package org.keycloak.authorization.policy.provider.role;

import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import org.keycloak.Config;
import org.keycloak.authorization.AuthorizationProvider;
import org.keycloak.authorization.model.Policy;
import org.keycloak.authorization.model.ResourceServer;
import org.keycloak.authorization.policy.provider.PolicyProvider;
import org.keycloak.authorization.policy.provider.PolicyProviderFactory;
import org.keycloak.authorization.store.PolicyStore;
import org.keycloak.authorization.store.ResourceServerStore;
import org.keycloak.authorization.store.StoreFactory;
import org.keycloak.models.ClientModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.KeycloakSessionFactory;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleContainerModel;
import org.keycloak.models.RoleModel;
import org.keycloak.representations.idm.authorization.PolicyRepresentation;
import org.keycloak.representations.idm.authorization.RolePolicyRepresentation;
import org.keycloak.util.JsonSerialization;

/* loaded from: input_file:org/keycloak/authorization/policy/provider/role/RolePolicyProviderFactory.class */
public class RolePolicyProviderFactory implements PolicyProviderFactory<RolePolicyRepresentation> {
    private RolePolicyProvider provider = new RolePolicyProvider(this::m16toRepresentation);

    public String getName() {
        return "Role";
    }

    public String getGroup() {
        return "Identity Based";
    }

    public PolicyProvider create(AuthorizationProvider authorizationProvider) {
        return this.provider;
    }

    /* renamed from: create, reason: merged with bridge method [inline-methods] */
    public PolicyProvider m17create(KeycloakSession keycloakSession) {
        return this.provider;
    }

    /* renamed from: toRepresentation, reason: merged with bridge method [inline-methods] */
    public RolePolicyRepresentation m16toRepresentation(Policy policy, AuthorizationProvider authorizationProvider) {
        RolePolicyRepresentation rolePolicyRepresentation = new RolePolicyRepresentation();
        try {
            rolePolicyRepresentation.setRoles(new HashSet(Arrays.asList((Object[]) JsonSerialization.readValue((String) policy.getConfig().get("roles"), RolePolicyRepresentation.RoleDefinition[].class))));
            return rolePolicyRepresentation;
        } catch (IOException e) {
            throw new RuntimeException("Failed to deserialize roles", e);
        }
    }

    public Class<RolePolicyRepresentation> getRepresentationType() {
        return RolePolicyRepresentation.class;
    }

    public void onCreate(Policy policy, RolePolicyRepresentation rolePolicyRepresentation, AuthorizationProvider authorizationProvider) {
        updateRoles(policy, rolePolicyRepresentation, authorizationProvider);
    }

    public void onUpdate(Policy policy, RolePolicyRepresentation rolePolicyRepresentation, AuthorizationProvider authorizationProvider) {
        updateRoles(policy, rolePolicyRepresentation, authorizationProvider);
    }

    public void onImport(Policy policy, PolicyRepresentation policyRepresentation, AuthorizationProvider authorizationProvider) {
        try {
            updateRoles(policy, authorizationProvider, new HashSet(Arrays.asList((Object[]) JsonSerialization.readValue((String) policyRepresentation.getConfig().get("roles"), RolePolicyRepresentation.RoleDefinition[].class))));
        } catch (IOException e) {
            throw new RuntimeException("Failed to deserialize roles during import", e);
        }
    }

    public void onExport(Policy policy, PolicyRepresentation policyRepresentation, AuthorizationProvider authorizationProvider) {
        HashMap hashMap = new HashMap();
        Set<RolePolicyRepresentation.RoleDefinition> roles = m16toRepresentation(policy, authorizationProvider).getRoles();
        for (RolePolicyRepresentation.RoleDefinition roleDefinition : roles) {
            RoleModel roleById = authorizationProvider.getRealm().getRoleById(roleDefinition.getId());
            if (roleById.isClientRole()) {
                roleDefinition.setId(((ClientModel) ClientModel.class.cast(roleById.getContainer())).getClientId() + "/" + roleById.getName());
            } else {
                roleDefinition.setId(roleById.getName());
            }
        }
        try {
            hashMap.put("roles", JsonSerialization.writeValueAsString(roles));
            policyRepresentation.setConfig(hashMap);
        } catch (IOException e) {
            throw new RuntimeException("Failed to export role policy [" + policy.getName() + "]", e);
        }
    }

