package org.keycloak.protocol.oidc;

import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import org.jboss.logging.Logger;
import org.keycloak.common.util.UriUtils;
import org.keycloak.events.EventBuilder;
import org.keycloak.models.ClientModel;
import org.keycloak.models.ClientScopeModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.ProtocolMapperModel;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleModel;
import org.keycloak.models.utils.DefaultClientScopes;
import org.keycloak.models.utils.KeycloakModelUtils;
import org.keycloak.protocol.AbstractLoginProtocolFactory;
import org.keycloak.protocol.LoginProtocol;
import org.keycloak.protocol.oidc.mappers.AddressMapper;
import org.keycloak.protocol.oidc.mappers.FullNameMapper;
import org.keycloak.protocol.oidc.mappers.UserAttributeMapper;
import org.keycloak.protocol.oidc.mappers.UserPropertyMapper;
import org.keycloak.protocol.oidc.mappers.UserSessionNoteMapper;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.services.ServicesLogger;
import org.keycloak.services.resources.Cors;

/* loaded from: input_file:org/keycloak/protocol/oidc/OIDCLoginProtocolFactory.class */
public class OIDCLoginProtocolFactory extends AbstractLoginProtocolFactory {
    public static final String USERNAME = "username";
    public static final String EMAIL = "email";
    public static final String EMAIL_VERIFIED = "email verified";
    public static final String GIVEN_NAME = "given name";
    public static final String FAMILY_NAME = "family name";
    public static final String MIDDLE_NAME = "middle name";
    public static final String NICKNAME = "nickname";
    public static final String PROFILE_CLAIM = "profile";
    public static final String PICTURE = "picture";
    public static final String WEBSITE = "website";
    public static final String GENDER = "gender";
    public static final String BIRTHDATE = "birthdate";
    public static final String ZONEINFO = "zoneinfo";
    public static final String UPDATED_AT = "updated at";
    public static final String FULL_NAME = "full name";
    public static final String LOCALE = "locale";
    public static final String ADDRESS = "address";
    public static final String PHONE_NUMBER = "phone number";
    public static final String PHONE_NUMBER_VERIFIED = "phone number verified";
    public static final String PROFILE_SCOPE_CONSENT_TEXT = "${profileScopeConsentText}";
    public static final String EMAIL_SCOPE_CONSENT_TEXT = "${emailScopeConsentText}";
    public static final String ADDRESS_SCOPE_CONSENT_TEXT = "${addressScopeConsentText}";
    public static final String PHONE_SCOPE_CONSENT_TEXT = "${phoneScopeConsentText}";
    public static final String OFFLINE_ACCESS_SCOPE_CONSENT_TEXT = "${offlineAccessScopeConsentText}";
    private static final Logger logger = Logger.getLogger(OIDCLoginProtocolFactory.class);
    static Map<String, ProtocolMapperModel> builtins = new HashMap();

    /* renamed from: create, reason: merged with bridge method [inline-methods] */
    public LoginProtocol m225create(KeycloakSession keycloakSession) {
        return new OIDCLoginProtocol().m222setSession(keycloakSession);
    }

    public Map<String, ProtocolMapperModel> getBuiltinMappers() {
        return builtins;
    }

    private static void createUserAttributeMapper(String str, String str2, String str3, String str4) {
        builtins.put(str, UserAttributeMapper.createClaimMapper(str, str2, str3, str4, true, true, false));
    }

