package org.keycloak.protocol.oidc.mappers;

import com.fasterxml.jackson.databind.JsonNode;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.function.Function;
import java.util.stream.Collectors;
import org.jboss.logging.Logger;
import org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider;
import org.keycloak.models.ProtocolMapperModel;
import org.keycloak.protocol.ProtocolMapper;
import org.keycloak.protocol.ProtocolMapperUtils;
import org.keycloak.protocol.oidc.OIDCLoginProtocol;
import org.keycloak.protocol.oidc.OIDCLoginProtocolFactory;
import org.keycloak.protocol.oidc.grants.ciba.channel.CIBAAuthenticationRequest;
import org.keycloak.protocol.oidc.utils.OIDCResponseType;
import org.keycloak.protocol.saml.SamlProtocol;
import org.keycloak.provider.ProviderConfigProperty;
import org.keycloak.representations.AccessTokenResponse;
import org.keycloak.representations.IDToken;
import org.keycloak.services.ServicesLogger;
import org.keycloak.services.managers.AuthenticationSessionManager;
import org.keycloak.services.util.DPoPUtil;
import org.keycloak.userprofile.DeclarativeUserProfileProvider;
import org.keycloak.util.JsonSerialization;
import org.keycloak.utils.JsonUtils;

/* loaded from: input_file:org/keycloak/protocol/oidc/mappers/OIDCAttributeMapperHelper.class */
public class OIDCAttributeMapperHelper {
    public static final String TOKEN_CLAIM_NAME = "claim.name";
    public static final String TOKEN_CLAIM_NAME_LABEL = "tokenClaimName.label";
    public static final String TOKEN_CLAIM_NAME_TOOLTIP = "tokenClaimName.tooltip";
    public static final String JSON_TYPE = "jsonType.label";
    public static final String JSON_TYPE_TOOLTIP = "jsonType.tooltip";
    public static final String INCLUDE_IN_ACCESS_TOKEN = "access.token.claim";
    public static final String INCLUDE_IN_ACCESS_TOKEN_LABEL = "includeInAccessToken.label";
    public static final String INCLUDE_IN_ACCESS_TOKEN_HELP_TEXT = "includeInAccessToken.tooltip";
    public static final String INCLUDE_IN_ID_TOKEN = "id.token.claim";
    public static final String INCLUDE_IN_ID_TOKEN_LABEL = "includeInIdToken.label";
    public static final String INCLUDE_IN_ID_TOKEN_HELP_TEXT = "includeInIdToken.tooltip";
    public static final String INCLUDE_IN_ACCESS_TOKEN_RESPONSE = "access.tokenResponse.claim";
    public static final String INCLUDE_IN_ACCESS_TOKEN_RESPONSE_LABEL = "includeInAccessTokenResponse.label";
    public static final String INCLUDE_IN_ACCESS_TOKEN_RESPONSE_HELP_TEXT = "includeInAccessTokenResponse.tooltip";
    public static final String INCLUDE_IN_USERINFO = "userinfo.token.claim";
    public static final String INCLUDE_IN_USERINFO_LABEL = "includeInUserInfo.label";
    public static final String INCLUDE_IN_USERINFO_HELP_TEXT = "includeInUserInfo.tooltip";
    public static final String INCLUDE_IN_INTROSPECTION = "introspection.token.claim";
    public static final String INCLUDE_IN_INTROSPECTION_LABEL = "includeInIntrospection.label";
    public static final String INCLUDE_IN_INTROSPECTION_HELP_TEXT = "includeInIntrospection.tooltip";
    private static final Logger logger = Logger.getLogger(OIDCAttributeMapperHelper.class);
    private static final Map<String, PropertySetter<IDToken>> tokenPropertySetters;
    private static final Map<String, PropertySetter<AccessTokenResponse>> responsePropertySetters;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/keycloak/protocol/oidc/mappers/OIDCAttributeMapperHelper$PropertySetter.class */
    public interface PropertySetter<T> {
        void set(String str, String str2, T t, Object obj);
    }

