package org.keycloak.userprofile;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
import java.util.function.Function;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
import org.keycloak.Config;
import org.keycloak.common.Profile;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.KeycloakSessionFactory;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.services.managers.AuthenticationSessionManager;
import org.keycloak.services.messages.Messages;
import org.keycloak.services.resources.Cors;
import org.keycloak.userprofile.UserProfileProvider;
import org.keycloak.userprofile.validator.BlankAttributeValidator;
import org.keycloak.userprofile.validator.BrokeringFederatedUsernameHasValueValidator;
import org.keycloak.userprofile.validator.DuplicateEmailValidator;
import org.keycloak.userprofile.validator.DuplicateUsernameValidator;
import org.keycloak.userprofile.validator.EmailExistsAsUsernameValidator;
import org.keycloak.userprofile.validator.ReadOnlyAttributeUnchangedValidator;
import org.keycloak.userprofile.validator.RegistrationEmailAsUsernameEmailValueValidator;
import org.keycloak.userprofile.validator.RegistrationEmailAsUsernameUsernameValueValidator;
import org.keycloak.userprofile.validator.RegistrationUsernameExistsValidator;
import org.keycloak.userprofile.validator.UsernameHasValueValidator;
import org.keycloak.userprofile.validator.UsernameMutationValidator;
import org.keycloak.validate.ValidatorConfig;

/* loaded from: input_file:org/keycloak/userprofile/AbstractUserProfileProvider.class */
public abstract class AbstractUserProfileProvider<U extends UserProfileProvider> implements UserProfileProvider, UserProfileProviderFactory<U> {
    private static String[] DEFAULT_READ_ONLY_ATTRIBUTES = {"KERBEROS_PRINCIPAL", "LDAP_ID", "LDAP_ENTRY_DN", "CREATED_TIMESTAMP", "createTimestamp", "modifyTimestamp", "userCertificate", "saml.persistent.name.id.for.*", "ENABLED", "EMAIL_VERIFIED", "disabledReason"};
    private static String[] DEFAULT_ADMIN_READ_ONLY_ATTRIBUTES = {"KERBEROS_PRINCIPAL", "LDAP_ID", "LDAP_ENTRY_DN", "CREATED_TIMESTAMP", "createTimestamp", "modifyTimestamp"};
    private static Pattern readOnlyAttributesPattern = getRegexPatternString(DEFAULT_READ_ONLY_ATTRIBUTES);
    private static Pattern adminReadOnlyAttributesPattern = getRegexPatternString(DEFAULT_ADMIN_READ_ONLY_ATTRIBUTES);
    protected final Map<UserProfileContext, UserProfileMetadata> contextualMetadataRegistry;
    protected final KeycloakSession session;

    /* renamed from: org.keycloak.userprofile.AbstractUserProfileProvider$2, reason: invalid class name */
    /* loaded from: input_file:org/keycloak/userprofile/AbstractUserProfileProvider$2.class */
    static /* synthetic */ class AnonymousClass2 {
        static final /* synthetic */ int[] $SwitchMap$org$keycloak$userprofile$UserProfileContext = new int[UserProfileContext.values().length];

        static {
            try {
                $SwitchMap$org$keycloak$userprofile$UserProfileContext[UserProfileContext.REGISTRATION_PROFILE.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$keycloak$userprofile$UserProfileContext[UserProfileContext.IDP_REVIEW.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$keycloak$userprofile$UserProfileContext[UserProfileContext.ACCOUNT_OLD.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$org$keycloak$userprofile$UserProfileContext[UserProfileContext.ACCOUNT.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$org$keycloak$userprofile$UserProfileContext[UserProfileContext.UPDATE_PROFILE.ordinal()] = 5;
            } catch (NoSuchFieldError e5) {
            }
            try {
                $SwitchMap$org$keycloak$userprofile$UserProfileContext[UserProfileContext.UPDATE_EMAIL.ordinal()] = 6;
            } catch (NoSuchFieldError e6) {
            }
            try {
                $SwitchMap$org$keycloak$userprofile$UserProfileContext[UserProfileContext.USER_API.ordinal()] = 7;
            } catch (NoSuchFieldError e7) {
            }
        }
    }

