package org.keycloak.services.clientpolicy;

import java.io.IOException;
import java.util.LinkedList;
import java.util.List;
import java.util.function.Supplier;
import org.jboss.logging.Logger;
import org.keycloak.common.Profile;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.representations.idm.ClientPoliciesRepresentation;
import org.keycloak.representations.idm.ClientProfileRepresentation;
import org.keycloak.representations.idm.ClientProfilesRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.services.clientpolicy.condition.ClientPolicyConditionProvider;
import org.keycloak.services.clientpolicy.executor.ClientPolicyExecutorProvider;
import org.keycloak.util.JsonSerialization;

/* loaded from: input_file:org/keycloak/services/clientpolicy/DefaultClientPolicyManager.class */
public class DefaultClientPolicyManager implements ClientPolicyManager {
    private static final Logger logger = Logger.getLogger(DefaultClientPolicyManager.class);
    private final KeycloakSession session;
    private final Supplier<List<ClientProfileRepresentation>> globalClientProfilesSupplier;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/keycloak/services/clientpolicy/DefaultClientPolicyManager$ClientConditionOperation.class */
    public interface ClientConditionOperation {
        ClientPolicyVote run(ClientPolicyConditionProvider clientPolicyConditionProvider) throws ClientPolicyException;
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/keycloak/services/clientpolicy/DefaultClientPolicyManager$ClientExecutorOperation.class */
    public interface ClientExecutorOperation {
        void run(ClientPolicyExecutorProvider clientPolicyExecutorProvider) throws ClientPolicyException;
    }

    public DefaultClientPolicyManager(KeycloakSession keycloakSession, Supplier<List<ClientProfileRepresentation>> supplier) {
        this.session = keycloakSession;
        this.globalClientProfilesSupplier = supplier;
    }

    public void triggerOnEvent(ClientPolicyContext clientPolicyContext) throws ClientPolicyException {
        if (Profile.isFeatureEnabled(Profile.Feature.CLIENT_POLICIES)) {
            RealmModel realm = this.session.getContext().getRealm();
            logger.tracev("POLICY OPERATION :: context realm = {0}, event = {1}", realm.getName(), clientPolicyContext.getEvent());
            doPolicyOperation(clientPolicyConditionProvider -> {
                return clientPolicyConditionProvider.applyPolicy(clientPolicyContext);
            }, clientPolicyExecutorProvider -> {
                clientPolicyExecutorProvider.executeOnEvent(clientPolicyContext);
            }, realm);
        }
    }

    private void doPolicyOperation(ClientConditionOperation clientConditionOperation, ClientExecutorOperation clientExecutorOperation, RealmModel realmModel) throws ClientPolicyException {
        List<ClientPolicy> enabledClientPolicies = ClientPoliciesUtil.getEnabledClientPolicies(this.session, realmModel);
        if (enabledClientPolicies == null || enabledClientPolicies.isEmpty()) {
            logger.trace("POLICY OPERATION :: No enabled policy.");
            return;
        }
        for (ClientPolicy clientPolicy : enabledClientPolicies) {
            logger.tracev("POLICY OPERATION :: policy name = {0}", clientPolicy.getName());
            if (isSatisfied(clientPolicy, clientConditionOperation)) {
                logger.tracev("POLICY APPLIED :: policy name = {0}", clientPolicy.getName());
                execute(clientPolicy, clientExecutorOperation, realmModel);
            } else {
                logger.tracev("POLICY UNSATISFIED :: policy name = {0}", clientPolicy.getName());
            }
        }
    }

