package org.keycloak.userprofile;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.function.Predicate;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.keycloak.Config;
import org.keycloak.common.Profile;
import org.keycloak.common.util.MultivaluedHashMap;
import org.keycloak.common.util.ObjectUtil;
import org.keycloak.component.AmphibianProviderFactory;
import org.keycloak.component.ComponentModel;
import org.keycloak.component.ComponentValidationException;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.protocol.oidc.TokenManager;
import org.keycloak.provider.ProviderConfigProperty;
import org.keycloak.services.messages.Messages;
import org.keycloak.sessions.AuthenticationSessionModel;
import org.keycloak.userprofile.config.DeclarativeUserProfileModel;
import org.keycloak.userprofile.config.UPAttribute;
import org.keycloak.userprofile.config.UPAttributePermissions;
import org.keycloak.userprofile.config.UPAttributeRequired;
import org.keycloak.userprofile.config.UPAttributeSelector;
import org.keycloak.userprofile.config.UPConfig;
import org.keycloak.userprofile.config.UPConfigUtils;
import org.keycloak.userprofile.config.UPGroup;
import org.keycloak.userprofile.validator.AttributeRequiredByMetadataValidator;
import org.keycloak.userprofile.validator.BlankAttributeValidator;
import org.keycloak.userprofile.validator.ImmutableAttributeValidator;
import org.keycloak.validate.ValidatorConfig;

/* loaded from: input_file:org/keycloak/userprofile/DeclarativeUserProfileProvider.class */
public class DeclarativeUserProfileProvider extends AbstractUserProfileProvider<UserProfileProvider> implements AmphibianProviderFactory<UserProfileProvider> {
    public static final String ID = "declarative-user-profile";
    public static final String UP_PIECES_COUNT_COMPONENT_CONFIG_KEY = "config-pieces-count";
    public static final String REALM_USER_PROFILE_ENABLED = "userProfileEnabled";
    private static final String PARSED_CONFIG_COMPONENT_KEY = "kc.user.profile.metadata";
    private static final String UP_PIECE_COMPONENT_CONFIG_KEY_BASE = "config-piece-";
    private static boolean isDeclarativeConfigurationEnabled;
    private String defaultRawConfig;

    /* JADX INFO: Access modifiers changed from: private */
    public static boolean requestedScopePredicate(AttributeContext attributeContext, Set<String> set) {
        AuthenticationSessionModel authenticationSession = attributeContext.getSession().getContext().getAuthenticationSession();
        if (authenticationSession == null) {
            return false;
        }
        Stream<R> map = TokenManager.getRequestedClientScopes(authenticationSession.getClientNote("scope"), authenticationSession.getClient()).map(clientScopeModel -> {
            return clientScopeModel.getName();
        });
        set.getClass();
        return map.anyMatch((v1) -> {
            return r1.contains(v1);
        });
    }

    public DeclarativeUserProfileProvider() {
        this.defaultRawConfig = UPConfigUtils.readDefaultConfig();
    }

    public DeclarativeUserProfileProvider(KeycloakSession keycloakSession, Map<UserProfileContext, UserProfileMetadata> map, String str) {
        super(keycloakSession, map);
        this.defaultRawConfig = str;
    }

    public String getId() {
        return ID;
    }

    @Override // org.keycloak.userprofile.AbstractUserProfileProvider
    protected UserProfileProvider create(KeycloakSession keycloakSession, Map<UserProfileContext, UserProfileMetadata> map) {
        return new DeclarativeUserProfileProvider(keycloakSession, map, this.defaultRawConfig);
    }

    @Override // org.keycloak.userprofile.AbstractUserProfileProvider
    protected Attributes createAttributes(UserProfileContext userProfileContext, Map<String, ?> map, UserModel userModel, UserProfileMetadata userProfileMetadata) {
        return isEnabled(this.session).booleanValue() ? new DefaultAttributes(userProfileContext, map, userModel, userProfileMetadata, this.session) : new LegacyAttributes(userProfileContext, map, userModel, userProfileMetadata, this.session);
    }

