package org.keycloak.authorization.policy.provider.client;

import java.io.IOException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Set;
import java.util.stream.Collectors;
import org.keycloak.Config;
import org.keycloak.authorization.AuthorizationProvider;
import org.keycloak.authorization.model.Policy;
import org.keycloak.authorization.model.ResourceServer;
import org.keycloak.authorization.policy.provider.PolicyProvider;
import org.keycloak.authorization.policy.provider.PolicyProviderFactory;
import org.keycloak.authorization.store.PolicyStore;
import org.keycloak.authorization.store.StoreFactory;
import org.keycloak.models.ClientModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.KeycloakSessionFactory;
import org.keycloak.models.RealmModel;
import org.keycloak.representations.idm.authorization.ClientPolicyRepresentation;
import org.keycloak.representations.idm.authorization.PolicyRepresentation;
import org.keycloak.util.JsonSerialization;

/* loaded from: input_file:org/keycloak/authorization/policy/provider/client/ClientPolicyProviderFactory.class */
public class ClientPolicyProviderFactory implements PolicyProviderFactory<ClientPolicyRepresentation> {
    private ClientPolicyProvider provider = new ClientPolicyProvider(this::m4toRepresentation);

    public String getName() {
        return "Client";
    }

    public String getGroup() {
        return "Identity Based";
    }

    public PolicyProvider create(AuthorizationProvider authorizationProvider) {
        return this.provider;
    }

    /* renamed from: toRepresentation, reason: merged with bridge method [inline-methods] */
    public ClientPolicyRepresentation m4toRepresentation(Policy policy, AuthorizationProvider authorizationProvider) {
        ClientPolicyRepresentation clientPolicyRepresentation = new ClientPolicyRepresentation();
        clientPolicyRepresentation.setClients(getClients(policy));
        return clientPolicyRepresentation;
    }

    public Class<ClientPolicyRepresentation> getRepresentationType() {
        return ClientPolicyRepresentation.class;
    }

    public void onCreate(Policy policy, ClientPolicyRepresentation clientPolicyRepresentation, AuthorizationProvider authorizationProvider) {
        updateClients(policy, clientPolicyRepresentation.getClients(), authorizationProvider);
    }

    public void onUpdate(Policy policy, ClientPolicyRepresentation clientPolicyRepresentation, AuthorizationProvider authorizationProvider) {
        updateClients(policy, clientPolicyRepresentation.getClients(), authorizationProvider);
    }

    public void onImport(Policy policy, PolicyRepresentation policyRepresentation, AuthorizationProvider authorizationProvider) {
        updateClients(policy, getClients(policy), authorizationProvider);
    }

    public void onExport(Policy policy, PolicyRepresentation policyRepresentation, AuthorizationProvider authorizationProvider) {
        ClientPolicyRepresentation m4toRepresentation = m4toRepresentation(policy, authorizationProvider);
        HashMap hashMap = new HashMap();
        try {
            RealmModel realm = authorizationProvider.getRealm();
            hashMap.put("clients", JsonSerialization.writeValueAsString(m4toRepresentation.getClients().stream().map(str -> {
                return realm.getClientById(str).getClientId();
            }).collect(Collectors.toList())));
            policyRepresentation.setConfig(hashMap);
        } catch (IOException e) {
            throw new RuntimeException("Failed to export user policy [" + policy.getName() + "]", e);
        }
    }

    /* renamed from: create, reason: merged with bridge method [inline-methods] */
    public PolicyProvider m5create(KeycloakSession keycloakSession) {
        return this.provider;
    }

    public void init(Config.Scope scope) {
    }

    public void postInit(KeycloakSessionFactory keycloakSessionFactory) {
        keycloakSessionFactory.register(providerEvent -> {
            if (providerEvent instanceof ClientModel.ClientRemovedEvent) {
                StoreFactory storeFactory = ((ClientModel.ClientRemovedEvent) providerEvent).getKeycloakSession().getProvider(AuthorizationProvider.class).getStoreFactory();
                PolicyStore policyStore = storeFactory.getPolicyStore();
                ClientModel client = ((ClientModel.ClientRemovedEvent) providerEvent).getClient();
                ResourceServer findByClient = storeFactory.getResourceServerStore().findByClient(client);
                if (findByClient != null) {
                    policyStore.findByType(findByClient, getId()).forEach(policy -> {
                        ArrayList arrayList = new ArrayList();
                        for (String str : getClients(policy)) {
                            if (!str.equals(client.getId())) {
                                arrayList.add(str);
                            }
                        }
                        try {
                            if (arrayList.isEmpty()) {
                                policyStore.delete(policy.getId());
                            } else {
                                policy.putConfig("clients", JsonSerialization.writeValueAsString(arrayList));
                            }
                        } catch (IOException e) {
                            throw new RuntimeException("Error while synchronizing clients with policy [" + policy.getName() + "].", e);
                        }
                    });
                }
            }
        });
    }

    public void close() {
    }

    public String getId() {
        return "client";
    }

    private void updateClients(Policy policy, Set<String> set, AuthorizationProvider authorizationProvider) {
        RealmModel realm = authorizationProvider.getRealm();
        if (set == null) {
            throw new RuntimeException("No client provided.");
        }
        HashSet hashSet = new HashSet();
        for (String str : set) {
            ClientModel clientByClientId = realm.getClientByClientId(str);
            if (clientByClientId == null) {
                clientByClientId = realm.getClientById(str);
            }
            if (clientByClientId == null) {
                throw new RuntimeException("Error while updating policy [" + policy.getName() + "]. Client [" + str + "] could not be found.");
            }
            hashSet.add(clientByClientId.getId());
        }
        try {
            policy.putConfig("clients", JsonSerialization.writeValueAsString(hashSet));
        } catch (IOException e) {
            throw new RuntimeException("Failed to serialize clients", e);
        }
    }

    private Set<String> getClients(Policy policy) {
        String str = (String) policy.getConfig().get("clients");
        if (str == null) {
            return Collections.emptySet();
        }
        try {
            return (Set) JsonSerialization.readValue(str, Set.class);
        } catch (IOException e) {
            throw new RuntimeException("Could not parse clients [" + str + "] from policy config [" + policy.getName() + "].", e);
        }
    }
}
