package org.keycloak.protocol.oidc.mappers;

import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
import org.keycloak.models.ProtocolMapperModel;
import org.keycloak.protocol.ProtocolMapperUtils;
import org.keycloak.protocol.oidc.OIDCLoginProtocolFactory;
import org.keycloak.protocol.saml.SamlProtocol;
import org.keycloak.representations.AccessToken;
import org.keycloak.representations.IDToken;

/* loaded from: input_file:org/keycloak/protocol/oidc/mappers/AbstractUserRoleMappingMapper.class */
abstract class AbstractUserRoleMappingMapper extends AbstractOIDCProtocolMapper implements OIDCAccessTokenMapper, OIDCIDTokenMapper, UserInfoTokenMapper {
    private static final Pattern CLIENT_ID_PATTERN = Pattern.compile("\\$\\{client_id\\}");
    private static final Pattern DOT_PATTERN = Pattern.compile("\\.");
    private static final String DOT_REPLACEMENT = "\\\\\\\\.";

    public int getPriority() {
        return 40;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void setClaim(IDToken iDToken, ProtocolMapperModel protocolMapperModel, Set<String> set, String str, String str2) {
        Object obj = (str2 == null || str2.isEmpty()) ? set : (Set) set.stream().map(str3 -> {
            return str2 + str3;
        }).collect(Collectors.toSet());
        Object obj2 = obj;
        if (!SamlProtocol.ATTRIBUTE_TRUE_VALUE.equals(protocolMapperModel.getConfig().get(ProtocolMapperUtils.MULTIVALUED))) {
            obj2 = obj.toString();
        }
        mapClaim(iDToken, protocolMapperModel, obj2, str);
    }

    private static void mapClaim(IDToken iDToken, ProtocolMapperModel protocolMapperModel, Object obj, String str) {
        Object mapAttributeValue = OIDCAttributeMapperHelper.mapAttributeValue(protocolMapperModel, obj);
        if (mapAttributeValue == null) {
            return;
        }
        String str2 = (String) protocolMapperModel.getConfig().get(OIDCAttributeMapperHelper.TOKEN_CLAIM_NAME);
        if (str2 == null) {
            return;
        }
        if (str != null) {
            str2 = CLIENT_ID_PATTERN.matcher(str2).replaceAll(DOT_PATTERN.matcher(str).replaceAll(DOT_REPLACEMENT));
        }
        List<String> splitClaimPath = OIDCAttributeMapperHelper.splitClaimPath(str2);
        if (checkAccessToken(iDToken, splitClaimPath, mapAttributeValue)) {
            return;
        }
        int size = splitClaimPath.size();
        int i = 0;
        Map otherClaims = iDToken.getOtherClaims();
        for (String str3 : splitClaimPath) {
            i++;
            if (i == size) {
                Object obj2 = otherClaims.get(str3);
                if (obj2 != null && (obj2 instanceof Collection) && (mapAttributeValue instanceof Collection)) {
                    ((Collection) obj2).addAll((Collection) mapAttributeValue);
                } else {
                    otherClaims.put(str3, mapAttributeValue);
                }
            } else {
                Map map = (Map) otherClaims.get(str3);
                if (map == null) {
                    map = new HashMap();
                    otherClaims.put(str3, map);
                }
                otherClaims = map;
            }
        }
    }

    private static boolean checkAccessToken(IDToken iDToken, List<String> list, Object obj) {
        AccessToken.Access addAccess;
        if (!(iDToken instanceof AccessToken) || !(obj instanceof Collection)) {
            return false;
        }
        Collection collection = (Collection) obj;
        AccessToken accessToken = (AccessToken) iDToken;
        if (list.size() == 2 && "realm_access".equals(list.get(0)) && OIDCLoginProtocolFactory.ROLES_SCOPE.equals(list.get(1))) {
            addAccess = accessToken.getRealmAccess();
            if (addAccess == null) {
                addAccess = new AccessToken.Access();
                accessToken.setRealmAccess(addAccess);
            }
        } else {
            if (list.size() != 3 || !"resource_access".equals(list.get(0)) || !OIDCLoginProtocolFactory.ROLES_SCOPE.equals(list.get(2))) {
                return false;
            }
            addAccess = accessToken.addAccess(list.get(1));
        }
        Iterator it = collection.iterator();
        while (it.hasNext()) {
            addAccess.addRole((String) it.next());
        }
        return true;
    }
}