    @Override // org.keycloak.userprofile.AbstractUserProfileProvider
    protected UserProfileMetadata configureUserProfile(UserProfileMetadata userProfileMetadata, KeycloakSession keycloakSession) {
        UserProfileContext context = userProfileMetadata.getContext();
        UserProfileMetadata clone = userProfileMetadata.clone();
        if (isEnabled(keycloakSession).booleanValue()) {
            ComponentModel componentModelOrCreate = getComponentModelOrCreate(keycloakSession);
            Map map = (Map) componentModelOrCreate.getNote(PARSED_CONFIG_COMPONENT_KEY);
            if (map == null) {
                map = new HashMap();
                componentModelOrCreate.setNote(PARSED_CONFIG_COMPONENT_KEY, map);
            }
            return (UserProfileMetadata) map.computeIfAbsent(context, userProfileContext -> {
                return decorateUserProfileForCache(clone, componentModelOrCreate);
            });
        }
        if (context.equals(UserProfileContext.USER_API) || context.equals(UserProfileContext.REGISTRATION_USER_CREATION)) {
            return clone;
        }
        AttributeValidatorMetadata[] attributeValidatorMetadataArr = new AttributeValidatorMetadata[1];
        attributeValidatorMetadataArr[0] = new AttributeValidatorMetadata(BlankAttributeValidator.ID, BlankAttributeValidator.createConfig(Messages.MISSING_FIRST_NAME, userProfileMetadata.getContext() == UserProfileContext.IDP_REVIEW));
        clone.addAttribute("firstName", 1, attributeValidatorMetadataArr).setAttributeDisplayName("${firstName}");
        AttributeValidatorMetadata[] attributeValidatorMetadataArr2 = new AttributeValidatorMetadata[1];
        attributeValidatorMetadataArr2[0] = new AttributeValidatorMetadata(BlankAttributeValidator.ID, BlankAttributeValidator.createConfig(Messages.MISSING_LAST_NAME, userProfileMetadata.getContext() == UserProfileContext.IDP_REVIEW));
        clone.addAttribute("lastName", 2, attributeValidatorMetadataArr2).setAttributeDisplayName("${lastName}");
        Iterator it = clone.getAttribute("email").iterator();
        while (it.hasNext()) {
            ((AttributeMetadata) it.next()).addValidator(new AttributeValidatorMetadata("email", ValidatorConfig.builder().config("ignore.empty.value", true).build()));
        }
        return clone;
    }

    public String getHelpText() {
        return null;
    }

    public void validateConfiguration(KeycloakSession keycloakSession, RealmModel realmModel, ComponentModel componentModel) throws ComponentValidationException {
        String configJsonFromComponentModel = getConfigJsonFromComponentModel(componentModel);
        if (!ObjectUtil.isBlank(configJsonFromComponentModel)) {
            try {
                List<String> validate = UPConfigUtils.validate(keycloakSession, UPConfigUtils.readConfig(new ByteArrayInputStream(configJsonFromComponentModel.getBytes("UTF-8"))));
                if (!validate.isEmpty()) {
                    throw new ComponentValidationException(validate.toString(), new Object[0]);
                }
            } catch (IOException e) {
                throw new ComponentValidationException(e.getMessage(), e);
            }
        }
        if (componentModel != null) {
            componentModel.removeNote(PARSED_CONFIG_COMPONENT_KEY);
        }
    }

    @Override // org.keycloak.userprofile.AbstractUserProfileProvider
    public String getConfiguration() {
        if (!isEnabled(this.session).booleanValue()) {
            return null;
        }
        String configJsonFromComponentModel = getConfigJsonFromComponentModel(getComponentModel());
        return ObjectUtil.isBlank(configJsonFromComponentModel) ? this.defaultRawConfig : configJsonFromComponentModel;
    }

    @Override // org.keycloak.userprofile.AbstractUserProfileProvider
    public void setConfiguration(String str) {
        ComponentModel componentModel = getComponentModel();
        removeConfigJsonFromComponentModel(componentModel);
        RealmModel realm = this.session.getContext().getRealm();
        if (ObjectUtil.isBlank(str)) {
            realm.removeComponent(componentModel);
            return;
        }
        List<String> chunks = UPConfigUtils.getChunks(str, 3800);
        MultivaluedHashMap config = componentModel.getConfig();
        config.putSingle(UP_PIECES_COUNT_COMPONENT_CONFIG_KEY, "" + chunks.size());
        int i = 0;
        Iterator<String> it = chunks.iterator();
        while (it.hasNext()) {
            int i2 = i;
            i++;
            config.putSingle(UP_PIECE_COMPONENT_CONFIG_KEY_BASE + i2, it.next());
        }
        realm.updateComponent(componentModel);
    }

    public List<ProviderConfigProperty> getConfigProperties() {
        return Collections.emptyList();
    }

