package org.keycloak.broker.saml.mappers;

import java.util.ArrayList;
import java.util.HashSet;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.function.Consumer;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
import org.keycloak.broker.provider.AbstractIdentityProviderMapper;
import org.keycloak.broker.provider.BrokeredIdentityContext;
import org.keycloak.broker.saml.SAMLEndpoint;
import org.keycloak.common.util.CollectionUtil;
import org.keycloak.dom.saml.v2.assertion.AssertionType;
import org.keycloak.dom.saml.v2.assertion.AttributeType;
import org.keycloak.models.IdentityProviderMapperModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.provider.ProviderConfigProperty;

/* loaded from: input_file:BOOT-INF/lib/keycloak-services-8.0.0.jar:org/keycloak/broker/saml/mappers/UserAttributeStatementMapper.class */
public class UserAttributeStatementMapper extends AbstractIdentityProviderMapper {
    private static final String USER_ATTR_LOCALE = "locale";
    private static final String[] COMPATIBLE_PROVIDERS = {"saml"};
    private static final List<ProviderConfigProperty> CONFIG_PROPERTIES = new ArrayList();
    public static final String ATTRIBUTE_NAME_PATTERN = "attribute.name.pattern";
    public static final String USER_ATTRIBUTE_FIRST_NAME = "user.attribute.firstName";
    public static final String USER_ATTRIBUTE_LAST_NAME = "user.attribute.lastName";
    public static final String USER_ATTRIBUTE_EMAIL = "user.attribute.email";
    public static final String USER_ATTRIBUTE_LANGUAGE = "user.attribute.language";
    private static final String USE_FRIENDLY_NAMES = "use.friendly.names";
    public static final String PROVIDER_ID = "saml-user-attributestatement-idp-mapper";

    @Override // org.keycloak.provider.ConfiguredProvider
    public List<ProviderConfigProperty> getConfigProperties() {
        return CONFIG_PROPERTIES;
    }

    @Override // org.keycloak.provider.ProviderFactory
    public String getId() {
        return PROVIDER_ID;
    }

    @Override // org.keycloak.broker.provider.IdentityProviderMapper
    public String[] getCompatibleProviders() {
        return (String[]) COMPATIBLE_PROVIDERS.clone();
    }

    @Override // org.keycloak.broker.provider.IdentityProviderMapper
    public String getDisplayCategory() {
        return "AttributeStatement Importer";
    }

    @Override // org.keycloak.broker.provider.IdentityProviderMapper
    public String getDisplayType() {
        return "AttributeStatement Importer";
    }

    @Override // org.keycloak.broker.provider.AbstractIdentityProviderMapper, org.keycloak.broker.provider.IdentityProviderMapper
    public void preprocessFederatedIdentity(KeycloakSession keycloakSession, RealmModel realmModel, IdentityProviderMapperModel identityProviderMapperModel, BrokeredIdentityContext brokeredIdentityContext) {
        String str = identityProviderMapperModel.getConfig().get(USER_ATTRIBUTE_FIRST_NAME);
        String str2 = identityProviderMapperModel.getConfig().get(USER_ATTRIBUTE_LAST_NAME);
        String str3 = identityProviderMapperModel.getConfig().get(USER_ATTRIBUTE_EMAIL);
        String str4 = identityProviderMapperModel.getConfig().get(USER_ATTRIBUTE_LANGUAGE);
        Boolean valueOf = Boolean.valueOf(identityProviderMapperModel.getConfig().get(USE_FRIENDLY_NAMES));
        for (AttributeType attributeType : findAttributesInContext(brokeredIdentityContext, getAttributePattern(identityProviderMapperModel))) {
            String friendlyName = valueOf.booleanValue() ? attributeType.getFriendlyName() : attributeType.getName();
            List<String> list = (List) attributeType.getAttributeValue().stream().filter(Objects::nonNull).map((v0) -> {
                return v0.toString();
            }).collect(Collectors.toList());
            if (!list.isEmpty()) {
                brokeredIdentityContext.setUserAttribute(friendlyName, list);
                if (Objects.equals(friendlyName, str3)) {
                    brokeredIdentityContext.getClass();
                    setIfNotEmpty(brokeredIdentityContext::setEmail, list);
                } else if (Objects.equals(friendlyName, str)) {
                    brokeredIdentityContext.getClass();
                    setIfNotEmpty(brokeredIdentityContext::setFirstName, list);
                } else if (Objects.equals(friendlyName, str2)) {
                    brokeredIdentityContext.getClass();
                    setIfNotEmpty(brokeredIdentityContext::setLastName, list);
                } else if (Objects.equals(friendlyName, str4)) {
                    brokeredIdentityContext.setUserAttribute("locale", list);
                }
            }
        }
    }

