package ru.playa.keycloak.modules.yandex;

import com.fasterxml.jackson.databind.JsonNode;
import java.io.IOException;
import org.keycloak.broker.oidc.mappers.AbstractJsonUserAttributeMapper;
import org.keycloak.broker.provider.BrokeredIdentityContext;
import org.keycloak.broker.provider.IdentityBrokerException;
import org.keycloak.broker.provider.util.SimpleHttp;
import org.keycloak.broker.social.SocialIdentityProvider;
import org.keycloak.events.EventBuilder;
import org.keycloak.models.KeycloakSession;
import ru.playa.keycloak.modules.AbstractRussianOAuth2IdentityProvider;
import ru.playa.keycloak.modules.HostedDomainUtils;
import ru.playa.keycloak.modules.MessageUtils;
import ru.playa.keycloak.modules.StringUtils;

/* loaded from: input_file:ru/playa/keycloak/modules/yandex/YandexIdentityProvider.class */
public class YandexIdentityProvider extends AbstractRussianOAuth2IdentityProvider<YandexIdentityProviderConfig> implements SocialIdentityProvider<YandexIdentityProviderConfig> {
    private static final String AUTH_URL = "https://oauth.yandex.ru/authorize";
    private static final String TOKEN_URL = "https://oauth.yandex.ru/token";
    private static final String PROFILE_URL = "https://login.yandex.ru/info";
    private static final String DEFAULT_SCOPE = "";

    public YandexIdentityProvider(KeycloakSession keycloakSession, YandexIdentityProviderConfig yandexIdentityProviderConfig) {
        super(keycloakSession, yandexIdentityProviderConfig);
        yandexIdentityProviderConfig.setAuthorizationUrl(AUTH_URL);
        yandexIdentityProviderConfig.setTokenUrl(TOKEN_URL);
        yandexIdentityProviderConfig.setUserInfoUrl(PROFILE_URL);
    }

    protected boolean supportsExternalExchange() {
        return true;
    }

    protected String getProfileEndpointForValidation(EventBuilder eventBuilder) {
        return PROFILE_URL;
    }

    protected SimpleHttp buildUserInfoRequest(String str, String str2) {
        return SimpleHttp.doGet("https://login.yandex.ru/info?oauth_token=" + str, this.session);
    }

    protected BrokeredIdentityContext extractIdentityFromProfile(EventBuilder eventBuilder, JsonNode jsonNode) {
        BrokeredIdentityContext brokeredIdentityContext = new BrokeredIdentityContext(getJsonProperty(jsonNode, "id"), getConfig());
        String jsonProperty = getJsonProperty(jsonNode, "default_email");
        if (StringUtils.isNullOrEmpty(jsonProperty)) {
            throw new IllegalArgumentException(MessageUtils.email("Yandex"));
        }
        HostedDomainUtils.isHostedDomain(jsonProperty, ((YandexIdentityProviderConfig) getConfig()).getHostedDomain(), "Yandex");
        String jsonProperty2 = getJsonProperty(jsonNode, "login");
        if (StringUtils.isNullOrEmpty(jsonProperty2)) {
            brokeredIdentityContext.setUsername(jsonProperty);
        } else {
            brokeredIdentityContext.setUsername(jsonProperty2);
        }
        brokeredIdentityContext.setEmail(jsonProperty);
        brokeredIdentityContext.setLastName(getJsonProperty(jsonNode, "last_name"));
        brokeredIdentityContext.setFirstName(getJsonProperty(jsonNode, "first_name"));
        brokeredIdentityContext.setIdp(this);
        AbstractJsonUserAttributeMapper.storeUserProfileForMapper(brokeredIdentityContext, jsonNode, ((YandexIdentityProviderConfig) getConfig()).getAlias());
        return brokeredIdentityContext;
    }

    protected BrokeredIdentityContext doGetFederatedIdentity(String str) {
        try {
            return extractIdentityFromProfile(null, SimpleHttp.doGet("https://login.yandex.ru/info?oauth_token=" + str, this.session).asJson());
        } catch (IOException e) {
            throw new IdentityBrokerException("Could not obtain user profile from Yandex: " + e.getMessage(), e);
        }
    }

    protected String getDefaultScopes() {
        return DEFAULT_SCOPE;
    }
}
