package org.keycloak.authorization.admin;

import jakarta.ws.rs.Consumes;
import jakarta.ws.rs.DELETE;
import jakarta.ws.rs.GET;
import jakarta.ws.rs.POST;
import jakarta.ws.rs.PUT;
import jakarta.ws.rs.Path;
import jakarta.ws.rs.PathParam;
import jakarta.ws.rs.Produces;
import jakarta.ws.rs.QueryParam;
import jakarta.ws.rs.core.Response;
import jakarta.ws.rs.core.UriInfo;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.EnumMap;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.function.BiFunction;
import java.util.function.Function;
import java.util.stream.Collectors;
import org.eclipse.microprofile.openapi.annotations.enums.SchemaType;
import org.eclipse.microprofile.openapi.annotations.extensions.Extension;
import org.eclipse.microprofile.openapi.annotations.media.Content;
import org.eclipse.microprofile.openapi.annotations.media.Schema;
import org.eclipse.microprofile.openapi.annotations.responses.APIResponse;
import org.eclipse.microprofile.openapi.annotations.responses.APIResponses;
import org.jboss.resteasy.reactive.NoCache;
import org.keycloak.authorization.AdminPermissionsSchema;
import org.keycloak.authorization.AuthorizationProvider;
import org.keycloak.authorization.model.Policy;
import org.keycloak.authorization.model.Resource;
import org.keycloak.authorization.model.ResourceServer;
import org.keycloak.authorization.model.Scope;
import org.keycloak.authorization.store.PolicyStore;
import org.keycloak.authorization.store.ResourceStore;
import org.keycloak.authorization.store.StoreFactory;
import org.keycloak.common.util.PathMatcher;
import org.keycloak.events.admin.OperationType;
import org.keycloak.events.admin.ResourceType;
import org.keycloak.models.ClientModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.utils.ModelToRepresentation;
import org.keycloak.models.utils.RepresentationToModel;
import org.keycloak.representations.idm.authorization.PolicyRepresentation;
import org.keycloak.representations.idm.authorization.ResourceOwnerRepresentation;
import org.keycloak.representations.idm.authorization.ResourceRepresentation;
import org.keycloak.representations.idm.authorization.ScopeRepresentation;
import org.keycloak.services.ErrorResponseException;
import org.keycloak.services.resources.KeycloakOpenAPI;
import org.keycloak.services.resources.admin.AdminEventBuilder;
import org.keycloak.services.resources.admin.permissions.AdminPermissionEvaluator;
import org.keycloak.utils.MediaType;

@Extension(name = KeycloakOpenAPI.Profiles.ADMIN, value = "")
/* loaded from: input_file:org/keycloak/authorization/admin/ResourceSetService.class */
public class ResourceSetService {
    private final AuthorizationProvider authorization;
    private final AdminPermissionEvaluator auth;
    private final AdminEventBuilder adminEvent;
    private final KeycloakSession session;
    private final ResourceServer resourceServer;

    public ResourceSetService(KeycloakSession keycloakSession, ResourceServer resourceServer, AuthorizationProvider authorizationProvider, AdminPermissionEvaluator adminPermissionEvaluator, AdminEventBuilder adminEventBuilder) {
        this.session = keycloakSession;
        this.resourceServer = resourceServer;
        this.authorization = authorizationProvider;
        this.auth = adminPermissionEvaluator;
        this.adminEvent = adminEventBuilder.resource(ResourceType.AUTHORIZATION_RESOURCE);
    }

    @APIResponses({@APIResponse(responseCode = "201", description = "Created", content = {@Content(schema = @Schema(implementation = ResourceRepresentation.class))}), @APIResponse(responseCode = "400", description = "Bad Request")})
    @NoCache
    @Produces({MediaType.APPLICATION_JSON})
    @POST
    @Consumes({MediaType.APPLICATION_JSON})
    public Response createPost(ResourceRepresentation resourceRepresentation) {
        if (resourceRepresentation == null) {
            return Response.status(Response.Status.BAD_REQUEST).build();
        }
        ResourceRepresentation create = create(resourceRepresentation);
        audit(resourceRepresentation, resourceRepresentation.getId(), OperationType.CREATE);
        return Response.status(Response.Status.CREATED).entity(create).build();
    }

