package org.keycloak.authorization.policy.provider.regex;

import com.fasterxml.jackson.databind.JsonNode;
import java.io.IOException;
import java.util.List;
import java.util.Optional;
import java.util.function.BiFunction;
import java.util.regex.Pattern;
import org.keycloak.authorization.AuthorizationProvider;
import org.keycloak.authorization.attribute.Attributes;
import org.keycloak.authorization.model.Policy;
import org.keycloak.authorization.policy.evaluation.Evaluation;
import org.keycloak.authorization.policy.provider.PolicyProvider;
import org.keycloak.representations.idm.authorization.RegexPolicyRepresentation;
import org.keycloak.util.JsonSerialization;
import org.keycloak.utils.JsonUtils;

/* loaded from: input_file:org/keycloak/authorization/policy/provider/regex/RegexPolicyProvider.class */
public class RegexPolicyProvider implements PolicyProvider {
    private final BiFunction<Policy, AuthorizationProvider, RegexPolicyRepresentation> representationFunction;

    public RegexPolicyProvider(BiFunction<Policy, AuthorizationProvider, RegexPolicyRepresentation> biFunction) {
        this.representationFunction = biFunction;
    }

    public void close() {
    }

    public void evaluate(Evaluation evaluation) {
        RegexPolicyRepresentation apply = this.representationFunction.apply(evaluation.getPolicy(), evaluation.getAuthorizationProvider());
        String claimValue = getClaimValue(evaluation, apply);
        if (claimValue != null && Pattern.compile(apply.getPattern()).matcher(claimValue).matches()) {
            evaluation.grant();
        }
    }

    private String getClaimValue(Evaluation evaluation, RegexPolicyRepresentation regexPolicyRepresentation) {
        Attributes attributes = evaluation.getContext().getIdentity().getAttributes();
        String targetClaim = regexPolicyRepresentation.getTargetClaim();
        try {
            return JsonUtils.hasPath(targetClaim) ? resolveJsonValue(attributes, targetClaim) : resolveSimpleValue(attributes, targetClaim);
        } catch (IOException e) {
            throw new RuntimeException("Failed to resolve value from claim: " + targetClaim, e);
        }
    }

    private String resolveSimpleValue(Attributes attributes, String str) {
        Attributes.Entry value = attributes.getValue(str);
        if (value == null || value.isEmpty()) {
            return null;
        }
        return value.asString(0);
    }

    private String resolveJsonValue(Attributes attributes, String str) throws IOException {
        Attributes.Entry value;
        List splitClaimPath = JsonUtils.splitClaimPath(str);
        if (splitClaimPath.isEmpty() || (value = attributes.getValue((String) splitClaimPath.get(0))) == null || value.isEmpty()) {
            return null;
        }
        return (String) Optional.ofNullable(JsonUtils.getJsonValue((JsonNode) JsonSerialization.readValue(value.asString(0), JsonNode.class), String.join(".", splitClaimPath.subList(1, splitClaimPath.size())))).map((v0) -> {
            return v0.toString();
        }).orElse(null);
    }
}
