package org.keycloak.models.utils;

import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.function.BiConsumer;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
import org.keycloak.common.util.MultivaluedHashMap;
import org.keycloak.models.ClientSecretConstants;
import org.keycloak.models.KeycloakSession;
import org.keycloak.provider.ProviderConfigProperty;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.idm.ComponentExportRepresentation;
import org.keycloak.representations.idm.ComponentRepresentation;
import org.keycloak.representations.idm.CredentialRepresentation;
import org.keycloak.representations.idm.IdentityProviderRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.UserRepresentation;

/* loaded from: input_file:org/keycloak/models/utils/StripSecretsUtils.class */
public class StripSecretsUtils {
    private static final Pattern VAULT_VALUE = Pattern.compile("^\\$\\{vault\\.(.+?)}$");
    private static final Map<Class<?>, BiConsumer<KeycloakSession, Object>> REPRESENTATION_FORMATTER = new HashMap();

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:org/keycloak/models/utils/StripSecretsUtils$GetComponentPropertiesFn.class */
    public interface GetComponentPropertiesFn {
        Map<String, ProviderConfigProperty> getComponentProperties(KeycloakSession keycloakSession, String str, String str2);
    }

    public static <T> T stripSecrets(KeycloakSession keycloakSession, T t) {
        BiConsumer<KeycloakSession, Object> biConsumer = REPRESENTATION_FORMATTER.get(t.getClass());
        if (biConsumer == null) {
            return t;
        }
        biConsumer.accept(keycloakSession, t);
        return t;
    }

    private static String maskNonVaultValue(String str) {
        if (str == null) {
            return null;
        }
        return VAULT_VALUE.matcher(str).matches() ? str : "**********";
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static CredentialRepresentation stripCredentials(CredentialRepresentation credentialRepresentation) {
        credentialRepresentation.setValue("**********");
        return credentialRepresentation;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static ComponentRepresentation stripComponent(KeycloakSession keycloakSession, ComponentRepresentation componentRepresentation) {
        return stripComponent(ComponentUtil.getComponentConfigProperties(keycloakSession, componentRepresentation), componentRepresentation);
    }

    protected static ComponentRepresentation stripComponent(Map<String, ProviderConfigProperty> map, ComponentRepresentation componentRepresentation) {
        if (componentRepresentation.getConfig() != null) {
            stripComponentConfigMap(componentRepresentation.getConfig(), map);
        }
        return componentRepresentation;
    }

    private static void stripComponentConfigMap(MultivaluedHashMap<String, String> multivaluedHashMap, Map<String, ProviderConfigProperty> map) {
        Iterator it = multivaluedHashMap.entrySet().iterator();
        while (it.hasNext()) {
            Map.Entry entry = (Map.Entry) it.next();
            ProviderConfigProperty providerConfigProperty = map.get(entry.getKey());
            if (providerConfigProperty == null) {
                it.remove();
            } else if (providerConfigProperty.isSecret()) {
                if (entry.getValue() == null || ((List) entry.getValue()).isEmpty()) {
                    entry.setValue(Collections.singletonList("**********"));
                } else {
                    entry.setValue((List) ((List) entry.getValue()).stream().map(StripSecretsUtils::maskNonVaultValue).collect(Collectors.toList()));
                }
            }
        }
    }

    private static Map<String, String> stripFromMap(Map<String, String> map, String str) {
        if (map != null && map.containsKey(str)) {
            map.put(str, maskNonVaultValue(map.get(str)));
        }
        return map;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static IdentityProviderRepresentation stripBroker(IdentityProviderRepresentation identityProviderRepresentation) {
        stripFromMap(identityProviderRepresentation.getConfig(), "clientSecret");
        return identityProviderRepresentation;
    }

    private static RealmRepresentation stripRealm(RealmRepresentation realmRepresentation) {
        stripFromMap(realmRepresentation.getSmtpServer(), "password");
        stripFromMap(realmRepresentation.getSmtpServer(), "authTokenClientSecret");
        return realmRepresentation;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void stripRealm(KeycloakSession keycloakSession, RealmRepresentation realmRepresentation) {
        stripRealm(keycloakSession, realmRepresentation, ComponentUtil::getComponentConfigProperties);
    }