    protected void createDefaultClientScopesImpl(RealmModel realmModel) {
        ClientScopeModel addClientScope = realmModel.addClientScope(PROFILE_CLAIM);
        addClientScope.setDescription("OpenID Connect built-in scope: profile");
        addClientScope.setDisplayOnConsentScreen(true);
        addClientScope.setConsentScreenText(PROFILE_SCOPE_CONSENT_TEXT);
        addClientScope.setProtocol(getId());
        addClientScope.addProtocolMapper(builtins.get(FULL_NAME));
        addClientScope.addProtocolMapper(builtins.get(FAMILY_NAME));
        addClientScope.addProtocolMapper(builtins.get(GIVEN_NAME));
        addClientScope.addProtocolMapper(builtins.get(MIDDLE_NAME));
        addClientScope.addProtocolMapper(builtins.get(NICKNAME));
        addClientScope.addProtocolMapper(builtins.get("username"));
        addClientScope.addProtocolMapper(builtins.get(PROFILE_CLAIM));
        addClientScope.addProtocolMapper(builtins.get(PICTURE));
        addClientScope.addProtocolMapper(builtins.get(WEBSITE));
        addClientScope.addProtocolMapper(builtins.get(GENDER));
        addClientScope.addProtocolMapper(builtins.get(BIRTHDATE));
        addClientScope.addProtocolMapper(builtins.get(ZONEINFO));
        addClientScope.addProtocolMapper(builtins.get(LOCALE));
        addClientScope.addProtocolMapper(builtins.get(UPDATED_AT));
        ClientScopeModel addClientScope2 = realmModel.addClientScope("email");
        addClientScope2.setDescription("OpenID Connect built-in scope: email");
        addClientScope2.setDisplayOnConsentScreen(true);
        addClientScope2.setConsentScreenText(EMAIL_SCOPE_CONSENT_TEXT);
        addClientScope2.setProtocol(getId());
        addClientScope2.addProtocolMapper(builtins.get("email"));
        addClientScope2.addProtocolMapper(builtins.get(EMAIL_VERIFIED));
        ClientScopeModel addClientScope3 = realmModel.addClientScope(ADDRESS);
        addClientScope3.setDescription("OpenID Connect built-in scope: address");
        addClientScope3.setDisplayOnConsentScreen(true);
        addClientScope3.setConsentScreenText(ADDRESS_SCOPE_CONSENT_TEXT);
        addClientScope3.setProtocol(getId());
        addClientScope3.addProtocolMapper(builtins.get(ADDRESS));
        ClientScopeModel addClientScope4 = realmModel.addClientScope("phone");
        addClientScope4.setDescription("OpenID Connect built-in scope: phone");
        addClientScope4.setDisplayOnConsentScreen(true);
        addClientScope4.setConsentScreenText(PHONE_SCOPE_CONSENT_TEXT);
        addClientScope4.setProtocol(getId());
        addClientScope4.addProtocolMapper(builtins.get(PHONE_NUMBER));
        addClientScope4.addProtocolMapper(builtins.get(PHONE_NUMBER_VERIFIED));
        realmModel.addDefaultClientScope(addClientScope, true);
        realmModel.addDefaultClientScope(addClientScope2, true);
        realmModel.addDefaultClientScope(addClientScope3, false);
        realmModel.addDefaultClientScope(addClientScope4, false);
        RoleModel role = realmModel.getRole("offline_access");
        if (role == null || KeycloakModelUtils.getClientScopeByName(realmModel, "offline_access") != null) {
            return;
        }
        DefaultClientScopes.createOfflineAccessClientScope(realmModel, role);
    }

    protected void addDefaults(ClientModel clientModel) {
    }

    public Object createProtocolEndpoint(RealmModel realmModel, EventBuilder eventBuilder) {
        return new OIDCLoginProtocolService(realmModel, eventBuilder);
    }