    private static boolean editUsernameCondition(AttributeContext attributeContext) {
        RealmModel realm = attributeContext.getSession().getContext().getRealm();
        switch (AnonymousClass2.$SwitchMap$org$keycloak$userprofile$UserProfileContext[attributeContext.getContext().ordinal()]) {
            case DeclarativeUserProfileProvider.PROVIDER_PRIORITY /* 1 */:
            case 2:
                return !realm.isRegistrationEmailAsUsername();
            case AuthenticationSessionManager.AUTH_SESSION_COOKIE_LIMIT /* 3 */:
            case 4:
            case 5:
                if (realm.isRegistrationEmailAsUsername()) {
                    return false;
                }
                return realm.isEditUsernameAllowed();
            case 6:
                return realm.isRegistrationEmailAsUsername();
            case 7:
                return true;
            default:
                return false;
        }
    }

    private static boolean readUsernameCondition(AttributeContext attributeContext) {
        RealmModel realm = attributeContext.getSession().getContext().getRealm();
        switch (AnonymousClass2.$SwitchMap$org$keycloak$userprofile$UserProfileContext[attributeContext.getContext().ordinal()]) {
            case DeclarativeUserProfileProvider.PROVIDER_PRIORITY /* 1 */:
            case 2:
                return !realm.isRegistrationEmailAsUsername();
            case AuthenticationSessionManager.AUTH_SESSION_COOKIE_LIMIT /* 3 */:
            case 4:
            default:
                return true;
            case 5:
                if (realm.isRegistrationEmailAsUsername()) {
                    return false;
                }
                return realm.isEditUsernameAllowed();
            case 6:
                return false;
        }
    }

    private static boolean editEmailCondition(AttributeContext attributeContext) {
        return (Profile.isFeatureEnabled(Profile.Feature.UPDATE_EMAIL) && (attributeContext.getContext() == UserProfileContext.UPDATE_PROFILE || attributeContext.getContext() == UserProfileContext.ACCOUNT)) ? false : true;
    }

    private static boolean readEmailCondition(AttributeContext attributeContext) {
        RealmModel realm = attributeContext.getSession().getContext().getRealm();
        if (!realm.isRegistrationEmailAsUsername() || realm.isEditUsernameAllowed()) {
            return (Profile.isFeatureEnabled(Profile.Feature.UPDATE_EMAIL) && attributeContext.getContext() == UserProfileContext.UPDATE_PROFILE) ? false : true;
        }
        return false;
    }

    public static Pattern getRegexPatternString(String[] strArr) {
        if (strArr == null) {
            return null;
        }
        return Pattern.compile("(?i:" + ((String) new ArrayList(Arrays.asList(strArr)).stream().map(str -> {
            return str.endsWith(Cors.ACCESS_CONTROL_ALLOW_ORIGIN_WILDCARD) ? "^" + Pattern.quote(str.substring(0, str.length() - 1)) + ".*$" : "^" + Pattern.quote(str) + "$";
        }).collect(Collectors.joining("|"))) + ")");
    }

    public AbstractUserProfileProvider() {
        this(null, new HashMap());
    }

    public AbstractUserProfileProvider(KeycloakSession keycloakSession, Map<UserProfileContext, UserProfileMetadata> map) {
        this.session = keycloakSession;
        this.contextualMetadataRegistry = map;
    }

    public UserProfile create(UserProfileContext userProfileContext, UserModel userModel) {
        return createUserProfile(userProfileContext, userModel.getAttributes(), userModel);
    }

    public UserProfile create(UserProfileContext userProfileContext, Map<String, ?> map, UserModel userModel) {
        return createUserProfile(userProfileContext, map, userModel);
    }

    public UserProfile create(UserProfileContext userProfileContext, Map<String, ?> map) {
        return createUserProfile(userProfileContext, map, null);
    }

    /* renamed from: create, reason: merged with bridge method [inline-methods] */
    public U m751create(KeycloakSession keycloakSession) {
        return create(keycloakSession, this.contextualMetadataRegistry);
    }

