package org.keycloak.organization.protocol.mappers.oidc;

import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.stream.Stream;
import org.keycloak.Config;
import org.keycloak.common.Profile;
import org.keycloak.models.ClientSessionContext;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.OrganizationModel;
import org.keycloak.models.ProtocolMapperModel;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.UserSessionModel;
import org.keycloak.models.utils.ModelToRepresentation;
import org.keycloak.models.utils.RepresentationToModel;
import org.keycloak.organization.OrganizationProvider;
import org.keycloak.protocol.ProtocolMapperUtils;
import org.keycloak.protocol.oidc.mappers.AbstractOIDCProtocolMapper;
import org.keycloak.protocol.oidc.mappers.OIDCAccessTokenMapper;
import org.keycloak.protocol.oidc.mappers.OIDCAttributeMapperHelper;
import org.keycloak.protocol.oidc.mappers.OIDCIDTokenMapper;
import org.keycloak.protocol.oidc.mappers.TokenIntrospectionTokenMapper;
import org.keycloak.protocol.oidc.mappers.UserInfoTokenMapper;
import org.keycloak.provider.EnvironmentDependentProviderFactory;
import org.keycloak.provider.ProviderConfigProperty;
import org.keycloak.representations.IDToken;

/* loaded from: input_file:org/keycloak/organization/protocol/mappers/oidc/OrganizationMembershipMapper.class */
public class OrganizationMembershipMapper extends AbstractOIDCProtocolMapper implements OIDCAccessTokenMapper, OIDCIDTokenMapper, UserInfoTokenMapper, TokenIntrospectionTokenMapper, EnvironmentDependentProviderFactory {
    public static final String PROVIDER_ID = "oidc-organization-membership-mapper";
    public static final String ADD_ORGANIZATION_ATTRIBUTES = "addOrganizationAttributes";
    public static final String ADD_ORGANIZATION_ID = "addOrganizationId";

    public List<ProviderConfigProperty> getConfigProperties() {
        ArrayList arrayList = new ArrayList();
        OIDCAttributeMapperHelper.addTokenClaimNameConfig(arrayList);
        OIDCAttributeMapperHelper.addIncludeInTokensConfig(arrayList, OrganizationMembershipMapper.class);
        OIDCAttributeMapperHelper.addJsonTypeConfig(arrayList, List.of("String", "JSON"), "String");
        ProviderConfigProperty providerConfigProperty = new ProviderConfigProperty();
        providerConfigProperty.setName("multivalued");
        providerConfigProperty.setLabel(ProtocolMapperUtils.MULTIVALUED_LABEL);
        providerConfigProperty.setHelpText(ProtocolMapperUtils.MULTIVALUED_HELP_TEXT);
        providerConfigProperty.setType("boolean");
        providerConfigProperty.setDefaultValue(Boolean.TRUE.toString());
        arrayList.add(providerConfigProperty);
        ProviderConfigProperty providerConfigProperty2 = new ProviderConfigProperty();
        providerConfigProperty2.setName(ADD_ORGANIZATION_ATTRIBUTES);
        providerConfigProperty2.setLabel("addOrganizationAttributes.label");
        providerConfigProperty2.setType("boolean");
        providerConfigProperty2.setDefaultValue(Boolean.FALSE.toString());
        providerConfigProperty2.setHelpText("addOrganizationAttributes.help");
        arrayList.add(providerConfigProperty2);
        ProviderConfigProperty providerConfigProperty3 = new ProviderConfigProperty();
        providerConfigProperty3.setName(ADD_ORGANIZATION_ID);
        providerConfigProperty3.setLabel("addOrganizationId.label");
        providerConfigProperty3.setType("boolean");
        providerConfigProperty3.setDefaultValue(Boolean.FALSE.toString());
        providerConfigProperty3.setHelpText("addOrganizationId.help");
        arrayList.add(providerConfigProperty3);
        return arrayList;
    }

    public String getId() {
        return PROVIDER_ID;
    }

    public String getDisplayType() {
        return "Organization Membership";
    }

    public String getDisplayCategory() {
        return AbstractOIDCProtocolMapper.TOKEN_MAPPER_CATEGORY;
    }

    public String getHelpText() {
        return "Map user Organization membership";
    }

    @Override // org.keycloak.protocol.oidc.mappers.AbstractOIDCProtocolMapper
    protected void setClaim(IDToken iDToken, ProtocolMapperModel protocolMapperModel, UserSessionModel userSessionModel, KeycloakSession keycloakSession, ClientSessionContext clientSessionContext) {
        String note = clientSessionContext.getClientSession().getNote("kc.org");
        Stream<OrganizationModel> resolveFromRequestedScopes = note == null ? resolveFromRequestedScopes(keycloakSession, userSessionModel, clientSessionContext) : Stream.of(keycloakSession.getProvider(OrganizationProvider.class).getById(note));
        ProtocolMapperModel effectiveModel = getEffectiveModel(keycloakSession, keycloakSession.getContext().getRealm(), protocolMapperModel);
        Object resolveValue = resolveValue(effectiveModel, userSessionModel.getUser(), resolveFromRequestedScopes.toList());
        if (resolveValue == null) {
            return;
        }
        OIDCAttributeMapperHelper.mapClaim(iDToken, effectiveModel, resolveValue);
    }

