package org.keycloak.protocol.saml.mappers;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.jboss.logging.Logger;
import org.keycloak.WebAuthnConstants;
import org.keycloak.dom.saml.v2.assertion.AttributeStatementType;
import org.keycloak.dom.saml.v2.assertion.AttributeType;
import org.keycloak.models.AuthenticatedClientSessionModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.ProtocolMapperContainerModel;
import org.keycloak.models.ProtocolMapperModel;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.UserSessionModel;
import org.keycloak.protocol.ProtocolMapperConfigException;
import org.keycloak.provider.ProviderConfigProperty;
import org.keycloak.scripting.ScriptCompilationException;
import org.keycloak.scripting.ScriptingProvider;

/* loaded from: input_file:org/keycloak/protocol/saml/mappers/ScriptBasedMapper.class */
public class ScriptBasedMapper extends AbstractSAMLProtocolMapper implements SAMLAttributeStatementMapper {
    public static final String PROVIDER_ID = "saml-javascript-mapper";
    private static final String SINGLE_VALUE_ATTRIBUTE = "single";
    private static final List<ProviderConfigProperty> configProperties = new ArrayList();
    private static final Logger LOGGER = Logger.getLogger(ScriptBasedMapper.class);

    public List<ProviderConfigProperty> getConfigProperties() {
        return configProperties;
    }

    public String getId() {
        return PROVIDER_ID;
    }

    public String getDisplayType() {
        return "Javascript Mapper";
    }

    public String getDisplayCategory() {
        return AttributeStatementHelper.ATTRIBUTE_STATEMENT_CATEGORY;
    }

    public String getHelpText() {
        return "Evaluates a JavaScript function to produce an attribute value based on context information.";
    }

    @Override // org.keycloak.protocol.saml.mappers.SAMLAttributeStatementMapper
    public void transformAttributeStatement(AttributeStatementType attributeStatementType, ProtocolMapperModel protocolMapperModel, KeycloakSession keycloakSession, UserSessionModel userSessionModel, AuthenticatedClientSessionModel authenticatedClientSessionModel) {
        UserModel user = userSessionModel.getUser();
        String str = (String) protocolMapperModel.getConfig().get("Script");
        RealmModel realm = userSessionModel.getRealm();
        boolean parseBoolean = Boolean.parseBoolean((String) protocolMapperModel.getConfig().get("single"));
        ScriptingProvider provider = keycloakSession.getProvider(ScriptingProvider.class);
        try {
            Object eval = provider.prepareEvaluatableScript(provider.createScript(realm.getId(), "text/javascript", "attribute-mapper-script_" + protocolMapperModel.getName(), str, (String) null)).eval(bindings -> {
                bindings.put("user", user);
                bindings.put("realm", realm);
                bindings.put("clientSession", authenticatedClientSessionModel);
                bindings.put("userSession", userSessionModel);
                bindings.put("keycloakSession", keycloakSession);
            });
            if (eval.getClass().isArray()) {
                eval = Arrays.asList((Object[]) eval);
            }
            if (!(eval instanceof Iterable)) {
                AttributeStatementHelper.addAttribute(attributeStatementType, protocolMapperModel, eval.toString());
            } else if (parseBoolean) {
                AttributeType createAttributeType = AttributeStatementHelper.createAttributeType(protocolMapperModel);
                attributeStatementType.addAttribute(new AttributeStatementType.ASTChoiceType(createAttributeType));
                Iterator it = ((Iterable) eval).iterator();
                while (it.hasNext()) {
                    createAttributeType.addAttributeValue(it.next());
                }
            } else {
                Iterator it2 = ((Iterable) eval).iterator();
                while (it2.hasNext()) {
                    AttributeStatementHelper.addAttribute(attributeStatementType, protocolMapperModel, it2.next().toString());
                }
            }
        } catch (Exception e) {
            LOGGER.error("Error during execution of ProtocolMapper script", e);
            AttributeStatementHelper.addAttribute(attributeStatementType, protocolMapperModel, null);
        }
    }

    public void validateConfig(KeycloakSession keycloakSession, RealmModel realmModel, ProtocolMapperContainerModel protocolMapperContainerModel, ProtocolMapperModel protocolMapperModel) throws ProtocolMapperConfigException {
        String str = (String) protocolMapperModel.getConfig().get("Script");
        if (str == null) {
            return;
        }
        ScriptingProvider provider = keycloakSession.getProvider(ScriptingProvider.class);
        try {
            provider.prepareEvaluatableScript(provider.createScript(realmModel.getId(), "text/javascript", protocolMapperModel.getName() + "-script", str, ""));
        } catch (ScriptCompilationException e) {
            throw new ProtocolMapperConfigException(WebAuthnConstants.ERROR, "{0}", new Object[]{e.getMessage()});
        }
    }

    public static ProtocolMapperModel create(String str, String str2, String str3, String str4, String str5, boolean z) {
        ProtocolMapperModel createAttributeMapper = AttributeStatementHelper.createAttributeMapper(str, null, str2, str3, str4, PROVIDER_ID);
        Map config = createAttributeMapper.getConfig();
        config.put("Script", str5);
        config.put("single", Boolean.toString(z));
        return createAttributeMapper;
    }

    static {
        ProviderConfigProperty providerConfigProperty = new ProviderConfigProperty();
        providerConfigProperty.setType("Script");
        providerConfigProperty.setLabel("Script");
        providerConfigProperty.setName("Script");
        providerConfigProperty.setHelpText("Script to compute the attribute value. \n Available variables: \n 'user' - the current user.\n 'realm' - the current realm.\n 'clientSession' - the current clientSession.\n 'userSession' - the current userSession.\n 'keycloakSession' - the current keycloakSession.\n\nTo use: the last statement is the value returned to Java.\nThe result will be tested if it can be iterated upon (e.g. an array or a collection).\n - If it is not, toString() will be called on the object to get the value of the attribute\n - If it is, toString() will be called on all elements to return multiple attribute values.\n");
        providerConfigProperty.setDefaultValue("/**\n * Available variables: \n * user - the current user\n * realm - the current realm\n * clientSession - the current clientSession\n * userSession - the current userSession\n * keycloakSession - the current keycloakSession\n */\n\n\n//insert your code here...");
        configProperties.add(providerConfigProperty);
        ProviderConfigProperty providerConfigProperty2 = new ProviderConfigProperty();
        providerConfigProperty2.setName("single");
        providerConfigProperty2.setLabel("Single Value Attribute");
        providerConfigProperty2.setType("boolean");
        providerConfigProperty2.setDefaultValue("true");
        providerConfigProperty2.setHelpText("If true, all values will be stored under one attribute with multiple attribute values.");
        configProperties.add(providerConfigProperty2);
        AttributeStatementHelper.setConfigProperties(configProperties);
    }
}
