package org.keycloak.social.linkedin;

import com.fasterxml.jackson.databind.JsonNode;
import java.io.IOException;
import java.util.Iterator;
import org.jboss.logging.Logger;
import org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider;
import org.keycloak.broker.oidc.OAuth2IdentityProviderConfig;
import org.keycloak.broker.oidc.mappers.AbstractJsonUserAttributeMapper;
import org.keycloak.broker.provider.BrokeredIdentityContext;
import org.keycloak.broker.provider.IdentityBrokerException;
import org.keycloak.broker.provider.util.SimpleHttp;
import org.keycloak.broker.social.SocialIdentityProvider;
import org.keycloak.events.EventBuilder;
import org.keycloak.models.KeycloakSession;
import org.keycloak.services.resources.Cors;

/* loaded from: input_file:org/keycloak/social/linkedin/LinkedInIdentityProvider.class */
public class LinkedInIdentityProvider extends AbstractOAuth2IdentityProvider<OAuth2IdentityProviderConfig> implements SocialIdentityProvider<OAuth2IdentityProviderConfig> {
    private static final Logger log = Logger.getLogger(LinkedInIdentityProvider.class);
    public static final String AUTH_URL = "https://www.linkedin.com/oauth/v2/authorization";
    public static final String TOKEN_URL = "https://www.linkedin.com/oauth/v2/accessToken";
    public static final String PROFILE_URL = "https://api.linkedin.com/v2/me";
    public static final String EMAIL_URL = "https://api.linkedin.com/v2/emailAddress?q=members&projection=(elements*(handle~))";
    public static final String EMAIL_SCOPE = "r_emailaddress";
    public static final String DEFAULT_SCOPE = "r_liteprofile r_emailaddress";
    private static final String PROFILE_PROJECTION = "profileProjection";

    public LinkedInIdentityProvider(KeycloakSession keycloakSession, OAuth2IdentityProviderConfig oAuth2IdentityProviderConfig) {
        super(keycloakSession, oAuth2IdentityProviderConfig);
        oAuth2IdentityProviderConfig.setAuthorizationUrl(AUTH_URL);
        oAuth2IdentityProviderConfig.setTokenUrl(TOKEN_URL);
        oAuth2IdentityProviderConfig.setUserInfoUrl(getUserInfoUrl((String) oAuth2IdentityProviderConfig.getConfig().get(PROFILE_PROJECTION)));
        if (oAuth2IdentityProviderConfig.getDefaultScope().contains(EMAIL_SCOPE)) {
            return;
        }
        oAuth2IdentityProviderConfig.setDefaultScope(oAuth2IdentityProviderConfig.getDefaultScope() + " " + EMAIL_SCOPE);
    }

    @Override // org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider
    protected boolean supportsExternalExchange() {
        return true;
    }

    @Override // org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider
    protected String getProfileEndpointForValidation(EventBuilder eventBuilder) {
        return m149getConfig().getUserInfoUrl();
    }

    @Override // org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider
    protected BrokeredIdentityContext extractIdentityFromProfile(EventBuilder eventBuilder, JsonNode jsonNode) {
        BrokeredIdentityContext brokeredIdentityContext = new BrokeredIdentityContext(getJsonProperty(jsonNode, "id"));
        brokeredIdentityContext.setFirstName(getFirstMultiLocaleString(jsonNode, "firstName"));
        brokeredIdentityContext.setLastName(getFirstMultiLocaleString(jsonNode, "lastName"));
        brokeredIdentityContext.setIdpConfig(m149getConfig());
        brokeredIdentityContext.setIdp(this);
        AbstractJsonUserAttributeMapper.storeUserProfileForMapper(brokeredIdentityContext, jsonNode, m149getConfig().getAlias());
        return brokeredIdentityContext;
    }

    @Override // org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider
    protected BrokeredIdentityContext doGetFederatedIdentity(String str) {
        log.debug("doGetFederatedIdentity()");
        try {
            BrokeredIdentityContext extractIdentityFromProfile = extractIdentityFromProfile(null, doHttpGet(m149getConfig().getUserInfoUrl(), str));
            extractIdentityFromProfile.setEmail(fetchEmailAddress(str, extractIdentityFromProfile));
            if (extractIdentityFromProfile.getUsername() == null) {
                extractIdentityFromProfile.setUsername(extractIdentityFromProfile.getEmail());
            }
            return extractIdentityFromProfile;
        } catch (Exception e) {
            throw new IdentityBrokerException("Could not obtain user profile from linkedIn.", e);
        }
    }

    @Override // org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider
    protected String getDefaultScopes() {
        return DEFAULT_SCOPE;
    }

    private String fetchEmailAddress(String str, BrokeredIdentityContext brokeredIdentityContext) {
        if (brokeredIdentityContext.getEmail() != null || m149getConfig().getDefaultScope() == null || !m149getConfig().getDefaultScope().contains(EMAIL_SCOPE)) {
            return null;
        }
        try {
            JsonNode findPath = doHttpGet(EMAIL_URL, str).findPath("emailAddress");
            if (findPath != null) {
                return findPath.asText();
            }
            return null;
        } catch (IOException e) {
            throw new RuntimeException("Failed to retrieve user email", e);
        }
    }

    private JsonNode doHttpGet(String str, String str2) throws IOException {
        JsonNode asJson = SimpleHttp.doGet(str, this.session).header(Cors.AUTHORIZATION_HEADER, "Bearer " + str2).asJson();
        if (asJson.hasNonNull("serviceErrorCode")) {
            throw new IdentityBrokerException("Could not obtain response from [" + str + "]. Response from server: " + asJson);
        }
        return asJson;
    }

    private String getFirstMultiLocaleString(JsonNode jsonNode, String str) {
        JsonNode jsonNode2;
        JsonNode jsonNode3 = jsonNode.get(str);
        if (jsonNode3 == null || (jsonNode2 = jsonNode3.get("localized")) == null) {
            return null;
        }
        Iterator it = jsonNode2.iterator();
        if (it.hasNext()) {
            return ((JsonNode) it.next()).asText();
        }
        return null;
    }

    private String getUserInfoUrl(String str) {
        return (str == null || str.isEmpty()) ? PROFILE_URL : "https://api.linkedin.com/v2/me?projection=" + str;
    }
}
