package org.keycloak.authorization.policy.provider.js;

import org.keycloak.Config;
import org.keycloak.authorization.AuthorizationProvider;
import org.keycloak.authorization.model.Policy;
import org.keycloak.authorization.policy.provider.PolicyProvider;
import org.keycloak.authorization.policy.provider.PolicyProviderFactory;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.KeycloakSessionFactory;
import org.keycloak.models.RealmModel;
import org.keycloak.models.ScriptModel;
import org.keycloak.representations.idm.authorization.JSPolicyRepresentation;
import org.keycloak.representations.idm.authorization.PolicyRepresentation;
import org.keycloak.scripting.EvaluatableScriptAdapter;
import org.keycloak.scripting.ScriptingProvider;

/* loaded from: input_file:org/keycloak/authorization/policy/provider/js/JSPolicyProviderFactory.class */
public class JSPolicyProviderFactory implements PolicyProviderFactory<JSPolicyRepresentation> {
    private final JSPolicyProvider provider = new JSPolicyProvider(this::getEvaluatableScript);
    private ScriptCache scriptCache;

    public String getName() {
        return "JavaScript";
    }

    public String getGroup() {
        return "Rule Based";
    }

    public PolicyProvider create(AuthorizationProvider authorizationProvider) {
        return this.provider;
    }

    /* renamed from: create, reason: merged with bridge method [inline-methods] */
    public PolicyProvider m14create(KeycloakSession keycloakSession) {
        return null;
    }

    @Override // 
    /* renamed from: toRepresentation, reason: merged with bridge method [inline-methods] */
    public JSPolicyRepresentation mo12toRepresentation(Policy policy, AuthorizationProvider authorizationProvider) {
        JSPolicyRepresentation jSPolicyRepresentation = new JSPolicyRepresentation();
        jSPolicyRepresentation.setCode((String) policy.getConfig().get("code"));
        return jSPolicyRepresentation;
    }

    public Class<JSPolicyRepresentation> getRepresentationType() {
        return JSPolicyRepresentation.class;
    }

    @Override // 
    public void onCreate(Policy policy, JSPolicyRepresentation jSPolicyRepresentation, AuthorizationProvider authorizationProvider) {
        throwCanNotUpdatePolicy(authorizationProvider);
    }

    public void onUpdate(Policy policy, JSPolicyRepresentation jSPolicyRepresentation, AuthorizationProvider authorizationProvider) {
        policy.setDecisionStrategy(jSPolicyRepresentation.getDecisionStrategy());
        policy.setDescription(policy.getDescription());
        policy.setLogic(policy.getLogic());
    }

    public void onImport(Policy policy, PolicyRepresentation policyRepresentation, AuthorizationProvider authorizationProvider) {
        throwCanNotUpdatePolicy(authorizationProvider);
    }

    public void onRemove(Policy policy, AuthorizationProvider authorizationProvider) {
        this.scriptCache.remove(policy.getId());
    }

    public void init(Config.Scope scope) {
        this.scriptCache = new ScriptCache(Integer.parseInt(scope.get("cache-max-entries", "100")), Integer.parseInt(scope.get("cache-entry-max-age", "-1")));
    }

    public void postInit(KeycloakSessionFactory keycloakSessionFactory) {
    }

    public void close() {
    }

    public String getId() {
        return "js";
    }

    public boolean isInternal() {
        return true;
    }

    private EvaluatableScriptAdapter getEvaluatableScript(AuthorizationProvider authorizationProvider, Policy policy) {
        return this.scriptCache.computeIfAbsent(policy.getId(), str -> {
            ScriptingProvider scriptingProvider = (ScriptingProvider) authorizationProvider.getKeycloakSession().getProvider(ScriptingProvider.class);
            return scriptingProvider.prepareEvaluatableScript(getScriptModel(policy, authorizationProvider.getRealm(), scriptingProvider));
        });
    }

    protected ScriptModel getScriptModel(Policy policy, RealmModel realmModel, ScriptingProvider scriptingProvider) {
        return scriptingProvider.createScript(realmModel.getId(), "text/javascript", policy.getName(), (String) policy.getConfig().get("code"), policy.getDescription());
    }

    protected boolean isDeployed() {
        return false;
    }

    private void throwCanNotUpdatePolicy(AuthorizationProvider authorizationProvider) {
        if (!((Boolean) authorizationProvider.getKeycloakSession().getAttributeOrDefault("ALLOW_CREATE_POLICY", false)).booleanValue() && !isDeployed()) {
            throw new RuntimeException("Script upload is disabled");
        }
    }
}
