package org.keycloak.services.resources.account;

import java.io.IOException;
import java.net.URI;
import java.util.HashMap;
import java.util.Locale;
import java.util.Map;
import java.util.Properties;
import java.util.Scanner;
import java.util.function.Function;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Response;
import org.jboss.logging.Logger;
import org.jboss.resteasy.annotations.cache.NoCache;
import org.keycloak.authentication.requiredactions.DeleteAccount;
import org.keycloak.common.Profile;
import org.keycloak.common.Version;
import org.keycloak.events.EventStoreProvider;
import org.keycloak.models.ClientModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.KeycloakUriInfo;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RequiredActionProviderModel;
import org.keycloak.models.RoleModel;
import org.keycloak.models.UserModel;
import org.keycloak.protocol.oidc.OIDCLoginProtocolFactory;
import org.keycloak.protocol.oidc.utils.RedirectUtils;
import org.keycloak.services.Urls;
import org.keycloak.services.managers.AppAuthManager;
import org.keycloak.services.managers.Auth;
import org.keycloak.services.managers.AuthenticationManager;
import org.keycloak.services.resources.RealmsResource;
import org.keycloak.services.util.ResolveRelative;
import org.keycloak.services.validation.Validation;
import org.keycloak.theme.FreeMarkerException;
import org.keycloak.theme.Theme;
import org.keycloak.theme.beans.MessageFormatterMethod;
import org.keycloak.theme.freemarker.FreeMarkerProvider;
import org.keycloak.urls.UrlType;
import org.keycloak.util.JsonSerialization;
import org.keycloak.utils.MediaType;
import org.keycloak.utils.StringUtil;

/* loaded from: input_file:org/keycloak/services/resources/account/AccountConsole.class */
public class AccountConsole {
    private static final Logger logger = Logger.getLogger(AccountConsole.class);

    @Context
    protected KeycloakSession session;
    private final RealmModel realm;
    private final ClientModel client;
    private final Theme theme;
    private Auth auth;
    private final Pattern bundleParamPattern = Pattern.compile("(\\{\\s*(\\d+)\\s*\\})");
    private final AppAuthManager authManager = new AppAuthManager();

    public AccountConsole(RealmModel realmModel, ClientModel clientModel, Theme theme) {
        this.realm = realmModel;
        this.client = clientModel;
        this.theme = theme;
    }

    public void init() {
        AuthenticationManager.AuthResult authenticateIdentityCookie = this.authManager.authenticateIdentityCookie(this.session, this.realm);
        if (authenticateIdentityCookie != null) {
            this.auth = new Auth(this.realm, authenticateIdentityCookie.getToken(), authenticateIdentityCookie.getUser(), this.client, authenticateIdentityCookie.getSession(), true);
        }
    }

