package org.keycloak.social.github;

import com.fasterxml.jackson.databind.JsonNode;
import jakarta.ws.rs.core.Response;
import java.util.Iterator;
import org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider;
import org.keycloak.broker.oidc.OAuth2IdentityProviderConfig;
import org.keycloak.broker.oidc.mappers.AbstractJsonUserAttributeMapper;
import org.keycloak.broker.provider.BrokeredIdentityContext;
import org.keycloak.broker.provider.IdentityBrokerException;
import org.keycloak.broker.provider.util.SimpleHttp;
import org.keycloak.broker.social.SocialIdentityProvider;
import org.keycloak.events.EventBuilder;
import org.keycloak.models.KeycloakSession;
import org.keycloak.protocol.oidc.OIDCLoginProtocol;
import org.keycloak.services.resources.Cors;
import org.keycloak.utils.MediaType;

/* loaded from: input_file:org/keycloak/social/github/GitHubIdentityProvider.class */
public class GitHubIdentityProvider extends AbstractOAuth2IdentityProvider implements SocialIdentityProvider {
    public static final String DEFAULT_BASE_URL = "https://github.com";
    public static final String AUTH_FRAGMENT = "/login/oauth/authorize";
    public static final String TOKEN_FRAGMENT = "/login/oauth/access_token";
    public static final String DEFAULT_AUTH_URL = "https://github.com/login/oauth/authorize";
    public static final String DEFAULT_TOKEN_URL = "https://github.com/login/oauth/access_token";

    @Deprecated
    public static final String AUTH_URL = "https://github.com/login/oauth/authorize";

    @Deprecated
    public static final String TOKEN_URL = "https://github.com/login/oauth/access_token";
    public static final String DEFAULT_API_URL = "https://api.github.com";
    public static final String PROFILE_FRAGMENT = "/user";
    public static final String EMAIL_FRAGMENT = "/user/emails";
    public static final String DEFAULT_PROFILE_URL = "https://api.github.com/user";
    public static final String DEFAULT_EMAIL_URL = "https://api.github.com/user/emails";

    @Deprecated
    public static final String PROFILE_URL = "https://api.github.com/user";

    @Deprecated
    public static final String EMAIL_URL = "https://api.github.com/user/emails";
    public static final String DEFAULT_SCOPE = "user:email";
    protected static final String BASE_URL_KEY = "baseUrl";
    protected static final String API_URL_KEY = "apiUrl";
    protected static final String EMAIL_URL_KEY = "emailUrl";
    private final String authUrl;
    private final String tokenUrl;
    private final String profileUrl;
    private final String emailUrl;

    public GitHubIdentityProvider(KeycloakSession keycloakSession, OAuth2IdentityProviderConfig oAuth2IdentityProviderConfig) {
        super(keycloakSession, oAuth2IdentityProviderConfig);
        String urlFromConfig = getUrlFromConfig(oAuth2IdentityProviderConfig, BASE_URL_KEY, DEFAULT_BASE_URL);
        String urlFromConfig2 = getUrlFromConfig(oAuth2IdentityProviderConfig, API_URL_KEY, DEFAULT_API_URL);
        this.authUrl = urlFromConfig + AUTH_FRAGMENT;
        this.tokenUrl = urlFromConfig + TOKEN_FRAGMENT;
        this.profileUrl = urlFromConfig2 + PROFILE_FRAGMENT;
        this.emailUrl = urlFromConfig2 + EMAIL_FRAGMENT;
        oAuth2IdentityProviderConfig.setAuthorizationUrl(this.authUrl);
        oAuth2IdentityProviderConfig.setTokenUrl(this.tokenUrl);
        oAuth2IdentityProviderConfig.setUserInfoUrl(this.profileUrl);
        oAuth2IdentityProviderConfig.getConfig().put(EMAIL_URL_KEY, this.emailUrl);
    }

    protected static String getUrlFromConfig(OAuth2IdentityProviderConfig oAuth2IdentityProviderConfig, String str, String str2) {
        String str3 = (String) oAuth2IdentityProviderConfig.getConfig().get(str);
        if (str3 == null || str3.trim().isEmpty()) {
            str3 = str2;
        }
        if (str3.endsWith("/")) {
            str3 = str3.substring(0, str3.length() - 1);
        }
        return str3;
    }

