package org.keycloak.services.clientregistration.policy.impl;

import java.util.Arrays;
import java.util.List;
import org.keycloak.component.ComponentModel;
import org.keycloak.component.ComponentValidationException;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.provider.ConfigurationValidationHelper;
import org.keycloak.provider.ProviderConfigProperty;
import org.keycloak.services.clientregistration.policy.AbstractClientRegistrationPolicyFactory;
import org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy;

/* loaded from: input_file:BOOT-INF/lib/keycloak-services-11.0.2.jar:org/keycloak/services/clientregistration/policy/impl/TrustedHostClientRegistrationPolicyFactory.class */
public class TrustedHostClientRegistrationPolicyFactory extends AbstractClientRegistrationPolicyFactory {
    public static final String PROVIDER_ID = "trusted-hosts";
    public static final String TRUSTED_HOSTS = "trusted-hosts";
    private static final ProviderConfigProperty TRUSTED_HOSTS_PROPERTY = new ProviderConfigProperty("trusted-hosts", "trusted-hosts.label", "trusted-hosts.tooltip", ProviderConfigProperty.MULTIVALUED_STRING_TYPE, null);
    public static final String HOST_SENDING_REGISTRATION_REQUEST_MUST_MATCH = "host-sending-registration-request-must-match";
    private static final ProviderConfigProperty HOST_SENDING_REGISTRATION_REQUEST_MUST_MATCH_PROPERTY = new ProviderConfigProperty(HOST_SENDING_REGISTRATION_REQUEST_MUST_MATCH, "host-sending-registration-request-must-match.label", "host-sending-registration-request-must-match.tooltip", ProviderConfigProperty.BOOLEAN_TYPE, "true");
    public static final String CLIENT_URIS_MUST_MATCH = "client-uris-must-match";
    private static final ProviderConfigProperty CLIENT_URIS_MUST_MATCH_PROPERTY = new ProviderConfigProperty(CLIENT_URIS_MUST_MATCH, "client-uris-must-match.label", "client-uris-must-match.tooltip", ProviderConfigProperty.BOOLEAN_TYPE, "true");

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // org.keycloak.component.ComponentFactory
    public ClientRegistrationPolicy create(KeycloakSession keycloakSession, ComponentModel componentModel) {
        return new TrustedHostClientRegistrationPolicy(keycloakSession, componentModel);
    }

    @Override // org.keycloak.provider.ConfiguredProvider
    public String getHelpText() {
        return "Allows to specify from which hosts is user able to register and which redirect URIs can client use in it's configuration";
    }

    @Override // org.keycloak.provider.ConfiguredProvider
    public List<ProviderConfigProperty> getConfigProperties() {
        return Arrays.asList(TRUSTED_HOSTS_PROPERTY, HOST_SENDING_REGISTRATION_REQUEST_MUST_MATCH_PROPERTY, CLIENT_URIS_MUST_MATCH_PROPERTY);
    }

    @Override // org.keycloak.provider.ProviderFactory
    public String getId() {
        return "trusted-hosts";
    }

    @Override // org.keycloak.services.clientregistration.policy.AbstractClientRegistrationPolicyFactory, org.keycloak.component.ComponentFactory
    public void validateConfiguration(KeycloakSession keycloakSession, RealmModel realmModel, ComponentModel componentModel) throws ComponentValidationException {
        ConfigurationValidationHelper.check(componentModel).checkBoolean(HOST_SENDING_REGISTRATION_REQUEST_MUST_MATCH_PROPERTY, true).checkBoolean(CLIENT_URIS_MUST_MATCH_PROPERTY, true);
        TrustedHostClientRegistrationPolicy trustedHostClientRegistrationPolicy = new TrustedHostClientRegistrationPolicy(keycloakSession, componentModel);
        if (!trustedHostClientRegistrationPolicy.isHostMustMatch() && !trustedHostClientRegistrationPolicy.isClientUrisMustMatch()) {
            throw new ComponentValidationException("At least one of hosts verification or client URIs validation must be enabled", new Object[0]);
        }
    }
}
