package org.keycloak.broker.saml.mappers;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
import java.util.function.UnaryOperator;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.keycloak.broker.provider.AbstractIdentityProviderMapper;
import org.keycloak.broker.provider.BrokeredIdentityContext;
import org.keycloak.broker.saml.SAMLEndpoint;
import org.keycloak.dom.saml.v2.assertion.AssertionType;
import org.keycloak.dom.saml.v2.assertion.AttributeStatementType;
import org.keycloak.dom.saml.v2.assertion.AttributeType;
import org.keycloak.models.IdentityProviderMapperModel;
import org.keycloak.models.IdentityProviderSyncMode;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.utils.KeycloakModelUtils;
import org.keycloak.provider.ProviderConfigProperty;

/* loaded from: input_file:org/keycloak/broker/saml/mappers/UsernameTemplateMapper.class */
public class UsernameTemplateMapper extends AbstractIdentityProviderMapper {
    public static final String TEMPLATE = "template";
    public static final String TARGET = "target";
    public static final String PROVIDER_ID = "saml-username-idp-mapper";
    private static final Pattern SUBSTITUTION;
    public static final String[] COMPATIBLE_PROVIDERS = {"saml"};
    public static final List<String> TARGETS = Arrays.asList(Target.LOCAL.toString(), Target.BROKER_ID.toString(), Target.BROKER_USERNAME.toString());
    public static final Map<String, UnaryOperator<String>> TRANSFORMERS = new HashMap();
    private static final List<ProviderConfigProperty> configProperties = new ArrayList();
    private static final Set<IdentityProviderSyncMode> IDENTITY_PROVIDER_SYNC_MODES = new HashSet(Arrays.asList(IdentityProviderSyncMode.values()));

    /* loaded from: input_file:org/keycloak/broker/saml/mappers/UsernameTemplateMapper$Target.class */
    public enum Target {
        LOCAL { // from class: org.keycloak.broker.saml.mappers.UsernameTemplateMapper.Target.1
            @Override // org.keycloak.broker.saml.mappers.UsernameTemplateMapper.Target
            public void set(BrokeredIdentityContext brokeredIdentityContext, String str) {
                brokeredIdentityContext.setModelUsername(str);
            }
        },
        BROKER_ID { // from class: org.keycloak.broker.saml.mappers.UsernameTemplateMapper.Target.2
            @Override // org.keycloak.broker.saml.mappers.UsernameTemplateMapper.Target
            public void set(BrokeredIdentityContext brokeredIdentityContext, String str) {
                brokeredIdentityContext.setId(str);
            }
        },
        BROKER_USERNAME { // from class: org.keycloak.broker.saml.mappers.UsernameTemplateMapper.Target.3
            @Override // org.keycloak.broker.saml.mappers.UsernameTemplateMapper.Target
            public void set(BrokeredIdentityContext brokeredIdentityContext, String str) {
                brokeredIdentityContext.setUsername(str);
            }
        };

        public abstract void set(BrokeredIdentityContext brokeredIdentityContext, String str);
    }

    public boolean supportsSyncMode(IdentityProviderSyncMode identityProviderSyncMode) {
        return IDENTITY_PROVIDER_SYNC_MODES.contains(identityProviderSyncMode);
    }

    public List<ProviderConfigProperty> getConfigProperties() {
        return configProperties;
    }

    public String getId() {
        return PROVIDER_ID;
    }

    public String[] getCompatibleProviders() {
        return COMPATIBLE_PROVIDERS;
    }

    public String getDisplayCategory() {
        return "Preprocessor";
    }

    public String getDisplayType() {
        return "Username Template Importer";
    }

    public void updateBrokeredUserLegacy(KeycloakSession keycloakSession, RealmModel realmModel, UserModel userModel, IdentityProviderMapperModel identityProviderMapperModel, BrokeredIdentityContext brokeredIdentityContext) {
    }

    public void updateBrokeredUser(KeycloakSession keycloakSession, RealmModel realmModel, UserModel userModel, IdentityProviderMapperModel identityProviderMapperModel, BrokeredIdentityContext brokeredIdentityContext) {
        if (getTarget((String) identityProviderMapperModel.getConfig().get(TARGET)) != Target.LOCAL || realmModel.isRegistrationEmailAsUsername()) {
            return;
        }
        userModel.setUsername(brokeredIdentityContext.getModelUsername());
    }

    public void preprocessFederatedIdentity(KeycloakSession keycloakSession, RealmModel realmModel, IdentityProviderMapperModel identityProviderMapperModel, BrokeredIdentityContext brokeredIdentityContext) {
        setUserNameFromTemplate(identityProviderMapperModel, brokeredIdentityContext);
    }

