package org.keycloak.storage.openshift;

import com.openshift.restclient.ClientBuilder;
import com.openshift.restclient.IClient;
import java.util.List;
import java.util.regex.Pattern;
import org.keycloak.common.Profile;
import org.keycloak.component.ComponentModel;
import org.keycloak.component.ComponentValidationException;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.provider.EnvironmentDependentProviderFactory;
import org.keycloak.provider.ProviderConfigProperty;
import org.keycloak.provider.ProviderConfigurationBuilder;
import org.keycloak.storage.CacheableStorageProviderModel;
import org.keycloak.storage.client.ClientStorageProviderFactory;
import org.keycloak.storage.client.ClientStorageProviderModel;

/* loaded from: input_file:org/keycloak/storage/openshift/OpenshiftClientStorageProviderFactory.class */
public class OpenshiftClientStorageProviderFactory implements ClientStorageProviderFactory<OpenshiftClientStorageProvider>, EnvironmentDependentProviderFactory {
    public static final String PROVIDER_ID = "openshift-oauth-client";
    static final Pattern SERVICE_ACCOUNT_PATTERN = Pattern.compile("system:serviceaccount:([^:]+):([^:]+)");
    public static final String CONFIG_PROPERTY_ACCESS_TOKEN = "openshift.access_token";
    public static final String CONFIG_PROPERTY_OPENSHIFT_URI = "openshift.uri";
    public static final String CONFIG_PROPERTY_DEFAULT_NAMESPACE = "openshift.namespace.default";
    public static final String CONFIG_PROPERTY_REQUIRE_USER_CONSENT = "user.consent.require";
    public static final String CONFIG_PROPERTY_DISPLAY_SCOPE_CONSENT_TEXT = "user.consent.scope.consent.text";
    private final List<ProviderConfigProperty> CONFIG_PROPERTIES = ProviderConfigurationBuilder.create().property().name(CONFIG_PROPERTY_ACCESS_TOKEN).type("String").label("Access Token").helpText("Bearer token that will be used to invoke on Openshift api server.  Must have privilege to lookup oauth clients, service accounts, and invoke on token review interface").add().property().name(CONFIG_PROPERTY_OPENSHIFT_URI).type("String").label("Openshift URL").helpText("Openshift api server URL base endpoint.").add().property().name(CONFIG_PROPERTY_DEFAULT_NAMESPACE).type("String").label("Default Namespace").helpText("The default namespace to use when the server is not able to resolve the namespace from the client identifier. Useful when clients in Openshift don't have names with the following pattern: " + SERVICE_ACCOUNT_PATTERN.pattern()).add().property().name(CONFIG_PROPERTY_REQUIRE_USER_CONSENT).type("boolean").defaultValue("true").label("Require User Consent").helpText("If set to true, clients from this storage will ask the end-user for any scope requested during the authorization flow").add().property().name(CONFIG_PROPERTY_DISPLAY_SCOPE_CONSENT_TEXT).type("boolean").defaultValue("true").label("Display Scopes Consent Text").helpText("If set to true, the consent page will display texts from the message bundle for scopes. Otherwise, the scope name will be displayed.").add().build();
    private IClient client;

    public String getId() {
        return PROVIDER_ID;
    }

    /* renamed from: create, reason: merged with bridge method [inline-methods] and merged with bridge method [inline-methods] */
    public OpenshiftClientStorageProvider m553create(KeycloakSession keycloakSession, ComponentModel componentModel) {
        ClientStorageProviderModel createProviderModel = createProviderModel(componentModel);
        IClient client = getClient(createProviderModel);
        if (client != null) {
            return new OpenshiftClientStorageProvider(keycloakSession, createProviderModel, client);
        }
        client.getAuthorizationContext().setToken(createProviderModel.get(CONFIG_PROPERTY_ACCESS_TOKEN));
        return new OpenshiftClientStorageProvider(keycloakSession, createProviderModel, client);
    }

    public String getHelpText() {
        return "Openshift OAuth Client Adapter";
    }

    public List<ProviderConfigProperty> getConfigProperties() {
        return this.CONFIG_PROPERTIES;
    }

    public void validateConfiguration(KeycloakSession keycloakSession, RealmModel realmModel, ComponentModel componentModel) throws ComponentValidationException {
        componentModel.getConfig().putSingle("cachePolicy", CacheableStorageProviderModel.CachePolicy.NO_CACHE.name());
    }

    public void onUpdate(KeycloakSession keycloakSession, RealmModel realmModel, ComponentModel componentModel, ComponentModel componentModel2) {
        if (componentModel.get(CONFIG_PROPERTY_OPENSHIFT_URI).equals(componentModel2.get(CONFIG_PROPERTY_OPENSHIFT_URI))) {
            getClient(createProviderModel(componentModel2)).getAuthorizationContext().setToken(componentModel2.get(CONFIG_PROPERTY_ACCESS_TOKEN));
        } else {
            this.client = null;
        }
    }

    public boolean isSupported() {
        return Profile.isFeatureEnabled(Profile.Feature.OPENSHIFT_INTEGRATION);
    }

    private IClient getClient(ClientStorageProviderModel clientStorageProviderModel) {
        synchronized (this) {
            if (this.client == null) {
                this.client = new ClientBuilder(clientStorageProviderModel.get(CONFIG_PROPERTY_OPENSHIFT_URI)).build();
            }
        }
        return this.client;
    }

    private ClientStorageProviderModel createProviderModel(ComponentModel componentModel) {
        return new ClientStorageProviderModel(componentModel);
    }
}