    public static Object mapAttributeValue(ProtocolMapperModel protocolMapperModel, Object obj) {
        if (obj == null) {
            return null;
        }
        if (obj instanceof Collection) {
            Collection collection = (Collection) obj;
            if (collection.isEmpty()) {
                return null;
            }
            if (isMultivalued(protocolMapperModel)) {
                ArrayList arrayList = new ArrayList();
                Iterator it = collection.iterator();
                while (it.hasNext()) {
                    arrayList.add(mapAttributeValue(protocolMapperModel, it.next()));
                }
                return arrayList;
            }
            if (collection.size() > 1) {
                ServicesLogger.LOGGER.multipleValuesForMapper(obj.toString(), protocolMapperModel.getName());
            }
            obj = collection.iterator().next();
        }
        Object convertToType = convertToType((String) protocolMapperModel.getConfig().get(JSON_TYPE), obj);
        return convertToType != null ? convertToType : obj;
    }

    /* JADX WARN: Multi-variable type inference failed */
    private static <X, T> List<T> transform(List<X> list, Function<X, T> function) {
        return (List) list.stream().filter(Objects::nonNull).map(function).collect(Collectors.toList());
    }

    private static Object convertToType(String str, Object obj) {
        if (str == null || obj == null) {
            return obj;
        }
        boolean z = -1;
        switch (str.hashCode()) {
            case -1808118735:
                if (str.equals("String")) {
                    z = true;
                    break;
                }
                break;
            case 104431:
                if (str.equals("int")) {
                    z = 3;
                    break;
                }
                break;
            case 2286824:
                if (str.equals("JSON")) {
                    z = 4;
                    break;
                }
                break;
            case 3327612:
                if (str.equals("long")) {
                    z = 2;
                    break;
                }
                break;
            case 64711720:
                if (str.equals("boolean")) {
                    z = false;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                Boolean bool = getBoolean(obj);
                if (bool != null) {
                    return bool;
                }
                if (obj instanceof List) {
                    return transform((List) obj, OIDCAttributeMapperHelper::getBoolean);
                }
                throw new RuntimeException("cannot map type for token claim");
            case DeclarativeUserProfileProvider.PROVIDER_PRIORITY /* 1 */:
                return obj instanceof String ? obj : obj instanceof List ? transform((List) obj, OIDCAttributeMapperHelper::getString) : obj.toString();
            case DPoPUtil.DEFAULT_ALLOWED_CLOCK_SKEW /* 2 */:
                Long l = getLong(obj);
                if (l != null) {
                    return l;
                }
                if (obj instanceof List) {
                    return transform((List) obj, OIDCAttributeMapperHelper::getLong);
                }
                throw new RuntimeException("cannot map type for token claim");
            case AuthenticationSessionManager.AUTH_SESSION_COOKIE_LIMIT /* 3 */:
                Integer integer = getInteger(obj);
                if (integer != null) {
                    return integer;
                }
                if (obj instanceof List) {
                    return transform((List) obj, OIDCAttributeMapperHelper::getInteger);
                }
                throw new RuntimeException("cannot map type for token claim");
            case true:
                JsonNode jsonNode = getJsonNode(obj);
                if (jsonNode != null) {
                    return jsonNode;
                }
                if (obj instanceof List) {
                    return transform((List) obj, OIDCAttributeMapperHelper::getJsonNode);
                }
                throw new RuntimeException("cannot map type for token claim");
            default:
                return null;
        }
    }

    private static String getString(Object obj) {
        return obj.toString();
    }

    private static Long getLong(Object obj) {
        if (obj instanceof Long) {
            return (Long) obj;
        }
        if (obj instanceof String) {
            return Long.valueOf((String) obj);
        }
        return null;
    }

    private static Integer getInteger(Object obj) {
        if (obj instanceof Integer) {
            return (Integer) obj;
        }
        if (obj instanceof String) {
            return Integer.valueOf((String) obj);
        }
        return null;
    }

    private static Boolean getBoolean(Object obj) {
        if (obj instanceof Boolean) {
            return (Boolean) obj;
        }
        if (obj instanceof String) {
            return Boolean.valueOf((String) obj);
        }
        return null;
    }

    private static JsonNode getJsonNode(Object obj) {
        if (obj instanceof JsonNode) {
            return (JsonNode) obj;
        }
        if (obj instanceof Map) {
            try {
                return JsonSerialization.createObjectNode(obj);
            } catch (Exception e) {
            }
        }
        if (!(obj instanceof String)) {
            return null;
        }
        try {
            return (JsonNode) JsonSerialization.readValue(obj.toString(), JsonNode.class);
        } catch (Exception e2) {
            return null;
        }
    }

