getScopeStore().findByName(this.resourceServer, str);
        return findByName == null ? Response.status(Response.Status.NO_CONTENT).build() : Response.ok(ModelToRepresentation.toRepresentation(findByName)).build();
    }

    @NoCache
    @Produces({MediaType.APPLICATION_JSON})
    @GET
    public Stream<ScopeRepresentation> findAll(@QueryParam("scopeId") String str, @QueryParam("name") String str2, @QueryParam("first") Integer num, @QueryParam("max") Integer num2) {
        this.auth.realm().requireViewAuthorization();
        EnumMap enumMap = new EnumMap(Scope.FilterOption.class);
        if (str != null && !"".equals(str.trim())) {
            enumMap.put((EnumMap) Scope.FilterOption.ID, (Scope.FilterOption) new String[]{str});
        }
        if (str2 != null && !"".equals(str2.trim())) {
            enumMap.put((EnumMap) Scope.FilterOption.NAME, (Scope.FilterOption) new String[]{str2});
        }
        return this.authorization.getStoreFactory().getScopeStore().findByResourceServer(this.resourceServer, enumMap, Integer.valueOf(num != null ? num.intValue() : -1), Integer.valueOf(num2 != null ? num2.intValue() : 100)).stream().map(scope -> {
            return ModelToRepresentation.toRepresentation(scope);
        });
    }

    private void audit(ScopeRepresentation scopeRepresentation, OperationType operationType) {
        audit(scopeRepresentation, null, operationType);
    }

    private void audit(ScopeRepresentation scopeRepresentation, String str, OperationType operationType) {
        if (str != null) {
            this.adminEvent.operation(operationType).resourcePath(this.session.getContext().getUri(), str).representation(scopeRepresentation).success();
        } else {
            this.adminEvent.operation(operationType).resourcePath((UriInfo) this.session.getContext().getUri()).representation(scopeRepresentation).success();
        }
    }
}