    public String getId() {
        return "openid-connect";
    }

    public void setupClientDefaults(ClientRepresentation clientRepresentation, ClientModel clientModel) {
        if (clientRepresentation.getRootUrl() != null && (clientRepresentation.getRedirectUris() == null || clientRepresentation.getRedirectUris().isEmpty())) {
            String rootUrl = clientRepresentation.getRootUrl();
            String str = rootUrl.endsWith("/") ? rootUrl + Cors.ACCESS_CONTROL_ALLOW_ORIGIN_WILDCARD : rootUrl + "/*";
            clientModel.addRedirectUri(str);
            HashSet hashSet = new HashSet();
            String origin = UriUtils.getOrigin(str);
            logger.debugv("adding default client origin: {0}", origin);
            hashSet.add(origin);
            clientModel.setWebOrigins(hashSet);
        }
        if (clientRepresentation.isBearerOnly() == null && clientRepresentation.isPublicClient() == null) {
            clientModel.setPublicClient(true);
        }
        if (clientRepresentation.isBearerOnly() == null) {
            clientModel.setBearerOnly(false);
        }
        if (clientRepresentation.getAdminUrl() == null && clientRepresentation.getRootUrl() != null) {
            clientModel.setManagementUrl(clientRepresentation.getRootUrl());
        }
        if (clientRepresentation.isDirectGrantsOnly() != null) {
            ServicesLogger.LOGGER.usingDeprecatedDirectGrantsOnly();
            clientModel.setStandardFlowEnabled(!clientRepresentation.isDirectGrantsOnly().booleanValue());
            clientModel.setDirectAccessGrantsEnabled(clientRepresentation.isDirectGrantsOnly().booleanValue());
        } else {
            if (clientRepresentation.isStandardFlowEnabled() == null) {
                clientModel.setStandardFlowEnabled(true);
            }
            if (clientRepresentation.isDirectAccessGrantsEnabled() == null) {
                clientModel.setDirectAccessGrantsEnabled(true);
            }
        }
        if (clientRepresentation.isImplicitFlowEnabled() == null) {
            clientModel.setImplicitFlowEnabled(false);
        }
        if (clientRepresentation.isPublicClient() == null) {
            clientModel.setPublicClient(true);
        }
        if (clientRepresentation.isFrontchannelLogout() == null) {
            clientModel.setFrontchannelLogout(false);
        }
    }

    static {
        builtins.put("username", UserPropertyMapper.createClaimMapper("username", "username", "preferred_username", "String", true, true));
        builtins.put("email", UserPropertyMapper.createClaimMapper("email", "email", "email", "String", true, true));
        builtins.put(GIVEN_NAME, UserPropertyMapper.createClaimMapper(GIVEN_NAME, "firstName", "given_name", "String", true, true));
        builtins.put(FAMILY_NAME, UserPropertyMapper.createClaimMapper(FAMILY_NAME, "lastName", "family_name", "String", true, true));
        createUserAttributeMapper(MIDDLE_NAME, "middleName", "middle_name", "String");
        createUserAttributeMapper(NICKNAME, NICKNAME, NICKNAME, "String");
        createUserAttributeMapper(PROFILE_CLAIM, PROFILE_CLAIM, PROFILE_CLAIM, "String");
        createUserAttributeMapper(PICTURE, PICTURE, PICTURE, "String");
        createUserAttributeMapper(WEBSITE, WEBSITE, WEBSITE, "String");
        createUserAttributeMapper(GENDER, GENDER, GENDER, "String");
        createUserAttributeMapper(BIRTHDATE, BIRTHDATE, BIRTHDATE, "String");
        createUserAttributeMapper(ZONEINFO, ZONEINFO, ZONEINFO, "String");
        createUserAttributeMapper(UPDATED_AT, "updatedAt", "updated_at", "String");
        createUserAttributeMapper(LOCALE, LOCALE, LOCALE, "String");
        createUserAttributeMapper(PHONE_NUMBER, "phoneNumber", "phone_number", "String");
        createUserAttributeMapper(PHONE_NUMBER_VERIFIED, "phoneNumberVerified", "phone_number_verified", "boolean");
        builtins.put(EMAIL_VERIFIED, UserPropertyMapper.createClaimMapper(EMAIL_VERIFIED, "emailVerified", "email_verified", "boolean", true, true));
        builtins.put(FULL_NAME, FullNameMapper.create(FULL_NAME, true, true, true));
        builtins.put(ADDRESS, AddressMapper.createAddressMapper());
        builtins.put("gss_delegation_credential", UserSessionNoteMapper.createClaimMapper("gss delegation credential", "gss_delegation_credential", "gss_delegation_credential", "String", true, false));
    }
}
