package org.keycloak.authorization.permission.evaluator;

import java.util.Collection;
import java.util.HashMap;
import org.keycloak.authorization.AuthorizationProvider;
import org.keycloak.authorization.Decision;
import org.keycloak.authorization.model.ResourceServer;
import org.keycloak.authorization.permission.Permissions;
import org.keycloak.authorization.policy.evaluation.DecisionPermissionCollector;
import org.keycloak.authorization.policy.evaluation.EvaluationContext;
import org.keycloak.authorization.policy.evaluation.PolicyEvaluator;
import org.keycloak.authorization.store.StoreFactory;
import org.keycloak.representations.idm.authorization.AuthorizationRequest;
import org.keycloak.representations.idm.authorization.Permission;

/* loaded from: input_file:WEB-INF/lib/keycloak-server-spi-private-20.0.2.jar:org/keycloak/authorization/permission/evaluator/UnboundedPermissionEvaluator.class */
public class UnboundedPermissionEvaluator implements PermissionEvaluator {
    private final EvaluationContext executionContext;
    private final AuthorizationProvider authorizationProvider;
    private final PolicyEvaluator policyEvaluator;
    private final ResourceServer resourceServer;
    private final AuthorizationRequest request;

    /* JADX INFO: Access modifiers changed from: package-private */
    public UnboundedPermissionEvaluator(EvaluationContext evaluationContext, AuthorizationProvider authorizationProvider, ResourceServer resourceServer, AuthorizationRequest authorizationRequest) {
        this.executionContext = evaluationContext;
        this.authorizationProvider = authorizationProvider;
        this.policyEvaluator = authorizationProvider.getPolicyEvaluator();
        this.resourceServer = resourceServer;
        this.request = authorizationRequest;
    }

    @Override // org.keycloak.authorization.permission.evaluator.PermissionEvaluator
    public Decision evaluate(Decision decision) {
        StoreFactory storeFactory = this.authorizationProvider.getStoreFactory();
        try {
            try {
                HashMap hashMap = new HashMap();
                storeFactory.setReadOnly(true);
                Permissions.all(this.resourceServer, this.executionContext.getIdentity(), this.authorizationProvider, this.request, resourcePermission -> {
                    this.policyEvaluator.evaluate(resourcePermission, this.authorizationProvider, this.executionContext, decision, hashMap);
                });
                decision.onComplete();
                storeFactory.setReadOnly(false);
            } catch (Throwable th) {
                decision.onError(th);
                storeFactory.setReadOnly(false);
            }
            return decision;
        } catch (Throwable th2) {
            storeFactory.setReadOnly(false);
            throw th2;
        }
    }

    @Override // org.keycloak.authorization.permission.evaluator.PermissionEvaluator
    public Collection<Permission> evaluate(ResourceServer resourceServer, AuthorizationRequest authorizationRequest) {
        DecisionPermissionCollector decisionPermissionCollector = new DecisionPermissionCollector(this.authorizationProvider, resourceServer, authorizationRequest);
        evaluate(decisionPermissionCollector);
        return decisionPermissionCollector.results();
    }
}
