package org.keycloak.authorization.policy.provider.clientscope;

import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import java.util.function.Consumer;
import org.keycloak.Config;
import org.keycloak.authorization.AuthorizationProvider;
import org.keycloak.authorization.model.Policy;
import org.keycloak.authorization.model.ResourceServer;
import org.keycloak.authorization.policy.provider.PolicyProvider;
import org.keycloak.authorization.policy.provider.PolicyProviderFactory;
import org.keycloak.authorization.store.PolicyStore;
import org.keycloak.models.ClientScopeModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.KeycloakSessionFactory;
import org.keycloak.models.RealmModel;
import org.keycloak.representations.idm.authorization.ClientScopePolicyRepresentation;
import org.keycloak.representations.idm.authorization.PolicyRepresentation;
import org.keycloak.util.JsonSerialization;

/* loaded from: input_file:org/keycloak/authorization/policy/provider/clientscope/ClientScopePolicyProviderFactory.class */
public class ClientScopePolicyProviderFactory implements PolicyProviderFactory<ClientScopePolicyRepresentation> {
    private ClientScopePolicyProvider provider = new ClientScopePolicyProvider(this::m4toRepresentation);

    /* renamed from: create, reason: merged with bridge method [inline-methods] */
    public PolicyProvider m5create(KeycloakSession keycloakSession) {
        return this.provider;
    }

    public void init(Config.Scope scope) {
    }

    public void postInit(KeycloakSessionFactory keycloakSessionFactory) {
        keycloakSessionFactory.register(providerEvent -> {
            if (providerEvent instanceof ClientScopeModel.ClientScopeRemovedEvent) {
                final PolicyStore policyStore = ((ClientScopeModel.ClientScopeRemovedEvent) providerEvent).getKeycloakSession().getProvider(AuthorizationProvider.class).getStoreFactory().getPolicyStore();
                final ClientScopeModel clientScope = ((ClientScopeModel.ClientScopeRemovedEvent) providerEvent).getClientScope();
                final RealmModel realm = ((ClientScopeModel.ClientScopeRemovedEvent) providerEvent).getClientScope().getRealm();
                HashMap hashMap = new HashMap();
                hashMap.put(Policy.FilterOption.TYPE, new String[]{getId()});
                policyStore.find(realm, (ResourceServer) null, hashMap, (Integer) null, (Integer) null).forEach(new Consumer<Policy>() { // from class: org.keycloak.authorization.policy.provider.clientscope.ClientScopePolicyProviderFactory.1
                    @Override // java.util.function.Consumer
                    public void accept(Policy policy) {
                        ArrayList arrayList = new ArrayList();
                        for (Map map : ClientScopePolicyProviderFactory.this.getClientScopes(policy)) {
                            if (!map.get("id").equals(clientScope.getId())) {
                                HashMap hashMap2 = new HashMap();
                                hashMap2.put("id", map.get("id"));
                                Object obj = map.get("required");
                                if (obj != null) {
                                    hashMap2.put("required", obj);
                                }
                                arrayList.add(hashMap2);
                            }
                        }
                        if (arrayList.isEmpty()) {
                            policyStore.delete(realm, policy.getId());
                            return;
                        }
                        try {
                            policy.putConfig("clientScopes", JsonSerialization.writeValueAsString(arrayList));
                        } catch (IOException e) {
                            throw new RuntimeException("Error while synchronizing client scopes with policy [" + policy.getName() + "].", e);
                        }
                    }
                });
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Map<String, Object>[] getClientScopes(Policy policy) {
        String str = (String) policy.getConfig().get("clientScopes");
        if (str == null) {
            return new Map[0];
        }
        try {
            return (Map[]) JsonSerialization.readValue(str.getBytes(), Map[].class);
        } catch (IOException e) {
            throw new RuntimeException("Could not parse client scopes [" + str + "] from policy config [" + policy.getName() + "].", e);
        }
    }

    public void close() {
    }

    public String getId() {
        return "client-scope";
    }

    public String getName() {
        return "Client Scope";
    }

    public String getGroup() {
        return "Identity Based";
    }

    public PolicyProvider create(AuthorizationProvider authorizationProvider) {
        return this.provider;
    }

