package org.keycloak.protocol.oidc.mappers;

import java.util.List;
import org.jboss.logging.Logger;
import org.keycloak.common.Profile;
import org.keycloak.models.ClientSessionContext;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.ProtocolMapperContainerModel;
import org.keycloak.models.ProtocolMapperModel;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.UserSessionModel;
import org.keycloak.protocol.ProtocolMapperConfigException;
import org.keycloak.protocol.ProtocolMapperUtils;
import org.keycloak.protocol.oidc.utils.OIDCResponseType;
import org.keycloak.provider.EnvironmentDependentProviderFactory;
import org.keycloak.provider.ProviderConfigProperty;
import org.keycloak.provider.ProviderConfigurationBuilder;
import org.keycloak.representations.IDToken;
import org.keycloak.scripting.ScriptCompilationException;
import org.keycloak.scripting.ScriptingProvider;
import org.keycloak.social.stackoverflow.StackoverflowIdentityProvider;

/* loaded from: input_file:org/keycloak/protocol/oidc/mappers/ScriptBasedOIDCProtocolMapper.class */
public class ScriptBasedOIDCProtocolMapper extends AbstractOIDCProtocolMapper implements OIDCAccessTokenMapper, OIDCIDTokenMapper, UserInfoTokenMapper, EnvironmentDependentProviderFactory {
    public static final String PROVIDER_ID = "oidc-script-based-protocol-mapper";
    private static final Logger LOGGER = Logger.getLogger(ScriptBasedOIDCProtocolMapper.class);
    private static final String SCRIPT = "script";
    private static final List<ProviderConfigProperty> configProperties = ProviderConfigurationBuilder.create().property().name(SCRIPT).type("Script").label("Script").helpText("Script to compute the claim value. \n Available variables: \n 'user' - the current user.\n 'realm' - the current realm.\n 'token' - the current token.\n 'userSession' - the current userSession.\n 'keycloakSession' - the current keycloakSession.\n").defaultValue("/**\n * Available variables: \n * user - the current user\n * realm - the current realm\n * token - the current token\n * userSession - the current userSession\n * keycloakSession - the current keycloakSession\n */\n\n\n//insert your code here...").add().property().name(ProtocolMapperUtils.MULTIVALUED).label(ProtocolMapperUtils.MULTIVALUED_LABEL).helpText(ProtocolMapperUtils.MULTIVALUED_HELP_TEXT).type("boolean").defaultValue(false).add().build();

    public List<ProviderConfigProperty> getConfigProperties() {
        return configProperties;
    }

    public String getId() {
        return PROVIDER_ID;
    }

    public String getDisplayType() {
        return "Script Mapper";
    }

    public String getDisplayCategory() {
        return AbstractOIDCProtocolMapper.TOKEN_MAPPER_CATEGORY;
    }

    public String getHelpText() {
        return "Evaluates a JavaScript function to produce a token claim based on context information.";
    }

    public boolean isSupported() {
        return Profile.isFeatureEnabled(Profile.Feature.SCRIPTS) && Profile.isFeatureEnabled(Profile.Feature.UPLOAD_SCRIPTS);
    }

    public int getPriority() {
        return 50;
    }

    @Override // org.keycloak.protocol.oidc.mappers.AbstractOIDCProtocolMapper
    protected void setClaim(IDToken iDToken, ProtocolMapperModel protocolMapperModel, UserSessionModel userSessionModel, KeycloakSession keycloakSession, ClientSessionContext clientSessionContext) {
        Object obj;
        UserModel user = userSessionModel.getUser();
        String scriptCode = getScriptCode(protocolMapperModel);
        RealmModel realm = userSessionModel.getRealm();
        ScriptingProvider provider = keycloakSession.getProvider(ScriptingProvider.class);
        try {
            obj = provider.prepareEvaluatableScript(provider.createScript(realm.getId(), "text/javascript", "token-mapper-script_" + protocolMapperModel.getName(), scriptCode, (String) null)).eval(bindings -> {
                bindings.put("user", user);
                bindings.put("realm", realm);
                bindings.put(OIDCResponseType.TOKEN, iDToken);
                bindings.put("userSession", userSessionModel);
                bindings.put("keycloakSession", keycloakSession);
            });
        } catch (Exception e) {
            LOGGER.error("Error during execution of ProtocolMapper script", e);
            obj = null;
        }
        OIDCAttributeMapperHelper.mapClaim(iDToken, protocolMapperModel, obj);
    }

    public void validateConfig(KeycloakSession keycloakSession, RealmModel realmModel, ProtocolMapperContainerModel protocolMapperContainerModel, ProtocolMapperModel protocolMapperModel) throws ProtocolMapperConfigException {
        String scriptCode = getScriptCode(protocolMapperModel);
        if (scriptCode == null) {
            return;
        }
        ScriptingProvider provider = keycloakSession.getProvider(ScriptingProvider.class);
        try {
            provider.prepareEvaluatableScript(provider.createScript(realmModel.getId(), "text/javascript", protocolMapperModel.getName() + "-script", scriptCode, StackoverflowIdentityProvider.DEFAULT_SCOPE));
        } catch (ScriptCompilationException e) {
            throw new ProtocolMapperConfigException("error", "{0}", new Object[]{e.getMessage()});
        }
    }

    protected String getScriptCode(ProtocolMapperModel protocolMapperModel) {
        return (String) protocolMapperModel.getConfig().get(SCRIPT);
    }

    public static ProtocolMapperModel create(String str, String str2, String str3, String str4, boolean z, boolean z2, String str5, boolean z3) {
        ProtocolMapperModel createClaimMapper = OIDCAttributeMapperHelper.createClaimMapper(str, str2, str3, str4, z, z2, PROVIDER_ID);
        createClaimMapper.getConfig().put(SCRIPT, str5);
        createClaimMapper.getConfig().put(ProtocolMapperUtils.MULTIVALUED, String.valueOf(z3));
        return createClaimMapper;
    }

    static {
        OIDCAttributeMapperHelper.addAttributeConfig(configProperties, UserPropertyMapper.class);
    }
}