    private Stream<OrganizationModel> resolveFromRequestedScopes(KeycloakSession keycloakSession, UserSessionModel userSessionModel, ClientSessionContext clientSessionContext) {
        String scopeString = clientSessionContext.getScopeString();
        OrganizationScope valueOfScope = OrganizationScope.valueOfScope(keycloakSession, scopeString);
        return valueOfScope == null ? Stream.empty() : valueOfScope.resolveOrganizations(userSessionModel.getUser(), scopeString, keycloakSession);
    }

    private Object resolveValue(ProtocolMapperModel protocolMapperModel, UserModel userModel, List<OrganizationModel> list) {
        if (list.isEmpty()) {
            return null;
        }
        if (!OIDCAttributeMapperHelper.isMultivalued(protocolMapperModel)) {
            return list.get(0).getAlias();
        }
        HashMap hashMap = new HashMap();
        for (OrganizationModel organizationModel : list) {
            if (organizationModel != null && organizationModel.isEnabled() && userModel != null && organizationModel.isMember(userModel)) {
                HashMap hashMap2 = new HashMap();
                if (isAddOrganizationId(protocolMapperModel)) {
                    hashMap2.put("id", organizationModel.getId());
                }
                if (isAddOrganizationAttributes(protocolMapperModel)) {
                    hashMap2.putAll(organizationModel.getAttributes());
                }
                hashMap.put(organizationModel.getAlias(), hashMap2);
            }
        }
        if (hashMap.isEmpty()) {
            return null;
        }
        return isJsonType(protocolMapperModel) ? hashMap : hashMap.keySet();
    }

    private static boolean isJsonType(ProtocolMapperModel protocolMapperModel) {
        return "JSON".equals(protocolMapperModel.getConfig().getOrDefault(OIDCAttributeMapperHelper.JSON_TYPE, "JSON"));
    }

    @Override // org.keycloak.protocol.oidc.mappers.AbstractOIDCProtocolMapper
    public ProtocolMapperModel getEffectiveModel(KeycloakSession keycloakSession, RealmModel realmModel, ProtocolMapperModel protocolMapperModel) {
        ProtocolMapperModel model = RepresentationToModel.toModel(ModelToRepresentation.toRepresentation(protocolMapperModel));
        Map<String, String> map = (Map) Optional.ofNullable(model.getConfig()).orElseGet(HashMap::new);
        map.putIfAbsent(OIDCAttributeMapperHelper.JSON_TYPE, "String");
        if (!OIDCAttributeMapperHelper.isMultivalued(model)) {
            map.put(ADD_ORGANIZATION_ATTRIBUTES, Boolean.FALSE.toString());
            map.put(ADD_ORGANIZATION_ID, Boolean.FALSE.toString());
        }
        if (isAddOrganizationAttributes(model) || isAddOrganizationId(model)) {
            map.put(OIDCAttributeMapperHelper.JSON_TYPE, "JSON");
        }
        setDefaultValues(map);
        return model;
    }

    private void setDefaultValues(Map<String, String> map) {
        map.putIfAbsent("claim.name", "organization");
        Iterator<ProviderConfigProperty> it = getConfigProperties().iterator();
        while (it.hasNext()) {
            Object defaultValue = it.next().getDefaultValue();
            if (defaultValue != null) {
                map.putIfAbsent("multivalued", defaultValue.toString());
            }
        }
    }

    private boolean isAddOrganizationAttributes(ProtocolMapperModel protocolMapperModel) {
        return Boolean.parseBoolean((String) protocolMapperModel.getConfig().getOrDefault(ADD_ORGANIZATION_ATTRIBUTES, Boolean.FALSE.toString()));
    }

    private boolean isAddOrganizationId(ProtocolMapperModel protocolMapperModel) {
        return Boolean.parseBoolean((String) protocolMapperModel.getConfig().getOrDefault(ADD_ORGANIZATION_ID, Boolean.FALSE.toString()));
    }

    public static ProtocolMapperModel create(String str, boolean z, boolean z2, boolean z3) {
        ProtocolMapperModel protocolMapperModel = new ProtocolMapperModel();
        protocolMapperModel.setName(str);
        protocolMapperModel.setProtocolMapper(PROVIDER_ID);
        protocolMapperModel.setProtocol("openid-connect");
        HashMap hashMap = new HashMap();
        if (z) {
            hashMap.put(OIDCAttributeMapperHelper.INCLUDE_IN_ACCESS_TOKEN, "true");
        }
        if (z2) {
            hashMap.put(OIDCAttributeMapperHelper.INCLUDE_IN_ID_TOKEN, "true");
        }
        if (z3) {
            hashMap.put(OIDCAttributeMapperHelper.INCLUDE_IN_INTROSPECTION, "true");
        }
        hashMap.put("claim.name", "organization");
        hashMap.put(OIDCAttributeMapperHelper.JSON_TYPE, "String");
        hashMap.put("multivalued", Boolean.TRUE.toString());
        protocolMapperModel.setConfig(hashMap);
        return protocolMapperModel;
    }

    public boolean isSupported(Config.Scope scope) {
        return Profile.isFeatureEnabled(Profile.Feature.ORGANIZATION);
    }
}
