package org.keycloak.authorization.admin.representation;

import java.util.Collection;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.keycloak.authorization.AdminPermissionsSchema;
import org.keycloak.authorization.AuthorizationProvider;
import org.keycloak.authorization.Decision;
import org.keycloak.authorization.admin.PolicyEvaluationService;
import org.keycloak.authorization.model.Policy;
import org.keycloak.authorization.model.Resource;
import org.keycloak.authorization.model.ResourceServer;
import org.keycloak.authorization.policy.evaluation.Result;
import org.keycloak.models.utils.ModelToRepresentation;
import org.keycloak.representations.idm.authorization.DecisionEffect;
import org.keycloak.representations.idm.authorization.PolicyEvaluationRequest;
import org.keycloak.representations.idm.authorization.PolicyEvaluationResponse;
import org.keycloak.representations.idm.authorization.PolicyRepresentation;
import org.keycloak.representations.idm.authorization.ResourceRepresentation;
import org.keycloak.representations.idm.authorization.ScopeRepresentation;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:org/keycloak/authorization/admin/representation/FGAPPolicyEvaluationResponseBuilder.class */
public class FGAPPolicyEvaluationResponseBuilder {
    FGAPPolicyEvaluationResponseBuilder() {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static PolicyEvaluationResponse build(PolicyEvaluationService.EvaluationDecisionCollector evaluationDecisionCollector, ResourceServer resourceServer, AuthorizationProvider authorizationProvider, PolicyEvaluationRequest policyEvaluationRequest) {
        PolicyEvaluationResponse policyEvaluationResponse = new PolicyEvaluationResponse();
        Collection<Result> results = evaluationDecisionCollector.getResults();
        if (results.isEmpty()) {
            policyEvaluationResponse.setResults(List.of());
            policyEvaluationResponse.setStatus(DecisionEffect.DENY);
            return policyEvaluationResponse;
        }
        Result next = results.iterator().next();
        PolicyEvaluationResponse.EvaluationResultRepresentation evaluationResultRepresentation = new PolicyEvaluationResponse.EvaluationResultRepresentation();
        if (Decision.Effect.PERMIT.equals(next.getEffect())) {
            policyEvaluationResponse.setStatus(DecisionEffect.PERMIT);
            evaluationResultRepresentation.setStatus(DecisionEffect.PERMIT);
        } else {
            policyEvaluationResponse.setStatus(DecisionEffect.DENY);
            evaluationResultRepresentation.setStatus(DecisionEffect.DENY);
        }
        Resource resource = next.getPermission().getResource();
        ResourceRepresentation resourceRepresentation = new ResourceRepresentation();
        resourceRepresentation.setId(resource.getId());
        resourceRepresentation.setName(resource.getName());
        evaluationResultRepresentation.setResource(resourceRepresentation);
        evaluationResultRepresentation.setScopes((List) next.getPermission().getScopes().stream().map(scope -> {
            ScopeRepresentation scopeRepresentation = new ScopeRepresentation();
            scopeRepresentation.setId(scope.getId());
            scopeRepresentation.setName(scope.getName());
            return scopeRepresentation;
        }).collect(Collectors.toList()));
        HashSet hashSet = new HashSet();
        for (Result.PolicyResult policyResult : next.getResults()) {
            PolicyEvaluationResponse.PolicyResultRepresentation representation = toRepresentation(policyResult);
            if (Decision.Effect.PERMIT.equals(policyResult.getEffect())) {
                representation.setStatus(DecisionEffect.PERMIT);
            } else {
                representation.setStatus(DecisionEffect.DENY);
            }
            representation.setScopes((Set) policyResult.getPolicy().getScopes().stream().map((v0) -> {
                return v0.getName();
            }).collect(Collectors.toSet()));
            representation.setResourceType(policyResult.getPolicy().getResourceType());
            hashSet.add(representation);
        }
        evaluationResultRepresentation.setPolicies(hashSet);
        Set set = (Set) next.getPermission().getScopes().stream().map(ModelToRepresentation::toRepresentation).collect(Collectors.toSet());
        if (DecisionEffect.PERMIT.equals(evaluationResultRepresentation.getStatus())) {
            evaluationResultRepresentation.setAllowedScopes(set);
        } else {
            evaluationResultRepresentation.setDeniedScopes(set);
        }
        evaluationResultRepresentation.getAllowedScopes().removeAll(evaluationResultRepresentation.getDeniedScopes());
        evaluationResultRepresentation.getDeniedScopes().addAll(((ResourceRepresentation) policyEvaluationRequest.getResources().get(0)).getScopes());
        evaluationResultRepresentation.getDeniedScopes().removeAll(evaluationResultRepresentation.getAllowedScopes());
        evaluationResultRepresentation.getResource().setName(AdminPermissionsSchema.SCHEMA.getResourceName(authorizationProvider.getKeycloakSession(), resourceServer, policyEvaluationRequest.getResourceType(), evaluationResultRepresentation.getResource().getName()) + " with scopes " + String.valueOf(evaluationResultRepresentation.getScopes().stream().flatMap(scopeRepresentation -> {
            return Stream.of(scopeRepresentation.getName());
        }).sorted().toList()));
        evaluationResultRepresentation.getPolicies().addAll(evaluationResultRepresentation.getPolicies());
        policyEvaluationResponse.setResults(List.of(evaluationResultRepresentation));
        return policyEvaluationResponse;
    }

    private static PolicyEvaluationResponse.PolicyResultRepresentation toRepresentation(Result.PolicyResult policyResult) {
        PolicyEvaluationResponse.PolicyResultRepresentation policyResultRepresentation = new PolicyEvaluationResponse.PolicyResultRepresentation();
        PolicyRepresentation policyRepresentation = new PolicyRepresentation();
        Policy policy = policyResult.getPolicy();
        policyRepresentation.setId(policy.getId());
        policyRepresentation.setName(policy.getName());
        policyRepresentation.setType(policy.getType());
        policyRepresentation.setDecisionStrategy(policy.getDecisionStrategy());
        policyRepresentation.setDescription(policy.getDescription());
        policyRepresentation.setResources((Set) policy.getResources().stream().map((v0) -> {
            return v0.getName();
        }).collect(Collectors.toSet()));
        policyRepresentation.setScopes((Set) policy.getScopes().stream().map((v0) -> {
            return v0.getName();
        }).collect(Collectors.toSet()));
        policyResultRepresentation.setPolicy(policyRepresentation);
        if (policyResult.getEffect() == Decision.Effect.DENY) {
            policyResultRepresentation.setStatus(DecisionEffect.DENY);
            policyResultRepresentation.setScopes(policyRepresentation.getScopes());
        } else {
            policyResultRepresentation.setStatus(DecisionEffect.PERMIT);
        }
        policyResultRepresentation.setAssociatedPolicies(policyResult.getAssociatedPolicies().stream().map(FGAPPolicyEvaluationResponseBuilder::toRepresentation).toList());
        return policyResultRepresentation;
    }
}