    public ResourceRepresentation create(ResourceRepresentation resourceRepresentation) {
        AdminPermissionsSchema.SCHEMA.throwExceptionIfAdminPermissionClient(this.session, this.resourceServer.getId());
        requireManage();
        StoreFactory storeFactory = this.authorization.getStoreFactory();
        ResourceOwnerRepresentation owner = resourceRepresentation.getOwner();
        if (owner == null) {
            owner = new ResourceOwnerRepresentation();
            owner.setId(this.resourceServer.getClientId());
            resourceRepresentation.setOwner(owner);
        }
        String id = owner.getId();
        if (id == null) {
            throw new ErrorResponseException("invalid_request", "You must specify the resource owner.", Response.Status.BAD_REQUEST);
        }
        if (storeFactory.getResourceStore().findByName(this.resourceServer, resourceRepresentation.getName(), id) != null) {
            throw new ErrorResponseException("invalid_request", "Resource with name [" + resourceRepresentation.getName() + "] already exists.", Response.Status.CONFLICT);
        }
        return ModelToRepresentation.toRepresentation(RepresentationToModel.toModel(resourceRepresentation, this.resourceServer, this.authorization), this.resourceServer, this.authorization);
    }

    @APIResponses({@APIResponse(responseCode = "204", description = "No Content"), @APIResponse(responseCode = "404", description = "Not Found")})
    @Produces({MediaType.APPLICATION_JSON})
    @PUT
    @Path("{resource-id}")
    @Consumes({MediaType.APPLICATION_JSON})
    public Response update(@PathParam("resource-id") String str, ResourceRepresentation resourceRepresentation) {
        AdminPermissionsSchema.SCHEMA.throwExceptionIfAdminPermissionClient(this.session, this.resourceServer.getId());
        requireManage();
        resourceRepresentation.setId(str);
        if (this.authorization.getStoreFactory().getResourceStore().findById(this.resourceServer, resourceRepresentation.getId()) == null) {
            return Response.status(Response.Status.NOT_FOUND).build();
        }
        RepresentationToModel.toModel(resourceRepresentation, this.resourceServer, this.authorization);
        audit(resourceRepresentation, OperationType.UPDATE);
        return Response.noContent().build();
    }

    @APIResponses({@APIResponse(responseCode = "204", description = "No Content"), @APIResponse(responseCode = "404", description = "Not Found")})
    @Path("{resource-id}")
    @DELETE
    public Response delete(@PathParam("resource-id") String str) {
        AdminPermissionsSchema.SCHEMA.throwExceptionIfAdminPermissionClient(this.session, this.resourceServer.getId());
        requireManage();
        StoreFactory storeFactory = this.authorization.getStoreFactory();
        Resource findById = storeFactory.getResourceStore().findById(this.resourceServer, str);
        if (findById == null) {
            return Response.status(Response.Status.NOT_FOUND).build();
        }
        ResourceRepresentation representation = ModelToRepresentation.toRepresentation(findById, this.resourceServer, this.authorization);
        storeFactory.getResourceStore().delete(str);
        audit(representation, OperationType.DELETE);
        return Response.noContent().build();
    }

    @APIResponses({@APIResponse(responseCode = "200", content = {@Content(schema = @Schema(implementation = ResourceRepresentation.class))}), @APIResponse(responseCode = "404", description = "Not found")})
    @NoCache
    @Produces({MediaType.APPLICATION_JSON})
    @Path("{resource-id}")
    @GET
    public Response findById(@PathParam("resource-id") String str) {
        return findById(str, resource -> {
            return ModelToRepresentation.toRepresentation(resource, this.resourceServer, this.authorization, true);
        });
    }

    public Response findById(String str, Function<Resource, ? extends ResourceRepresentation> function) {
        requireView();
        Resource findById = this.authorization.getStoreFactory().getResourceStore().findById(this.resourceServer, str);
        return findById == null ? Response.status(Response.Status.NOT_FOUND).build() : Response.ok(function.apply(findById)).build();
    }

