package org.keycloak.adapters.authorization;

import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import org.jboss.logging.Logger;
import org.keycloak.authorization.client.AuthzClient;
import org.keycloak.authorization.client.resource.ProtectedResource;
import org.keycloak.common.util.PathMatcher;
import org.keycloak.representations.adapters.config.PolicyEnforcerConfig;
import org.keycloak.representations.idm.authorization.ResourceRepresentation;

/* loaded from: input_file:WEB-INF/lib/keycloak-policy-enforcer-21.1.2.jar:org/keycloak/adapters/authorization/PathConfigMatcher.class */
public class PathConfigMatcher extends PathMatcher<PolicyEnforcerConfig.PathConfig> {
    private static Logger LOGGER = Logger.getLogger((Class<?>) PolicyEnforcer.class);
    private final Map<String, PolicyEnforcerConfig.PathConfig> paths;
    private final PathCache pathCache;
    private final AuthzClient authzClient;
    private final PolicyEnforcerConfig enforcerConfig;

    /* JADX INFO: Access modifiers changed from: package-private */
    public PathConfigMatcher(PolicyEnforcerConfig policyEnforcerConfig, AuthzClient authzClient) {
        this.enforcerConfig = policyEnforcerConfig;
        PolicyEnforcerConfig.PathCacheConfig pathCacheConfig = policyEnforcerConfig.getPathCacheConfig();
        pathCacheConfig = pathCacheConfig == null ? new PolicyEnforcerConfig.PathCacheConfig() : pathCacheConfig;
        this.authzClient = authzClient;
        this.paths = configurePaths();
        this.pathCache = new PathCache(pathCacheConfig.getMaxEntries(), pathCacheConfig.getLifespan(), this.paths);
        if (LOGGER.isDebugEnabled()) {
            LOGGER.debug("Initialization complete. Path configuration:");
            Iterator<PolicyEnforcerConfig.PathConfig> it = this.paths.values().iterator();
            while (it.hasNext()) {
                LOGGER.debug(it.next());
            }
        }
    }

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // org.keycloak.common.util.PathMatcher
    public PolicyEnforcerConfig.PathConfig matches(String str) {
        PolicyEnforcerConfig.PathConfig pathConfig = this.pathCache.get(str);
        if (this.pathCache.containsKey(str) || pathConfig != null) {
            return pathConfig;
        }
        PolicyEnforcerConfig.PathConfig pathConfig2 = (PolicyEnforcerConfig.PathConfig) super.matches(str);
        if ((this.enforcerConfig.getLazyLoadPaths().booleanValue() || this.enforcerConfig.getPathCacheConfig() != null) && (pathConfig2 == null || pathConfig2.isInvalidated() || pathConfig2.getPath().contains("*"))) {
            try {
                List<ResourceRepresentation> findByMatchingUri = this.authzClient.protection().resource().findByMatchingUri(str);
                if (!findByMatchingUri.isEmpty()) {
                    Map<String, Map<String, Object>> map = null;
                    PolicyEnforcerConfig.EnforcementMode enforcementMode = PolicyEnforcerConfig.EnforcementMode.ENFORCING;
                    ResourceRepresentation resourceRepresentation = findByMatchingUri.get(0);
                    List<PolicyEnforcerConfig.MethodConfig> list = null;
                    boolean z = false;
                    if (pathConfig2 != null) {
                        map = pathConfig2.getClaimInformationPointConfig();
                        enforcementMode = pathConfig2.getEnforcementMode();
                        list = pathConfig2.getMethods();
                        z = pathConfig2.isStatic();
                    } else {
                        for (PolicyEnforcerConfig.PathConfig pathConfig3 : this.paths.values()) {
                            if (resourceRepresentation.getId().equals(pathConfig3.getId()) && pathConfig3.isStatic() && !PolicyEnforcerConfig.EnforcementMode.DISABLED.equals(pathConfig3.getEnforcementMode())) {
                                return null;
                            }
                        }
                    }
                    pathConfig2 = PolicyEnforcerConfig.PathConfig.createPathConfigs(resourceRepresentation).iterator().next();
                    if (map != null) {
                        pathConfig2.setClaimInformationPointConfig(map);
                    }
                    if (list != null) {
                        pathConfig2.setMethods(list);
                    }
                    pathConfig2.setStatic(z);
                    pathConfig2.setEnforcementMode(enforcementMode);
                } else if (pathConfig2 != null && pathConfig2.isInvalidated()) {
                    this.paths.remove(str);
                    return null;
                }
            } catch (Exception e) {
                LOGGER.errorf((Throwable) e, "Could not lazy load resource with path [" + str + "] from server", new Object[0]);
                return null;
            }
        }
        this.pathCache.put(str, pathConfig2);
        return pathConfig2;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.keycloak.common.util.PathMatcher
    public String getPath(PolicyEnforcerConfig.PathConfig pathConfig) {
        return pathConfig.getPath();
    }

