package ru.playa.keycloak.modules.vkid;

import com.fasterxml.jackson.databind.JsonNode;
import jakarta.ws.rs.core.UriBuilder;
import java.io.IOException;
import java.util.Objects;
import java.util.UUID;
import org.keycloak.broker.oidc.mappers.AbstractJsonUserAttributeMapper;
import org.keycloak.broker.provider.AuthenticationRequest;
import org.keycloak.broker.provider.BrokeredIdentityContext;
import org.keycloak.broker.provider.IdentityBrokerException;
import org.keycloak.broker.provider.IdentityProvider;
import org.keycloak.broker.provider.util.SimpleHttp;
import org.keycloak.broker.social.SocialIdentityProvider;
import org.keycloak.events.EventBuilder;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import ru.playa.keycloak.modules.AbstractRussianOAuth2IdentityProvider;
import ru.playa.keycloak.modules.InfinispanUtils;
import ru.playa.keycloak.modules.Utils;

/* loaded from: input_file:ru/playa/keycloak/modules/vkid/VKIDIdentityProvider.class */
public class VKIDIdentityProvider extends AbstractRussianOAuth2IdentityProvider<VKIDIdentityProviderConfig> implements SocialIdentityProvider<VKIDIdentityProviderConfig> {
    private static final String AUTH_URL = "https://id.vk.com/authorize";
    private static final String TOKEN_URL = "https://id.vk.com/oauth2/auth";
    private static final String PROFILE_URL = "https://id.vk.com/oauth2/user_info";

    public VKIDIdentityProvider(KeycloakSession keycloakSession, VKIDIdentityProviderConfig vKIDIdentityProviderConfig) {
        super(keycloakSession, vKIDIdentityProviderConfig);
        vKIDIdentityProviderConfig.setAuthorizationUrl(AUTH_URL);
        vKIDIdentityProviderConfig.setTokenUrl(TOKEN_URL);
        vKIDIdentityProviderConfig.setUserInfoUrl(PROFILE_URL);
    }

    @Override // ru.playa.keycloak.modules.AbstractRussianOAuth2IdentityProvider
    public Object callback(RealmModel realmModel, IdentityProvider.AuthenticationCallback authenticationCallback, EventBuilder eventBuilder) {
        return new VKIDEndpoint(authenticationCallback, eventBuilder, this, this.session);
    }

    public BrokeredIdentityContext getFederatedIdentity(String str) {
        logger.infof("GetFederatedIdentity %s", str);
        String asText = Utils.asText(Utils.asJsonNode(str), "access_token");
        if (asText == null) {
            throw new IdentityBrokerException("No access token available in OAuth server response: " + str);
        }
        BrokeredIdentityContext doGetFederatedIdentity = doGetFederatedIdentity(asText);
        doGetFederatedIdentity.getContextData().put("FEDERATED_ACCESS_TOKEN", asText);
        return doGetFederatedIdentity;
    }

    protected BrokeredIdentityContext doGetFederatedIdentity(String str) {
        try {
            logger.infof("DoGetFederatedIdentity AccessToken %s", str);
            return extractIdentityFromProfile(SimpleHttp.doPost(((VKIDIdentityProviderConfig) getConfig()).getUserInfoUrl(), this.session).param("access_token", str).param("client_id", ((VKIDIdentityProviderConfig) getConfig()).getClientId()).asJson());
        } catch (IOException e) {
            throw new IdentityBrokerException("Could not obtain user profile from VK: " + e.getMessage(), e);
        }
    }

    protected BrokeredIdentityContext extractIdentityFromProfile(JsonNode jsonNode) {
        BrokeredIdentityContext extractIdentityFromProfile = extractIdentityFromProfile(null, jsonNode);
        String asText = Utils.asText(jsonNode, "email");
        String asText2 = Utils.asText(jsonNode, "phone");
        if (((VKIDIdentityProviderConfig) getConfig()).isEmailRequired() && Utils.isNullOrEmpty(asText)) {
            throw new IllegalArgumentException(Utils.toEmailErrorMessage("VK"));
        }
        if (Utils.nonNullOrEmpty(asText)) {
            extractIdentityFromProfile.setUsername(asText);
        } else if (Utils.isNullOrEmpty(extractIdentityFromProfile.getUsername())) {
            extractIdentityFromProfile.setUsername("vk." + extractIdentityFromProfile.getId());
        }
        extractIdentityFromProfile.setEmail(asText);
        extractIdentityFromProfile.setUserAttribute("phone", asText2);
        return extractIdentityFromProfile;
    }

    protected BrokeredIdentityContext extractIdentityFromProfile(EventBuilder eventBuilder, JsonNode jsonNode) {
        JsonNode asJsonNode = Utils.asJsonNode(jsonNode, "user");
        BrokeredIdentityContext brokeredIdentityContext = new BrokeredIdentityContext((String) Objects.requireNonNull(Utils.asText(asJsonNode, "user_id")), getConfig());
        brokeredIdentityContext.setFirstName(Utils.asText(asJsonNode, "first_name"));
        brokeredIdentityContext.setLastName(Utils.asText(asJsonNode, "last_name"));
        brokeredIdentityContext.setIdp(this);
        AbstractJsonUserAttributeMapper.storeUserProfileForMapper(brokeredIdentityContext, asJsonNode, ((VKIDIdentityProviderConfig) getConfig()).getAlias());
        return brokeredIdentityContext;
    }

    protected UriBuilder createAuthorizationUrl(AuthenticationRequest authenticationRequest) {
        String uuid = UUID.randomUUID().toString();
        String randomString = Utils.getRandomString();
        InfinispanUtils.put(uuid, authenticationRequest.getState().getEncoded());
        InfinispanUtils.put(authenticationRequest.getState().getEncoded(), randomString);
        return UriBuilder.fromUri(((VKIDIdentityProviderConfig) getConfig()).getAuthorizationUrl()).queryParam("scope", new Object[]{((VKIDIdentityProviderConfig) getConfig()).getDefaultScope()}).queryParam("state", new Object[]{uuid}).queryParam("code_challenge_method", new Object[]{"s256"}).queryParam("code_challenge", new Object[]{Utils.sha256(randomString)}).queryParam("response_type", new Object[]{"code"}).queryParam("client_id", new Object[]{((VKIDIdentityProviderConfig) getConfig()).getClientId()}).queryParam("redirect_uri", new Object[]{authenticationRequest.getRedirectUri()});
    }

    protected String getDefaultScopes() {
        return "";
    }
}