    @APIResponses({@APIResponse(responseCode = "200", content = {@Content(schema = @Schema(implementation = ScopeRepresentation.class, type = SchemaType.ARRAY))}), @APIResponse(responseCode = "404", description = "Not found")})
    @NoCache
    @Produces({MediaType.APPLICATION_JSON})
    @Path("{resource-id}/scopes")
    @GET
    public Response getScopes(@PathParam("resource-id") String str) {
        requireView();
        Resource findById = this.authorization.getStoreFactory().getResourceStore().findById(this.resourceServer, str);
        if (findById == null) {
            return Response.status(Response.Status.NOT_FOUND).build();
        }
        List list = (List) findById.getScopes().stream().map(scope -> {
            ScopeRepresentation scopeRepresentation = new ScopeRepresentation();
            scopeRepresentation.setId(scope.getId());
            scopeRepresentation.setName(scope.getName());
            return scopeRepresentation;
        }).collect(Collectors.toList());
        if (findById.getType() != null && !findById.getOwner().equals(this.resourceServer.getClientId())) {
            for (Resource resource : this.authorization.getStoreFactory().getResourceStore().findByType(this.resourceServer, findById.getType())) {
                if (resource.getOwner().equals(this.resourceServer.getClientId()) && !resource.getId().equals(findById.getId())) {
                    list.addAll((Collection) resource.getScopes().stream().map(scope2 -> {
                        ScopeRepresentation scopeRepresentation = new ScopeRepresentation();
                        scopeRepresentation.setId(scope2.getId());
                        scopeRepresentation.setName(scope2.getName());
                        String iconUri = scope2.getIconUri();
                        if (iconUri != null) {
                            scopeRepresentation.setIconUri(iconUri);
                        }
                        return scopeRepresentation;
                    }).filter(scopeRepresentation -> {
                        return !list.contains(scopeRepresentation);
                    }).collect(Collectors.toList()));
                }
            }
        }
        return Response.ok(list).build();
    }

    @APIResponses({@APIResponse(responseCode = "200", content = {@Content(schema = @Schema(implementation = PolicyRepresentation.class, type = SchemaType.ARRAY))}), @APIResponse(responseCode = "404", description = "Not found")})
    @NoCache
    @Produces({MediaType.APPLICATION_JSON})
    @Path("{resource-id}/permissions")
    @GET
    public Response getPermissions(@PathParam("resource-id") String str) {
        requireView();
        ResourceStore resourceStore = this.authorization.getStoreFactory().getResourceStore();
        Resource findById = resourceStore.findById(this.resourceServer, str);
        if (findById == null) {
            return Response.status(Response.Status.NOT_FOUND).build();
        }
        PolicyStore policyStore = this.authorization.getStoreFactory().getPolicyStore();
        HashSet<Policy> hashSet = new HashSet();
        hashSet.addAll(policyStore.findByResource(this.resourceServer, findById));
        if (findById.getType() != null && !findById.getOwner().equals(this.resourceServer.getClientId())) {
            hashSet.addAll(policyStore.findByResourceType(this.resourceServer, findById.getType()));
            EnumMap enumMap = new EnumMap(Resource.FilterOption.class);
            enumMap.put((EnumMap) Resource.FilterOption.OWNER, (Resource.FilterOption) new String[]{this.resourceServer.getClientId()});
            enumMap.put((EnumMap) Resource.FilterOption.TYPE, (Resource.FilterOption) new String[]{findById.getType()});
            Iterator it = resourceStore.find(this.resourceServer, enumMap, (Integer) null, (Integer) null).iterator();
            while (it.hasNext()) {
                hashSet.addAll(policyStore.findByResource(this.resourceServer, (Resource) it.next()));
            }
        }
        hashSet.addAll(policyStore.findByScopes(this.resourceServer, findById, findById.getScopes()));
        hashSet.addAll(policyStore.findByScopes(this.resourceServer, (Resource) null, findById.getScopes()));
        ArrayList arrayList = new ArrayList();
        for (Policy policy : hashSet) {
            if (!"uma".equalsIgnoreCase(policy.getType())) {
                PolicyRepresentation policyRepresentation = new PolicyRepresentation();
                policyRepresentation.setId(policy.getId());
                policyRepresentation.setName(policy.getName());
                policyRepresentation.setType(policy.getType());
                if (!arrayList.contains(policyRepresentation)) {
                    arrayList.add(policyRepresentation);
                }
            }
        }
        return Response.ok(arrayList).build();
    }