    public static void mapClaim(IDToken iDToken, ProtocolMapperModel protocolMapperModel, Object obj) {
        mapClaim(iDToken, protocolMapperModel, obj, tokenPropertySetters, iDToken.getOtherClaims());
    }

    public static void mapClaim(AccessTokenResponse accessTokenResponse, ProtocolMapperModel protocolMapperModel, Object obj) {
        mapClaim(accessTokenResponse, protocolMapperModel, obj, responsePropertySetters, accessTokenResponse.getOtherClaims());
    }

    private static <T> void mapClaim(T t, ProtocolMapperModel protocolMapperModel, Object obj, Map<String, PropertySetter<T>> map, Map<String, Object> map2) {
        String str;
        Object mapAttributeValue = mapAttributeValue(protocolMapperModel, obj);
        if (mapAttributeValue == null || (str = (String) protocolMapperModel.getConfig().get("claim.name")) == null) {
            return;
        }
        List splitClaimPath = JsonUtils.splitClaimPath(str);
        if (splitClaimPath.isEmpty()) {
            return;
        }
        PropertySetter<T> propertySetter = map.get((String) splitClaimPath.iterator().next());
        if (propertySetter == null) {
            mapClaim((List<String>) splitClaimPath, mapAttributeValue, map2);
        } else if (splitClaimPath.size() > 1) {
            logger.warnf("Claim '%s' contains more than one level in a setter. Ignoring the assignment for mapper '%s'.", str, protocolMapperModel.getName());
        } else {
            propertySetter.set(str, protocolMapperModel.getName(), t, mapAttributeValue);
        }
    }

    private static void mapClaim(List<String> list, Object obj, Map<String, Object> map) {
        int size = list.size();
        int i = 0;
        for (String str : list) {
            i++;
            if (i == size) {
                map.put(str, obj);
            } else {
                Map<String, Object> map2 = (Map) map.get(str);
                if (map2 == null) {
                    map2 = new HashMap();
                    map.put(str, map2);
                }
                map = map2;
            }
        }
    }

    public static ProtocolMapperModel createClaimMapper(String str, String str2, String str3, String str4, boolean z, boolean z2, boolean z3, String str5) {
        return createClaimMapper(str, str2, str3, str4, z, z2, true, z3, str5);
    }

    public static ProtocolMapperModel createClaimMapper(String str, String str2, String str3, String str4, boolean z, boolean z2, boolean z3, boolean z4, String str5) {
        ProtocolMapperModel protocolMapperModel = new ProtocolMapperModel();
        protocolMapperModel.setName(str);
        protocolMapperModel.setProtocolMapper(str5);
        protocolMapperModel.setProtocol("openid-connect");
        HashMap hashMap = new HashMap();
        hashMap.put("user.attribute", str2);
        hashMap.put("claim.name", str3);
        hashMap.put(JSON_TYPE, str4);
        if (z) {
            hashMap.put(INCLUDE_IN_ACCESS_TOKEN, "true");
        }
        if (z2) {
            hashMap.put(INCLUDE_IN_ID_TOKEN, "true");
        }
        if (z3) {
            hashMap.put(INCLUDE_IN_USERINFO, "true");
        }
        if (z4) {
            hashMap.put(INCLUDE_IN_INTROSPECTION, "true");
        }
        protocolMapperModel.setConfig(hashMap);
        return protocolMapperModel;
    }

    public static boolean includeInIDToken(ProtocolMapperModel protocolMapperModel) {
        return "true".equals(protocolMapperModel.getConfig().get(INCLUDE_IN_ID_TOKEN));
    }

    public static boolean includeInAccessToken(ProtocolMapperModel protocolMapperModel) {
        return "true".equals(protocolMapperModel.getConfig().get(INCLUDE_IN_ACCESS_TOKEN));
    }

    public static boolean includeInAccessTokenResponse(ProtocolMapperModel protocolMapperModel) {
        return "true".equals(protocolMapperModel.getConfig().get(INCLUDE_IN_ACCESS_TOKEN_RESPONSE));
    }

