package org.keycloak.storage.openshift;

import com.openshift.restclient.IClient;
import com.openshift.restclient.model.IResource;
import java.io.IOException;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import java.util.function.Consumer;
import java.util.function.Supplier;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.keycloak.models.ClientModel;
import org.keycloak.models.ClientScopeModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.ProtocolMapperModel;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleModel;
import org.keycloak.models.utils.KeycloakModelUtils;
import org.keycloak.models.utils.ModelToRepresentation;
import org.keycloak.models.utils.RepresentationToModel;
import org.keycloak.protocol.oidc.mappers.OIDCAttributeMapperHelper;
import org.keycloak.protocol.oidc.mappers.UserPropertyMapper;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.social.openshift.OpenshiftV4IdentityProvider;
import org.keycloak.storage.client.AbstractReadOnlyClientScopeAdapter;
import org.keycloak.storage.client.AbstractReadOnlyClientStorageAdapter;
import org.keycloak.storage.client.ClientStorageProviderModel;
import org.keycloak.util.JsonSerialization;

/* loaded from: input_file:org/keycloak/storage/openshift/OpenshiftSAClientAdapter.class */
public final class OpenshiftSAClientAdapter extends AbstractReadOnlyClientStorageAdapter {
    private static final String ANNOTATION_OAUTH_REDIRECT_URI = "serviceaccounts.openshift.io/oauth-redirecturi";
    private static final String ANNOTATION_OAUTH_REDIRECT_REFERENCE = "serviceaccounts.openshift.io/oauth-redirectreference";
    private static final Pattern ROLE_SCOPE_PATTERN = Pattern.compile("role:([^:]+):([^:!]+)(:[!])?");
    private static final Set<String> OPTIONAL_SCOPES = (Set) Stream.of((Object[]) new String[]{OpenshiftV4IdentityProvider.DEFAULT_SCOPE, "user:check-access"}).collect(Collectors.toSet());
    private final IResource resource;
    private final String clientId;
    private final IClient client;
    private final ClientRepresentation defaultConfig;

    private static Set<ProtocolMapperModel> createDefaultProtocolMappers() {
        HashSet hashSet = new HashSet();
        ProtocolMapperModel createClaimMapper = OIDCAttributeMapperHelper.createClaimMapper("username", "username", "preferred_username", "string", true, true, UserPropertyMapper.PROVIDER_ID);
        createClaimMapper.setId(KeycloakModelUtils.generateId());
        hashSet.add(createClaimMapper);
        return hashSet;
    }

    public OpenshiftSAClientAdapter(String str, IResource iResource, IClient iClient, KeycloakSession keycloakSession, RealmModel realmModel, ClientStorageProviderModel clientStorageProviderModel) {
        super(keycloakSession, realmModel, clientStorageProviderModel);
        this.defaultConfig = new ClientRepresentation();
        this.resource = iResource;
        this.clientId = str;
        this.client = iClient;
    }

    public String getClientId() {
        return this.clientId;
    }

    public String getName() {
        return this.resource.getName();
    }

    public String getDescription() {
        Supplier supplier = () -> {
            return this.defaultConfig.getDescription();
        };
        ClientRepresentation clientRepresentation = this.defaultConfig;
        clientRepresentation.getClass();
        return (String) getConfigOrDefault((Supplier<Consumer>) supplier, (Consumer<Consumer>) clientRepresentation::setDescription, (Consumer) (this.resource.getKind() + " " + this.resource.getName() + " from namespace " + this.resource.getNamespace().getName()));
    }

    public boolean isEnabled() {
        Supplier supplier = () -> {
            return this.defaultConfig.isEnabled();
        };
        ClientRepresentation clientRepresentation = this.defaultConfig;
        clientRepresentation.getClass();
        return ((Boolean) getConfigOrDefault((Supplier<Consumer>) supplier, (Consumer<Consumer>) clientRepresentation::setEnabled, (Consumer) true)).booleanValue();
    }

    public boolean isAlwaysDisplayInConsole() {
        Supplier supplier = () -> {
            return this.defaultConfig.isAlwaysDisplayInConsole();
        };
        ClientRepresentation clientRepresentation = this.defaultConfig;
        clientRepresentation.getClass();
        return ((Boolean) getConfigOrDefault((Supplier<Consumer>) supplier, (Consumer<Consumer>) clientRepresentation::setAlwaysDisplayInConsole, (Consumer) false)).booleanValue();
    }

