package org.keycloak.protocol.oid4vc;

import com.fasterxml.jackson.databind.ObjectMapper;
import java.util.HashMap;
import java.util.Map;
import java.util.Optional;
import org.jboss.logging.Logger;
import org.keycloak.Config;
import org.keycloak.component.ComponentModel;
import org.keycloak.events.EventBuilder;
import org.keycloak.models.ClientModel;
import org.keycloak.models.ClientScopeModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.KeycloakSessionFactory;
import org.keycloak.models.ProtocolMapperModel;
import org.keycloak.models.RealmModel;
import org.keycloak.models.utils.KeycloakModelUtils;
import org.keycloak.protocol.LoginProtocol;
import org.keycloak.protocol.LoginProtocolFactory;
import org.keycloak.protocol.oid4vc.issuance.OID4VCIssuerEndpoint;
import org.keycloak.protocol.oid4vc.issuance.OffsetTimeProvider;
import org.keycloak.protocol.oid4vc.issuance.VCIssuerException;
import org.keycloak.protocol.oid4vc.issuance.mappers.OID4VCSubjectIdMapper;
import org.keycloak.protocol.oid4vc.issuance.mappers.OID4VCTargetRoleMapper;
import org.keycloak.protocol.oid4vc.issuance.mappers.OID4VCUserAttributeMapper;
import org.keycloak.protocol.oid4vc.issuance.signing.VCSigningServiceProviderFactory;
import org.keycloak.protocol.oid4vc.issuance.signing.VerifiableCredentialsSigningService;
import org.keycloak.protocol.oidc.OIDCLoginProtocolFactory;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.services.managers.AppAuthManager;

/* loaded from: input_file:org/keycloak/protocol/oid4vc/OID4VCLoginProtocolFactory.class */
public class OID4VCLoginProtocolFactory implements LoginProtocolFactory, OID4VCEnvironmentProviderFactory {
    public static final String PROTOCOL_ID = "oid4vc";
    private static final String ISSUER_DID_REALM_ATTRIBUTE_KEY = "issuerDid";
    private static final String CODE_LIFESPAN_REALM_ATTRIBUTE_KEY = "preAuthorizedCodeLifespanS";
    private static final int DEFAULT_CODE_LIFESPAN_S = 30;
    private static final String CLIENT_ROLES_MAPPER = "client-roles";
    private static final String USERNAME_MAPPER = "username";
    private static final String SUBJECT_ID_MAPPER = "subject-id";
    private static final String EMAIL_MAPPER = "email";
    private static final String LAST_NAME_MAPPER = "last-name";
    private static final String FIRST_NAME_MAPPER = "first-name";
    private Map<String, ProtocolMapperModel> builtins = new HashMap();
    private static final Logger LOGGER = Logger.getLogger(OID4VCLoginProtocolFactory.class);
    private static final ObjectMapper OBJECT_MAPPER = new ObjectMapper();

    public void init(Config.Scope scope) {
        this.builtins.put("client-roles", OID4VCTargetRoleMapper.create("id", OIDCLoginProtocolFactory.CLIENT_ROLES));
        this.builtins.put(SUBJECT_ID_MAPPER, OID4VCSubjectIdMapper.create("subject id", "id"));
        this.builtins.put("username", OID4VCUserAttributeMapper.create("username", "username", "username", false));
        this.builtins.put("email", OID4VCUserAttributeMapper.create("email", "email", "email", false));
        this.builtins.put(FIRST_NAME_MAPPER, OID4VCUserAttributeMapper.create(FIRST_NAME_MAPPER, "firstName", "firstName", false));
        this.builtins.put(LAST_NAME_MAPPER, OID4VCUserAttributeMapper.create(LAST_NAME_MAPPER, "lastName", "familyName", false));
    }

    public void postInit(KeycloakSessionFactory keycloakSessionFactory) {
    }

    public void close() {
    }

    public Map<String, ProtocolMapperModel> getBuiltinMappers() {
        return this.builtins;
    }

    private void addServiceFromComponent(Map<String, VerifiableCredentialsSigningService> map, KeycloakSession keycloakSession, ComponentModel componentModel) {
        VCSigningServiceProviderFactory providerFactory = keycloakSession.getKeycloakSessionFactory().getProviderFactory(VerifiableCredentialsSigningService.class, componentModel.getProviderId());
        if (!(providerFactory instanceof VCSigningServiceProviderFactory)) {
            throw new IllegalArgumentException(String.format("The component %s is not a VerifiableCredentialsSigningServiceProviderFactory", componentModel.getProviderId()));
        }
        VerifiableCredentialsSigningService verifiableCredentialsSigningService = (VerifiableCredentialsSigningService) providerFactory.create(keycloakSession, componentModel);
        map.put(verifiableCredentialsSigningService.locator(), verifiableCredentialsSigningService);
    }

    public Object createProtocolEndpoint(KeycloakSession keycloakSession, EventBuilder eventBuilder) {
        HashMap hashMap = new HashMap();
        RealmModel realm = keycloakSession.getContext().getRealm();
        realm.getComponentsStream(realm.getId(), VerifiableCredentialsSigningService.class.getName()).forEach(componentModel -> {
            addServiceFromComponent(hashMap, keycloakSession, componentModel);
        });
        RealmModel realm2 = keycloakSession.getContext().getRealm();
        return new OID4VCIssuerEndpoint(keycloakSession, (String) Optional.ofNullable(realm2.getAttribute("issuerDid")).orElseThrow(() -> {
            return new VCIssuerException("No issuer-did  configured.");
        }), hashMap, new AppAuthManager.BearerTokenAuthenticator(keycloakSession), OBJECT_MAPPER, new OffsetTimeProvider(), ((Integer) Optional.ofNullable(realm2.getAttribute(CODE_LIFESPAN_REALM_ATTRIBUTE_KEY)).map(Integer::valueOf).orElse(30)).intValue());
    }

    public void createDefaultClientScopes(RealmModel realmModel, boolean z) {
        LOGGER.debugf("Create default scopes for realm %s", realmModel.getName());
        if (KeycloakModelUtils.getClientScopeByName(realmModel, "natural_person") == null) {
            LOGGER.debug("Add natural person scope");
            ClientScopeModel addClientScope = realmModel.addClientScope(String.format("%s_%s", PROTOCOL_ID, "natural_person"));
            addClientScope.setDescription("OIDC$VP Scope, that adds all properties required for a natural person.");
            addClientScope.setProtocol(PROTOCOL_ID);
            addClientScope.addProtocolMapper(this.builtins.get(SUBJECT_ID_MAPPER));
            addClientScope.addProtocolMapper(this.builtins.get("client-roles"));
            addClientScope.addProtocolMapper(this.builtins.get("email"));
            addClientScope.addProtocolMapper(this.builtins.get(FIRST_NAME_MAPPER));
            addClientScope.addProtocolMapper(this.builtins.get(LAST_NAME_MAPPER));
            realmModel.addDefaultClientScope(addClientScope, true);
        }
    }

    public void setupClientDefaults(ClientRepresentation clientRepresentation, ClientModel clientModel) {
    }

    /* renamed from: create, reason: merged with bridge method [inline-methods] */
    public LoginProtocol m347create(KeycloakSession keycloakSession) {
        return null;
    }

    public String getId() {
        return PROTOCOL_ID;
    }
}
