package org.keycloak.broker.oidc.mappers;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.jboss.logging.Logger;
import org.keycloak.broker.oidc.KeycloakOIDCIdentityProviderFactory;
import org.keycloak.broker.oidc.OIDCIdentityProviderFactory;
import org.keycloak.broker.provider.BrokeredIdentityContext;
import org.keycloak.models.IdentityProviderMapperModel;
import org.keycloak.models.IdentityProviderSyncMode;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.provider.ProviderConfigProperty;
import org.keycloak.utils.RegexUtils;

/* loaded from: input_file:org/keycloak/broker/oidc/mappers/ClaimToUserSessionNoteMapper.class */
public class ClaimToUserSessionNoteMapper extends AbstractClaimMapper {
    private static final String CLAIMS_PROPERTY_NAME = "claims";
    private static final String ARE_CLAIM_VALUES_REGEX_PROPERTY_NAME = "are.claim.values.regex";
    public static final String PROVIDER_ID = "oidc-user-session-note-idp-mapper";
    private static final Logger LOG = Logger.getLogger(ClaimToUserSessionNoteMapper.class);
    private static final String[] COMPATIBLE_PROVIDERS = {KeycloakOIDCIdentityProviderFactory.PROVIDER_ID, OIDCIdentityProviderFactory.PROVIDER_ID};
    private static final List<ProviderConfigProperty> CONFIG_PROPERTIES = new ArrayList();
    private static final Set<IdentityProviderSyncMode> IDENTITY_PROVIDER_SYNC_MODES = new HashSet(Arrays.asList(IdentityProviderSyncMode.values()));

    public String[] getCompatibleProviders() {
        return COMPATIBLE_PROVIDERS;
    }

    public String getDisplayCategory() {
        return "User Session";
    }

    public String getDisplayType() {
        return "User Session Note Mapper";
    }

    public String getHelpText() {
        return "Add every matching claim to the user session note. This can be used together for instance with the 'User Session Note' protocol mapper configured for your client scope or client, so that claims for 3rd party IDPs would be available in the access token sent to your client application.";
    }

    public List<ProviderConfigProperty> getConfigProperties() {
        return CONFIG_PROPERTIES;
    }

    public String getId() {
        return PROVIDER_ID;
    }

    public boolean supportsSyncMode(IdentityProviderSyncMode identityProviderSyncMode) {
        return IDENTITY_PROVIDER_SYNC_MODES.contains(identityProviderSyncMode);
    }

    public void importNewUser(KeycloakSession keycloakSession, RealmModel realmModel, UserModel userModel, IdentityProviderMapperModel identityProviderMapperModel, BrokeredIdentityContext brokeredIdentityContext) {
        addClaimsToSessionNote(identityProviderMapperModel, brokeredIdentityContext);
    }

    public void updateBrokeredUser(KeycloakSession keycloakSession, RealmModel realmModel, UserModel userModel, IdentityProviderMapperModel identityProviderMapperModel, BrokeredIdentityContext brokeredIdentityContext) {
        addClaimsToSessionNote(identityProviderMapperModel, brokeredIdentityContext);
    }

    private void addClaimsToSessionNote(IdentityProviderMapperModel identityProviderMapperModel, BrokeredIdentityContext brokeredIdentityContext) {
        Map configMap = identityProviderMapperModel.getConfigMap("claims");
        boolean parseBoolean = Boolean.parseBoolean((String) identityProviderMapperModel.getConfig().get("are.claim.values.regex"));
        for (Map.Entry entry : configMap.entrySet()) {
            Object claimValue = getClaimValue(brokeredIdentityContext, (String) entry.getKey());
            if (claimValue != null) {
                if (claimValue instanceof String) {
                    String str = (String) claimValue;
                    if (parseBoolean ? RegexUtils.valueMatchesRegex((String) entry.getValue(), str) : valueEquals((String) entry.getValue(), str)) {
                        brokeredIdentityContext.getAuthenticationSession().setUserSessionNote((String) entry.getKey(), str);
                    }
                } else {
                    LOG.warnf("Claim '%s' does not contain a string value for user with brokerUserId '%s'. Actual value is of type '%s': %s", new Object[]{entry.getKey(), brokeredIdentityContext.getBrokerUserId(), claimValue.getClass(), claimValue});
                }
            }
        }
    }

    static {
        ProviderConfigProperty providerConfigProperty = new ProviderConfigProperty();
        providerConfigProperty.setName("claims");
        providerConfigProperty.setLabel("Claims");
        providerConfigProperty.setHelpText("Names and values of the claims to search for in the token. You can reference nested claims using a '.', i.e. 'address.locality'. To use dot (.) literally, escape it with backslash (\\.)");
        providerConfigProperty.setType("Map");
        CONFIG_PROPERTIES.add(providerConfigProperty);
        ProviderConfigProperty providerConfigProperty2 = new ProviderConfigProperty();
        providerConfigProperty2.setName("are.claim.values.regex");
        providerConfigProperty2.setLabel("Regex Claim Values");
        providerConfigProperty2.setHelpText("If enabled, claim values are interpreted as regular expressions.");
        providerConfigProperty2.setType("boolean");
        CONFIG_PROPERTIES.add(providerConfigProperty2);
    }
}
