package org.keycloak.social.gitlab;

import com.fasterxml.jackson.databind.JsonNode;
import java.io.IOException;
import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.core.Response;
import org.keycloak.broker.oidc.OIDCIdentityProvider;
import org.keycloak.broker.oidc.OIDCIdentityProviderConfig;
import org.keycloak.broker.oidc.mappers.AbstractJsonUserAttributeMapper;
import org.keycloak.broker.provider.BrokeredIdentityContext;
import org.keycloak.broker.provider.IdentityBrokerException;
import org.keycloak.broker.provider.util.SimpleHttp;
import org.keycloak.broker.social.SocialIdentityProvider;
import org.keycloak.events.EventBuilder;
import org.keycloak.models.KeycloakSession;
import org.keycloak.protocol.oidc.OIDCLoginProtocolFactory;
import org.keycloak.representations.AccessTokenResponse;
import org.keycloak.representations.JsonWebToken;
import org.keycloak.services.ErrorResponseException;
import org.keycloak.services.resources.Cors;

/* loaded from: input_file:org/keycloak/social/gitlab/GitLabIdentityProvider.class */
public class GitLabIdentityProvider extends OIDCIdentityProvider implements SocialIdentityProvider<OIDCIdentityProviderConfig> {
    public static final String AUTH_URL = "https://gitlab.com/oauth/authorize";
    public static final String TOKEN_URL = "https://gitlab.com/oauth/token";
    public static final String USER_INFO = "https://gitlab.com/api/v4/user";
    public static final String API_SCOPE = "api";

    public GitLabIdentityProvider(KeycloakSession keycloakSession, OIDCIdentityProviderConfig oIDCIdentityProviderConfig) {
        super(keycloakSession, oIDCIdentityProviderConfig);
        oIDCIdentityProviderConfig.setAuthorizationUrl(AUTH_URL);
        oIDCIdentityProviderConfig.setTokenUrl(TOKEN_URL);
        oIDCIdentityProviderConfig.setUserInfoUrl(USER_INFO);
        String defaultScope = oIDCIdentityProviderConfig.getDefaultScope();
        if (defaultScope.equals(OIDCIdentityProvider.SCOPE_OPENID)) {
            oIDCIdentityProviderConfig.setDefaultScope(("api " + defaultScope).trim());
        }
    }

    @Override // org.keycloak.broker.oidc.OIDCIdentityProvider
    protected String getUsernameFromUserInfo(JsonNode jsonNode) {
        return getJsonProperty(jsonNode, "username");
    }

    @Override // org.keycloak.broker.oidc.OIDCIdentityProvider
    protected String getusernameClaimNameForIdToken() {
        return OIDCLoginProtocolFactory.NICKNAME;
    }

    @Override // org.keycloak.broker.oidc.OIDCIdentityProvider, org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider
    protected boolean supportsExternalExchange() {
        return true;
    }

    @Override // org.keycloak.broker.oidc.OIDCIdentityProvider, org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider
    protected String getProfileEndpointForValidation(EventBuilder eventBuilder) {
        return getUserInfoUrl();
    }

    @Override // org.keycloak.broker.oidc.OIDCIdentityProvider, org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider
    public boolean isIssuer(String str, MultivaluedMap<String, String> multivaluedMap) {
        String str2 = (String) multivaluedMap.getFirst("subject_issuer");
        if (str2 == null) {
            str2 = str;
        }
        return str2.equals(m105getConfig().getAlias());
    }

    @Override // org.keycloak.broker.oidc.OIDCIdentityProvider, org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider
    protected BrokeredIdentityContext exchangeExternalImpl(EventBuilder eventBuilder, MultivaluedMap<String, String> multivaluedMap) {
        return exchangeExternalUserInfoValidationOnly(eventBuilder, multivaluedMap);
    }

    @Override // org.keycloak.broker.oidc.OIDCIdentityProvider, org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider
    protected BrokeredIdentityContext extractIdentityFromProfile(EventBuilder eventBuilder, JsonNode jsonNode) {
        if (getJsonProperty(jsonNode, "id") != null) {
            return gitlabExtractFromProfile(jsonNode);
        }
        eventBuilder.detail("reason", "id claim is null from user info json");
        eventBuilder.error("invalid_token");
        throw new ErrorResponseException("invalid_token", "invalid token", Response.Status.BAD_REQUEST);
    }

    private BrokeredIdentityContext gitlabExtractFromProfile(JsonNode jsonNode) {
        String jsonProperty = getJsonProperty(jsonNode, "id");
        BrokeredIdentityContext brokeredIdentityContext = new BrokeredIdentityContext(jsonProperty);
        String jsonProperty2 = getJsonProperty(jsonNode, "name");
        String jsonProperty3 = getJsonProperty(jsonNode, "username");
        String jsonProperty4 = getJsonProperty(jsonNode, "email");
        AbstractJsonUserAttributeMapper.storeUserProfileForMapper(brokeredIdentityContext, jsonNode, m105getConfig().getAlias());
        brokeredIdentityContext.setId(jsonProperty);
        brokeredIdentityContext.setName(jsonProperty2);
        brokeredIdentityContext.setEmail(jsonProperty4);
        brokeredIdentityContext.setBrokerUserId(m105getConfig().getAlias() + "." + jsonProperty);
        if (jsonProperty3 == null) {
            jsonProperty3 = jsonProperty4;
        }
        if (jsonProperty3 == null) {
            jsonProperty3 = jsonProperty;
        }
        brokeredIdentityContext.setUsername(jsonProperty3);
        return brokeredIdentityContext;
    }

    @Override // org.keycloak.broker.oidc.OIDCIdentityProvider
    protected BrokeredIdentityContext extractIdentity(AccessTokenResponse accessTokenResponse, String str, JsonWebToken jsonWebToken) throws IOException {
        SimpleHttp.Response response = null;
        int i = 0;
        for (int i2 = 0; i2 < 10; i2++) {
            try {
                response = SimpleHttp.doGet(getUserInfoUrl(), this.session).header(Cors.AUTHORIZATION_HEADER, "Bearer " + str).asResponse();
                i = response.getStatus();
            } catch (IOException e) {
                logger.debug("Failed to invoke user info for external exchange", e);
            }
            if (i == 200) {
                break;
            }
            response.close();
            try {
                Thread.sleep(200L);
            } catch (InterruptedException e2) {
                throw new RuntimeException(e2);
            }
        }
        if (i != 200) {
            logger.debug("Failed to invoke user info status: " + i);
            throw new IdentityBrokerException("Gitlab user info call failure");
        }
        try {
            JsonNode asJson = response.asJson();
            if (getJsonProperty(asJson, "id") == null) {
                throw new IdentityBrokerException("Gitlab id claim is null from user info json");
            }
            BrokeredIdentityContext gitlabExtractFromProfile = gitlabExtractFromProfile(asJson);
            gitlabExtractFromProfile.getContextData().put(OIDCIdentityProvider.FEDERATED_ACCESS_TOKEN_RESPONSE, accessTokenResponse);
            gitlabExtractFromProfile.getContextData().put(OIDCIdentityProvider.VALIDATED_ID_TOKEN, jsonWebToken);
            processAccessTokenResponse(gitlabExtractFromProfile, accessTokenResponse);
            return gitlabExtractFromProfile;
        } catch (IOException e3) {
            throw new IdentityBrokerException("Gitlab user info call failure");
        }
    }
}
