package org.keycloak.userprofile.validator;

import java.util.List;
import java.util.Objects;
import java.util.stream.Collectors;
import org.keycloak.common.util.CollectionUtil;
import org.keycloak.models.UserModel;
import org.keycloak.userprofile.AttributeContext;
import org.keycloak.userprofile.UserProfileAttributeValidationContext;
import org.keycloak.validate.SimpleValidator;
import org.keycloak.validate.ValidationContext;
import org.keycloak.validate.ValidationError;
import org.keycloak.validate.ValidatorConfig;
import org.keycloak.validate.Validators;

/* loaded from: input_file:org/keycloak/userprofile/validator/ImmutableAttributeValidator.class */
public class ImmutableAttributeValidator implements SimpleValidator {
    public static final String ID = "up-immutable-attribute";
    private static final String DEFAULT_ERROR_MESSAGE = "error-user-attribute-read-only";

    public String getId() {
        return ID;
    }

    public ValidationContext validate(Object obj, String str, ValidationContext validationContext, ValidatorConfig validatorConfig) {
        UserProfileAttributeValidationContext userProfileAttributeValidationContext = (UserProfileAttributeValidationContext) validationContext;
        AttributeContext attributeContext = userProfileAttributeValidationContext.getAttributeContext();
        UserModel user = attributeContext.getUser();
        if (user == null) {
            return validationContext;
        }
        List list = (List) user.getAttributeStream(str).filter((v0) -> {
            return Objects.nonNull(v0);
        }).collect(Collectors.toList());
        List list2 = (List) obj;
        if (!CollectionUtil.collectionEquals(list, list2) && isReadOnly(attributeContext)) {
            if (list.isEmpty() && !Validators.notBlankValidator().validate(list2).isValid()) {
                return validationContext;
            }
            if (userProfileAttributeValidationContext.getSession().getContext().getRealm().isRegistrationEmailAsUsername()) {
                String name = attributeContext.getMetadata().getName();
                if ("email".equals(name)) {
                    return validationContext;
                }
                List values = attributeContext.getAttributes().getValues("email");
                if ("username".equals(name) && CollectionUtil.collectionEquals(list2, values)) {
                    return validationContext;
                }
            }
            validationContext.addError(new ValidationError(ID, str, DEFAULT_ERROR_MESSAGE));
        }
        return validationContext;
    }

    private boolean isReadOnly(AttributeContext attributeContext) {
        return attributeContext.getMetadata().isReadOnly(attributeContext);
    }
}