    @Override // org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider
    protected boolean supportsExternalExchange() {
        return true;
    }

    @Override // org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider
    protected String getProfileEndpointForValidation(EventBuilder eventBuilder) {
        return this.profileUrl;
    }

    @Override // org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider
    protected BrokeredIdentityContext extractIdentityFromProfile(EventBuilder eventBuilder, JsonNode jsonNode) {
        BrokeredIdentityContext brokeredIdentityContext = new BrokeredIdentityContext(getJsonProperty(jsonNode, "id"));
        brokeredIdentityContext.setUsername(getJsonProperty(jsonNode, OIDCLoginProtocol.PROMPT_VALUE_LOGIN));
        brokeredIdentityContext.setName(getJsonProperty(jsonNode, "name"));
        brokeredIdentityContext.setEmail(getJsonProperty(jsonNode, "email"));
        brokeredIdentityContext.setIdpConfig(m146getConfig());
        brokeredIdentityContext.setIdp(this);
        AbstractJsonUserAttributeMapper.storeUserProfileForMapper(brokeredIdentityContext, jsonNode, m146getConfig().getAlias());
        return brokeredIdentityContext;
    }

    @Override // org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider
    protected BrokeredIdentityContext doGetFederatedIdentity(String str) {
        try {
            SimpleHttp.Response asResponse = SimpleHttp.doGet(this.profileUrl, this.session).header(Cors.AUTHORIZATION_HEADER, "Bearer " + str).header("Accept", MediaType.APPLICATION_JSON).asResponse();
            try {
                if (Response.Status.fromStatusCode(asResponse.getStatus()).getFamily() != Response.Status.Family.SUCCESSFUL) {
                    logger.warnf("Profile endpoint returned an error (%d): %s", Integer.valueOf(asResponse.getStatus()), asResponse.asString());
                    throw new IdentityBrokerException("Profile could not be retrieved from the github endpoint");
                }
                JsonNode asJson = asResponse.asJson();
                logger.tracef("profile retrieved from github: %s", asJson);
                BrokeredIdentityContext extractIdentityFromProfile = extractIdentityFromProfile(null, asJson);
                if (extractIdentityFromProfile.getEmail() == null) {
                    extractIdentityFromProfile.setEmail(searchEmail(str));
                }
                if (asResponse != null) {
                    asResponse.close();
                }
                return extractIdentityFromProfile;
            } finally {
            }
        } catch (Exception e) {
            throw new IdentityBrokerException("Profile could not be retrieved from the github endpoint", e);
        }
    }

    private String searchEmail(String str) {
        try {
            SimpleHttp.Response asResponse = SimpleHttp.doGet(this.emailUrl, this.session).header(Cors.AUTHORIZATION_HEADER, "Bearer " + str).header("Accept", MediaType.APPLICATION_JSON).asResponse();
            try {
                if (Response.Status.fromStatusCode(asResponse.getStatus()).getFamily() != Response.Status.Family.SUCCESSFUL) {
                    logger.warnf("Primary email endpoint returned an error (%d): %s", Integer.valueOf(asResponse.getStatus()), asResponse.asString());
                    throw new IdentityBrokerException("Primary email could not be retrieved from the github endpoint");
                }
                JsonNode asJson = asResponse.asJson();
                logger.tracef("emails retrieved from github: %s", asJson);
                if (asJson.isArray()) {
                    Iterator elements = asJson.elements();
                    while (elements.hasNext()) {
                        JsonNode jsonNode = (JsonNode) elements.next();
                        JsonNode jsonNode2 = jsonNode.get("primary");
                        if (jsonNode2 != null && jsonNode2.asBoolean()) {
                            String jsonProperty = getJsonProperty(jsonNode, "email");
                            if (asResponse != null) {
                                asResponse.close();
                            }
                            return jsonProperty;
                        }
                    }
                }
                throw new IdentityBrokerException("Primary email from github is not found in the user's email list.");
            } finally {
            }
        } catch (Exception e) {
            throw new IdentityBrokerException("Primary email could not be retrieved from the github endpoint", e);
        }
    }

    @Override // org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider
    protected String getDefaultScopes() {
        return DEFAULT_SCOPE;
    }
}
