package org.keycloak.protocol.oidc.mappers;

import java.util.ArrayList;
import java.util.HashMap;
import java.util.LinkedList;
import java.util.List;
import org.keycloak.models.GroupModel;
import org.keycloak.models.ProtocolMapperModel;
import org.keycloak.models.UserSessionModel;
import org.keycloak.models.utils.ModelToRepresentation;
import org.keycloak.provider.ProviderConfigProperty;
import org.keycloak.representations.IDToken;

/* loaded from: input_file:org/keycloak/protocol/oidc/mappers/GroupMembershipMapper.class */
public class GroupMembershipMapper extends AbstractOIDCProtocolMapper implements OIDCAccessTokenMapper, OIDCIDTokenMapper, UserInfoTokenMapper {
    private static final List<ProviderConfigProperty> configProperties = new ArrayList();
    public static final String PROVIDER_ID = "oidc-group-membership-mapper";

    public List<ProviderConfigProperty> getConfigProperties() {
        return configProperties;
    }

    public String getId() {
        return PROVIDER_ID;
    }

    public String getDisplayType() {
        return "Group Membership";
    }

    public String getDisplayCategory() {
        return AbstractOIDCProtocolMapper.TOKEN_MAPPER_CATEGORY;
    }

    public String getHelpText() {
        return "Map user group membership";
    }

    public static boolean useFullPath(ProtocolMapperModel protocolMapperModel) {
        return "true".equals(protocolMapperModel.getConfig().get("full.path"));
    }

    @Override // org.keycloak.protocol.oidc.mappers.AbstractOIDCProtocolMapper
    protected void setClaim(IDToken iDToken, ProtocolMapperModel protocolMapperModel, UserSessionModel userSessionModel) {
        LinkedList linkedList = new LinkedList();
        boolean useFullPath = useFullPath(protocolMapperModel);
        for (GroupModel groupModel : userSessionModel.getUser().getGroups()) {
            if (useFullPath) {
                linkedList.add(ModelToRepresentation.buildGroupPath(groupModel));
            } else {
                linkedList.add(groupModel.getName());
            }
        }
        iDToken.getOtherClaims().put((String) protocolMapperModel.getConfig().get(OIDCAttributeMapperHelper.TOKEN_CLAIM_NAME), linkedList);
    }

    public static ProtocolMapperModel create(String str, String str2, boolean z, String str3, boolean z2, boolean z3) {
        ProtocolMapperModel protocolMapperModel = new ProtocolMapperModel();
        protocolMapperModel.setName(str);
        protocolMapperModel.setProtocolMapper(PROVIDER_ID);
        protocolMapperModel.setProtocol("openid-connect");
        HashMap hashMap = new HashMap();
        hashMap.put(OIDCAttributeMapperHelper.TOKEN_CLAIM_NAME, str2);
        if (z2) {
            hashMap.put(OIDCAttributeMapperHelper.INCLUDE_IN_ACCESS_TOKEN, "true");
        }
        if (z3) {
            hashMap.put(OIDCAttributeMapperHelper.INCLUDE_IN_ID_TOKEN, "true");
        }
        protocolMapperModel.setConfig(hashMap);
        return protocolMapperModel;
    }

    static {
        OIDCAttributeMapperHelper.addTokenClaimNameConfig(configProperties);
        ProviderConfigProperty providerConfigProperty = new ProviderConfigProperty();
        providerConfigProperty.setName("full.path");
        providerConfigProperty.setLabel("Full group path");
        providerConfigProperty.setType("boolean");
        providerConfigProperty.setDefaultValue("true");
        providerConfigProperty.setHelpText("Include full path to group i.e. /top/level1/level2, false will just specify the group name");
        configProperties.add(providerConfigProperty);
        OIDCAttributeMapperHelper.addIncludeInTokensConfig(configProperties, GroupMembershipMapper.class);
    }
}