    public void init(Config.Scope scope) {
        this.contextualMetadataRegistry.clear();
        Pattern regexPatternString = getRegexPatternString(scope.getArray("read-only-attributes"));
        AttributeValidatorMetadata attributeValidatorMetadata = null;
        if (regexPatternString != null) {
            attributeValidatorMetadata = createReadOnlyAttributeUnchangedValidator(regexPatternString);
        }
        addContextualProfileMetadata(configureUserProfile(createBrokeringProfile(attributeValidatorMetadata)));
        addContextualProfileMetadata(configureUserProfile(createDefaultProfile(UserProfileContext.ACCOUNT, attributeValidatorMetadata)));
        addContextualProfileMetadata(configureUserProfile(createDefaultProfile(UserProfileContext.ACCOUNT_OLD, attributeValidatorMetadata)));
        addContextualProfileMetadata(configureUserProfile(createDefaultProfile(UserProfileContext.REGISTRATION_PROFILE, attributeValidatorMetadata)));
        addContextualProfileMetadata(configureUserProfile(createDefaultProfile(UserProfileContext.UPDATE_PROFILE, attributeValidatorMetadata)));
        if (Profile.isFeatureEnabled(Profile.Feature.UPDATE_EMAIL)) {
            addContextualProfileMetadata(configureUserProfile(createDefaultProfile(UserProfileContext.UPDATE_EMAIL, attributeValidatorMetadata)));
        }
        addContextualProfileMetadata(configureUserProfile(createRegistrationUserCreationProfile()));
        addContextualProfileMetadata(configureUserProfile(createUserResourceValidation(scope)));
    }

    private AttributeValidatorMetadata createReadOnlyAttributeUnchangedValidator(Pattern pattern) {
        return new AttributeValidatorMetadata(ReadOnlyAttributeUnchangedValidator.ID, ValidatorConfig.builder().config(ReadOnlyAttributeUnchangedValidator.CFG_PATTERN, pattern).build());
    }

    public void postInit(KeycloakSessionFactory keycloakSessionFactory) {
    }

    public void close() {
    }

    public String getConfiguration() {
        return null;
    }

    public void setConfiguration(String str) {
    }

    protected abstract U create(KeycloakSession keycloakSession, Map<UserProfileContext, UserProfileMetadata> map);

    protected UserProfileMetadata configureUserProfile(UserProfileMetadata userProfileMetadata) {
        return userProfileMetadata;
    }

    protected UserProfileMetadata configureUserProfile(UserProfileMetadata userProfileMetadata, KeycloakSession keycloakSession) {
        return userProfileMetadata;
    }

    private Function<Attributes, UserModel> createUserFactory() {
        return new Function<Attributes, UserModel>() { // from class: org.keycloak.userprofile.AbstractUserProfileProvider.1
            private UserModel user;

            @Override // java.util.function.Function
            public UserModel apply(Attributes attributes) {
                if (this.user == null) {
                    String firstValue = attributes.getFirstValue("username");
                    if (firstValue == null) {
                        firstValue = attributes.getFirstValue("email");
                    }
                    this.user = AbstractUserProfileProvider.this.session.users().addUser(AbstractUserProfileProvider.this.session.getContext().getRealm(), firstValue);
                }
                return this.user;
            }
        };
    }

    private UserProfile createUserProfile(UserProfileContext userProfileContext, Map<String, ?> map, UserModel userModel) {
        UserProfileMetadata configureUserProfile = configureUserProfile(this.contextualMetadataRegistry.get(userProfileContext), this.session);
        return new DefaultUserProfile(configureUserProfile, createAttributes(userProfileContext, map, userModel, configureUserProfile), createUserFactory(), userModel, this.session);
    }

    protected Attributes createAttributes(UserProfileContext userProfileContext, Map<String, ?> map, UserModel userModel, UserProfileMetadata userProfileMetadata) {
        return new DefaultAttributes(userProfileContext, map, userModel, userProfileMetadata, this.session);
    }

    private void addContextualProfileMetadata(UserProfileMetadata userProfileMetadata) {
        if (this.contextualMetadataRegistry.putIfAbsent(userProfileMetadata.getContext(), userProfileMetadata) != null) {
            throw new IllegalStateException("Multiple profile metadata found for context " + userProfileMetadata.getContext());
        }
    }

    private UserProfileMetadata createRegistrationUserCreationProfile() {
        UserProfileMetadata userProfileMetadata = new UserProfileMetadata(UserProfileContext.REGISTRATION_USER_CREATION);
        userProfileMetadata.addAttribute("username", -2, new AttributeValidatorMetadata[]{new AttributeValidatorMetadata(RegistrationEmailAsUsernameUsernameValueValidator.ID), new AttributeValidatorMetadata(RegistrationUsernameExistsValidator.ID), new AttributeValidatorMetadata(UsernameHasValueValidator.ID)});
        userProfileMetadata.addAttribute("email", -1, new AttributeValidatorMetadata[]{new AttributeValidatorMetadata(RegistrationEmailAsUsernameEmailValueValidator.ID)});
        userProfileMetadata.addAttribute("kc.read.only", 1000, new AttributeValidatorMetadata[]{createReadOnlyAttributeUnchangedValidator(readOnlyAttributesPattern)});
        return userProfileMetadata;
    }

