package de.governikus.keycloak.eid.provider.identity;

import de.governikus.keycloak.eid.provider.endpoints.EidSamlResponseHandler;
import de.governikus.keycloak.eid.provider.endpoints.TcTokenEndpointFactory;
import de.governikus.panstar.sdk.saml.configuration.SamlConfiguration;
import de.governikus.panstar.sdk.utils.TcTokenUtils;
import jakarta.ws.rs.core.Response;
import jakarta.ws.rs.core.UriBuilder;
import java.net.URI;
import java.util.Objects;
import java.util.stream.Stream;
import org.keycloak.broker.provider.AbstractIdentityProvider;
import org.keycloak.broker.provider.AuthenticationRequest;
import org.keycloak.broker.provider.IdentityBrokerException;
import org.keycloak.broker.provider.IdentityProvider;
import org.keycloak.events.EventBuilder;
import org.keycloak.models.FederatedIdentityModel;
import org.keycloak.models.IdentityProviderModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.sessions.AuthenticationSessionModel;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:de/governikus/keycloak/eid/provider/identity/EidIdentityProvider.class */
public class EidIdentityProvider extends AbstractIdentityProvider<IdentityProviderModel> {
    private static final Logger log = LoggerFactory.getLogger(EidIdentityProvider.class);
    private final SamlConfiguration samlConfiguration;

    public EidIdentityProvider(KeycloakSession keycloakSession, IdentityProviderModel identityProviderModel, SamlConfiguration samlConfiguration) {
        super(keycloakSession, identityProviderModel);
        this.samlConfiguration = samlConfiguration;
    }

    private static void logDetails(AuthenticationRequest authenticationRequest) {
        AuthenticationSessionModel authenticationSession = authenticationRequest.getAuthenticationSession();
        log.debug("AuthenticationSession != null is {}", Boolean.valueOf(authenticationSession != null));
        if (authenticationSession != null) {
            log.debug("Scopes from client note: {}", authenticationSession.getClientNote("scope"));
            log.debug("claims from client note: {}", authenticationSession.getClientNote("claims"));
            log.debug("acr_values from client note: {}", authenticationSession.getClientNote("acr_values"));
            log.debug("display from client note: {}", authenticationSession.getClientNote("display"));
            log.debug("transaction_info from client note: {}", authenticationSession.getClientNote("transaction_info"));
        }
    }

    public Object callback(RealmModel realmModel, IdentityProvider.AuthenticationCallback authenticationCallback, EventBuilder eventBuilder) {
        return new EidSamlResponseHandler(realmModel, this.session, authenticationCallback, eventBuilder, this);
    }

    public Response performLogin(AuthenticationRequest authenticationRequest) {
        log.info("Requested login with eID. Try to generate TcTokenUri and redirect to AusweisApp.");
        String encoded = authenticationRequest.getState().getEncoded();
        log.debug("RelayState is {}", encoded);
        logDetails(authenticationRequest);
        String uri = UriBuilder.fromUri(authenticationRequest.getUriInfo().getBaseUri()).path("realms").path(authenticationRequest.getRealm().getName()).path(TcTokenEndpointFactory.PROVIDER_ID).path("tc-token").queryParam("RelayState", new Object[]{encoded}).build(new Object[0]).toString();
        log.debug("TcTokenUrl is {}", uri);
        try {
            String list = authenticationRequest.getHttpRequest().getHttpHeaders().getRequestHeader("User-Agent").toString();
            Stream of = Stream.of((Object[]) new String[]{"iPhone", "Android", "Windows Phone"});
            Objects.requireNonNull(list);
            boolean anyMatch = of.anyMatch((v1) -> {
                return r1.contains(v1);
            });
            URI uri2 = null;
            if (anyMatch) {
                uri2 = new URI(TcTokenUtils.getMobileEidClientUrl(uri));
            }
            if (!anyMatch) {
                uri2 = new URI(TcTokenUtils.getStationaryEidClientUrl(uri));
            }
            log.debug("TcTokenRedirectUri is {}", uri2);
            log.info("Successfully generated TcTokenUri. Redirect to AusweisApp.");
            return Response.seeOther(uri2).build();
        } catch (Exception e) {
            throw new IdentityBrokerException("Could not create authentication request.", e);
        }
    }

    public Response retrieveToken(KeycloakSession keycloakSession, FederatedIdentityModel federatedIdentityModel) {
        return Response.ok(federatedIdentityModel.getToken()).type("application/json").build();
    }

    public SamlConfiguration getSamlConfiguration() {
        return this.samlConfiguration;
    }
}