    private void setUserNameFromTemplate(IdentityProviderMapperModel identityProviderMapperModel, BrokeredIdentityContext brokeredIdentityContext) {
        AssertionType assertionType = (AssertionType) brokeredIdentityContext.getContextData().get(SAMLEndpoint.SAML_ASSERTION);
        Matcher matcher = SUBSTITUTION.matcher((String) identityProviderMapperModel.getConfig().get("template"));
        StringBuffer stringBuffer = new StringBuffer();
        while (matcher.find()) {
            String group = matcher.group(1);
            Optional ofNullable = Optional.ofNullable(matcher.group(2));
            Map<String, UnaryOperator<String>> map = TRANSFORMERS;
            map.getClass();
            UnaryOperator unaryOperator = (UnaryOperator) ofNullable.map((v1) -> {
                return r1.get(v1);
            }).orElse(UnaryOperator.identity());
            if (group.equals("ALIAS")) {
                matcher.appendReplacement(stringBuffer, (String) unaryOperator.apply(brokeredIdentityContext.getIdpConfig().getAlias()));
            } else if (group.equals("UUID")) {
                matcher.appendReplacement(stringBuffer, (String) unaryOperator.apply(KeycloakModelUtils.generateId()));
            } else if (group.equals("NAMEID")) {
                matcher.appendReplacement(stringBuffer, (String) unaryOperator.apply(assertionType.getSubject().getSubType().getBaseID().getValue()));
            } else if (group.startsWith("ATTRIBUTE.")) {
                String substring = group.substring("ATTRIBUTE.".length());
                String str = "";
                Iterator it = assertionType.getAttributeStatements().iterator();
                while (it.hasNext()) {
                    Iterator it2 = ((AttributeStatementType) it.next()).getAttributes().iterator();
                    while (it2.hasNext()) {
                        AttributeType attribute = ((AttributeStatementType.ASTChoiceType) it2.next()).getAttribute();
                        if (substring.equals(attribute.getName()) || substring.equals(attribute.getFriendlyName())) {
                            List attributeValue = attribute.getAttributeValue();
                            if (attributeValue != null && !attributeValue.isEmpty()) {
                                str = attributeValue.get(0).toString();
                            }
                        }
                    }
                }
                matcher.appendReplacement(stringBuffer, (String) unaryOperator.apply(str));
            } else {
                matcher.appendReplacement(stringBuffer, matcher.group(1));
            }
        }
        matcher.appendTail(stringBuffer);
        getTarget((String) identityProviderMapperModel.getConfig().get(TARGET)).set(brokeredIdentityContext, stringBuffer.toString());
    }

    public String getHelpText() {
        return "Format the username to import.";
    }

    public static Target getTarget(String str) {
        try {
            return str == null ? Target.LOCAL : Target.valueOf(str);
        } catch (IllegalArgumentException e) {
            return Target.LOCAL;
        }
    }

    static {
        ProviderConfigProperty providerConfigProperty = new ProviderConfigProperty();
        providerConfigProperty.setName("template");
        providerConfigProperty.setLabel("Template");
        providerConfigProperty.setHelpText("Template to use to format the username to import.  Substitutions are enclosed in ${}.  For example: '${ALIAS}.${NAMEID}'.  ALIAS is the provider alias.  NAMEID is that SAML name id assertion.  ATTRIBUTE.<NAME> references a SAML attribute where name is the attribute name or friendly name. \nThe substitution can be converted to upper or lower case by appending |uppercase or |lowercase to the substituted value, e.g. '${NAMEID | lowercase}");
        providerConfigProperty.setType("String");
        providerConfigProperty.setDefaultValue("${ALIAS}.${NAMEID}");
        configProperties.add(providerConfigProperty);
        ProviderConfigProperty providerConfigProperty2 = new ProviderConfigProperty();
        providerConfigProperty2.setName(TARGET);
        providerConfigProperty2.setLabel("Target");
        providerConfigProperty2.setHelpText("Destination field for the mapper. LOCAL (default) means that the changes are applied to the username stored in local database upon user import. BROKER_ID and BROKER_USERNAME means that the changes are stored into the ID or username used for federation user lookup, respectively.");
        providerConfigProperty2.setType("List");
        providerConfigProperty2.setOptions(TARGETS);
        providerConfigProperty2.setDefaultValue(Target.LOCAL.toString());
        configProperties.add(providerConfigProperty2);
        TRANSFORMERS.put("uppercase", (v0) -> {
            return v0.toUpperCase();
        });
        TRANSFORMERS.put("lowercase", (v0) -> {
            return v0.toLowerCase();
        });
        SUBSTITUTION = Pattern.compile("\\$\\{([^}]+?)(?:\\s*\\|\\s*(\\S+)\\s*)?\\}");
    }
}
