package org.gcube.keycloak.broker.oidc.mappers;

import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import java.util.stream.Collectors;
import org.jboss.logging.Logger;
import org.keycloak.broker.oidc.mappers.AbstractClaimMapper;
import org.keycloak.broker.provider.BrokeredIdentityContext;
import org.keycloak.models.IdentityProviderMapperModel;
import org.keycloak.models.IdentityProviderSyncMode;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.utils.KeycloakModelUtils;
import org.keycloak.provider.ProviderConfigProperty;
import org.keycloak.provider.ProviderConfigurationBuilder;

/* loaded from: input_file:identity-provider-mapper.jar:org/gcube/keycloak/broker/oidc/mappers/UsernameFromMailMapper.class */
public class UsernameFromMailMapper extends AbstractClaimMapper {
    private static final String CYRUS = "cyrus";
    private static final String POSTFIX = "postfix";
    private static final String COMMA = ",";
    public static final String PROVIDER_ID = "username-from-idp-email-mapper";
    private static final Logger logger = Logger.getLogger(UsernameFromMailMapper.class);
    private static final Character PERIOD = '.';
    private static final Character DASH = '-';
    public static final String[] COMPATIBLE_PROVIDERS = {"keycloak-oidc", "oidc", "bitbucket", "facebook", "github", "gitlab", "google", "instagram", "linkedin", "microsoft", "openshift-v3", "openshift-v4", "paypal", "stackoverflow", "twitter"};
    private static final Set<IdentityProviderSyncMode> IDENTITY_PROVIDER_SYNC_MODES = new HashSet(Arrays.asList(IdentityProviderSyncMode.values()));
    public static final String RESERVED_USERNAMES = "reserved-usernames";
    public static final String AUTO_RESOLVE_CONFLICT = "auto-resolve";
    private static final List<ProviderConfigProperty> configProperties = ProviderConfigurationBuilder.create().property().name(RESERVED_USERNAMES).label("Reserved Usernames").helpText("List of reserved usernames (comma separated) that cannot be accepted. If found a progressive suffix number will we added.").type("String").defaultValue("cyrus,postfix").add().property().name(AUTO_RESOLVE_CONFLICT).label("Auto resolve conflicts").helpText("Automatically add a numeric suffix to avoid already existing username conflict.").type("boolean").add().build();

    public boolean supportsSyncMode(IdentityProviderSyncMode identityProviderSyncMode) {
        return IDENTITY_PROVIDER_SYNC_MODES.contains(identityProviderSyncMode);
    }

    public List<ProviderConfigProperty> getConfigProperties() {
        return configProperties;
    }

    public String getId() {
        return PROVIDER_ID;
    }

    public String[] getCompatibleProviders() {
        return COMPATIBLE_PROVIDERS;
    }

    public String getDisplayCategory() {
        return "Preprocessor";
    }

    public String getDisplayType() {
        return "Username from email importer";
    }

    public void updateBrokeredUserLegacy(KeycloakSession keycloakSession, RealmModel realmModel, UserModel userModel, IdentityProviderMapperModel identityProviderMapperModel, BrokeredIdentityContext brokeredIdentityContext) {
    }

    public void updateBrokeredUser(KeycloakSession keycloakSession, RealmModel realmModel, UserModel userModel, IdentityProviderMapperModel identityProviderMapperModel, BrokeredIdentityContext brokeredIdentityContext) {
        if (realmModel.isRegistrationEmailAsUsername()) {
            return;
        }
        userModel.setUsername(brokeredIdentityContext.getModelUsername());
    }

    public void preprocessFederatedIdentity(KeycloakSession keycloakSession, RealmModel realmModel, IdentityProviderMapperModel identityProviderMapperModel, BrokeredIdentityContext brokeredIdentityContext) {
        String str;
        Set<String> configValuesOrEmptySetIfNullOrEmptyString = getConfigValuesOrEmptySetIfNullOrEmptyString((String) identityProviderMapperModel.getConfig().get(RESERVED_USERNAMES));
        logger.debugf("Reserved usernames are: %s", configValuesOrEmptySetIfNullOrEmptyString);
        boolean booleanValue = Boolean.valueOf((String) identityProviderMapperModel.getConfig().get(AUTO_RESOLVE_CONFLICT)).booleanValue();
        logger.debugf("Auto resolve conflict setting is: %b", Boolean.valueOf(booleanValue));
        String email = brokeredIdentityContext.getEmail();
        logger.debugf("Email address is: " + email, new Object[0]);
        String lowerCase = email.substring(0, email.indexOf(64)).toLowerCase();
        logger.debugf("Extracted raw username is: %s", lowerCase);
        for (Character ch : (Set) lowerCase.chars().mapToObj(i -> {
            return Character.valueOf((char) i);
        }).collect(Collectors.toSet())) {
            if (!isChar(ch.charValue()) && !isDigit(ch.charValue()) && ch != DASH && ch != PERIOD) {
                logger.infof("Replacing unneded char (%c) with %c", ch, PERIOD);
                lowerCase = lowerCase.replace(ch.charValue(), PERIOD.charValue());
            }
        }
        boolean usernameAlreadyExists = usernameAlreadyExists(keycloakSession, realmModel, lowerCase);
        if ((usernameAlreadyExists && booleanValue) || configValuesOrEmptySetIfNullOrEmptyString.contains(lowerCase)) {
            if (usernameAlreadyExists) {
                logger.infof("Username already exists: %s", lowerCase);
            } else {
                logger.info("Username is one of the reserved usernames");
            }
            int i2 = 1;
            while (true) {
                str = lowerCase + PERIOD + i2;
                logger.tracef("Trying with username: %s", str);
                if (!usernameAlreadyExists(keycloakSession, realmModel, str)) {
                    break;
                }
                logger.tracef("Username already exists: %s", str);
                i2++;
            }
            logger.tracef("Username is OK: %s", str);
            lowerCase = str;
        }
        logger.infof("Final computed username is: %s", lowerCase);
        brokeredIdentityContext.setModelUsername(lowerCase);
    }

    private static boolean isChar(char c) {
        return (c >= 'a' && c <= 'z') || (c >= 'A' && c <= 'Z');
    }

    private static boolean isDigit(char c) {
        return c >= '0' && c <= '9';
    }

    private boolean usernameAlreadyExists(KeycloakSession keycloakSession, RealmModel realmModel, String str) {
        return KeycloakModelUtils.findUserByNameOrEmail(keycloakSession, realmModel, str) != null;
    }

    public String getHelpText() {
        return "Extract the IdP username from the e-mail address (before the '@' char).";
    }

    protected Set<String> getConfigValuesOrEmptySetIfNullOrEmptyString(String str) {
        if (str == null || "".equals(str)) {
            return Collections.emptySet();
        }
        String[] split = str.split(COMMA);
        HashSet hashSet = new HashSet();
        for (String str2 : split) {
            String trim = str2.trim();
            if (trim.length() > 0) {
                hashSet.add(trim);
            }
        }
        return hashSet;
    }
}