    public Set<String> getWebOrigins() {
        Supplier supplier = () -> {
            return this.defaultConfig.getWebOrigins();
        };
        ClientRepresentation clientRepresentation = this.defaultConfig;
        clientRepresentation.getClass();
        return new HashSet((Collection) getConfigOrDefault((Supplier<Consumer>) supplier, (Consumer<Consumer>) clientRepresentation::setWebOrigins, (Consumer) Collections.emptyList()));
    }

    public Set<String> getRedirectUris() {
        return new HashSet((Collection) getConfigOrDefault(() -> {
            return this.defaultConfig.getRedirectUris();
        }, list -> {
            this.defaultConfig.setRedirectUris(list);
        }, () -> {
            return (List) this.resource.getAnnotations().entrySet().stream().filter(entry -> {
                return ((String) entry.getKey()).startsWith(ANNOTATION_OAUTH_REDIRECT_URI) || ((String) entry.getKey()).startsWith(ANNOTATION_OAUTH_REDIRECT_REFERENCE);
            }).map(entry2 -> {
                if (((String) entry2.getKey()).startsWith(ANNOTATION_OAUTH_REDIRECT_URI)) {
                    return (String) entry2.getValue();
                }
                try {
                    Map map = (Map) ((Map) JsonSerialization.readValue((String) entry2.getValue(), Map.class)).get("reference");
                    String str = (String) map.get("kind");
                    if (!"Route".equals(str)) {
                        throw new IllegalArgumentException("Only route references are supported for serviceaccounts.openshift.io/oauth-redirectreference");
                    }
                    StringBuilder sb = new StringBuilder(this.client.get(str, (String) map.get("name"), this.resource.getNamespace().getName()).getURL());
                    if (sb.charAt(sb.length() - 1) != '/') {
                        sb.append('/');
                    }
                    return sb.append('*').toString();
                } catch (IOException e) {
                    throw new RuntimeException("Failed to parse annotation [serviceaccounts.openshift.io/oauth-redirectreference]", e);
                }
            }).collect(Collectors.toList());
        }));
    }

    public String getManagementUrl() {
        return null;
    }

    public String getRootUrl() {
        return null;
    }

    public String getBaseUrl() {
        return null;
    }

    public boolean isBearerOnly() {
        return false;
    }

    public int getNodeReRegistrationTimeout() {
        return 0;
    }

    public String getClientAuthenticatorType() {
        return null;
    }

    public boolean validateSecret(String str) {
        return false;
    }

    public String getSecret() {
        return null;
    }

    public String getRegistrationToken() {
        return null;
    }

    public String getProtocol() {
        return "openid-connect";
    }

    public String getAttribute(String str) {
        return null;
    }

    public Map<String, String> getAttributes() {
        return Collections.emptyMap();
    }

    public String getAuthenticationFlowBindingOverride(String str) {
        return null;
    }

    public Map<String, String> getAuthenticationFlowBindingOverrides() {
        return Collections.emptyMap();
    }

    public boolean isFrontchannelLogout() {
        return false;
    }

    public boolean isFullScopeAllowed() {
        return false;
    }

    public boolean isPublicClient() {
        return true;
    }

    public boolean isConsentRequired() {
        return this.component.get(OpenshiftClientStorageProviderFactory.CONFIG_PROPERTY_REQUIRE_USER_CONSENT, true);
    }

    public boolean isDisplayOnConsentScreen() {
        return false;
    }

    public boolean isStandardFlowEnabled() {
        return true;
    }

    public boolean isImplicitFlowEnabled() {
        return false;
    }

    public boolean isDirectAccessGrantsEnabled() {
        return false;
    }

    public boolean isServiceAccountsEnabled() {
        return false;
    }

    public Map<String, ClientScopeModel> getClientScopes(boolean z) {
        if (z) {
            return Collections.emptyMap();
        }
        HashMap hashMap = new HashMap();
        for (String str : OPTIONAL_SCOPES) {
            hashMap.put(str, createClientScope(str));
        }
        return hashMap;
    }

    public ClientScopeModel getDynamicClientScope(String str) {
        if (OPTIONAL_SCOPES.contains(str)) {
            return createClientScope(str);
        }
        Matcher matcher = ROLE_SCOPE_PATTERN.matcher(str);
        if (!matcher.matches()) {
            return null;
        }
        if (this.resource.getNamespace().getName().equals(matcher.group(2))) {
            return createClientScope(str);
        }
        return null;
    }

