package org.keycloak.social.paypal;

import com.fasterxml.jackson.databind.JsonNode;
import org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider;
import org.keycloak.broker.oidc.mappers.AbstractJsonUserAttributeMapper;
import org.keycloak.broker.provider.BrokeredIdentityContext;
import org.keycloak.broker.provider.IdentityBrokerException;
import org.keycloak.broker.provider.util.SimpleHttp;
import org.keycloak.broker.social.SocialIdentityProvider;
import org.keycloak.events.EventBuilder;
import org.keycloak.models.KeycloakSession;
import org.keycloak.services.resources.Cors;

/* loaded from: input_file:org/keycloak/social/paypal/PayPalIdentityProvider.class */
public class PayPalIdentityProvider extends AbstractOAuth2IdentityProvider<PayPalIdentityProviderConfig> implements SocialIdentityProvider<PayPalIdentityProviderConfig> {
    public static final String BASE_URL = "https://api.paypal.com/v1";
    public static final String AUTH_URL = "https://www.paypal.com/signin/authorize";
    public static final String TOKEN_RESOURCE = "/identity/openidconnect/tokenservice";
    public static final String PROFILE_RESOURCE = "/oauth2/token/userinfo?schema=openid";
    public static final String DEFAULT_SCOPE = "openid profile email";

    public PayPalIdentityProvider(KeycloakSession keycloakSession, PayPalIdentityProviderConfig payPalIdentityProviderConfig) {
        super(keycloakSession, payPalIdentityProviderConfig);
        payPalIdentityProviderConfig.setAuthorizationUrl(payPalIdentityProviderConfig.targetSandbox() ? "https://www.sandbox.paypal.com/signin/authorize" : AUTH_URL);
        payPalIdentityProviderConfig.setTokenUrl((payPalIdentityProviderConfig.targetSandbox() ? "https://api.sandbox.paypal.com/v1" : BASE_URL) + TOKEN_RESOURCE);
        payPalIdentityProviderConfig.setUserInfoUrl((payPalIdentityProviderConfig.targetSandbox() ? "https://api.sandbox.paypal.com/v1" : BASE_URL) + PROFILE_RESOURCE);
    }

    @Override // org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider
    protected boolean supportsExternalExchange() {
        return true;
    }

    @Override // org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider
    protected String getProfileEndpointForValidation(EventBuilder eventBuilder) {
        return m105getConfig().getUserInfoUrl();
    }

    @Override // org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider
    protected BrokeredIdentityContext extractIdentityFromProfile(EventBuilder eventBuilder, JsonNode jsonNode) {
        BrokeredIdentityContext brokeredIdentityContext = new BrokeredIdentityContext(getJsonProperty(jsonNode, "user_id"));
        brokeredIdentityContext.setUsername(getJsonProperty(jsonNode, "email"));
        brokeredIdentityContext.setName(getJsonProperty(jsonNode, "name"));
        brokeredIdentityContext.setEmail(getJsonProperty(jsonNode, "email"));
        brokeredIdentityContext.setIdpConfig(m105getConfig());
        brokeredIdentityContext.setIdp(this);
        AbstractJsonUserAttributeMapper.storeUserProfileForMapper(brokeredIdentityContext, jsonNode, m105getConfig().getAlias());
        return brokeredIdentityContext;
    }

    @Override // org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider
    protected BrokeredIdentityContext doGetFederatedIdentity(String str) {
        try {
            return extractIdentityFromProfile(null, SimpleHttp.doGet(m105getConfig().getUserInfoUrl(), this.session).header(Cors.AUTHORIZATION_HEADER, "Bearer " + str).asJson());
        } catch (Exception e) {
            throw new IdentityBrokerException("Could not obtain user profile from paypal.", e);
        }
    }

    @Override // org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider
    protected String getDefaultScopes() {
        return "openid profile email";
    }
}