    @NoCache
    @Produces({MediaType.APPLICATION_JSON})
    @Path("{resource-id}/attributes")
    @GET
    public Response getAttributes(@PathParam("resource-id") String str) {
        requireView();
        Resource findById = this.authorization.getStoreFactory().getResourceStore().findById(this.resourceServer, str);
        return findById == null ? Response.status(Response.Status.NOT_FOUND).build() : Response.ok(findById.getAttributes()).build();
    }

    @APIResponses({@APIResponse(responseCode = "200", content = {@Content(schema = @Schema(implementation = ResourceRepresentation.class))}), @APIResponse(responseCode = "400", description = "Bad Request"), @APIResponse(responseCode = "204", description = "No Content")})
    @NoCache
    @Produces({MediaType.APPLICATION_JSON})
    @Path("/search")
    @GET
    public Response find(@QueryParam("name") String str) {
        this.auth.realm().requireViewAuthorization();
        StoreFactory storeFactory = this.authorization.getStoreFactory();
        if (str == null) {
            return Response.status(Response.Status.BAD_REQUEST).build();
        }
        Resource findByName = storeFactory.getResourceStore().findByName(this.resourceServer, str);
        return findByName == null ? Response.status(Response.Status.NO_CONTENT).build() : Response.ok(ModelToRepresentation.toRepresentation(findByName, this.resourceServer, this.authorization)).build();
    }

    @NoCache
    @Produces({MediaType.APPLICATION_JSON})
    @APIResponse(responseCode = "200", content = {@Content(schema = @Schema(implementation = ResourceRepresentation.class, type = SchemaType.ARRAY))})
    @GET
    public Response find(@QueryParam("_id") String str, @QueryParam("name") String str2, @QueryParam("uri") String str3, @QueryParam("owner") String str4, @QueryParam("type") String str5, @QueryParam("scope") String str6, @QueryParam("matchingUri") Boolean bool, @QueryParam("exactName") Boolean bool2, @QueryParam("deep") Boolean bool3, @QueryParam("first") Integer num, @QueryParam("max") Integer num2) {
        return find(str, str2, str3, str4, str5, str6, bool, bool2, bool3, num, num2, (resource, bool4) -> {
            return ModelToRepresentation.toRepresentation(resource, this.resourceServer, this.authorization, bool4);
        });
    }