    public static boolean isMultivalued(ProtocolMapperModel protocolMapperModel) {
        return "true".equals(protocolMapperModel.getConfig().get(ProtocolMapperUtils.MULTIVALUED));
    }

    public static boolean includeInUserInfo(ProtocolMapperModel protocolMapperModel) {
        String str = (String) protocolMapperModel.getConfig().get(INCLUDE_IN_USERINFO);
        if (str == null && includeInIDToken(protocolMapperModel)) {
            return true;
        }
        return "true".equals(str);
    }

    public static boolean includeInIntrospection(ProtocolMapperModel protocolMapperModel) {
        String str = (String) protocolMapperModel.getConfig().get(INCLUDE_IN_INTROSPECTION);
        if (str == null && includeInAccessToken(protocolMapperModel)) {
            return true;
        }
        return "true".equals(str);
    }

    public static void addAttributeConfig(List<ProviderConfigProperty> list, Class<? extends ProtocolMapper> cls) {
        addTokenClaimNameConfig(list);
        addJsonTypeConfig(list);
        addIncludeInTokensConfig(list, cls);
    }

    public static void addTokenClaimNameConfig(List<ProviderConfigProperty> list) {
        ProviderConfigProperty providerConfigProperty = new ProviderConfigProperty();
        providerConfigProperty.setName("claim.name");
        providerConfigProperty.setLabel(TOKEN_CLAIM_NAME_LABEL);
        providerConfigProperty.setType("String");
        providerConfigProperty.setHelpText(TOKEN_CLAIM_NAME_TOOLTIP);
        list.add(providerConfigProperty);
    }

    public static void addJsonTypeConfig(List<ProviderConfigProperty> list) {
        ProviderConfigProperty providerConfigProperty = new ProviderConfigProperty();
        providerConfigProperty.setName(JSON_TYPE);
        providerConfigProperty.setLabel(JSON_TYPE);
        ArrayList arrayList = new ArrayList(5);
        arrayList.add("String");
        arrayList.add("long");
        arrayList.add("int");
        arrayList.add("boolean");
        arrayList.add("JSON");
        providerConfigProperty.setType("List");
        providerConfigProperty.setOptions(arrayList);
        providerConfigProperty.setHelpText(JSON_TYPE_TOOLTIP);
        list.add(providerConfigProperty);
    }

    public static void addIncludeInTokensConfig(List<ProviderConfigProperty> list, Class<? extends ProtocolMapper> cls) {
        if (OIDCIDTokenMapper.class.isAssignableFrom(cls)) {
            ProviderConfigProperty providerConfigProperty = new ProviderConfigProperty();
            providerConfigProperty.setName(INCLUDE_IN_ID_TOKEN);
            providerConfigProperty.setLabel(INCLUDE_IN_ID_TOKEN_LABEL);
            providerConfigProperty.setType("boolean");
            providerConfigProperty.setDefaultValue("true");
            providerConfigProperty.setHelpText(INCLUDE_IN_ID_TOKEN_HELP_TEXT);
            list.add(providerConfigProperty);
        }
        if (OIDCAccessTokenMapper.class.isAssignableFrom(cls)) {
            ProviderConfigProperty providerConfigProperty2 = new ProviderConfigProperty();
            providerConfigProperty2.setName(INCLUDE_IN_ACCESS_TOKEN);
            providerConfigProperty2.setLabel(INCLUDE_IN_ACCESS_TOKEN_LABEL);
            providerConfigProperty2.setType("boolean");
            providerConfigProperty2.setDefaultValue("true");
            providerConfigProperty2.setHelpText(INCLUDE_IN_ACCESS_TOKEN_HELP_TEXT);
            list.add(providerConfigProperty2);
        }
        if (UserInfoTokenMapper.class.isAssignableFrom(cls)) {
            ProviderConfigProperty providerConfigProperty3 = new ProviderConfigProperty();
            providerConfigProperty3.setName(INCLUDE_IN_USERINFO);
            providerConfigProperty3.setLabel(INCLUDE_IN_USERINFO_LABEL);
            providerConfigProperty3.setType("boolean");
            providerConfigProperty3.setDefaultValue("true");
            providerConfigProperty3.setHelpText(INCLUDE_IN_USERINFO_HELP_TEXT);
            list.add(providerConfigProperty3);
        }
        if (OIDCAccessTokenResponseMapper.class.isAssignableFrom(cls)) {
            ProviderConfigProperty providerConfigProperty4 = new ProviderConfigProperty();
            providerConfigProperty4.setName(INCLUDE_IN_ACCESS_TOKEN_RESPONSE);
            providerConfigProperty4.setLabel(INCLUDE_IN_ACCESS_TOKEN_RESPONSE_LABEL);
            providerConfigProperty4.setType("boolean");
            providerConfigProperty4.setDefaultValue(SamlProtocol.ATTRIBUTE_FALSE_VALUE);
            providerConfigProperty4.setHelpText(INCLUDE_IN_ACCESS_TOKEN_RESPONSE_HELP_TEXT);
            list.add(providerConfigProperty4);
        }
        if (TokenIntrospectionTokenMapper.class.isAssignableFrom(cls)) {
            ProviderConfigProperty providerConfigProperty5 = new ProviderConfigProperty();
            providerConfigProperty5.setName(INCLUDE_IN_INTROSPECTION);
            providerConfigProperty5.setLabel(INCLUDE_IN_INTROSPECTION_LABEL);
            providerConfigProperty5.setType("boolean");
            providerConfigProperty5.setDefaultValue("true");
            providerConfigProperty5.setHelpText(INCLUDE_IN_INTROSPECTION_HELP_TEXT);
            list.add(providerConfigProperty5);
        }
    }