    private boolean isSatisfied(ClientPolicy clientPolicy, ClientConditionOperation clientConditionOperation) throws ClientPolicyException {
        if (clientPolicy.getConditions() == null || clientPolicy.getConditions().isEmpty()) {
            logger.tracev("NO CONDITION :: policy name = {0}", clientPolicy.getName());
            return false;
        }
        boolean z = false;
        for (ClientPolicyConditionProvider clientPolicyConditionProvider : clientPolicy.getConditions()) {
            logger.tracev("CONDITION OPERATION :: policy name = {0}, condition name = {1}, provider id = {2}", clientPolicy.getName(), clientPolicyConditionProvider.getName(), clientPolicyConditionProvider.getProviderId());
            try {
                ClientPolicyVote run = clientConditionOperation.run(clientPolicyConditionProvider);
                if (clientPolicyConditionProvider.isNegativeLogic()) {
                    if (run == ClientPolicyVote.YES) {
                        run = ClientPolicyVote.NO;
                    } else if (run == ClientPolicyVote.NO) {
                        run = ClientPolicyVote.YES;
                    }
                }
                if (run == ClientPolicyVote.ABSTAIN) {
                    logger.tracev("CONDITION SKIP :: policy name = {0}, condition name = {1}, provider id = {2}", clientPolicy.getName(), clientPolicyConditionProvider.getName(), clientPolicyConditionProvider.getProviderId());
                } else {
                    if (run == ClientPolicyVote.NO) {
                        logger.tracev("CONDITION NEGATIVE :: policy name = {0}, condition name = {1}, provider id = {2}", clientPolicy.getName(), clientPolicyConditionProvider.getName(), clientPolicyConditionProvider.getProviderId());
                        return false;
                    }
                    z = true;
                }
            } catch (ClientPolicyException e) {
                logger.tracev("CONDITION EXCEPTION :: policy name = {0}, provider id = {1}, error = {2}, error detail = {3}", new Object[]{clientPolicyConditionProvider.getName(), clientPolicyConditionProvider.getProviderId(), e.getError(), e.getErrorDetail()});
                throw e;
            }
        }
        if (z) {
            logger.tracev("CONDITIONS SATISFIED :: policy name = {0}", clientPolicy.getName());
        } else {
            logger.tracev("CONDITIONS UNSATISFIED :: policy name = {0}", clientPolicy.getName());
        }
        return z;
    }

    private void execute(ClientPolicy clientPolicy, ClientExecutorOperation clientExecutorOperation, RealmModel realmModel) throws ClientPolicyException {
        if (clientPolicy.getProfiles() == null || clientPolicy.getProfiles().isEmpty()) {
            logger.tracev("NO PROFILE :: policy name = {0}", clientPolicy.getName());
            return;
        }
        ClientProfilesRepresentation clientProfilesRepresentation = ClientPoliciesUtil.getClientProfilesRepresentation(this.session, realmModel);
        for (String str : clientPolicy.getProfiles()) {
            ClientProfile clientProfileModel = ClientPoliciesUtil.getClientProfileModel(this.session, realmModel, clientProfilesRepresentation, this.globalClientProfilesSupplier.get(), str);
            if (clientProfileModel == null) {
                logger.tracev("PROFILE NOT FOUND :: policy name = {0}, profile name = {1}", clientPolicy.getName(), str);
            } else if (clientProfileModel.getExecutors() == null || clientProfileModel.getExecutors().isEmpty()) {
                logger.tracev("PROFILE NO EXECUTOR :: policy name = {0}, profile name = {1}", clientPolicy.getName(), str);
            } else {
                for (ClientPolicyExecutorProvider clientPolicyExecutorProvider : clientProfileModel.getExecutors()) {
                    logger.tracev("EXECUTION :: policy name = {0}, profile name = {1}, executor name = {2}, provider id = {3}", new Object[]{clientPolicy.getName(), str, clientPolicyExecutorProvider.getName(), clientPolicyExecutorProvider.getProviderId()});
                    try {
                        clientExecutorOperation.run(clientPolicyExecutorProvider);
                    } catch (ClientPolicyException e) {
                        logger.tracev("EXECUTOR EXCEPTION :: executor name = {0}, provider id = {1}, error = {2}, error detail = {3}", new Object[]{clientPolicyExecutorProvider.getName(), clientPolicyExecutorProvider.getProviderId(), e.getError(), e.getErrorDetail()});
                        throw e;
                    }
                }
            }
        }
    }

    public void setupClientPoliciesOnCreatedRealm(RealmModel realmModel) {
    }

    public void updateRealmModelFromRepresentation(RealmModel realmModel, RealmRepresentation realmRepresentation) {
        logger.tracev("LOAD PROFILE POLICIES ON IMPORTED REALM :: realm = {0}", realmModel.getName());
        if (realmRepresentation.getParsedClientProfiles() != null) {
            try {
                updateClientProfiles(realmModel, realmRepresentation.getParsedClientProfiles());
            } catch (ClientPolicyException e) {
                logger.warnv("VALIDATE SERIALIZE IMPORTED REALM PROFILES FAILED :: error = {0}, error detail = {1}", e.getError(), e.getErrorDetail());
                throw new RuntimeException("Failed to update client profiles", e);
            }
        }
        ClientPoliciesRepresentation parsedClientPolicies = realmRepresentation.getParsedClientPolicies();
        if (parsedClientPolicies == null) {
            setupClientPoliciesOnCreatedRealm(realmModel);
            return;
        }
        try {
            updateClientPolicies(realmModel, parsedClientPolicies);
        } catch (ClientPolicyException e2) {
            logger.warnv("VALIDATE SERIALIZE IMPORTED REALM POLICIES FAILED :: error = {0}, error detail = {1}", e2.getError(), e2.getErrorDetail());
            throw new RuntimeException("Failed to update client policies", e2);
        }
    }

