package org.keycloak.social.openshift;

import com.fasterxml.jackson.databind.JsonNode;
import java.io.IOException;
import java.util.Optional;
import org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider;
import org.keycloak.broker.oidc.mappers.AbstractJsonUserAttributeMapper;
import org.keycloak.broker.provider.BrokeredIdentityContext;
import org.keycloak.broker.provider.IdentityBrokerException;
import org.keycloak.broker.provider.util.SimpleHttp;
import org.keycloak.broker.social.SocialIdentityProvider;
import org.keycloak.events.EventBuilder;
import org.keycloak.models.KeycloakSession;
import org.keycloak.services.resources.Cors;

/* loaded from: input_file:org/keycloak/social/openshift/OpenshiftV3IdentityProvider.class */
public class OpenshiftV3IdentityProvider extends AbstractOAuth2IdentityProvider<OpenshiftV3IdentityProviderConfig> implements SocialIdentityProvider<OpenshiftV3IdentityProviderConfig> {
    public static final String BASE_URL = "https://api.preview.openshift.com";
    private static final String AUTH_RESOURCE = "/oauth/authorize";
    private static final String TOKEN_RESOURCE = "/oauth/token";
    private static final String PROFILE_RESOURCE = "/oapi/v1/users/~";
    private static final String DEFAULT_SCOPE = "user:info";

    public OpenshiftV3IdentityProvider(KeycloakSession keycloakSession, OpenshiftV3IdentityProviderConfig openshiftV3IdentityProviderConfig) {
        super(keycloakSession, openshiftV3IdentityProviderConfig);
        String str = (String) Optional.ofNullable(openshiftV3IdentityProviderConfig.getBaseUrl()).orElse(BASE_URL);
        openshiftV3IdentityProviderConfig.setAuthorizationUrl(str + AUTH_RESOURCE);
        openshiftV3IdentityProviderConfig.setTokenUrl(str + TOKEN_RESOURCE);
        openshiftV3IdentityProviderConfig.setUserInfoUrl(str + PROFILE_RESOURCE);
    }

    @Override // org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider
    protected String getDefaultScopes() {
        return DEFAULT_SCOPE;
    }

    @Override // org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider
    protected BrokeredIdentityContext doGetFederatedIdentity(String str) {
        try {
            JsonNode fetchProfile = fetchProfile(str);
            BrokeredIdentityContext extractUserContext = extractUserContext(fetchProfile.get("metadata"));
            AbstractJsonUserAttributeMapper.storeUserProfileForMapper(extractUserContext, fetchProfile, m93getConfig().getAlias());
            return extractUserContext;
        } catch (Exception e) {
            throw new IdentityBrokerException("Could not obtain user profile from Openshift.", e);
        }
    }

    private BrokeredIdentityContext extractUserContext(JsonNode jsonNode) {
        BrokeredIdentityContext brokeredIdentityContext = new BrokeredIdentityContext(getJsonProperty(jsonNode, "uid"));
        brokeredIdentityContext.setUsername(getJsonProperty(jsonNode, "name"));
        brokeredIdentityContext.setName(getJsonProperty(jsonNode, "fullName"));
        brokeredIdentityContext.setIdpConfig(m93getConfig());
        brokeredIdentityContext.setIdp(this);
        return brokeredIdentityContext;
    }

    private JsonNode fetchProfile(String str) throws IOException {
        return SimpleHttp.doGet(m93getConfig().getUserInfoUrl(), this.session).header(Cors.AUTHORIZATION_HEADER, "Bearer " + str).asJson();
    }

    @Override // org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider
    protected boolean supportsExternalExchange() {
        return true;
    }

    @Override // org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider
    protected String getProfileEndpointForValidation(EventBuilder eventBuilder) {
        return m93getConfig().getUserInfoUrl();
    }

    @Override // org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider
    protected BrokeredIdentityContext extractIdentityFromProfile(EventBuilder eventBuilder, JsonNode jsonNode) {
        BrokeredIdentityContext extractUserContext = extractUserContext(jsonNode.get("metadata"));
        AbstractJsonUserAttributeMapper.storeUserProfileForMapper(extractUserContext, jsonNode, m93getConfig().getAlias());
        return extractUserContext;
    }
}
