package org.keycloak.social.gitlab;

import com.fasterxml.jackson.databind.JsonNode;
import java.io.IOException;
import org.keycloak.broker.oidc.OIDCIdentityProvider;
import org.keycloak.broker.oidc.OIDCIdentityProviderConfig;
import org.keycloak.broker.oidc.mappers.AbstractJsonUserAttributeMapper;
import org.keycloak.broker.provider.BrokeredIdentityContext;
import org.keycloak.broker.provider.util.SimpleHttp;
import org.keycloak.broker.social.SocialIdentityProvider;
import org.keycloak.models.KeycloakSession;
import org.keycloak.representations.AccessTokenResponse;
import org.keycloak.representations.JsonWebToken;
import org.keycloak.services.resources.Cors;

/* loaded from: input_file:org/keycloak/social/gitlab/GitLabIdentityProvider.class */
public class GitLabIdentityProvider extends OIDCIdentityProvider implements SocialIdentityProvider<OIDCIdentityProviderConfig> {
    public static final String AUTH_URL = "https://gitlab.com/oauth/authorize";
    public static final String TOKEN_URL = "https://gitlab.com/oauth/token";
    public static final String USER_INFO = "https://gitlab.com/api/v4/user";
    public static final String API_SCOPE = "api";

    public GitLabIdentityProvider(KeycloakSession keycloakSession, OIDCIdentityProviderConfig oIDCIdentityProviderConfig) {
        super(keycloakSession, oIDCIdentityProviderConfig);
        oIDCIdentityProviderConfig.setAuthorizationUrl(AUTH_URL);
        oIDCIdentityProviderConfig.setTokenUrl(TOKEN_URL);
        oIDCIdentityProviderConfig.setUserInfoUrl(USER_INFO);
        String defaultScope = oIDCIdentityProviderConfig.getDefaultScope();
        if (defaultScope.equals(OIDCIdentityProvider.SCOPE_OPENID)) {
            oIDCIdentityProviderConfig.setDefaultScope(("api " + defaultScope).trim());
        }
    }

    @Override // org.keycloak.broker.oidc.OIDCIdentityProvider
    protected BrokeredIdentityContext extractIdentity(AccessTokenResponse accessTokenResponse, String str, JsonWebToken jsonWebToken) throws IOException {
        String userInfoUrl;
        String subject = jsonWebToken.getSubject();
        BrokeredIdentityContext brokeredIdentityContext = new BrokeredIdentityContext(subject);
        String str2 = (String) jsonWebToken.getOtherClaims().get("name");
        String str3 = (String) jsonWebToken.getOtherClaims().get("nickname");
        String str4 = (String) jsonWebToken.getOtherClaims().get("email");
        if (m93getConfig().getDefaultScope().contains(API_SCOPE) && (userInfoUrl = getUserInfoUrl()) != null && !userInfoUrl.isEmpty() && (subject == null || str2 == null || str3 == null || str4 == null)) {
            JsonNode asJson = SimpleHttp.doGet(userInfoUrl, this.session).header(Cors.AUTHORIZATION_HEADER, "Bearer " + str).asJson();
            str2 = getJsonProperty(asJson, "name");
            str3 = getJsonProperty(asJson, "username");
            str4 = getJsonProperty(asJson, "email");
            AbstractJsonUserAttributeMapper.storeUserProfileForMapper(brokeredIdentityContext, asJson, m93getConfig().getAlias());
        }
        brokeredIdentityContext.getContextData().put(OIDCIdentityProvider.FEDERATED_ACCESS_TOKEN_RESPONSE, accessTokenResponse);
        brokeredIdentityContext.getContextData().put(OIDCIdentityProvider.VALIDATED_ID_TOKEN, jsonWebToken);
        processAccessTokenResponse(brokeredIdentityContext, accessTokenResponse);
        brokeredIdentityContext.setId(subject);
        brokeredIdentityContext.setName(str2);
        brokeredIdentityContext.setEmail(str4);
        brokeredIdentityContext.setBrokerUserId(m93getConfig().getAlias() + "." + subject);
        if (accessTokenResponse.getSessionState() != null) {
            brokeredIdentityContext.setBrokerSessionId(m93getConfig().getAlias() + "." + accessTokenResponse.getSessionState());
        }
        if (str3 == null) {
            str3 = str4;
        }
        if (str3 == null) {
            str3 = subject;
        }
        brokeredIdentityContext.setUsername(str3);
        return brokeredIdentityContext;
    }
}
