package org.keycloak.authorization.permission;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Objects;
import java.util.Set;
import java.util.concurrent.atomic.AtomicLong;
import java.util.function.Consumer;
import java.util.stream.Collectors;
import org.keycloak.authorization.AuthorizationProvider;
import org.keycloak.authorization.identity.Identity;
import org.keycloak.authorization.model.PermissionTicket;
import org.keycloak.authorization.model.Resource;
import org.keycloak.authorization.model.ResourceServer;
import org.keycloak.authorization.model.Scope;
import org.keycloak.authorization.store.ResourceStore;
import org.keycloak.authorization.store.StoreFactory;
import org.keycloak.representations.idm.authorization.AuthorizationRequest;

/* loaded from: input_file:WEB-INF/lib/keycloak-server-spi-private-21.1.2.jar:org/keycloak/authorization/permission/Permissions.class */
public final class Permissions {
    public static ResourcePermission permission(ResourceServer resourceServer, Resource resource, Scope scope) {
        return new ResourcePermission(resource, new ArrayList(Arrays.asList(scope)), resourceServer);
    }

    public static void all(ResourceServer resourceServer, Identity identity, AuthorizationProvider authorizationProvider, AuthorizationRequest authorizationRequest, Consumer<ResourcePermission> consumer) {
        StoreFactory storeFactory = authorizationProvider.getStoreFactory();
        ResourceStore resourceStore = storeFactory.getResourceStore();
        AuthorizationRequest.Metadata metadata = authorizationRequest.getMetadata();
        AtomicLong atomicLong = (metadata == null || metadata.getLimit() == null) ? new AtomicLong(Long.MAX_VALUE) : new AtomicLong(metadata.getLimit().intValue());
        AtomicLong atomicLong2 = atomicLong;
        resourceStore.findByOwner(resourceServer.getRealm(), resourceServer, resourceServer.getClientId(), resource -> {
            if (atomicLong2.decrementAndGet() >= 0) {
                consumer.accept(createResourcePermissions(resource, resourceServer, resource.getScopes(), authorizationProvider, authorizationRequest));
            }
        });
        if (!Objects.equals(resourceServer.getClientId(), identity.getId())) {
            AtomicLong atomicLong3 = atomicLong;
            resourceStore.findByOwner(resourceServer.getRealm(), resourceServer, identity.getId(), resource2 -> {
                if (atomicLong3.decrementAndGet() >= 0) {
                    consumer.accept(createResourcePermissions(resource2, resourceServer, resource2.getScopes(), authorizationProvider, authorizationRequest));
                }
            });
        }
        List<PermissionTicket> findGranted = storeFactory.getPermissionTicketStore().findGranted(resourceServer, identity.getId());
        if (findGranted.isEmpty()) {
            return;
        }
        HashMap hashMap = new HashMap();
        for (PermissionTicket permissionTicket : findGranted) {
            if (atomicLong.get() < 0) {
                break;
            }
            AtomicLong atomicLong4 = atomicLong;
            ((ResourcePermission) hashMap.computeIfAbsent(permissionTicket.getResource().getId(), str -> {
                atomicLong4.decrementAndGet();
                ResourcePermission resourcePermission = new ResourcePermission(permissionTicket.getResource(), new ArrayList(), resourceServer, authorizationRequest.getClaims());
                resourcePermission.setGranted(true);
                return resourcePermission;
            })).addScope(permissionTicket.getScope());
        }
        Iterator it = hashMap.values().iterator();
        while (it.hasNext()) {
            consumer.accept((ResourcePermission) it.next());
        }
    }

    public static ResourcePermission createResourcePermissions(Resource resource, ResourceServer resourceServer, Collection<Scope> collection, AuthorizationProvider authorizationProvider, AuthorizationRequest authorizationRequest) {
        return new ResourcePermission(resource, resolveScopes(resource, resourceServer, collection, authorizationProvider), resourceServer, authorizationRequest.getClaims());
    }

    public static Set<Scope> resolveScopes(Resource resource, ResourceServer resourceServer, Collection<Scope> collection, AuthorizationProvider authorizationProvider) {
        return collection.isEmpty() ? populateTypedScopes(resource, resourceServer, authorizationProvider) : (Set) populateTypedScopes(resource, resourceServer, resource.getScopes(), authorizationProvider).stream().filter(scope -> {
            return collection.contains(scope);
        }).collect(Collectors.toSet());
    }

    private static Set<Scope> populateTypedScopes(Resource resource, ResourceServer resourceServer, AuthorizationProvider authorizationProvider) {
        return populateTypedScopes(resource, resourceServer, resource.getScopes(), authorizationProvider);
    }

    private static Set<Scope> populateTypedScopes(Resource resource, ResourceServer resourceServer, List<Scope> list, AuthorizationProvider authorizationProvider) {
        String type = resource.getType();
        if (type == null || resource.getOwner().equals(resourceServer.getId())) {
            return new LinkedHashSet(list);
        }
        LinkedHashSet linkedHashSet = new LinkedHashSet(list);
        authorizationProvider.getStoreFactory().getResourceStore().findByType(resourceServer, type, resource2 -> {
            for (Scope scope : resource2.getScopes()) {
                if (!linkedHashSet.contains(scope)) {
                    linkedHashSet.add(scope);
                }
            }
        });
        return linkedHashSet;
    }
}