    @Override // org.keycloak.userprofile.AbstractUserProfileProvider
    public void init(Config.Scope scope) {
        super.init(scope);
        isDeclarativeConfigurationEnabled = Profile.isFeatureEnabled(Profile.Feature.DECLARATIVE_USER_PROFILE);
    }

    public ComponentModel getComponentModel() {
        return getComponentModelOrCreate(this.session);
    }

    protected UserProfileMetadata decorateUserProfileForCache(UserProfileMetadata userProfileMetadata, ComponentModel componentModel) {
        UserProfileContext context = userProfileMetadata.getContext();
        UPConfig parsedConfig = getParsedConfig(componentModel);
        if (parsedConfig == null || context == UserProfileContext.REGISTRATION_USER_CREATION) {
            return userProfileMetadata;
        }
        Map<String, UPGroup> asHashMap = asHashMap(parsedConfig.getGroups());
        int i = 0;
        for (UPAttribute uPAttribute : parsedConfig.getAttributes()) {
            String name = uPAttribute.getName();
            ArrayList arrayList = new ArrayList();
            Map<String, Map<String, Object>> validations = uPAttribute.getValidations();
            if (validations != null) {
                for (Map.Entry<String, Map<String, Object>> entry : validations.entrySet()) {
                    arrayList.add(createConfiguredValidator(entry.getKey(), entry.getValue()));
                }
            }
            UPAttributeRequired required = uPAttribute.getRequired();
            Predicate predicate = AttributeMetadata.ALWAYS_FALSE;
            if (required != null && !isUsernameOrEmailAttribute(name)) {
                if (required.isAlways() || UPConfigUtils.isRoleForContext(context, required.getRoles())) {
                    predicate = AttributeMetadata.ALWAYS_TRUE;
                } else if (UPConfigUtils.canBeAuthFlowContext(context) && required.getScopes() != null && !required.getScopes().isEmpty()) {
                    predicate = attributeContext -> {
                        return requestedScopePredicate(attributeContext, required.getScopes());
                    };
                }
                arrayList.add(new AttributeValidatorMetadata(AttributeRequiredByMetadataValidator.ID));
            }
            Predicate<AttributeContext> predicate2 = AttributeMetadata.ALWAYS_FALSE;
            Predicate<AttributeContext> predicate3 = AttributeMetadata.ALWAYS_FALSE;
            UPAttributePermissions permissions = uPAttribute.getPermissions();
            if (permissions != null) {
                Set<String> edit = permissions.getEdit();
                if (!edit.isEmpty()) {
                    predicate2 = attributeContext2 -> {
                        return UPConfigUtils.isRoleForContext(attributeContext2.getContext(), edit);
                    };
                }
                Set<String> view = permissions.getView();
                predicate3 = view.isEmpty() ? predicate2 : createViewAllowedPredicate(predicate2, view);
            }
            Predicate predicate4 = AttributeMetadata.ALWAYS_TRUE;
            UPAttributeSelector selector = uPAttribute.getSelector();
            if (selector != null && !isUsernameOrEmailAttribute(name) && UPConfigUtils.canBeAuthFlowContext(context) && selector.getScopes() != null && !selector.getScopes().isEmpty()) {
                predicate4 = attributeContext3 -> {
                    return requestedScopePredicate(attributeContext3, selector.getScopes());
                };
            }
            Map<String, Object> annotations = uPAttribute.getAnnotations();
            AttributeGroupMetadata attributeGroupMeta = toAttributeGroupMeta(asHashMap.get(uPAttribute.getGroup()));
            if (isUsernameOrEmailAttribute(name)) {
                if (permissions == null) {
                    predicate2 = AttributeMetadata.ALWAYS_TRUE;
                }
                List attribute = userProfileMetadata.getAttribute(name);
                if (attribute.isEmpty()) {
                    int i2 = i;
                    i++;
                    userProfileMetadata.addAttribute(name, i2, predicate2, arrayList).addAnnotations(annotations).setAttributeDisplayName(uPAttribute.getDisplayName()).setAttributeGroupMetadata(attributeGroupMeta);
                } else {
                    int i3 = i;
                    i++;
                    attribute.stream().forEach(attributeMetadata -> {
                        attributeMetadata.addValidator(arrayList).addAnnotations(annotations).setAttributeDisplayName(uPAttribute.getDisplayName()).setGuiOrder(i3).setAttributeGroupMetadata(attributeGroupMeta);
                    });
                }
            } else {
                arrayList.add(new AttributeValidatorMetadata(ImmutableAttributeValidator.ID));
                int i4 = i;
                i++;
                userProfileMetadata.addAttribute(name, i4, arrayList, predicate4, predicate2, predicate, predicate3).addAnnotations(annotations).setAttributeDisplayName(uPAttribute.getDisplayName()).setAttributeGroupMetadata(attributeGroupMeta);
            }
        }
        return userProfileMetadata;
    }

