package org.keycloak.broker.provider;

import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.HashMap;
import java.util.UUID;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriInfo;
import org.keycloak.broker.provider.IdentityProvider;
import org.keycloak.common.util.Base64Url;
import org.keycloak.common.util.KeycloakUriBuilder;
import org.keycloak.events.EventBuilder;
import org.keycloak.models.ClientModel;
import org.keycloak.models.Constants;
import org.keycloak.models.IdentityProviderModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.UserSessionModel;
import org.keycloak.sessions.AuthenticationSessionModel;

/* loaded from: input_file:org/keycloak/broker/provider/AbstractIdentityProvider.class */
public abstract class AbstractIdentityProvider<C extends IdentityProviderModel> implements IdentityProvider<C> {
    public static final String ACCOUNT_LINK_URL = "account-link-url";
    protected final KeycloakSession session;
    private final C config;

    public AbstractIdentityProvider(KeycloakSession keycloakSession, C c) {
        this.session = keycloakSession;
        this.config = c;
    }

    public C getConfig() {
        return this.config;
    }

    @Override // org.keycloak.broker.provider.IdentityProvider
    public Response export(UriInfo uriInfo, RealmModel realmModel, String str) {
        return Response.noContent().build();
    }

    public void close() {
    }

    @Override // org.keycloak.broker.provider.IdentityProvider
    public Object callback(RealmModel realmModel, IdentityProvider.AuthenticationCallback authenticationCallback, EventBuilder eventBuilder) {
        return null;
    }

    @Override // org.keycloak.broker.provider.IdentityProvider
    public Response performLogin(AuthenticationRequest authenticationRequest) {
        return null;
    }

    @Override // org.keycloak.broker.provider.IdentityProvider
    public Response keycloakInitiatedBrowserLogout(KeycloakSession keycloakSession, UserSessionModel userSessionModel, UriInfo uriInfo, RealmModel realmModel) {
        return null;
    }

    @Override // org.keycloak.broker.provider.IdentityProvider
    public void backchannelLogout(KeycloakSession keycloakSession, UserSessionModel userSessionModel, UriInfo uriInfo, RealmModel realmModel) {
    }

    public Response exchangeNotSupported() {
        HashMap hashMap = new HashMap();
        hashMap.put("error", "invalid_target");
        hashMap.put("error_description", "target_exchange_unsupported");
        return Response.status(400).entity(hashMap).type(MediaType.APPLICATION_JSON_TYPE).build();
    }

    public Response exchangeNotLinked(UriInfo uriInfo, ClientModel clientModel, UserSessionModel userSessionModel, UserModel userModel) {
        return exchangeErrorResponse(uriInfo, clientModel, userSessionModel, "not_linked", "identity provider is not linked");
    }

    public Response exchangeNotLinkedNoStore(UriInfo uriInfo, ClientModel clientModel, UserSessionModel userSessionModel, UserModel userModel) {
        return exchangeErrorResponse(uriInfo, clientModel, userSessionModel, "not_linked", "identity provider is not linked, can only link to current user session");
    }

    protected Response exchangeErrorResponse(UriInfo uriInfo, ClientModel clientModel, UserSessionModel userSessionModel, String str, String str2) {
        HashMap hashMap = new HashMap();
        hashMap.put("error", str);
        hashMap.put("error_description", str2);
        String linkingUrl = getLinkingUrl(uriInfo, clientModel, userSessionModel);
        if (linkingUrl != null) {
            hashMap.put(ACCOUNT_LINK_URL, linkingUrl);
        }
        return Response.status(400).entity(hashMap).type(MediaType.APPLICATION_JSON_TYPE).build();
    }

    protected String getLinkingUrl(UriInfo uriInfo, ClientModel clientModel, UserSessionModel userSessionModel) {
        String alias = getConfig().getAlias();
        String clientId = clientModel.getClientId();
        String uuid = UUID.randomUUID().toString();
        try {
            return KeycloakUriBuilder.fromUri(uriInfo.getBaseUri()).path("/realms/{realm}/broker/{provider}/link").queryParam("nonce", new Object[]{uuid}).queryParam("hash", new Object[]{Base64Url.encode(MessageDigest.getInstance("SHA-256").digest((uuid + userSessionModel.getId() + clientId + alias).getBytes(StandardCharsets.UTF_8)))}).queryParam(Constants.CLIENT_ID, new Object[]{clientId}).build(new Object[]{clientModel.getRealm().getName(), alias}).toString();
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException(e);
        }
    }

    public Response exchangeTokenExpired(UriInfo uriInfo, ClientModel clientModel, UserSessionModel userSessionModel, UserModel userModel) {
        return exchangeErrorResponse(uriInfo, clientModel, userSessionModel, "token_expired", "linked token is expired");
    }

    public Response exchangeUnsupportedRequiredType() {
        HashMap hashMap = new HashMap();
        hashMap.put("error", "invalid_target");
        hashMap.put("error_description", "response_token_type_unsupported");
        return Response.status(400).entity(hashMap).type(MediaType.APPLICATION_JSON_TYPE).build();
    }

    @Override // org.keycloak.broker.provider.IdentityProvider
    public void authenticationFinished(AuthenticationSessionModel authenticationSessionModel, BrokeredIdentityContext brokeredIdentityContext) {
    }

    @Override // org.keycloak.broker.provider.IdentityProvider
    public void preprocessFederatedIdentity(KeycloakSession keycloakSession, RealmModel realmModel, BrokeredIdentityContext brokeredIdentityContext) {
    }

    @Override // org.keycloak.broker.provider.IdentityProvider
    public void importNewUser(KeycloakSession keycloakSession, RealmModel realmModel, UserModel userModel, BrokeredIdentityContext brokeredIdentityContext) {
    }

    @Override // org.keycloak.broker.provider.IdentityProvider
    public void updateBrokeredUser(KeycloakSession keycloakSession, RealmModel realmModel, UserModel userModel, BrokeredIdentityContext brokeredIdentityContext) {
    }

    @Override // org.keycloak.broker.provider.IdentityProvider
    public IdentityProviderDataMarshaller getMarshaller() {
        return new DefaultDataMarshaller();
    }
}
