package org.keycloak.authorization.policy.provider.user;

import java.util.function.BiFunction;
import java.util.stream.Stream;
import org.jboss.logging.Logger;
import org.keycloak.authorization.AuthorizationProvider;
import org.keycloak.authorization.model.Policy;
import org.keycloak.authorization.policy.evaluation.Evaluation;
import org.keycloak.authorization.policy.provider.PartialEvaluationPolicyProvider;
import org.keycloak.authorization.policy.provider.PolicyProvider;
import org.keycloak.authorization.store.StoreFactory;
import org.keycloak.models.ClientModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.UserModel;
import org.keycloak.representations.idm.authorization.ResourceType;
import org.keycloak.representations.idm.authorization.UserPolicyRepresentation;

/* loaded from: input_file:org/keycloak/authorization/policy/provider/user/UserPolicyProvider.class */
public class UserPolicyProvider implements PolicyProvider, PartialEvaluationPolicyProvider {
    private static final Logger logger = Logger.getLogger(UserPolicyProvider.class);
    private final BiFunction<Policy, AuthorizationProvider, UserPolicyRepresentation> representationFunction;

    public UserPolicyProvider(BiFunction<Policy, AuthorizationProvider, UserPolicyRepresentation> biFunction) {
        this.representationFunction = biFunction;
    }

    public void evaluate(Evaluation evaluation) {
        Policy policy = evaluation.getPolicy();
        if (((String) policy.getConfig().getOrDefault("users", "")).contains(evaluation.getContext().getIdentity().getId())) {
            evaluation.grant();
        }
        if (logger.isDebugEnabled()) {
            logger.debugf("User policy %s evaluated to status %s on identity %s with accepted users: %s", new Object[]{evaluation.getPolicy().getName(), evaluation.getEffect(), evaluation.getContext().getIdentity().getId(), policy.getConfig().getOrDefault("users", "")});
        }
    }

    public Stream<Policy> getPermissions(KeycloakSession keycloakSession, ResourceType resourceType, UserModel userModel) {
        AuthorizationProvider provider = keycloakSession.getProvider(AuthorizationProvider.class);
        ClientModel adminPermissionsClient = keycloakSession.getContext().getRealm().getAdminPermissionsClient();
        StoreFactory storeFactory = provider.getStoreFactory();
        return storeFactory.getPolicyStore().findDependentPolicies(storeFactory.getResourceServerStore().findByClient(adminPermissionsClient), resourceType.getType(), UserPolicyProviderFactory.ID, "users", userModel.getId());
    }

    public boolean evaluate(KeycloakSession keycloakSession, Policy policy, UserModel userModel) {
        return ((String) policy.getConfig().getOrDefault("users", "")).contains(userModel.getId());
    }

    public boolean supports(Policy policy) {
        return UserPolicyProviderFactory.ID.equals(policy.getType());
    }

    public void close() {
    }
}