    private void updateRoles(Policy policy, RolePolicyRepresentation rolePolicyRepresentation, AuthorizationProvider authorizationProvider) {
        updateRoles(policy, authorizationProvider, rolePolicyRepresentation.getRoles());
    }

    private void updateRoles(Policy policy, AuthorizationProvider authorizationProvider, Set<RolePolicyRepresentation.RoleDefinition> set) {
        RoleModel role;
        authorizationProvider.getKeycloakSession();
        RealmModel realm = authorizationProvider.getRealm();
        HashSet hashSet = new HashSet();
        if (set != null) {
            for (RolePolicyRepresentation.RoleDefinition roleDefinition : set) {
                String id = roleDefinition.getId();
                String str = null;
                int indexOf = id.indexOf("/");
                if (indexOf != -1) {
                    str = id.substring(0, indexOf);
                    id = id.substring(indexOf + 1);
                }
                if (str == null) {
                    role = realm.getRole(id);
                    if (role == null) {
                        role = realm.getRoleById(id);
                    }
                } else {
                    ClientModel clientByClientId = realm.getClientByClientId(str);
                    if (clientByClientId == null) {
                        throw new RuntimeException("Client with id [" + str + "] not found.");
                    }
                    role = clientByClientId.getRole(id);
                }
                if (role == null) {
                    throw new RuntimeException("Error while updating policy [" + policy.getName() + "]. Role [" + id + "] could not be found.");
                }
                roleDefinition.setId(role.getId());
                hashSet.add(roleDefinition);
            }
        }
        try {
            policy.putConfig("roles", JsonSerialization.writeValueAsString(hashSet));
        } catch (IOException e) {
            throw new RuntimeException("Failed to serialize roles", e);
        }
    }

    public void init(Config.Scope scope) {
    }

    public void postInit(KeycloakSessionFactory keycloakSessionFactory) {
        keycloakSessionFactory.register(providerEvent -> {
            if (providerEvent instanceof RoleContainerModel.RoleRemovedEvent) {
                StoreFactory storeFactory = ((RoleContainerModel.RoleRemovedEvent) providerEvent).getKeycloakSession().getProvider(AuthorizationProvider.class).getStoreFactory();
                PolicyStore policyStore = storeFactory.getPolicyStore();
                RoleModel role = ((RoleContainerModel.RoleRemovedEvent) providerEvent).getRole();
                RealmModel container = role.getContainer();
                ResourceServerStore resourceServerStore = storeFactory.getResourceServerStore();
                if (container instanceof RealmModel) {
                    container.getClientsStream().forEach(clientModel -> {
                        updateResourceServer(clientModel, role, resourceServerStore, policyStore);
                    });
                } else {
                    updateResourceServer((ClientModel) container, role, resourceServerStore, policyStore);
                }
            }
        });
    }

    private void updateResourceServer(ClientModel clientModel, RoleModel roleModel, ResourceServerStore resourceServerStore, PolicyStore policyStore) {
        ResourceServer findById = resourceServerStore.findById(clientModel.getId());
        if (findById != null) {
            policyStore.findByType(getId(), findById.getId()).forEach(policy -> {
                ArrayList arrayList = new ArrayList();
                for (Map<String, Object> map : getRoles(policy)) {
                    if (!map.get("id").equals(roleModel.getId())) {
                        HashMap hashMap = new HashMap();
                        hashMap.put("id", map.get("id"));
                        Object obj = map.get("required");
                        if (obj != null) {
                            hashMap.put("required", obj);
                        }
                        arrayList.add(hashMap);
                    }
                }
                try {
                    if (arrayList.isEmpty()) {
                        policyStore.delete(policy.getId());
                    } else {
                        policy.putConfig("roles", JsonSerialization.writeValueAsString(arrayList));
                    }
                } catch (IOException e) {
                    throw new RuntimeException("Error while synchronizing roles with policy [" + policy.getName() + "].", e);
                }
            });
        }
    }

    public void close() {
    }

    public String getId() {
        return "role";
    }

    private Map<String, Object>[] getRoles(Policy policy) {
        String str = (String) policy.getConfig().get("roles");
        if (str == null) {
            return new Map[0];
        }
        try {
            return (Map[]) JsonSerialization.readValue(str.getBytes(), Map[].class);
        } catch (IOException e) {
            throw new RuntimeException("Could not parse roles [" + str + "] from policy config [" + policy.getName() + ".", e);
        }
    }
}