    @Override // org.keycloak.broker.provider.IdentityProviderMapper
    public void updateBrokeredUser(KeycloakSession keycloakSession, RealmModel realmModel, UserModel userModel, IdentityProviderMapperModel identityProviderMapperModel, BrokeredIdentityContext brokeredIdentityContext) {
        String str = identityProviderMapperModel.getConfig().get(USER_ATTRIBUTE_FIRST_NAME);
        String str2 = identityProviderMapperModel.getConfig().get(USER_ATTRIBUTE_LAST_NAME);
        String str3 = identityProviderMapperModel.getConfig().get(USER_ATTRIBUTE_EMAIL);
        String str4 = identityProviderMapperModel.getConfig().get(USER_ATTRIBUTE_LANGUAGE);
        Boolean valueOf = Boolean.valueOf(identityProviderMapperModel.getConfig().get(USE_FRIENDLY_NAMES));
        List<AttributeType> findAttributesInContext = findAttributesInContext(brokeredIdentityContext, getAttributePattern(identityProviderMapperModel));
        HashSet hashSet = new HashSet();
        for (AttributeType attributeType : findAttributesInContext) {
            String friendlyName = valueOf.booleanValue() ? attributeType.getFriendlyName() : attributeType.getName();
            List<String> list = (List) attributeType.getAttributeValue().stream().filter(Objects::nonNull).map((v0) -> {
                return v0.toString();
            }).collect(Collectors.toList());
            List<String> list2 = userModel.getAttributes().get(friendlyName);
            if (list == null) {
                userModel.removeAttribute(friendlyName);
            } else if (list2 == null) {
                userModel.setAttribute(friendlyName, list);
            } else if (!CollectionUtil.collectionEquals(list, list2)) {
                userModel.setAttribute(friendlyName, list);
            }
            if (Objects.equals(friendlyName, str3)) {
                brokeredIdentityContext.getClass();
                setIfNotEmpty(brokeredIdentityContext::setEmail, list);
            } else if (Objects.equals(friendlyName, str)) {
                brokeredIdentityContext.getClass();
                setIfNotEmpty(brokeredIdentityContext::setFirstName, list);
            } else if (Objects.equals(friendlyName, str2)) {
                brokeredIdentityContext.getClass();
                setIfNotEmpty(brokeredIdentityContext::setLastName, list);
            } else if (Objects.equals(friendlyName, str4)) {
                if (list == null) {
                    userModel.removeAttribute("locale");
                } else {
                    userModel.setAttribute("locale", list);
                }
                hashSet.add("locale");
            }
            hashSet.add(friendlyName);
        }
        userModel.getAttributes().keySet().stream().filter(str5 -> {
            return !hashSet.contains(str5);
        }).forEach(str6 -> {
            userModel.removeAttribute(str6);
        });
    }