    @Override // org.keycloak.common.util.PathMatcher
    protected Collection<PolicyEnforcerConfig.PathConfig> getPaths() {
        return this.paths.values();
    }

    public PathCache getPathCache() {
        return this.pathCache;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.keycloak.common.util.PathMatcher
    public PolicyEnforcerConfig.PathConfig resolvePathConfig(PolicyEnforcerConfig.PathConfig pathConfig, String str) {
        if (!pathConfig.hasPattern()) {
            return null;
        }
        ProtectedResource resource = this.authzClient.protection().resource();
        List<ResourceRepresentation> findByUri = resource.findByUri(str);
        if (findByUri.isEmpty()) {
            findByUri = resource.findByUri(buildUriFromTemplate(pathConfig.getPath(), str, true));
        }
        if (findByUri.isEmpty()) {
            return null;
        }
        PolicyEnforcerConfig.PathConfig next = PolicyEnforcerConfig.PathConfig.createPathConfigs(findByUri.get(0)).iterator().next();
        next.setScopes(pathConfig.getScopes());
        next.setMethods(pathConfig.getMethods());
        next.setParentConfig(pathConfig);
        next.setEnforcementMode(pathConfig.getEnforcementMode());
        next.setClaimInformationPointConfig(pathConfig.getClaimInformationPointConfig());
        return next;
    }

    public void removeFromCache(String str) {
        this.pathCache.remove(str);
    }

    public Map<String, PolicyEnforcerConfig.PathConfig> getPathConfig() {
        return this.paths;
    }

    private Map<String, PolicyEnforcerConfig.PathConfig> configurePaths() {
        ProtectedResource resource = this.authzClient.protection().resource();
        boolean z = !this.enforcerConfig.getLazyLoadPaths().booleanValue();
        Iterator<PolicyEnforcerConfig.PathConfig> it = this.enforcerConfig.getPaths().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            if (!PolicyEnforcerConfig.EnforcementMode.DISABLED.equals(it.next().getEnforcementMode())) {
                z = false;
                break;
            }
        }
        if (!z) {
            LOGGER.info("Paths provided in configuration.");
            return configureDefinedPaths(resource, this.enforcerConfig);
        }
        LOGGER.info("No path provided in configuration.");
        Map<String, PolicyEnforcerConfig.PathConfig> configureAllPathsForResourceServer = configureAllPathsForResourceServer(resource);
        configureAllPathsForResourceServer.putAll(configureDefinedPaths(resource, this.enforcerConfig));
        return configureAllPathsForResourceServer;
    }

    private Map<String, PolicyEnforcerConfig.PathConfig> configureDefinedPaths(ProtectedResource protectedResource, PolicyEnforcerConfig policyEnforcerConfig) {
        ResourceRepresentation resourceRepresentation;
        Map<String, PolicyEnforcerConfig.PathConfig> synchronizedMap = Collections.synchronizedMap(new LinkedHashMap());
        for (PolicyEnforcerConfig.PathConfig pathConfig : policyEnforcerConfig.getPaths()) {
            String name = pathConfig.getName();
            String path = pathConfig.getPath();
            if (name != null) {
                LOGGER.debugf("Trying to find resource with name [%s] for path [%s].", name, path);
                resourceRepresentation = protectedResource.findByName(name);
            } else {
                LOGGER.debugf("Trying to find resource with uri [%s] for path [%s].", path, path);
                List<ResourceRepresentation> findByUri = protectedResource.findByUri(path);
                if (findByUri.isEmpty()) {
                    findByUri = protectedResource.findByMatchingUri(path);
                }
                if (findByUri.size() == 1) {
                    resourceRepresentation = findByUri.get(0);
                } else {
                    if (findByUri.size() > 1) {
                        throw new RuntimeException("Multiple resources found with the same uri");
                    }
                    resourceRepresentation = null;
                }
            }
            if (resourceRepresentation != null) {
                pathConfig.setId(resourceRepresentation.getId());
                if (name != null) {
                    pathConfig.setStatic(true);
                }
            }
            if (PolicyEnforcerConfig.EnforcementMode.DISABLED.equals(pathConfig.getEnforcementMode())) {
                pathConfig.setStatic(true);
            }
            PolicyEnforcerConfig.PathConfig pathConfig2 = null;
            Iterator<PolicyEnforcerConfig.PathConfig> it = synchronizedMap.values().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                PolicyEnforcerConfig.PathConfig next = it.next();
                if (next.getPath().equals(pathConfig.getPath())) {
                    pathConfig2 = next;
                    break;
                }
            }
            if (pathConfig2 == null) {
                synchronizedMap.put(pathConfig.getPath(), pathConfig);
            } else {
                pathConfig2.getMethods().addAll(pathConfig.getMethods());
                pathConfig2.getScopes().addAll(pathConfig.getScopes());
            }
        }
        return synchronizedMap;
    }

    private Map<String, PolicyEnforcerConfig.PathConfig> configureAllPathsForResourceServer(ProtectedResource protectedResource) {
        LOGGER.info("Querying the server for all resources associated with this application.");
        Map<String, PolicyEnforcerConfig.PathConfig> synchronizedMap = Collections.synchronizedMap(new HashMap());
        if (!this.enforcerConfig.getLazyLoadPaths().booleanValue()) {
            for (String str : protectedResource.findAll()) {
                ResourceRepresentation findById = protectedResource.findById(str);
                if (findById.getUris() != null && !findById.getUris().isEmpty()) {
                    for (PolicyEnforcerConfig.PathConfig pathConfig : PolicyEnforcerConfig.PathConfig.createPathConfigs(findById)) {
                        synchronizedMap.put(pathConfig.getPath(), pathConfig);
                    }
                }
            }
        }
        return synchronizedMap;
    }
}
