package org.keycloak.authorization;

import java.util.EnumMap;
import java.util.Iterator;
import java.util.List;
import org.keycloak.authorization.model.PermissionTicket;
import org.keycloak.authorization.model.Policy;
import org.keycloak.authorization.model.ResourceServer;
import org.keycloak.authorization.model.Scope;
import org.keycloak.authorization.store.PolicyStore;
import org.keycloak.authorization.store.StoreFactory;
import org.keycloak.models.RealmModel;
import org.keycloak.models.utils.KeycloakModelUtils;
import org.keycloak.representations.idm.authorization.PolicyRepresentation;
import org.keycloak.representations.idm.authorization.UserPolicyRepresentation;

/* loaded from: input_file:org/keycloak/authorization/UserManagedPermissionUtil.class */
public class UserManagedPermissionUtil {
    public static void updatePolicy(PermissionTicket permissionTicket, StoreFactory storeFactory) {
        Scope scope = permissionTicket.getScope();
        Policy policy = permissionTicket.getPolicy();
        ResourceServer resourceServer = permissionTicket.getResourceServer();
        if (policy == null) {
            EnumMap enumMap = new EnumMap(PermissionTicket.FilterOption.class);
            enumMap.put((EnumMap) PermissionTicket.FilterOption.OWNER, (PermissionTicket.FilterOption) permissionTicket.getOwner());
            enumMap.put((EnumMap) PermissionTicket.FilterOption.REQUESTER, (PermissionTicket.FilterOption) permissionTicket.getRequester());
            enumMap.put((EnumMap) PermissionTicket.FilterOption.RESOURCE_ID, (PermissionTicket.FilterOption) permissionTicket.getResource().getId());
            enumMap.put((EnumMap) PermissionTicket.FilterOption.POLICY_IS_NOT_NULL, (PermissionTicket.FilterOption) Boolean.TRUE.toString());
            List<PermissionTicket> find = storeFactory.getPermissionTicketStore().find(resourceServer.getRealm(), resourceServer, enumMap, null, null);
            if (!find.isEmpty()) {
                policy = find.iterator().next().getPolicy();
            }
        }
        if (!permissionTicket.isGranted()) {
            if (scope != null) {
                policy.removeScope(scope);
                permissionTicket.setPolicy(null);
                return;
            }
            return;
        }
        if (policy == null) {
            policy = createUserManagedPermission(permissionTicket, storeFactory);
        }
        if (scope != null && !policy.getScopes().contains(scope)) {
            policy.addScope(scope);
        }
        permissionTicket.setPolicy(policy);
    }

    public static void removePolicy(PermissionTicket permissionTicket, StoreFactory storeFactory) {
        Policy policy = permissionTicket.getPolicy();
        RealmModel realm = permissionTicket.getResourceServer().getRealm();
        if (policy != null) {
            EnumMap enumMap = new EnumMap(PermissionTicket.FilterOption.class);
            enumMap.put((EnumMap) PermissionTicket.FilterOption.OWNER, (PermissionTicket.FilterOption) permissionTicket.getOwner());
            enumMap.put((EnumMap) PermissionTicket.FilterOption.REQUESTER, (PermissionTicket.FilterOption) permissionTicket.getRequester());
            enumMap.put((EnumMap) PermissionTicket.FilterOption.RESOURCE_ID, (PermissionTicket.FilterOption) permissionTicket.getResource().getId());
            enumMap.put((EnumMap) PermissionTicket.FilterOption.GRANTED, (PermissionTicket.FilterOption) Boolean.TRUE.toString());
            if (!storeFactory.getPermissionTicketStore().find(realm, permissionTicket.getResourceServer(), enumMap, null, null).isEmpty()) {
                if (permissionTicket.getScope() != null) {
                    policy.removeScope(permissionTicket.getScope());
                }
            } else {
                PolicyStore policyStore = storeFactory.getPolicyStore();
                Iterator<Policy> it = policy.getAssociatedPolicies().iterator();
                while (it.hasNext()) {
                    policyStore.delete(realm, it.next().getId());
                }
                policyStore.delete(realm, policy.getId());
            }
        }
    }

    private static Policy createUserManagedPermission(PermissionTicket permissionTicket, StoreFactory storeFactory) {
        PolicyStore policyStore = storeFactory.getPolicyStore();
        UserPolicyRepresentation userPolicyRepresentation = new UserPolicyRepresentation();
        userPolicyRepresentation.setName(KeycloakModelUtils.generateId());
        userPolicyRepresentation.addUser(permissionTicket.getRequester());
        Policy create = policyStore.create(permissionTicket.getResourceServer(), userPolicyRepresentation);
        create.setOwner(permissionTicket.getOwner());
        PolicyRepresentation policyRepresentation = new PolicyRepresentation();
        policyRepresentation.setName(KeycloakModelUtils.generateId());
        policyRepresentation.setType("uma");
        policyRepresentation.addPolicy(new String[]{create.getId()});
        Policy create2 = policyStore.create(permissionTicket.getResourceServer(), policyRepresentation);
        create2.setOwner(permissionTicket.getOwner());
        create2.addResource(permissionTicket.getResource());
        Scope scope = permissionTicket.getScope();
        if (scope != null) {
            create2.addScope(scope);
        }
        return create2;
    }
}