    @Override // org.keycloak.provider.ConfiguredProvider
    public String getHelpText() {
        return "Import all saml attributes found in attributestatements in assertion into user properties or attributes.";
    }

    private Optional<Pattern> getAttributePattern(IdentityProviderMapperModel identityProviderMapperModel) {
        String str = identityProviderMapperModel.getConfig().get(ATTRIBUTE_NAME_PATTERN);
        return Optional.ofNullable(str != null ? Pattern.compile(str) : null);
    }

    private List<AttributeType> findAttributesInContext(BrokeredIdentityContext brokeredIdentityContext, Optional<Pattern> optional) {
        return (List) ((AssertionType) brokeredIdentityContext.getContextData().get(SAMLEndpoint.SAML_ASSERTION)).getAttributeStatements().stream().flatMap(attributeStatementType -> {
            return attributeStatementType.getAttributes().stream();
        }).filter(aSTChoiceType -> {
            return !optional.isPresent() || ((Pattern) optional.get()).matcher(aSTChoiceType.getAttribute().getName()).matches();
        }).map((v0) -> {
            return v0.getAttribute();
        }).collect(Collectors.toList());
    }

    private void setIfNotEmpty(Consumer<String> consumer, List<String> list) {
        if (list == null || list.isEmpty()) {
            return;
        }
        consumer.accept(list.get(0));
    }

    static {
        ProviderConfigProperty providerConfigProperty = new ProviderConfigProperty();
        providerConfigProperty.setName(ATTRIBUTE_NAME_PATTERN);
        providerConfigProperty.setLabel("Attribute Name Pattern");
        providerConfigProperty.setHelpText("Pattern of attribute names in assertion that must be mapped. Leave blank to map all attributes.");
        providerConfigProperty.setType("String");
        CONFIG_PROPERTIES.add(providerConfigProperty);
        ProviderConfigProperty providerConfigProperty2 = new ProviderConfigProperty();
        providerConfigProperty2.setName(USER_ATTRIBUTE_FIRST_NAME);
        providerConfigProperty2.setLabel("User Attribute FirstName");
        providerConfigProperty2.setHelpText("Define which saml Attribute must be mapped to the User property firstName.");
        providerConfigProperty2.setType("String");
        CONFIG_PROPERTIES.add(providerConfigProperty2);
        ProviderConfigProperty providerConfigProperty3 = new ProviderConfigProperty();
        providerConfigProperty3.setName(USER_ATTRIBUTE_LAST_NAME);
        providerConfigProperty3.setLabel("User Attribute LastName");
        providerConfigProperty3.setHelpText("Define which saml Attribute must be mapped to the User property lastName.");
        providerConfigProperty3.setType("String");
        CONFIG_PROPERTIES.add(providerConfigProperty3);
        ProviderConfigProperty providerConfigProperty4 = new ProviderConfigProperty();
        providerConfigProperty4.setName(USER_ATTRIBUTE_EMAIL);
        providerConfigProperty4.setLabel("User Attribute Email");
        providerConfigProperty4.setHelpText("Define which saml Attribute must be mapped to the User property email.");
        providerConfigProperty4.setType("String");
        CONFIG_PROPERTIES.add(providerConfigProperty4);
        ProviderConfigProperty providerConfigProperty5 = new ProviderConfigProperty();
        providerConfigProperty5.setName(USER_ATTRIBUTE_LANGUAGE);
        providerConfigProperty5.setLabel("User Attribute Language");
        providerConfigProperty5.setHelpText("Define which saml Attribute must be mapped to the User attribute locale.");
        providerConfigProperty5.setType("String");
        CONFIG_PROPERTIES.add(providerConfigProperty5);
        ProviderConfigProperty providerConfigProperty6 = new ProviderConfigProperty();
        providerConfigProperty6.setName(USE_FRIENDLY_NAMES);
        providerConfigProperty6.setLabel("Use Attribute Friendly Name");
        providerConfigProperty6.setHelpText("Define which name to give to each mapped user attribute: name or friendlyName.");
        providerConfigProperty6.setType(ProviderConfigProperty.BOOLEAN_TYPE);
        CONFIG_PROPERTIES.add(providerConfigProperty6);
    }
}
