package org.keycloak.authorization.policy.evaluation;

import java.util.EnumMap;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.stream.Collectors;
import org.keycloak.authorization.AuthorizationProvider;
import org.keycloak.authorization.identity.Identity;
import org.keycloak.authorization.model.PermissionTicket;
import org.keycloak.authorization.model.Resource;
import org.keycloak.authorization.model.ResourceServer;
import org.keycloak.authorization.model.Scope;
import org.keycloak.authorization.store.ResourceStore;
import org.keycloak.authorization.store.ScopeStore;
import org.keycloak.representations.idm.authorization.AuthorizationRequest;
import org.keycloak.representations.idm.authorization.Permission;
import org.keycloak.representations.idm.authorization.PermissionTicketToken;

/* loaded from: input_file:org/keycloak/authorization/policy/evaluation/PermissionTicketAwareDecisionResultCollector.class */
public class PermissionTicketAwareDecisionResultCollector extends DecisionPermissionCollector {
    private final AuthorizationRequest request;
    private PermissionTicketToken ticket;
    private final Identity identity;
    private ResourceServer resourceServer;
    private final AuthorizationProvider authorization;

    public PermissionTicketAwareDecisionResultCollector(AuthorizationRequest authorizationRequest, PermissionTicketToken permissionTicketToken, Identity identity, ResourceServer resourceServer, AuthorizationProvider authorizationProvider) {
        super(authorizationProvider, resourceServer, authorizationRequest);
        this.request = authorizationRequest;
        this.ticket = permissionTicketToken;
        this.identity = identity;
        this.resourceServer = resourceServer;
        this.authorization = authorizationProvider;
    }

    @Override // org.keycloak.authorization.policy.evaluation.DecisionPermissionCollector
    protected void onGrant(Permission permission) {
        Iterator it = this.ticket.getPermissions().iterator();
        while (it.hasNext()) {
            Permission permission2 = (Permission) it.next();
            if (permission2.getResourceId() == null || permission2.getResourceId().equals(permission.getResourceId())) {
                Set scopes = permission2.getScopes();
                Iterator it2 = scopes.iterator();
                while (it2.hasNext()) {
                    if (permission.getScopes().contains(it2.next())) {
                        it2.remove();
                    }
                }
                if (scopes.isEmpty()) {
                    it.remove();
                }
            }
        }
    }

    @Override // org.keycloak.authorization.policy.evaluation.AbstractDecisionCollector, org.keycloak.authorization.Decision
    public void onComplete() {
        super.onComplete();
        if (this.request.isSubmitRequest()) {
            ResourceStore resourceStore = this.authorization.getStoreFactory().getResourceStore();
            List<Permission> permissions = this.ticket.getPermissions();
            if (permissions != null) {
                for (Permission permission : permissions) {
                    Resource findById = resourceStore.findById(this.resourceServer, permission.getResourceId());
                    if (findById == null) {
                        findById = resourceStore.findByName(this.resourceServer, permission.getResourceId(), this.identity.getId());
                    }
                    if (findById != null && findById.isOwnerManagedAccess() && !findById.getOwner().equals(this.identity.getId()) && !findById.getOwner().equals(this.resourceServer.getClientId())) {
                        Set<String> scopes = permission.getScopes();
                        if (scopes.isEmpty()) {
                            scopes = (Set) findById.getScopes().stream().map((v0) -> {
                                return v0.getName();
                            }).collect(Collectors.toSet());
                        }
                        if (scopes.isEmpty()) {
                            EnumMap enumMap = new EnumMap(PermissionTicket.FilterOption.class);
                            enumMap.put((EnumMap) PermissionTicket.FilterOption.RESOURCE_ID, (PermissionTicket.FilterOption) findById.getId());
                            enumMap.put((EnumMap) PermissionTicket.FilterOption.REQUESTER, (PermissionTicket.FilterOption) this.identity.getId());
                            enumMap.put((EnumMap) PermissionTicket.FilterOption.SCOPE_IS_NULL, (PermissionTicket.FilterOption) Boolean.TRUE.toString());
                            if (this.authorization.getStoreFactory().getPermissionTicketStore().find(this.resourceServer, enumMap, null, null).isEmpty()) {
                                this.authorization.getStoreFactory().getPermissionTicketStore().create(this.resourceServer, findById, null, this.identity.getId());
                            }
                        } else {
                            ScopeStore scopeStore = this.authorization.getStoreFactory().getScopeStore();
                            for (String str : scopes) {
                                Scope findByName = scopeStore.findByName(this.resourceServer, str);
                                if (findByName == null) {
                                    findByName = scopeStore.findById(this.resourceServer, str);
                                }
                                EnumMap enumMap2 = new EnumMap(PermissionTicket.FilterOption.class);
                                enumMap2.put((EnumMap) PermissionTicket.FilterOption.RESOURCE_ID, (PermissionTicket.FilterOption) findById.getId());
                                enumMap2.put((EnumMap) PermissionTicket.FilterOption.REQUESTER, (PermissionTicket.FilterOption) this.identity.getId());
                                enumMap2.put((EnumMap) PermissionTicket.FilterOption.SCOPE_ID, (PermissionTicket.FilterOption) findByName.getId());
                                if (this.authorization.getStoreFactory().getPermissionTicketStore().find(this.resourceServer, enumMap2, null, null).isEmpty()) {
                                    this.authorization.getStoreFactory().getPermissionTicketStore().create(this.resourceServer, findById, findByName, this.identity.getId());
                                }
                            }
                        }
                    }
                }
            }
        }
    }
}