    private Map<String, UPGroup> asHashMap(List<UPGroup> list) {
        return (Map) list.stream().collect(Collectors.toMap(uPGroup -> {
            return uPGroup.getName();
        }, uPGroup2 -> {
            return uPGroup2;
        }));
    }

    private AttributeGroupMetadata toAttributeGroupMeta(UPGroup uPGroup) {
        if (uPGroup == null) {
            return null;
        }
        return new AttributeGroupMetadata(uPGroup.getName(), uPGroup.getDisplayHeader(), uPGroup.getDisplayDescription(), uPGroup.getAnnotations());
    }

    private boolean isUsernameOrEmailAttribute(String str) {
        return "username".equals(str) || "email".equals(str);
    }

    private Predicate<AttributeContext> createViewAllowedPredicate(Predicate<AttributeContext> predicate, Set<String> set) {
        return attributeContext -> {
            return UPConfigUtils.isRoleForContext(attributeContext.getContext(), set) || predicate.test(attributeContext);
        };
    }

    protected UPConfig getParsedConfig(ComponentModel componentModel) {
        String configJsonFromComponentModel = getConfigJsonFromComponentModel(componentModel);
        if (ObjectUtil.isBlank(configJsonFromComponentModel)) {
            return null;
        }
        try {
            UPConfig readConfig = UPConfigUtils.readConfig(new ByteArrayInputStream(configJsonFromComponentModel.getBytes("UTF-8")));
            List<String> validate = UPConfigUtils.validate(this.session, readConfig);
            if (validate.isEmpty()) {
                return readConfig;
            }
            throw new RuntimeException("UserProfile configuration for realm '" + this.session.getContext().getRealm().getName() + "' is invalid: " + validate.toString());
        } catch (IOException e) {
            throw new RuntimeException("UserProfile configuration for realm '" + this.session.getContext().getRealm().getName() + "' is invalid:" + e.getMessage(), e);
        }
    }

    private ComponentModel getComponentModelOrCreate(KeycloakSession keycloakSession) {
        RealmModel realm = keycloakSession.getContext().getRealm();
        return (ComponentModel) realm.getComponentsStream(realm.getId(), UserProfileProvider.class.getName()).findAny().orElseGet(() -> {
            return realm.addComponentModel(new DeclarativeUserProfileModel());
        });
    }

    protected AttributeValidatorMetadata createConfiguredValidator(String str, Map<String, Object> map) {
        return new AttributeValidatorMetadata(str, ValidatorConfig.builder().config(map).config("ignore.empty.value", true).build());
    }

    private String getConfigJsonFromComponentModel(ComponentModel componentModel) {
        if (componentModel == null) {
            return null;
        }
        int i = componentModel.get(UP_PIECES_COUNT_COMPONENT_CONFIG_KEY, 0);
        if (i < 1) {
            return this.defaultRawConfig;
        }
        StringBuilder sb = new StringBuilder();
        for (int i2 = 0; i2 < i; i2++) {
            String str = componentModel.get(UP_PIECE_COMPONENT_CONFIG_KEY_BASE + i2);
            if (str != null) {
                sb.append(str);
            }
        }
        return sb.toString();
    }

    private void removeConfigJsonFromComponentModel(ComponentModel componentModel) {
        int i;
        if (componentModel != null && (i = componentModel.get(UP_PIECES_COUNT_COMPONENT_CONFIG_KEY, 0)) >= 1) {
            for (int i2 = 0; i2 < i; i2++) {
                componentModel.getConfig().remove(UP_PIECE_COMPONENT_CONFIG_KEY_BASE + i2);
            }
            componentModel.getConfig().remove(UP_PIECES_COUNT_COMPONENT_CONFIG_KEY);
        }
    }

    private Boolean isEnabled(KeycloakSession keycloakSession) {
        return Boolean.valueOf(isDeclarativeConfigurationEnabled && keycloakSession.getContext().getRealm().getAttribute(REALM_USER_PROFILE_ENABLED, false).booleanValue());
    }
}