    /* renamed from: toRepresentation, reason: merged with bridge method [inline-methods] */
    public ClientScopePolicyRepresentation m4toRepresentation(Policy policy, AuthorizationProvider authorizationProvider) {
        ClientScopePolicyRepresentation clientScopePolicyRepresentation = new ClientScopePolicyRepresentation();
        try {
            clientScopePolicyRepresentation.setClientScopes(new HashSet(Arrays.asList((ClientScopePolicyRepresentation.ClientScopeDefinition[]) JsonSerialization.readValue((String) policy.getConfig().get("clientScopes"), ClientScopePolicyRepresentation.ClientScopeDefinition[].class))));
            return clientScopePolicyRepresentation;
        } catch (IOException e) {
            throw new RuntimeException("Failed to deserialize client scopes", e);
        }
    }

    public Class<ClientScopePolicyRepresentation> getRepresentationType() {
        return ClientScopePolicyRepresentation.class;
    }

    public void onCreate(Policy policy, ClientScopePolicyRepresentation clientScopePolicyRepresentation, AuthorizationProvider authorizationProvider) {
        updateClientScopes(policy, clientScopePolicyRepresentation, authorizationProvider);
    }

    public void onUpdate(Policy policy, ClientScopePolicyRepresentation clientScopePolicyRepresentation, AuthorizationProvider authorizationProvider) {
        updateClientScopes(policy, clientScopePolicyRepresentation, authorizationProvider);
    }

    public void onImport(Policy policy, PolicyRepresentation policyRepresentation, AuthorizationProvider authorizationProvider) {
        try {
            updateClientScopes(policy, authorizationProvider, new HashSet(Arrays.asList((ClientScopePolicyRepresentation.ClientScopeDefinition[]) JsonSerialization.readValue((String) policyRepresentation.getConfig().get("clientScopes"), ClientScopePolicyRepresentation.ClientScopeDefinition[].class))));
        } catch (IOException e) {
            throw new RuntimeException("Failed to deserialize client scopes during import", e);
        }
    }

    public void onExport(Policy policy, PolicyRepresentation policyRepresentation, AuthorizationProvider authorizationProvider) {
        HashMap hashMap = new HashMap();
        Set<ClientScopePolicyRepresentation.ClientScopeDefinition> clientScopes = m4toRepresentation(policy, authorizationProvider).getClientScopes();
        for (ClientScopePolicyRepresentation.ClientScopeDefinition clientScopeDefinition : clientScopes) {
            clientScopeDefinition.setId(authorizationProvider.getRealm().getClientScopeById(clientScopeDefinition.getId()).getName());
        }
        try {
            hashMap.put("clientScopes", JsonSerialization.writeValueAsString(clientScopes));
            policyRepresentation.setConfig(hashMap);
        } catch (IOException e) {
            throw new RuntimeException("Failed to export client scope policy [" + policy.getName() + "]", e);
        }
    }

    private void updateClientScopes(Policy policy, ClientScopePolicyRepresentation clientScopePolicyRepresentation, AuthorizationProvider authorizationProvider) {
        updateClientScopes(policy, authorizationProvider, clientScopePolicyRepresentation.getClientScopes());
    }

    private void updateClientScopes(Policy policy, AuthorizationProvider authorizationProvider, Set<ClientScopePolicyRepresentation.ClientScopeDefinition> set) {
        RealmModel realm = authorizationProvider.getRealm();
        HashSet hashSet = new HashSet();
        if (set != null) {
            for (ClientScopePolicyRepresentation.ClientScopeDefinition clientScopeDefinition : set) {
                String id = clientScopeDefinition.getId();
                ClientScopeModel clientScopeModel = (ClientScopeModel) realm.getClientScopesStream().filter(clientScopeModel2 -> {
                    return clientScopeModel2.getName().equals(id);
                }).findAny().orElse(null);
                if (clientScopeModel == null) {
                    clientScopeModel = realm.getClientScopeById(id);
                }
                if (clientScopeModel == null) {
                    throw new RuntimeException("Error while updating policy [" + policy.getName() + "]. Client Scope [] could not be found.");
                }
                clientScopeDefinition.setId(clientScopeModel.getId());
                hashSet.add(clientScopeDefinition);
            }
        }
        try {
            policy.putConfig("clientScopes", JsonSerialization.writeValueAsString(hashSet));
        } catch (IOException e) {
            throw new RuntimeException("Failed to serialize client scopes", e);
        }
    }
}
