package de.adorsys.keycloack.secret.mapper;

import de.adorsys.keycloack.secret.adapter.common.UserSecretAdapter;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import org.adorsys.envutils.EnvProperties;
import org.keycloak.Config;
import org.keycloak.models.AuthenticatedClientSessionModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.KeycloakSessionFactory;
import org.keycloak.models.ProtocolMapperModel;
import org.keycloak.models.UserSessionModel;
import org.keycloak.protocol.oidc.mappers.AbstractOIDCProtocolMapper;
import org.keycloak.protocol.oidc.mappers.OIDCAccessTokenMapper;
import org.keycloak.provider.ProviderConfigProperty;
import org.keycloak.representations.AccessToken;

/* loaded from: input_file:de/adorsys/keycloack/secret/mapper/STSClaimMapper.class */
public class STSClaimMapper extends AbstractOIDCProtocolMapper implements OIDCAccessTokenMapper {
    private static final String PROVIDER_ID = "user-secret-claim-mapper";
    private static final List<ProviderConfigProperty> PROVIDER_CONFIG_PROPERTIES = new ArrayList();
    private UserSecretAdapter userSecretAdapter;
    private String claimName;

    public String getDisplayCategory() {
        return "Token mapper";
    }

    public void init(Config.Scope scope) {
        super.init(scope);
    }

    public void postInit(KeycloakSessionFactory keycloakSessionFactory) {
        super.postInit(keycloakSessionFactory);
        this.claimName = EnvProperties.getEnvOrSysProp("STS_USER_SECRET_CLAIM_NAME", "user-secret");
        this.userSecretAdapter = keycloakSessionFactory.getProviderFactory(UserSecretAdapter.class).create((KeycloakSession) null);
    }

    public String getDisplayType() {
        return "User Attribute";
    }

    public String getHelpText() {
        return "Put user secret into access token under the name specified by STS_USER_SECRET_CLAIM_NAME";
    }

    public List<ProviderConfigProperty> getConfigProperties() {
        return PROVIDER_CONFIG_PROPERTIES;
    }

    public String getId() {
        return PROVIDER_ID;
    }

    public AccessToken transformAccessToken(AccessToken accessToken, ProtocolMapperModel protocolMapperModel, KeycloakSession keycloakSession, UserSessionModel userSessionModel, AuthenticatedClientSessionModel authenticatedClientSessionModel) {
        AccessToken transformAccessToken = super.transformAccessToken(accessToken, protocolMapperModel, keycloakSession, userSessionModel, authenticatedClientSessionModel);
        Map retrieveResourceSecrets = this.userSecretAdapter.retrieveResourceSecrets(AuthenticatorUtil.readSecretAndAud(this.userSecretAdapter, userSessionModel), userSessionModel.getRealm(), userSessionModel.getUser());
        if (retrieveResourceSecrets != null && !retrieveResourceSecrets.isEmpty()) {
            transformAccessToken.getOtherClaims().put(this.claimName, retrieveResourceSecrets);
        }
        return transformAccessToken;
    }
}