    protected static void stripRealm(KeycloakSession keycloakSession, RealmRepresentation realmRepresentation, GetComponentPropertiesFn getComponentPropertiesFn) {
        stripRealm(realmRepresentation);
        Optional.ofNullable(realmRepresentation.getClients()).ifPresent(list -> {
            list.forEach(StripSecretsUtils::stripClient);
        });
        Optional.ofNullable(realmRepresentation.getIdentityProviders()).ifPresent(list2 -> {
            list2.forEach(StripSecretsUtils::stripBroker);
        });
        Optional.ofNullable(realmRepresentation.getComponents()).ifPresent(multivaluedHashMap -> {
            multivaluedHashMap.forEach((str, list3) -> {
                list3.forEach(componentExportRepresentation -> {
                    stripComponentExport(keycloakSession, str, componentExportRepresentation, getComponentPropertiesFn);
                });
            });
        });
        Optional.ofNullable(realmRepresentation.getUsers()).ifPresent(list3 -> {
            list3.forEach(StripSecretsUtils::stripUser);
        });
        Optional.ofNullable(realmRepresentation.getFederatedUsers()).ifPresent(list4 -> {
            list4.forEach(StripSecretsUtils::stripUser);
        });
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static UserRepresentation stripUser(UserRepresentation userRepresentation) {
        userRepresentation.setCredentials((List) null);
        return userRepresentation;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static ClientRepresentation stripClient(ClientRepresentation clientRepresentation) {
        if (clientRepresentation.getSecret() != null) {
            clientRepresentation.setSecret(maskNonVaultValue(clientRepresentation.getSecret()));
        }
        stripFromMap(clientRepresentation.getAttributes(), ClientSecretConstants.CLIENT_ROTATED_SECRET);
        return clientRepresentation;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static ComponentExportRepresentation stripComponentExport(KeycloakSession keycloakSession, String str, ComponentExportRepresentation componentExportRepresentation) {
        return stripComponentExport(keycloakSession, str, componentExportRepresentation, ComponentUtil::getComponentConfigProperties);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static ComponentExportRepresentation stripComponentExport(KeycloakSession keycloakSession, String str, ComponentExportRepresentation componentExportRepresentation, GetComponentPropertiesFn getComponentPropertiesFn) {
        Map<String, ProviderConfigProperty> componentProperties = getComponentPropertiesFn.getComponentProperties(keycloakSession, str, componentExportRepresentation.getProviderId());
        if (componentExportRepresentation.getConfig() != null) {
            stripComponentConfigMap(componentExportRepresentation.getConfig(), componentProperties);
        }
        componentExportRepresentation.getSubComponents().forEach((str2, list) -> {
            list.forEach(componentExportRepresentation2 -> {
                stripComponentExport(keycloakSession, str2, componentExportRepresentation2);
            });
        });
        return componentExportRepresentation;
    }

    static {
        REPRESENTATION_FORMATTER.put(RealmRepresentation.class, (keycloakSession, obj) -> {
            stripRealm(keycloakSession, (RealmRepresentation) obj);
        });
        REPRESENTATION_FORMATTER.put(UserRepresentation.class, (keycloakSession2, obj2) -> {
            stripUser((UserRepresentation) obj2);
        });
        REPRESENTATION_FORMATTER.put(ClientRepresentation.class, (keycloakSession3, obj3) -> {
            stripClient((ClientRepresentation) obj3);
        });
        REPRESENTATION_FORMATTER.put(IdentityProviderRepresentation.class, (keycloakSession4, obj4) -> {
            stripBroker((IdentityProviderRepresentation) obj4);
        });
        REPRESENTATION_FORMATTER.put(ComponentRepresentation.class, (keycloakSession5, obj5) -> {
            stripComponent(keycloakSession5, (ComponentRepresentation) obj5);
        });
        REPRESENTATION_FORMATTER.put(CredentialRepresentation.class, (keycloakSession6, obj6) -> {
            stripCredentials((CredentialRepresentation) obj6);
        });
    }
}
