package org.keycloak.protocol.saml;

import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.keycloak.Config;
import org.keycloak.events.EventBuilder;
import org.keycloak.models.ClientModel;
import org.keycloak.models.ClientScopeModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.ProtocolMapperModel;
import org.keycloak.models.RealmModel;
import org.keycloak.models.utils.KeycloakModelUtils;
import org.keycloak.protocol.AbstractLoginProtocolFactory;
import org.keycloak.protocol.LoginProtocol;
import org.keycloak.protocol.saml.mappers.AttributeStatementHelper;
import org.keycloak.protocol.saml.mappers.RoleListMapper;
import org.keycloak.protocol.saml.mappers.UserPropertyAttributeStatementMapper;
import org.keycloak.representations.idm.CertificateRepresentation;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.saml.SignatureAlgorithm;
import org.keycloak.saml.common.constants.JBossSAMLURIConstants;
import org.keycloak.saml.processing.core.saml.v2.constants.X500SAMLProfileConstants;
import org.keycloak.saml.validators.DestinationValidator;

/* loaded from: input_file:org/keycloak/protocol/saml/SamlProtocolFactory.class */
public class SamlProtocolFactory extends AbstractLoginProtocolFactory {
    public static final String SCOPE_ROLE_LIST = "role_list";
    private static final String ROLE_LIST_CONSENT_TEXT = "${samlRoleListScopeConsentText}";
    private DestinationValidator destinationValidator;
    static Map<String, ProtocolMapperModel> builtins = new HashMap();
    static List<ProtocolMapperModel> defaultBuiltins = new ArrayList();

    public Object createProtocolEndpoint(RealmModel realmModel, EventBuilder eventBuilder) {
        return new SamlService(realmModel, eventBuilder, this.destinationValidator);
    }

    /* renamed from: create, reason: merged with bridge method [inline-methods] */
    public LoginProtocol m323create(KeycloakSession keycloakSession) {
        return new SamlProtocol().m320setSession(keycloakSession);
    }

    public void init(Config.Scope scope) {
        this.destinationValidator = DestinationValidator.forProtocolMap(scope.getArray("knownProtocols"));
    }

    public String getId() {
        return "saml";
    }

    public Map<String, ProtocolMapperModel> getBuiltinMappers() {
        return builtins;
    }

    protected void createDefaultClientScopesImpl(RealmModel realmModel) {
        ClientScopeModel addClientScope = realmModel.addClientScope(SCOPE_ROLE_LIST);
        addClientScope.setDescription("SAML role list");
        addClientScope.setDisplayOnConsentScreen(true);
        addClientScope.setConsentScreenText(ROLE_LIST_CONSENT_TEXT);
        addClientScope.setProtocol(getId());
        addClientScope.addProtocolMapper(builtins.get("role list"));
        realmModel.addDefaultClientScope(addClientScope, true);
    }

    protected void addDefaults(ClientModel clientModel) {
    }

    public void setupClientDefaults(ClientRepresentation clientRepresentation, ClientModel clientModel) {
        SamlRepresentationAttributes samlRepresentationAttributes = new SamlRepresentationAttributes(clientRepresentation.getAttributes());
        SamlClient samlClient = new SamlClient(clientModel);
        if (clientRepresentation.isStandardFlowEnabled() == null) {
            clientModel.setStandardFlowEnabled(true);
        }
        if (samlRepresentationAttributes.getCanonicalizationMethod() == null) {
            samlClient.setCanonicalizationMethod("http://www.w3.org/2001/10/xml-exc-c14n#");
        }
        if (samlRepresentationAttributes.getSignatureAlgorithm() == null) {
            samlClient.setSignatureAlgorithm(SignatureAlgorithm.RSA_SHA256);
        }
        if (samlRepresentationAttributes.getNameIDFormat() == null) {
            samlClient.setNameIDFormat("username");
        }
        if (samlRepresentationAttributes.getIncludeAuthnStatement() == null) {
            samlClient.setIncludeAuthnStatement(true);
        }
        if (samlRepresentationAttributes.getForceNameIDFormat() == null) {
            samlClient.setForceNameIDFormat(false);
        }
        if (samlRepresentationAttributes.getSamlServerSignature() == null) {
            samlClient.setRequiresRealmSignature(true);
        }
        if (samlRepresentationAttributes.getForcePostBinding() == null) {
            samlClient.setForcePostBinding(true);
        }
        if (samlRepresentationAttributes.getClientSignature() == null) {
            samlClient.setRequiresClientSignature(true);
        }
        if (samlClient.requiresClientSignature() && samlClient.getClientSigningCertificate() == null) {
            CertificateRepresentation generateKeyPairCertificate = KeycloakModelUtils.generateKeyPairCertificate(clientModel.getClientId());
            samlClient.setClientSigningCertificate(generateKeyPairCertificate.getCertificate());
            samlClient.setClientSigningPrivateKey(generateKeyPairCertificate.getPrivateKey());
        }
        if (clientRepresentation.isFrontchannelLogout() == null) {
            clientModel.setFrontchannelLogout(true);
        }
    }

    static {
        builtins.put("X500 email", UserPropertyAttributeStatementMapper.createAttributeMapper("X500 email", "email", X500SAMLProfileConstants.EMAIL.get(), JBossSAMLURIConstants.ATTRIBUTE_FORMAT_URI.get(), X500SAMLProfileConstants.EMAIL.getFriendlyName(), true, "${email}"));
        builtins.put("X500 givenName", UserPropertyAttributeStatementMapper.createAttributeMapper("X500 givenName", "firstName", X500SAMLProfileConstants.GIVEN_NAME.get(), JBossSAMLURIConstants.ATTRIBUTE_FORMAT_URI.get(), X500SAMLProfileConstants.GIVEN_NAME.getFriendlyName(), true, "${givenName}"));
        builtins.put("X500 surname", UserPropertyAttributeStatementMapper.createAttributeMapper("X500 surname", "lastName", X500SAMLProfileConstants.SURNAME.get(), JBossSAMLURIConstants.ATTRIBUTE_FORMAT_URI.get(), X500SAMLProfileConstants.SURNAME.getFriendlyName(), true, "${familyName}"));
        ProtocolMapperModel create = RoleListMapper.create("role list", "Role", AttributeStatementHelper.BASIC, null, false);
        builtins.put("role list", create);
        defaultBuiltins.add(create);
    }
}
