package org.keycloak.services.clientregistration.oidc;

import java.net.URI;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.concurrent.atomic.AtomicBoolean;
import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Response;
import org.jboss.logging.Logger;
import org.keycloak.common.util.Time;
import org.keycloak.models.ClientModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.ProtocolMapperModel;
import org.keycloak.models.utils.ModelToRepresentation;
import org.keycloak.models.utils.RepresentationToModel;
import org.keycloak.protocol.oidc.mappers.AbstractPairwiseSubMapper;
import org.keycloak.protocol.oidc.mappers.PairwiseSubMapperHelper;
import org.keycloak.protocol.oidc.mappers.SHA256PairwiseSubMapper;
import org.keycloak.protocol.oidc.utils.SubjectType;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.oidc.OIDCClientRepresentation;
import org.keycloak.services.ErrorResponseException;
import org.keycloak.services.ServicesLogger;
import org.keycloak.services.clientregistration.AbstractClientRegistrationProvider;
import org.keycloak.services.clientregistration.ClientRegistrationException;

/* loaded from: input_file:wildfly-10.1.0.Final/modules/system/add-ons/keycloak/org/keycloak/keycloak-services/main/keycloak-services-2.5.5.Final.jar:org/keycloak/services/clientregistration/oidc/OIDCClientRegistrationProvider.class */
public class OIDCClientRegistrationProvider extends AbstractClientRegistrationProvider {
    private static final Logger logger = Logger.getLogger((Class<?>) OIDCClientRegistrationProvider.class);

    public OIDCClientRegistrationProvider(KeycloakSession keycloakSession) {
        super(keycloakSession);
    }

    @POST
    @Produces({"application/json"})
    @Consumes({"application/json"})
    public Response createOIDC(OIDCClientRepresentation oIDCClientRepresentation) {
        if (oIDCClientRepresentation.getClientId() != null) {
            throw new ErrorResponseException("invalid_client_metadata", "Client Identifier included", Response.Status.BAD_REQUEST);
        }
        try {
            ClientRepresentation create = create(new OIDCClientRegistrationContext(this.session, DescriptionConverter.toInternal(this.session, oIDCClientRepresentation), this, oIDCClientRepresentation));
            ClientModel clientByClientId = this.session.getContext().getRealm().getClientByClientId(create.getClientId());
            updatePairwiseSubMappers(clientByClientId, SubjectType.parse(oIDCClientRepresentation.getSubjectType()), oIDCClientRepresentation.getSectorIdentifierUri());
            updateClientRepWithProtocolMappers(clientByClientId, create);
            URI build = this.session.getContext().getUri().getAbsolutePathBuilder().path(create.getClientId()).build(new Object[0]);
            OIDCClientRepresentation externalResponse = DescriptionConverter.toExternalResponse(this.session, create, build);
            externalResponse.setClientIdIssuedAt(Integer.valueOf(Time.currentTime()));
            return Response.created(build).entity(externalResponse).build();
        } catch (ClientRegistrationException e) {
            ServicesLogger.LOGGER.clientRegistrationException(e.getMessage());
            throw new ErrorResponseException("invalid_client_metadata", "Client metadata invalid", Response.Status.BAD_REQUEST);
        }
    }

    @GET
    @Produces({"application/json"})
    @Path("{clientId}")
    public Response getOIDC(@PathParam("clientId") String str) {
        return Response.ok(DescriptionConverter.toExternalResponse(this.session, get(str), this.session.getContext().getUri().getRequestUri())).build();
    }

    @Path("{clientId}")
    @Consumes({"application/json"})
    @Produces({"application/json"})
    @PUT
    public Response updateOIDC(@PathParam("clientId") String str, OIDCClientRepresentation oIDCClientRepresentation) {
        try {
            ClientRepresentation update = update(str, new OIDCClientRegistrationContext(this.session, DescriptionConverter.toInternal(this.session, oIDCClientRepresentation), this, oIDCClientRepresentation));
            ClientModel clientByClientId = this.session.getContext().getRealm().getClientByClientId(update.getClientId());
            updatePairwiseSubMappers(clientByClientId, SubjectType.parse(oIDCClientRepresentation.getSubjectType()), oIDCClientRepresentation.getSectorIdentifierUri());
            updateClientRepWithProtocolMappers(clientByClientId, update);
            return Response.ok(DescriptionConverter.toExternalResponse(this.session, update, this.session.getContext().getUri().getAbsolutePathBuilder().path(update.getClientId()).build(new Object[0]))).build();
        } catch (ClientRegistrationException e) {
            ServicesLogger.LOGGER.clientRegistrationException(e.getMessage());
            throw new ErrorResponseException("invalid_client_metadata", "Client metadata invalid", Response.Status.BAD_REQUEST);
        }
    }

    @Path("{clientId}")
    @DELETE
    public void deleteOIDC(@PathParam("clientId") String str) {
        delete(str);
    }

    private void updatePairwiseSubMappers(ClientModel clientModel, SubjectType subjectType, String str) {
        if (subjectType != SubjectType.PAIRWISE) {
            clientModel.getProtocolMappers().stream().filter(protocolMapperModel -> {
                return protocolMapperModel.getProtocolMapper().endsWith(AbstractPairwiseSubMapper.PROVIDER_ID_SUFFIX);
            }).forEach(protocolMapperModel2 -> {
                clientModel.getProtocolMappers().remove(protocolMapperModel2);
            });
            return;
        }
        AtomicBoolean atomicBoolean = new AtomicBoolean(false);
        clientModel.getProtocolMappers().stream().filter(protocolMapperModel3 -> {
            if (!protocolMapperModel3.getProtocolMapper().endsWith(AbstractPairwiseSubMapper.PROVIDER_ID_SUFFIX)) {
                return false;
            }
            atomicBoolean.set(true);
            return true;
        }).forEach(protocolMapperModel4 -> {
            PairwiseSubMapperHelper.setSectorIdentifierUri(protocolMapperModel4, str);
            clientModel.updateProtocolMapper(protocolMapperModel4);
        });
        if (atomicBoolean.get()) {
            return;
        }
        clientModel.addProtocolMapper(RepresentationToModel.toModel(SHA256PairwiseSubMapper.createPairwiseMapper(str, null)));
    }

    private void updateClientRepWithProtocolMappers(ClientModel clientModel, ClientRepresentation clientRepresentation) {
        LinkedList linkedList = new LinkedList();
        Iterator<ProtocolMapperModel> it = clientModel.getProtocolMappers().iterator();
        while (it.hasNext()) {
            linkedList.add(ModelToRepresentation.toRepresentation(it.next()));
        }
        clientRepresentation.setProtocolMappers(linkedList);
    }
}
