package org.keycloak.services.clientpolicy.condition;

import java.util.HashSet;
import java.util.List;
import java.util.Set;
import java.util.stream.Collectors;
import org.jboss.logging.Logger;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.UserModel;
import org.keycloak.representations.JsonWebToken;
import org.keycloak.representations.idm.ClientPolicyConditionConfigurationRepresentation;
import org.keycloak.services.clientpolicy.ClientPolicyContext;
import org.keycloak.services.clientpolicy.ClientPolicyEvent;
import org.keycloak.services.clientpolicy.ClientPolicyException;
import org.keycloak.services.clientpolicy.ClientPolicyVote;
import org.keycloak.services.clientpolicy.context.AdminClientRegisterContext;
import org.keycloak.services.clientpolicy.context.AdminClientUpdateContext;
import org.keycloak.services.clientpolicy.context.ClientCRUDContext;
import org.keycloak.services.clientpolicy.context.DynamicClientRegisterContext;
import org.keycloak.services.clientpolicy.context.DynamicClientUpdateContext;
import org.keycloak.services.util.DPoPUtil;
import org.keycloak.userprofile.DeclarativeUserProfileProvider;

/* loaded from: input_file:org/keycloak/services/clientpolicy/condition/ClientUpdaterSourceGroupsCondition.class */
public class ClientUpdaterSourceGroupsCondition extends AbstractClientPolicyConditionProvider<Configuration> {
    private static final Logger logger = Logger.getLogger(ClientUpdaterSourceGroupsCondition.class);

    /* renamed from: org.keycloak.services.clientpolicy.condition.ClientUpdaterSourceGroupsCondition$1, reason: invalid class name */
    /* loaded from: input_file:org/keycloak/services/clientpolicy/condition/ClientUpdaterSourceGroupsCondition$1.class */
    static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$keycloak$services$clientpolicy$ClientPolicyEvent = new int[ClientPolicyEvent.values().length];

        static {
            try {
                $SwitchMap$org$keycloak$services$clientpolicy$ClientPolicyEvent[ClientPolicyEvent.REGISTER.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$keycloak$services$clientpolicy$ClientPolicyEvent[ClientPolicyEvent.UPDATE.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
        }
    }

    /* loaded from: input_file:org/keycloak/services/clientpolicy/condition/ClientUpdaterSourceGroupsCondition$Configuration.class */
    public static class Configuration extends ClientPolicyConditionConfigurationRepresentation {
        protected List<String> groups;

        public List<String> getGroups() {
            return this.groups;
        }

        public void setGroups(List<String> list) {
            this.groups = list;
        }
    }

    public ClientUpdaterSourceGroupsCondition(KeycloakSession keycloakSession) {
        super(keycloakSession);
    }

    public Class<Configuration> getConditionConfigurationClass() {
        return Configuration.class;
    }

    public String getProviderId() {
        return ClientUpdaterSourceGroupsConditionFactory.PROVIDER_ID;
    }

    public ClientPolicyVote applyPolicy(ClientPolicyContext clientPolicyContext) throws ClientPolicyException {
        switch (AnonymousClass1.$SwitchMap$org$keycloak$services$clientpolicy$ClientPolicyEvent[clientPolicyContext.getEvent().ordinal()]) {
            case DeclarativeUserProfileProvider.PROVIDER_PRIORITY /* 1 */:
                if (clientPolicyContext instanceof AdminClientRegisterContext) {
                    return getVoteForGroupsMatched(((ClientCRUDContext) clientPolicyContext).getAuthenticatedUser());
                }
                if (clientPolicyContext instanceof DynamicClientRegisterContext) {
                    return getVoteForGroupsMatched(((ClientCRUDContext) clientPolicyContext).getToken());
                }
                throw new ClientPolicyException("server_error", "unexpected context type.");
            case DPoPUtil.DEFAULT_ALLOWED_CLOCK_SKEW /* 2 */:
                if (clientPolicyContext instanceof AdminClientUpdateContext) {
                    return getVoteForGroupsMatched(((ClientCRUDContext) clientPolicyContext).getAuthenticatedUser());
                }
                if (clientPolicyContext instanceof DynamicClientUpdateContext) {
                    return getVoteForGroupsMatched(((ClientCRUDContext) clientPolicyContext).getToken());
                }
                throw new ClientPolicyException("server_error", "unexpected context type.");
            default:
                return ClientPolicyVote.ABSTAIN;
        }
    }

    private ClientPolicyVote getVoteForGroupsMatched(UserModel userModel) {
        return isGroupsMatched(userModel) ? ClientPolicyVote.YES : ClientPolicyVote.NO;
    }

    private ClientPolicyVote getVoteForGroupsMatched(JsonWebToken jsonWebToken) {
        if (jsonWebToken != null && isGroupMatched(jsonWebToken.getSubject())) {
            return ClientPolicyVote.YES;
        }
        return ClientPolicyVote.NO;
    }

    private boolean isGroupMatched(String str) {
        if (str == null) {
            return false;
        }
        return isGroupsMatched(this.session.users().getUserById(this.session.getContext().getRealm(), str));
    }

    private boolean isGroupsMatched(UserModel userModel) {
        Set<String> instantiateGroupsForMatching;
        if (userModel == null || (instantiateGroupsForMatching = instantiateGroupsForMatching()) == null) {
            return false;
        }
        Set set = (Set) userModel.getGroupsStream().map((v0) -> {
            return v0.getName();
        }).collect(Collectors.toSet());
        if (logger.isTraceEnabled()) {
            set.forEach(str -> {
                logger.tracev("user group = {0}", str);
            });
            instantiateGroupsForMatching.forEach(str2 -> {
                logger.tracev("expected user group = {0}", str2);
            });
        }
        return instantiateGroupsForMatching.removeAll(set);
    }

    private Set<String> instantiateGroupsForMatching() {
        List<String> groups = ((Configuration) this.configuration).getGroups();
        if (groups == null) {
            return null;
        }
        return new HashSet(groups);
    }
}
