package org.keycloak.services.clientregistration.policy;

import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import org.keycloak.component.ComponentModel;
import org.keycloak.models.RealmModel;
import org.keycloak.protocol.oidc.mappers.AddressMapper;
import org.keycloak.protocol.oidc.mappers.FullNameMapper;
import org.keycloak.protocol.oidc.mappers.SHA256PairwiseSubMapper;
import org.keycloak.protocol.oidc.mappers.UserAttributeMapper;
import org.keycloak.protocol.oidc.mappers.UserPropertyMapper;
import org.keycloak.protocol.saml.SamlProtocol;
import org.keycloak.protocol.saml.mappers.RoleListMapper;
import org.keycloak.protocol.saml.mappers.UserAttributeStatementMapper;
import org.keycloak.protocol.saml.mappers.UserPropertyAttributeStatementMapper;
import org.keycloak.services.clientregistration.policy.impl.ConsentRequiredClientRegistrationPolicyFactory;
import org.keycloak.services.clientregistration.policy.impl.ProtocolMappersClientRegistrationPolicyFactory;
import org.keycloak.services.clientregistration.policy.impl.TrustedHostClientRegistrationPolicyFactory;

/* loaded from: input_file:org/keycloak/services/clientregistration/policy/DefaultClientRegistrationPolicies.class */
public class DefaultClientRegistrationPolicies {
    private static String[] DEFAULT_ALLOWED_PROTOCOL_MAPPERS = {UserAttributeStatementMapper.PROVIDER_ID, UserAttributeMapper.PROVIDER_ID, UserPropertyAttributeStatementMapper.PROVIDER_ID, UserPropertyMapper.PROVIDER_ID, FullNameMapper.PROVIDER_ID, AddressMapper.PROVIDER_ID, new SHA256PairwiseSubMapper().getId(), RoleListMapper.PROVIDER_ID};

    public static void addDefaultPolicies(RealmModel realmModel) {
        String componentTypeKey = ClientRegistrationPolicyManager.getComponentTypeKey(RegistrationAuth.ANONYMOUS);
        String componentTypeKey2 = ClientRegistrationPolicyManager.getComponentTypeKey(RegistrationAuth.AUTHENTICATED);
        List components = realmModel.getComponents(realmModel.getId(), ClientRegistrationPolicy.class.getName());
        if (components == null || components.isEmpty()) {
            addAnonymousPolicies(realmModel, componentTypeKey);
            addAuthPolicies(realmModel, componentTypeKey2);
        }
    }

    private static ComponentModel createModelInstance(String str, RealmModel realmModel, String str2, String str3) {
        ComponentModel componentModel = new ComponentModel();
        componentModel.setName(str);
        componentModel.setParentId(realmModel.getId());
        componentModel.setProviderId(str2);
        componentModel.setProviderType(ClientRegistrationPolicy.class.getName());
        componentModel.setSubType(str3);
        return componentModel;
    }

    private static void addAnonymousPolicies(RealmModel realmModel, String str) {
        ComponentModel createModelInstance = createModelInstance("Trusted Hosts", realmModel, "trusted-hosts", str);
        createModelInstance.getConfig().put("trusted-hosts", Collections.emptyList());
        createModelInstance.getConfig().putSingle(TrustedHostClientRegistrationPolicyFactory.HOST_SENDING_REGISTRATION_REQUEST_MUST_MATCH, SamlProtocol.ATTRIBUTE_TRUE_VALUE);
        createModelInstance.getConfig().putSingle(TrustedHostClientRegistrationPolicyFactory.CLIENT_URIS_MUST_MATCH, SamlProtocol.ATTRIBUTE_TRUE_VALUE);
        realmModel.addComponentModel(createModelInstance);
        realmModel.addComponentModel(createModelInstance("Consent Required", realmModel, ConsentRequiredClientRegistrationPolicyFactory.PROVIDER_ID, str));
        realmModel.addComponentModel(createModelInstance("Full Scope Disabled", realmModel, "scope", str));
        ComponentModel createModelInstance2 = createModelInstance("Max Clients Limit", realmModel, "max-clients", str);
        createModelInstance2.put("max-clients", 200);
        realmModel.addComponentModel(createModelInstance2);
        addGenericPolicies(realmModel, str);
    }

    private static void addAuthPolicies(RealmModel realmModel, String str) {
        addGenericPolicies(realmModel, str);
    }

    private static void addGenericPolicies(RealmModel realmModel, String str) {
        ComponentModel createModelInstance = createModelInstance("Allowed Protocol Mapper Types", realmModel, ProtocolMappersClientRegistrationPolicyFactory.PROVIDER_ID, str);
        createModelInstance.getConfig().put(ProtocolMappersClientRegistrationPolicyFactory.ALLOWED_PROTOCOL_MAPPER_TYPES, Arrays.asList(DEFAULT_ALLOWED_PROTOCOL_MAPPERS));
        createModelInstance.getConfig().putSingle(ProtocolMappersClientRegistrationPolicyFactory.CONSENT_REQUIRED_FOR_ALL_MAPPERS, SamlProtocol.ATTRIBUTE_TRUE_VALUE);
        realmModel.addComponentModel(createModelInstance);
        ComponentModel createModelInstance2 = createModelInstance("Allowed Client Templates", realmModel, "allowed-client-templates", str);
        createModelInstance2.getConfig().put("allowed-client-templates", Collections.emptyList());
        realmModel.addComponentModel(createModelInstance2);
    }
}
