package org.keycloak.models.utils;

import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
import org.keycloak.common.util.MultivaluedHashMap;
import org.keycloak.models.KeycloakSession;
import org.keycloak.provider.ProviderConfigProperty;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.idm.ComponentExportRepresentation;
import org.keycloak.representations.idm.ComponentRepresentation;
import org.keycloak.representations.idm.IdentityProviderRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.UserRepresentation;

/* loaded from: input_file:BOOT-INF/lib/keycloak-server-spi-private-11.0.2.jar:org/keycloak/models/utils/StripSecretsUtils.class */
public class StripSecretsUtils {
    private static final Pattern VAULT_VALUE = Pattern.compile("^\\$\\{vault\\.(.+?)}$");

    private static String maskNonVaultValue(String str) {
        if (str == null) {
            return null;
        }
        return VAULT_VALUE.matcher(str).matches() ? str : ComponentRepresentation.SECRET_VALUE;
    }

    public static ComponentRepresentation strip(KeycloakSession keycloakSession, ComponentRepresentation componentRepresentation) {
        Map<String, ProviderConfigProperty> componentConfigProperties = ComponentUtil.getComponentConfigProperties(keycloakSession, componentRepresentation);
        if (componentRepresentation.getConfig() == null) {
            return componentRepresentation;
        }
        Iterator<Map.Entry<String, String>> it = componentRepresentation.getConfig().entrySet().iterator();
        while (it.hasNext()) {
            Map.Entry next = it.next();
            ProviderConfigProperty providerConfigProperty = componentConfigProperties.get(next.getKey());
            if (providerConfigProperty == null) {
                it.remove();
            } else if (providerConfigProperty.isSecret()) {
                if (next.getValue() == null || ((List) next.getValue()).isEmpty()) {
                    next.setValue(Collections.singletonList(ComponentRepresentation.SECRET_VALUE));
                } else {
                    next.setValue(((List) next.getValue()).stream().map(StripSecretsUtils::maskNonVaultValue).collect(Collectors.toList()));
                }
            }
        }
        return componentRepresentation;
    }

    public static RealmRepresentation strip(RealmRepresentation realmRepresentation) {
        if (realmRepresentation.getSmtpServer() != null && realmRepresentation.getSmtpServer().containsKey("password")) {
            realmRepresentation.getSmtpServer().put("password", maskNonVaultValue(realmRepresentation.getSmtpServer().get("password")));
        }
        return realmRepresentation;
    }

    public static IdentityProviderRepresentation strip(IdentityProviderRepresentation identityProviderRepresentation) {
        if (identityProviderRepresentation.getConfig() != null && identityProviderRepresentation.getConfig().containsKey("clientSecret")) {
            identityProviderRepresentation.getConfig().put("clientSecret", maskNonVaultValue(identityProviderRepresentation.getConfig().get("clientSecret")));
        }
        return identityProviderRepresentation;
    }

    public static RealmRepresentation stripForExport(KeycloakSession keycloakSession, RealmRepresentation realmRepresentation) {
        strip(realmRepresentation);
        List<ClientRepresentation> clients = realmRepresentation.getClients();
        if (clients != null) {
            Iterator<ClientRepresentation> it = clients.iterator();
            while (it.hasNext()) {
                strip(it.next());
            }
        }
        List<IdentityProviderRepresentation> identityProviders = realmRepresentation.getIdentityProviders();
        if (identityProviders != null) {
            Iterator<IdentityProviderRepresentation> it2 = identityProviders.iterator();
            while (it2.hasNext()) {
                strip(it2.next());
            }
        }
        MultivaluedHashMap<String, ComponentExportRepresentation> components = realmRepresentation.getComponents();
        if (components != null) {
            for (Map.Entry<String, ComponentExportRepresentation> entry : components.entrySet()) {
                Iterator it3 = ((List) entry.getValue()).iterator();
                while (it3.hasNext()) {
                    strip(keycloakSession, entry.getKey(), (ComponentExportRepresentation) it3.next());
                }
            }
        }
        List<UserRepresentation> users = realmRepresentation.getUsers();
        if (users != null) {
            Iterator<UserRepresentation> it4 = users.iterator();
            while (it4.hasNext()) {
                strip(it4.next());
            }
        }
        List<UserRepresentation> federatedUsers = realmRepresentation.getFederatedUsers();
        if (federatedUsers != null) {
            Iterator<UserRepresentation> it5 = federatedUsers.iterator();
            while (it5.hasNext()) {
                strip(it5.next());
            }
        }
        return realmRepresentation;
    }

    public static UserRepresentation strip(UserRepresentation userRepresentation) {
        userRepresentation.setCredentials(null);
        return userRepresentation;
    }

    public static ClientRepresentation strip(ClientRepresentation clientRepresentation) {
        if (clientRepresentation.getSecret() != null) {
            clientRepresentation.setSecret(maskNonVaultValue(clientRepresentation.getSecret()));
        }
        return clientRepresentation;
    }

    public static ComponentExportRepresentation strip(KeycloakSession keycloakSession, String str, ComponentExportRepresentation componentExportRepresentation) {
        Map<String, ProviderConfigProperty> componentConfigProperties = ComponentUtil.getComponentConfigProperties(keycloakSession, str, componentExportRepresentation.getProviderId());
        if (componentExportRepresentation.getConfig() == null) {
            return componentExportRepresentation;
        }
        Iterator<Map.Entry<String, String>> it = componentExportRepresentation.getConfig().entrySet().iterator();
        while (it.hasNext()) {
            Map.Entry next = it.next();
            ProviderConfigProperty providerConfigProperty = componentConfigProperties.get(next.getKey());
            if (providerConfigProperty == null) {
                it.remove();
            } else if (providerConfigProperty.isSecret()) {
                if (next.getValue() == null || ((List) next.getValue()).isEmpty()) {
                    next.setValue(Collections.singletonList(ComponentRepresentation.SECRET_VALUE));
                } else {
                    next.setValue(((List) next.getValue()).stream().map(StripSecretsUtils::maskNonVaultValue).collect(Collectors.toList()));
                }
            }
        }
        for (Map.Entry<String, ComponentExportRepresentation> entry : componentExportRepresentation.getSubComponents().entrySet()) {
            Iterator it2 = ((List) entry.getValue()).iterator();
            while (it2.hasNext()) {
                strip(keycloakSession, entry.getKey(), (ComponentExportRepresentation) it2.next());
            }
        }
        return componentExportRepresentation;
    }
}