    public Response find(@QueryParam("_id") String str, @QueryParam("name") String str2, @QueryParam("uri") String str3, @QueryParam("owner") String str4, @QueryParam("type") String str5, @QueryParam("scope") String str6, @QueryParam("matchingUri") Boolean bool, @QueryParam("exactName") Boolean bool2, @QueryParam("deep") Boolean bool3, @QueryParam("first") Integer num, @QueryParam("max") Integer num2, BiFunction<Resource, Boolean, ?> biFunction) {
        requireView();
        StoreFactory storeFactory = this.authorization.getStoreFactory();
        if (bool3 == null) {
            bool3 = true;
        }
        EnumMap enumMap = new EnumMap(Resource.FilterOption.class);
        if (str != null && !"".equals(str.trim())) {
            enumMap.put((EnumMap) Resource.FilterOption.ID, (Resource.FilterOption) new String[]{str});
        }
        if (str2 != null && !"".equals(str2.trim())) {
            enumMap.put((EnumMap) ((bool2 == null || !bool2.booleanValue()) ? Resource.FilterOption.NAME : Resource.FilterOption.EXACT_NAME), (Resource.FilterOption) new String[]{str2});
        }
        if (str3 != null && !"".equals(str3.trim())) {
            enumMap.put((EnumMap) Resource.FilterOption.URI, (Resource.FilterOption) new String[]{str3});
        }
        if (str4 != null && !"".equals(str4.trim())) {
            RealmModel realm = this.authorization.getKeycloakSession().getContext().getRealm();
            ClientModel clientByClientId = realm.getClientByClientId(str4);
            if (clientByClientId != null) {
                str4 = clientByClientId.getId();
            } else {
                UserModel userByUsername = this.authorization.getKeycloakSession().users().getUserByUsername(realm, str4);
                if (userByUsername != null) {
                    str4 = userByUsername.getId();
                }
            }
            enumMap.put((EnumMap) Resource.FilterOption.OWNER, (Resource.FilterOption) new String[]{str4});
        }
        if (str5 != null && !"".equals(str5.trim())) {
            enumMap.put((EnumMap) Resource.FilterOption.TYPE, (Resource.FilterOption) new String[]{str5});
        }
        if (str6 != null && !"".equals(str6.trim())) {
            EnumMap enumMap2 = new EnumMap(Scope.FilterOption.class);
            enumMap2.put((EnumMap) Scope.FilterOption.NAME, (Scope.FilterOption) new String[]{str6});
            List findByResourceServer = this.authorization.getStoreFactory().getScopeStore().findByResourceServer(this.resourceServer, enumMap2, (Integer) null, (Integer) null);
            if (findByResourceServer.isEmpty()) {
                return Response.ok(Collections.emptyList()).build();
            }
            enumMap.put((EnumMap) Resource.FilterOption.SCOPE_ID, (Resource.FilterOption) findByResourceServer.stream().map((v0) -> {
                return v0.getId();
            }).toArray(i -> {
                return new String[i];
            }));
        }
        List find = storeFactory.getResourceStore().find(this.resourceServer, enumMap, Integer.valueOf(num != null ? num.intValue() : -1), Integer.valueOf(num2 != null ? num2.intValue() : 100));
        if (bool != null && bool.booleanValue() && find.isEmpty()) {
            EnumMap enumMap3 = new EnumMap(Resource.FilterOption.class);
            enumMap3.put((EnumMap) Resource.FilterOption.URI_NOT_NULL, (Resource.FilterOption) new String[]{"true"});
            enumMap3.put((EnumMap) Resource.FilterOption.OWNER, (Resource.FilterOption) new String[]{this.resourceServer.getClientId()});
            final List find2 = storeFactory.getResourceStore().find(this.resourceServer, enumMap3, Integer.valueOf(num != null ? num.intValue() : -1), Integer.valueOf(num2 != null ? num2.intValue() : -1));
            Map.Entry entry = (Map.Entry) new PathMatcher<Map.Entry<String, Resource>>() { // from class: org.keycloak.authorization.admin.ResourceSetService.1
                /* JADX INFO: Access modifiers changed from: protected */
                public String getPath(Map.Entry<String, Resource> entry2) {
                    return entry2.getKey();
                }

                protected Collection<Map.Entry<String, Resource>> getPaths() {
                    HashMap hashMap = new HashMap();
                    find2.forEach(resource -> {
                        resource.getUris().forEach(str7 -> {
                            hashMap.put(str7, resource);
                        });
                    });
                    return hashMap.entrySet();
                }
            }.matches(str3);
            if (entry != null) {
                find = Collections.singletonList((Resource) entry.getValue());
            }
        }
        Boolean bool4 = bool3;
        return Response.ok(find.stream().map(resource -> {
            return biFunction.apply(resource, bool4);
        }).collect(Collectors.toList())).build();
    }

    private void requireView() {
        if (this.auth != null) {
            this.auth.realm().requireViewAuthorization();
        }
    }

    private void requireManage() {
        if (this.auth != null) {
            this.auth.realm().requireManageAuthorization();
        }
    }

    private void audit(ResourceRepresentation resourceRepresentation, OperationType operationType) {
        audit(resourceRepresentation, null, operationType);
    }

    public void audit(ResourceRepresentation resourceRepresentation, String str, OperationType operationType) {
        if (str != null) {
            this.adminEvent.operation(operationType).resourcePath(this.session.getContext().getUri(), str).representation(resourceRepresentation).success();
        } else {
            this.adminEvent.operation(operationType).resourcePath((UriInfo) this.session.getContext().getUri()).representation(resourceRepresentation).success();
        }
    }
}
