package org.keycloak.social.linkedin;

import com.fasterxml.jackson.databind.JsonNode;
import java.net.MalformedURLException;
import java.net.URL;
import java.net.URLDecoder;
import org.jboss.logging.Logger;
import org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider;
import org.keycloak.broker.oidc.OAuth2IdentityProviderConfig;
import org.keycloak.broker.oidc.mappers.AbstractJsonUserAttributeMapper;
import org.keycloak.broker.provider.BrokeredIdentityContext;
import org.keycloak.broker.provider.IdentityBrokerException;
import org.keycloak.broker.provider.util.SimpleHttp;
import org.keycloak.broker.social.SocialIdentityProvider;
import org.keycloak.events.EventBuilder;
import org.keycloak.models.KeycloakSession;
import org.keycloak.services.resources.Cors;

/* loaded from: input_file:org/keycloak/social/linkedin/LinkedInIdentityProvider.class */
public class LinkedInIdentityProvider extends AbstractOAuth2IdentityProvider<OAuth2IdentityProviderConfig> implements SocialIdentityProvider<OAuth2IdentityProviderConfig> {
    private static final Logger log = Logger.getLogger(LinkedInIdentityProvider.class);
    public static final String AUTH_URL = "https://www.linkedin.com/oauth/v2/authorization";
    public static final String TOKEN_URL = "https://www.linkedin.com/oauth/v2/accessToken";
    public static final String PROFILE_URL = "https://api.linkedin.com/v1/people/~:(id,formatted-name,email-address,public-profile-url)?format=json";
    public static final String DEFAULT_SCOPE = "r_basicprofile r_emailaddress";

    public LinkedInIdentityProvider(KeycloakSession keycloakSession, OAuth2IdentityProviderConfig oAuth2IdentityProviderConfig) {
        super(keycloakSession, oAuth2IdentityProviderConfig);
        oAuth2IdentityProviderConfig.setAuthorizationUrl(AUTH_URL);
        oAuth2IdentityProviderConfig.setTokenUrl(TOKEN_URL);
        oAuth2IdentityProviderConfig.setUserInfoUrl(PROFILE_URL);
    }

    @Override // org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider
    protected boolean supportsExternalExchange() {
        return true;
    }

    @Override // org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider
    protected String getProfileEndpointForValidation(EventBuilder eventBuilder) {
        return PROFILE_URL;
    }

    @Override // org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider
    protected BrokeredIdentityContext extractIdentityFromProfile(EventBuilder eventBuilder, JsonNode jsonNode) {
        BrokeredIdentityContext brokeredIdentityContext = new BrokeredIdentityContext(getJsonProperty(jsonNode, "id"));
        brokeredIdentityContext.setUsername(extractUsernameFromProfileURL(getJsonProperty(jsonNode, "publicProfileUrl")));
        brokeredIdentityContext.setName(getJsonProperty(jsonNode, "formattedName"));
        brokeredIdentityContext.setEmail(getJsonProperty(jsonNode, "emailAddress"));
        brokeredIdentityContext.setIdpConfig(m106getConfig());
        brokeredIdentityContext.setIdp(this);
        AbstractJsonUserAttributeMapper.storeUserProfileForMapper(brokeredIdentityContext, jsonNode, m106getConfig().getAlias());
        return brokeredIdentityContext;
    }

    @Override // org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider
    protected BrokeredIdentityContext doGetFederatedIdentity(String str) {
        log.debug("doGetFederatedIdentity()");
        try {
            return extractIdentityFromProfile(null, SimpleHttp.doGet(PROFILE_URL, this.session).header(Cors.AUTHORIZATION_HEADER, "Bearer " + str).asJson());
        } catch (Exception e) {
            throw new IdentityBrokerException("Could not obtain user profile from linkedIn.", e);
        }
    }

    protected static String extractUsernameFromProfileURL(String str) {
        if (!isNotBlank(str)) {
            return null;
        }
        try {
            log.debug("go to extract username from profile URL " + str);
            String path = new URL(str).getPath();
            if (!isNotBlank(path) || path.length() <= 1) {
                log.warn("LinkedIn profile URL is without path part: " + str);
            } else {
                if (path.startsWith("/")) {
                    path = path.substring(1);
                }
                String[] split = path.split("/");
                if (split.length >= 2) {
                    return URLDecoder.decode(split[1], "UTF-8");
                }
                log.warn("LinkedIn profile URL path is without second part: " + str);
            }
            return null;
        } catch (MalformedURLException e) {
            log.warn("LinkedIn profile URL is malformed: " + str);
            return null;
        } catch (Exception e2) {
            log.warn("LinkedIn profile URL " + str + " username extraction failed due: " + e2.getMessage());
            return null;
        }
    }

    private static boolean isNotBlank(String str) {
        return str != null && str.trim().length() > 0;
    }

    @Override // org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider
    protected String getDefaultScopes() {
        return DEFAULT_SCOPE;
    }
}