    public void updateClientProfiles(RealmModel realmModel, ClientProfilesRepresentation clientProfilesRepresentation) throws ClientPolicyException {
        try {
            if (clientProfilesRepresentation == null) {
                throw new ClientPolicyException("Passing null clientProfiles not allowed");
            }
            String convertClientProfilesRepresentationToJson = ClientPoliciesUtil.convertClientProfilesRepresentationToJson(ClientPoliciesUtil.getValidatedClientProfilesForUpdate(this.session, realmModel, clientProfilesRepresentation, this.globalClientProfilesSupplier.get()));
            ClientPoliciesUtil.setClientProfilesJsonString(realmModel, convertClientProfilesRepresentationToJson);
            logger.tracev("UPDATE PROFILES :: realm = {0}, validated and modified PUT = {1}", realmModel.getName(), convertClientProfilesRepresentationToJson);
        } catch (ClientPolicyException e) {
            logger.warnv("VALIDATE SERIALIZE PROFILES FAILED :: error = {0}, error detail = {1}", e.getError(), e.getErrorDetail());
            throw e;
        }
    }

    public ClientProfilesRepresentation getClientProfiles(RealmModel realmModel, boolean z) throws ClientPolicyException {
        try {
            ClientProfilesRepresentation clientProfilesRepresentation = ClientPoliciesUtil.getClientProfilesRepresentation(this.session, realmModel);
            if (z) {
                clientProfilesRepresentation.setGlobalProfiles(new LinkedList(this.globalClientProfilesSupplier.get()));
            }
            if (logger.isTraceEnabled()) {
                logger.tracev("GET PROFILES :: realm = {0}, GET = {1}", realmModel.getName(), JsonSerialization.writeValueAsString(clientProfilesRepresentation));
            }
            return clientProfilesRepresentation;
        } catch (IOException e) {
            throw new RuntimeException("Unexpected exception when converting JSON to String", e);
        } catch (ClientPolicyException e2) {
            logger.warnv("GET CLIENT PROFILES FAILED :: error = {0}, error detail = {1}", e2.getError(), e2.getErrorDetail());
            throw e2;
        }
    }

    public void updateClientPolicies(RealmModel realmModel, ClientPoliciesRepresentation clientPoliciesRepresentation) throws ClientPolicyException {
        try {
            if (clientPoliciesRepresentation == null) {
                throw new ClientPolicyException("Passing null clientPolicies not allowed");
            }
            String convertClientPoliciesRepresentationToJson = ClientPoliciesUtil.convertClientPoliciesRepresentationToJson(ClientPoliciesUtil.getValidatedClientPoliciesForUpdate(this.session, realmModel, clientPoliciesRepresentation, this.globalClientProfilesSupplier.get()));
            ClientPoliciesUtil.setClientPoliciesJsonString(realmModel, convertClientPoliciesRepresentationToJson);
            logger.tracev("UPDATE POLICIES :: realm = {0}, validated and modified PUT = {1}", realmModel.getName(), convertClientPoliciesRepresentationToJson);
        } catch (ClientPolicyException e) {
            logger.warnv("VALIDATE SERIALIZE POLICIES FAILED :: error = {0}, error detail = {1}", e.getError(), e.getErrorDetail());
            throw e;
        }
    }

    public ClientPoliciesRepresentation getClientPolicies(RealmModel realmModel) throws ClientPolicyException {
        try {
            ClientPoliciesRepresentation clientPoliciesRepresentation = ClientPoliciesUtil.getClientPoliciesRepresentation(this.session, realmModel);
            if (logger.isTraceEnabled()) {
                logger.tracev("GET POLICIES :: realm = {0}, GET = {1}", realmModel.getName(), JsonSerialization.writeValueAsString(clientPoliciesRepresentation));
            }
            return clientPoliciesRepresentation;
        } catch (ClientPolicyException e) {
            logger.warnv("GET CLIENT POLICIES FAILED :: error = {0}, error detail = {1}", e.getError(), e.getErrorDetail());
            throw e;
        } catch (IOException e2) {
            throw new RuntimeException("Unexpected exception when converting JSON to String", e2);
        }
    }

    public void updateRealmRepresentationFromModel(RealmModel realmModel, RealmRepresentation realmRepresentation) {
        try {
            realmRepresentation.setParsedClientProfiles(getClientProfiles(realmModel, false));
            realmRepresentation.setParsedClientPolicies(getClientPolicies(realmModel));
        } catch (ClientPolicyException e) {
            throw new IllegalStateException("Exception during export client profiles or client policies", e);
        }
    }

    public void close() {
    }
}