    private UserProfileMetadata createDefaultProfile(UserProfileContext userProfileContext, AttributeValidatorMetadata attributeValidatorMetadata) {
        UserProfileMetadata userProfileMetadata = new UserProfileMetadata(userProfileContext);
        userProfileMetadata.addAttribute("username", -2, AbstractUserProfileProvider::editUsernameCondition, AbstractUserProfileProvider::readUsernameCondition, new AttributeValidatorMetadata[]{new AttributeValidatorMetadata(UsernameHasValueValidator.ID), new AttributeValidatorMetadata(DuplicateUsernameValidator.ID), new AttributeValidatorMetadata(UsernameMutationValidator.ID)}).setAttributeDisplayName("${username}");
        userProfileMetadata.addAttribute("email", -1, AbstractUserProfileProvider::editEmailCondition, AbstractUserProfileProvider::readEmailCondition, new AttributeValidatorMetadata[]{new AttributeValidatorMetadata(BlankAttributeValidator.ID, BlankAttributeValidator.createConfig(Messages.MISSING_EMAIL, false)), new AttributeValidatorMetadata(DuplicateEmailValidator.ID), new AttributeValidatorMetadata(EmailExistsAsUsernameValidator.ID), new AttributeValidatorMetadata("email", ValidatorConfig.builder().config("ignore.empty.value", true).build())}).setAttributeDisplayName("${email}");
        ArrayList arrayList = new ArrayList();
        arrayList.add(createReadOnlyAttributeUnchangedValidator(readOnlyAttributesPattern));
        if (attributeValidatorMetadata != null) {
            arrayList.add(attributeValidatorMetadata);
        }
        userProfileMetadata.addAttribute("kc.read.only", 1000, arrayList);
        return userProfileMetadata;
    }

    private UserProfileMetadata createBrokeringProfile(AttributeValidatorMetadata attributeValidatorMetadata) {
        UserProfileMetadata userProfileMetadata = new UserProfileMetadata(UserProfileContext.IDP_REVIEW);
        userProfileMetadata.addAttribute("username", -2, AbstractUserProfileProvider::editUsernameCondition, AbstractUserProfileProvider::readUsernameCondition, new AttributeValidatorMetadata[]{new AttributeValidatorMetadata(BrokeringFederatedUsernameHasValueValidator.ID)}).setAttributeDisplayName("${username}");
        userProfileMetadata.addAttribute("email", -1, new AttributeValidatorMetadata[]{new AttributeValidatorMetadata(BlankAttributeValidator.ID, BlankAttributeValidator.createConfig(Messages.MISSING_EMAIL, true))}).setAttributeDisplayName("${email}");
        ArrayList arrayList = new ArrayList();
        arrayList.add(createReadOnlyAttributeUnchangedValidator(readOnlyAttributesPattern));
        if (attributeValidatorMetadata != null) {
            arrayList.add(attributeValidatorMetadata);
        }
        userProfileMetadata.addAttribute("kc.read.only", 1000, arrayList);
        return userProfileMetadata;
    }

    private UserProfileMetadata createUserResourceValidation(Config.Scope scope) {
        Pattern regexPatternString = getRegexPatternString(scope.getArray("admin-read-only-attributes"));
        UserProfileMetadata userProfileMetadata = new UserProfileMetadata(UserProfileContext.USER_API);
        userProfileMetadata.addAttribute("username", -2, new AttributeValidatorMetadata[]{new AttributeValidatorMetadata(UsernameHasValueValidator.ID)});
        userProfileMetadata.addAttribute("email", -1, new AttributeValidatorMetadata[]{new AttributeValidatorMetadata("email", ValidatorConfig.builder().config("ignore.empty.value", true).build())});
        ArrayList arrayList = new ArrayList();
        if (regexPatternString != null) {
            arrayList.add(createReadOnlyAttributeUnchangedValidator(regexPatternString));
        }
        arrayList.add(createReadOnlyAttributeUnchangedValidator(adminReadOnlyAttributesPattern));
        userProfileMetadata.addAttribute("kc.read.only", 1000, arrayList);
        return userProfileMetadata;
    }
}