    public int getNotBefore() {
        return 0;
    }

    public Stream<ProtocolMapperModel> getProtocolMappersStream() {
        List protocolMappers = this.defaultConfig.getProtocolMappers();
        if (protocolMappers != null) {
            return protocolMappers.stream().map(RepresentationToModel::toModel);
        }
        Set<ProtocolMapperModel> createDefaultProtocolMappers = createDefaultProtocolMappers();
        this.defaultConfig.setProtocolMappers((List) createDefaultProtocolMappers.stream().map(ModelToRepresentation::toRepresentation).collect(Collectors.toList()));
        return createDefaultProtocolMappers.stream();
    }

    public ProtocolMapperModel getProtocolMapperById(String str) {
        return getProtocolMappersStream().filter(protocolMapperModel -> {
            return Objects.equals(str, protocolMapperModel.getId());
        }).findAny().orElse(null);
    }

    public ProtocolMapperModel getProtocolMapperByName(String str, String str2) {
        return getProtocolMappersStream().filter(protocolMapperModel -> {
            return Objects.equals(str2, protocolMapperModel.getName());
        }).findAny().orElse(null);
    }

    public Stream<RoleModel> getScopeMappingsStream() {
        return Stream.empty();
    }

    public Stream<RoleModel> getRealmScopeMappingsStream() {
        return Stream.empty();
    }

    public boolean hasScope(RoleModel roleModel) {
        return false;
    }

    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        if (obj == null || !(obj instanceof ClientModel)) {
            return false;
        }
        return ((ClientModel) obj).getId().equals(getId());
    }

    private <V> V getConfigOrDefault(Supplier<V> supplier, Consumer<V> consumer, Supplier<V> supplier2) {
        V v = supplier.get();
        if (v != null) {
            return v;
        }
        V v2 = supplier2.get();
        if (consumer != null) {
            consumer.accept(v2);
        }
        return v2;
    }

    private <V> V getConfigOrDefault(Supplier<V> supplier, Consumer<V> consumer, V v) {
        return (V) getConfigOrDefault((Supplier) supplier, (Consumer) consumer, (Supplier) () -> {
            return v;
        });
    }

    private ClientScopeModel createClientScope(final String str) {
        ClientScopeModel clientScopeModel = (ClientScopeModel) this.realm.getClientScopesStream().filter(clientScopeModel2 -> {
            return Objects.equals(clientScopeModel2.getName(), str);
        }).findAny().orElse(null);
        if (clientScopeModel != null) {
            return clientScopeModel;
        }
        final HashMap hashMap = new HashMap();
        hashMap.put("display.on.consent.screen", Boolean.valueOf(isConsentRequired()).toString());
        if (this.component.get(OpenshiftClientStorageProviderFactory.CONFIG_PROPERTY_DISPLAY_SCOPE_CONSENT_TEXT, Boolean.TRUE.booleanValue())) {
            StringBuilder sb = new StringBuilder("${openshift.scope.");
            if (str.indexOf(58) != -1) {
                sb.append(str.replaceFirst(":", "_"));
            }
            hashMap.put("consent.screen.text", sb.append("}").toString());
        } else {
            hashMap.put("consent.screen.text", str);
        }
        return new AbstractReadOnlyClientScopeAdapter() { // from class: org.keycloak.storage.openshift.OpenshiftSAClientAdapter.1
            public String getId() {
                return str;
            }

            public String getName() {
                return str;
            }

            public RealmModel getRealm() {
                return OpenshiftSAClientAdapter.this.realm;
            }

            public String getDescription() {
                return str;
            }

            public String getProtocol() {
                return "openid-connect";
            }

            public String getAttribute(String str2) {
                return (String) hashMap.get(str2);
            }

            public Map<String, String> getAttributes() {
                return hashMap;
            }

            public Stream<ProtocolMapperModel> getProtocolMappersStream() {
                return OpenshiftSAClientAdapter.access$100().stream();
            }

            public ProtocolMapperModel getProtocolMapperById(String str2) {
                return null;
            }

            public ProtocolMapperModel getProtocolMapperByName(String str2, String str3) {
                return null;
            }

            public Stream<RoleModel> getScopeMappingsStream() {
                return Stream.empty();
            }

            public Stream<RoleModel> getRealmScopeMappingsStream() {
                return Stream.empty();
            }

            public boolean hasScope(RoleModel roleModel) {
                return false;
            }
        };
    }

    static /* synthetic */ Set access$100() {
        return createDefaultProtocolMappers();
    }
}
