package org.keycloak.userprofile.config;

import java.io.IOException;
import java.io.InputStream;
import java.nio.charset.Charset;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
import org.keycloak.common.util.ObjectUtil;
import org.keycloak.common.util.StreamUtil;
import org.keycloak.models.KeycloakSession;
import org.keycloak.userprofile.UserProfileContext;
import org.keycloak.util.JsonSerialization;
import org.keycloak.validate.ValidationResult;
import org.keycloak.validate.ValidatorConfig;
import org.keycloak.validate.Validators;

/* loaded from: input_file:org/keycloak/userprofile/config/UPConfigUtils.class */
public class UPConfigUtils {
    private static final String SYSTEM_DEFAULT_CONFIG_RESOURCE = "keycloak-default-user-profile.json";
    public static final String ROLE_USER = "user";
    public static final String ROLE_ADMIN = "admin";
    private static final Set<String> PSEUDOROLES = new HashSet();

    public static UPConfig readConfig(InputStream inputStream) throws IOException {
        return (UPConfig) JsonSerialization.readValue(inputStream, UPConfig.class);
    }

    public static List<String> validate(KeycloakSession keycloakSession, UPConfig uPConfig) {
        List<String> validateAttributes = validateAttributes(keycloakSession, uPConfig);
        validateAttributes.addAll(validateAttributeGroups(uPConfig));
        return validateAttributes;
    }

    private static List<String> validateAttributeGroups(UPConfig uPConfig) {
        long longValue = ((Long) uPConfig.getGroups().stream().filter(uPGroup -> {
            return uPGroup.getName() == null;
        }).collect(Collectors.counting())).longValue();
        return longValue > 0 ? Collections.singletonList("Name is mandatory for groups, found " + longValue + " group(s) without name.") : Collections.emptyList();
    }

    private static List<String> validateAttributes(KeycloakSession keycloakSession, UPConfig uPConfig) {
        ArrayList arrayList = new ArrayList();
        Set set = (Set) uPConfig.getGroups().stream().map(uPGroup -> {
            return uPGroup.getName();
        }).collect(Collectors.toSet());
        if (uPConfig.getAttributes() != null) {
            HashSet hashSet = new HashSet();
            uPConfig.getAttributes().forEach(uPAttribute -> {
                validateAttribute(keycloakSession, uPAttribute, set, arrayList, hashSet);
            });
        } else {
            arrayList.add("UserProfile configuration without 'attributes' section is not allowed");
        }
        return arrayList;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void validateAttribute(KeycloakSession keycloakSession, UPAttribute uPAttribute, Set<String> set, List<String> list, Set<String> set2) {
        String name = uPAttribute.getName();
        if (ObjectUtil.isBlank(name)) {
            list.add("Attribute configuration without 'name' is not allowed");
        } else if (set2.contains(name)) {
            list.add("Attribute configuration already exists with 'name':'" + name + "'");
        } else {
            set2.add(name);
            if (!isValidAttributeName(name)) {
                list.add("Invalid attribute name (only letters, numbers and '.' '_' '-' special characters allowed): " + name + "'");
            }
        }
        if (uPAttribute.getValidations() != null) {
            uPAttribute.getValidations().forEach((str, map) -> {
                validateValidationConfig(keycloakSession, str, map, name, list);
            });
        }
        if (uPAttribute.getPermissions() != null) {
            if (uPAttribute.getPermissions().getView() != null) {
                validateRoles(uPAttribute.getPermissions().getView(), "permissions.view", list, name);
            }
            if (uPAttribute.getPermissions().getEdit() != null) {
                validateRoles(uPAttribute.getPermissions().getEdit(), "permissions.edit", list, name);
            }
        }
        if (uPAttribute.getRequired() != null) {
            validateRoles(uPAttribute.getRequired().getRoles(), "required.roles", list, name);
            validateScopes(uPAttribute.getRequired().getScopes(), "required.scopes", name, list, keycloakSession);
        }
        if (uPAttribute.getSelector() != null) {
            validateScopes(uPAttribute.getSelector().getScopes(), "selector.scopes", name, list, keycloakSession);
        }
        if (uPAttribute.getGroup() != null && !set.contains(uPAttribute.getGroup())) {
            list.add("Attribute '" + name + "' references unknown group '" + uPAttribute.getGroup() + "'");
        }
        if (uPAttribute.getAnnotations() != null) {
            validateAnnotations(uPAttribute.getAnnotations(), list, name);
        }
    }

