package org.keycloak.protocol.oidc.mappers;

import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import org.keycloak.models.ClientSessionContext;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.ProtocolMapperModel;
import org.keycloak.models.UserSessionModel;
import org.keycloak.models.utils.KeycloakModelUtils;
import org.keycloak.provider.ProviderConfigProperty;
import org.keycloak.representations.AccessToken;
import org.keycloak.representations.IDToken;
import org.keycloak.utils.RoleResolveUtil;

/* loaded from: input_file:org/keycloak/protocol/oidc/mappers/HardcodedRole.class */
public class HardcodedRole extends AbstractOIDCProtocolMapper implements OIDCAccessTokenMapper, UserInfoTokenMapper, TokenIntrospectionTokenMapper {
    private static final List<ProviderConfigProperty> configProperties = new ArrayList();
    public static final String ROLE_CONFIG = "role";
    public static final String PROVIDER_ID = "oidc-hardcoded-role-mapper";

    public List<ProviderConfigProperty> getConfigProperties() {
        return configProperties;
    }

    public String getId() {
        return PROVIDER_ID;
    }

    public String getDisplayType() {
        return "Hardcoded Role";
    }

    public String getDisplayCategory() {
        return AbstractOIDCProtocolMapper.TOKEN_MAPPER_CATEGORY;
    }

    public String getHelpText() {
        return "Hardcode a role into the access token.";
    }

    public int getPriority() {
        return 20;
    }

    @Override // org.keycloak.protocol.oidc.mappers.AbstractOIDCProtocolMapper, org.keycloak.protocol.oidc.mappers.UserInfoTokenMapper
    public AccessToken transformUserInfoToken(AccessToken accessToken, ProtocolMapperModel protocolMapperModel, KeycloakSession keycloakSession, UserSessionModel userSessionModel, ClientSessionContext clientSessionContext) {
        setClaim((IDToken) accessToken, protocolMapperModel, userSessionModel, keycloakSession, clientSessionContext);
        return accessToken;
    }

    @Override // org.keycloak.protocol.oidc.mappers.AbstractOIDCProtocolMapper, org.keycloak.protocol.oidc.mappers.OIDCAccessTokenMapper
    public AccessToken transformAccessToken(AccessToken accessToken, ProtocolMapperModel protocolMapperModel, KeycloakSession keycloakSession, UserSessionModel userSessionModel, ClientSessionContext clientSessionContext) {
        setClaim((IDToken) accessToken, protocolMapperModel, userSessionModel, keycloakSession, clientSessionContext);
        return accessToken;
    }

    @Override // org.keycloak.protocol.oidc.mappers.AbstractOIDCProtocolMapper, org.keycloak.protocol.oidc.mappers.TokenIntrospectionTokenMapper
    public AccessToken transformIntrospectionToken(AccessToken accessToken, ProtocolMapperModel protocolMapperModel, KeycloakSession keycloakSession, UserSessionModel userSessionModel, ClientSessionContext clientSessionContext) {
        setClaim((IDToken) accessToken, protocolMapperModel, userSessionModel, keycloakSession, clientSessionContext);
        return accessToken;
    }

    @Override // org.keycloak.protocol.oidc.mappers.AbstractOIDCProtocolMapper
    protected void setClaim(IDToken iDToken, ProtocolMapperModel protocolMapperModel, UserSessionModel userSessionModel, KeycloakSession keycloakSession, ClientSessionContext clientSessionContext) {
        String str = (String) protocolMapperModel.getConfig().get("role");
        String[] parseRole = KeycloakModelUtils.parseRole(str);
        String str2 = parseRole[0];
        String str3 = parseRole[1];
        if (str2 != null) {
            RoleResolveUtil.getResolvedClientRoles(keycloakSession, clientSessionContext, str2, true).addRole(str3);
        } else {
            RoleResolveUtil.getResolvedRealmRoles(keycloakSession, clientSessionContext, true).addRole(str);
        }
    }

    public static ProtocolMapperModel create(String str, String str2) {
        ProtocolMapperModel protocolMapperModel = new ProtocolMapperModel();
        protocolMapperModel.setName(str);
        protocolMapperModel.setProtocolMapper(PROVIDER_ID);
        protocolMapperModel.setProtocol("openid-connect");
        HashMap hashMap = new HashMap();
        hashMap.put("role", str2);
        protocolMapperModel.setConfig(hashMap);
        return protocolMapperModel;
    }

    static {
        ProviderConfigProperty providerConfigProperty = new ProviderConfigProperty();
        providerConfigProperty.setName("role");
        providerConfigProperty.setLabel("Role");
        providerConfigProperty.setHelpText("Role you want added to the token.  Click 'Select Role' button to browse roles, or just type it in the textbox.  To reference a client role the syntax is clientname.clientrole, i.e. myclient.myrole");
        providerConfigProperty.setType("Role");
        configProperties.add(providerConfigProperty);
    }
}
