package org.keycloak.services.clientregistration.policy.impl;

import java.util.List;
import java.util.Objects;
import java.util.stream.Collectors;
import org.jboss.logging.Logger;
import org.keycloak.component.ComponentModel;
import org.keycloak.models.ClientModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.representations.idm.ProtocolMapperRepresentation;
import org.keycloak.services.ServicesLogger;
import org.keycloak.services.clientregistration.ClientRegistrationContext;
import org.keycloak.services.clientregistration.ClientRegistrationProvider;
import org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy;
import org.keycloak.services.clientregistration.policy.ClientRegistrationPolicyException;

/* loaded from: input_file:org/keycloak/services/clientregistration/policy/impl/ProtocolMappersClientRegistrationPolicy.class */
public class ProtocolMappersClientRegistrationPolicy implements ClientRegistrationPolicy {
    private static final Logger logger = Logger.getLogger(ProtocolMappersClientRegistrationPolicy.class);
    private final KeycloakSession session;
    private final ComponentModel componentModel;

    public ProtocolMappersClientRegistrationPolicy(KeycloakSession keycloakSession, ComponentModel componentModel) {
        this.session = keycloakSession;
        this.componentModel = componentModel;
    }

    @Override // org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy
    public void beforeRegister(ClientRegistrationContext clientRegistrationContext) throws ClientRegistrationPolicyException {
        testMappers(clientRegistrationContext);
    }

    protected void testMappers(ClientRegistrationContext clientRegistrationContext) throws ClientRegistrationPolicyException {
        List<ProtocolMapperRepresentation> protocolMappers = clientRegistrationContext.getClient().getProtocolMappers();
        if (protocolMappers == null) {
            return;
        }
        List<String> allowedMapperProviders = getAllowedMapperProviders();
        for (ProtocolMapperRepresentation protocolMapperRepresentation : protocolMappers) {
            String protocolMapper = protocolMapperRepresentation.getProtocolMapper();
            if (!allowedMapperProviders.contains(protocolMapper)) {
                ServicesLogger.LOGGER.clientRegistrationMapperNotAllowed(protocolMapperRepresentation.getName(), protocolMapper);
                throw new ClientRegistrationPolicyException("ProtocolMapper type not allowed");
            }
        }
    }

    @Override // org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy
    public void afterRegister(ClientRegistrationContext clientRegistrationContext, ClientModel clientModel) {
        List<String> allowedMapperProviders = getAllowedMapperProviders();
        List list = (List) clientModel.getProtocolMappersStream().filter(protocolMapperModel -> {
            return !allowedMapperProviders.contains(protocolMapperModel.getProtocolMapper());
        }).peek(protocolMapperModel2 -> {
            logger.debugf("Removing builtin mapper '%s' of type '%s' as type is not permitted", protocolMapperModel2.getName(), protocolMapperModel2.getProtocolMapper());
        }).collect(Collectors.toList());
        Objects.requireNonNull(clientModel);
        list.forEach(clientModel::removeProtocolMapper);
    }

    @Override // org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy
    public void beforeUpdate(ClientRegistrationContext clientRegistrationContext, ClientModel clientModel) throws ClientRegistrationPolicyException {
        testMappers(clientRegistrationContext);
    }

    @Override // org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy
    public void afterUpdate(ClientRegistrationContext clientRegistrationContext, ClientModel clientModel) {
    }

    @Override // org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy
    public void beforeView(ClientRegistrationProvider clientRegistrationProvider, ClientModel clientModel) throws ClientRegistrationPolicyException {
    }

    @Override // org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy
    public void beforeDelete(ClientRegistrationProvider clientRegistrationProvider, ClientModel clientModel) throws ClientRegistrationPolicyException {
    }

    private List<String> getAllowedMapperProviders() {
        return this.componentModel.getConfig().getList(ProtocolMappersClientRegistrationPolicyFactory.ALLOWED_PROTOCOL_MAPPER_TYPES);
    }
}