    private static void validateAnnotations(Map<String, Object> map, List<String> list, String str) {
        if (map.containsKey("inputOptions") && !(map.get("inputOptions") instanceof List)) {
            list.add("Annotation 'inputOptions' configured for attribute '" + str + "' must be an array of values!'");
        }
        if (!map.containsKey("inputOptionLabels") || (map.get("inputOptionLabels") instanceof Map)) {
            return;
        }
        list.add("Annotation 'inputOptionLabels' configured for attribute '" + str + "' must be an object!'");
    }

    private static void validateScopes(Set<String> set, String str, String str2, List<String> list, KeycloakSession keycloakSession) {
        if (set == null) {
            return;
        }
        for (String str3 : set) {
            if (!keycloakSession.getContext().getRealm().getClientScopesStream().anyMatch(clientScopeModel -> {
                return clientScopeModel.getName().equals(str3);
            })) {
                list.add("'" + str + "' configuration for attribute '" + str2 + "' contains unsupported scope '" + str3 + "'");
            }
        }
    }

    public static boolean isValidAttributeName(String str) {
        return Pattern.matches("[a-zA-Z0-9\\._\\-]+", str);
    }

    private static void validateRoles(Set<String> set, String str, List<String> list, String str2) {
        if (set != null) {
            for (String str3 : set) {
                if (!PSEUDOROLES.contains(str3)) {
                    list.add("'" + str + "' configuration for attribute '" + str2 + "' contains unsupported role '" + str3 + "'");
                }
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void validateValidationConfig(KeycloakSession keycloakSession, String str, Map<String, Object> map, String str2, List<String> list) {
        if (ObjectUtil.isBlank(str)) {
            list.add("Validation without validator id is defined for attribute '" + str2 + "'");
            return;
        }
        if (keycloakSession != null) {
            if (Validators.validator(keycloakSession, str) == null) {
                list.add("Validator '" + str + "' defined for attribute '" + str2 + "' doesn't exist");
                return;
            }
            ValidationResult validateConfig = Validators.validateConfig(keycloakSession, str, ValidatorConfig.configFromMap(map));
            if (validateConfig.isValid()) {
                return;
            }
            StringBuilder sb = new StringBuilder();
            validateConfig.forEachError(validationError -> {
                sb.append(validationError.toString() + ", ");
            });
            list.add("Validator '" + str + "' defined for attribute '" + str2 + "' has incorrect configuration: " + sb.toString());
        }
    }

    public static List<String> getChunks(String str, int i) {
        ArrayList arrayList = new ArrayList();
        if (str != null) {
            int length = (str.length() / i) + 1;
            for (int i2 = 0; i2 < length; i2++) {
                if (i2 + 1 < length) {
                    arrayList.add(str.substring(i2 * i, (i2 + 1) * i));
                } else if (i2 == 0 || i2 * i < str.length()) {
                    arrayList.add(str.substring(i2 * i));
                }
            }
        }
        return arrayList;
    }

    public static boolean canBeAuthFlowContext(UserProfileContext userProfileContext) {
        return (userProfileContext == UserProfileContext.USER_API || userProfileContext == UserProfileContext.ACCOUNT || userProfileContext == UserProfileContext.ACCOUNT_OLD) ? false : true;
    }

    public static boolean isRoleForContext(UserProfileContext userProfileContext, Set<String> set) {
        if (set == null) {
            return false;
        }
        return userProfileContext == UserProfileContext.USER_API ? set.contains(ROLE_ADMIN) : set.contains(ROLE_USER);
    }

    public static String capitalizeFirstLetter(String str) {
        return (str == null || str.isEmpty()) ? str : str.substring(0, 1).toUpperCase() + str.substring(1);
    }

    public static String readDefaultConfig() {
        try {
            InputStream resourceAsStream = UPConfigUtils.class.getResourceAsStream(SYSTEM_DEFAULT_CONFIG_RESOURCE);
            try {
                String readString = StreamUtil.readString(resourceAsStream, Charset.defaultCharset());
                if (resourceAsStream != null) {
                    resourceAsStream.close();
                }
                return readString;
            } finally {
            }
        } catch (IOException e) {
            throw new RuntimeException("Failed to load default user profile config file", e);
        }
    }

    static {
        PSEUDOROLES.add(ROLE_ADMIN);
        PSEUDOROLES.add(ROLE_USER);
    }
}