    static {
        HashMap hashMap = new HashMap();
        hashMap.put("sub", (str, str2, iDToken, obj) -> {
            iDToken.setSubject(obj.toString());
        });
        hashMap.put("azp", (str3, str4, iDToken2, obj2) -> {
            iDToken2.issuedFor(obj2.toString());
        });
        hashMap.put(OIDCLoginProtocolFactory.ACR_SCOPE, (str5, str6, iDToken3, obj3) -> {
            iDToken3.setAcr(obj3.toString());
        });
        hashMap.put("aud", (str7, str8, iDToken4, obj4) -> {
            if (obj4 instanceof Collection) {
                iDToken4.audience((String[]) ((Collection) obj4).stream().map((v0) -> {
                    return v0.toString();
                }).toArray(i -> {
                    return new String[i];
                }));
            } else {
                iDToken4.audience(new String[]{obj4.toString()});
            }
        });
        PropertySetter propertySetter = (str9, str10, iDToken5, obj5) -> {
            logger.warnf("Claim '%s' is non-modifiable in IDToken. Ignoring the assignment for mapper '%s'.", str9, str10);
        };
        hashMap.put("jti", propertySetter);
        hashMap.put("typ", propertySetter);
        hashMap.put("iat", propertySetter);
        hashMap.put("exp", propertySetter);
        hashMap.put(OIDCLoginProtocol.ISSUER, propertySetter);
        hashMap.put("scope", propertySetter);
        hashMap.put(OIDCLoginProtocol.NONCE_PARAM, propertySetter);
        hashMap.put("auth_time", propertySetter);
        hashMap.put(CIBAAuthenticationRequest.SESSION_STATE, propertySetter);
        tokenPropertySetters = Collections.unmodifiableMap(hashMap);
        HashMap hashMap2 = new HashMap();
        PropertySetter propertySetter2 = (str11, str12, accessTokenResponse, obj6) -> {
            logger.warnf("Claim '%s' is non-modifiable in AccessTokenResponse. Ignoring the assignment for mapper '%s'.", str11, str12);
        };
        hashMap2.put("access_token", propertySetter2);
        hashMap2.put("token_type", propertySetter2);
        hashMap2.put(CIBAAuthenticationRequest.SESSION_STATE, propertySetter2);
        hashMap2.put("expires_in", propertySetter2);
        hashMap2.put(OIDCResponseType.ID_TOKEN, propertySetter2);
        hashMap2.put(AbstractOAuth2IdentityProvider.OAUTH2_GRANT_TYPE_REFRESH_TOKEN, propertySetter2);
        hashMap2.put("refresh_expires_in", propertySetter2);
        hashMap2.put("not-before-policy", propertySetter2);
        hashMap2.put("scope", propertySetter2);
        responsePropertySetters = Collections.unmodifiableMap(hashMap2);
    }
}