    @GET
    @NoCache
    public Response getMainPage() throws IOException, FreeMarkerException {
        KeycloakUriInfo uri = this.session.getContext().getUri(UrlType.FRONTEND);
        URI build = uri.getBaseUriBuilder().path(RealmsResource.class).path(this.realm.getName()).path("account").path("/").build(new Object[]{this.realm});
        if (!this.session.getContext().getUri().getRequestUri().getPath().endsWith("/")) {
            return Response.status(302).location(this.session.getContext().getUri().getRequestUriBuilder().uri(build).build(new Object[0])).build();
        }
        HashMap hashMap = new HashMap();
        URI baseUri = this.session.getContext().getUri(UrlType.ADMIN).getBaseUri();
        URI baseUri2 = uri.getBaseUri();
        hashMap.put("authUrl", baseUri2.getPath().endsWith("/") ? baseUri2 : baseUri2 + "/");
        hashMap.put("baseUrl", build);
        hashMap.put("realm", this.realm);
        hashMap.put("resourceUrl", Urls.themeRoot(baseUri2).getPath() + "/account/" + this.theme.getName());
        hashMap.put("resourceCommonUrl", Urls.themeRoot(baseUri).getPath() + "/common/keycloak");
        hashMap.put("resourceVersion", Version.RESOURCES_VERSION);
        String[] referrer = getReferrer();
        if (referrer != null) {
            hashMap.put("referrer", referrer[0]);
            hashMap.put("referrerName", referrer[1]);
            hashMap.put("referrer_uri", referrer[2]);
        }
        UserModel userModel = null;
        if (this.auth != null) {
            userModel = this.auth.getUser();
        }
        Locale resolveLocale = this.session.getContext().resolveLocale(userModel);
        hashMap.put(OIDCLoginProtocolFactory.LOCALE, resolveLocale.toLanguageTag());
        Properties messages = this.theme.getMessages(resolveLocale);
        if (StringUtil.isNotBlank(this.realm.getDefaultLocale())) {
            messages.putAll(this.realm.getRealmLocalizationTextsByLocale(this.realm.getDefaultLocale()));
        }
        messages.putAll(this.realm.getRealmLocalizationTextsByLocale(resolveLocale.toLanguageTag()));
        hashMap.put("msg", new MessageFormatterMethod(resolveLocale, messages));
        hashMap.put("msgJSON", messagesToJsonString(messages));
        hashMap.put("supportedLocales", supportedLocales(messages));
        hashMap.put("properties", this.theme.getProperties());
        hashMap.put("theme", str -> {
            try {
                return new Scanner(this.theme.getResourceAsStream(str), "UTF-8").useDelimiter("\\A").next();
            } catch (IOException e) {
                throw new RuntimeException("could not load file", e);
            }
        });
        hashMap.put("isEventsEnabled", Boolean.valueOf(this.session.getProvider(EventStoreProvider.class) != null && this.realm.isEventsEnabled()));
        hashMap.put("isAuthorizationEnabled", Boolean.valueOf(Profile.isFeatureEnabled(Profile.Feature.AUTHORIZATION)));
        boolean z = false;
        boolean z2 = false;
        boolean z3 = false;
        if (userModel != null) {
            z = userModel.credentialManager().isConfiguredFor(this.realm.getOTPPolicy().getType());
            RoleModel role = this.realm.getClientByClientId("account").getRole("delete-account");
            z2 = role != null && userModel.hasRole(role) && this.realm.getRequiredActionProviderByAlias(DeleteAccount.PROVIDER_ID).isEnabled();
            RoleModel role2 = this.realm.getClientByClientId("account").getRole("view-groups");
            z3 = role2 != null && userModel.hasRole(role2);
        }
        hashMap.put("isTotpConfigured", Boolean.valueOf(z));
        hashMap.put("deleteAccountAllowed", Boolean.valueOf(z2));
        hashMap.put("isViewGroupsEnabled", Boolean.valueOf(z3));
        hashMap.put("updateEmailFeatureEnabled", Boolean.valueOf(Profile.isFeatureEnabled(Profile.Feature.UPDATE_EMAIL)));
        RequiredActionProviderModel requiredActionProviderByAlias = this.realm.getRequiredActionProviderByAlias(UserModel.RequiredAction.UPDATE_EMAIL.name());
        hashMap.put("updateEmailActionEnabled", Boolean.valueOf(requiredActionProviderByAlias != null && requiredActionProviderByAlias.isEnabled()));
        return Response.status(Response.Status.OK).type(MediaType.TEXT_HTML_UTF_8).language(Locale.ENGLISH).entity(((FreeMarkerProvider) this.session.getProvider(FreeMarkerProvider.class)).processTemplate(hashMap, "index.ftl", this.theme)).build();
    }

    private Map<String, String> supportedLocales(Properties properties) {
        return (Map) this.realm.getSupportedLocalesStream().collect(Collectors.toMap(Function.identity(), str -> {
            return properties.getProperty("locale_" + str, str);
        }));
    }

    private String messagesToJsonString(Properties properties) {
        if (properties == null) {
            return "";
        }
        Properties properties2 = new Properties();
        for (String str : properties.stringPropertyNames()) {
            properties2.put(str, convertPropValue(properties.getProperty(str)));
        }
        try {
            return JsonSerialization.writeValueAsString(properties2);
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }

    private String convertPropValue(String str) {
        return putJavaParamsInNgTranslateFormat(str.replaceAll("'('?)", "$1"));
    }

    private String putJavaParamsInNgTranslateFormat(String str) {
        Matcher matcher = this.bundleParamPattern.matcher(str);
        while (matcher.find()) {
            str = str.replace(matcher.group(1), "{{param_" + matcher.group(2) + "}}");
        }
        return str;
    }

    @GET
    @Path("index.html")
    public Response getIndexHtmlRedirect() {
        return Response.status(302).location(this.session.getContext().getUri().getRequestUriBuilder().path("../").build(new Object[0])).build();
    }

    private String[] getReferrer() {
        String verifyRedirectUri;
        String str = (String) this.session.getContext().getUri().getQueryParameters().getFirst("referrer");
        if (str == null) {
            return null;
        }
        String str2 = (String) this.session.getContext().getUri().getQueryParameters().getFirst("referrer_uri");
        ClientModel clientByClientId = this.realm.getClientByClientId(str);
        if (clientByClientId != null) {
            String verifyRedirectUri2 = str2 != null ? RedirectUtils.verifyRedirectUri(this.session, str2, clientByClientId) : ResolveRelative.resolveRelativeUri(this.session, this.client.getRootUrl(), clientByClientId.getBaseUrl());
            if (verifyRedirectUri2 == null) {
                return null;
            }
            String name = clientByClientId.getName();
            if (Validation.isBlank(name)) {
                name = str;
            }
            return new String[]{str, name, verifyRedirectUri2};
        }
        if (str2 == null) {
            return null;
        }
        ClientModel clientByClientId2 = this.realm.getClientByClientId(str);
        if (this.client == null || (verifyRedirectUri = RedirectUtils.verifyRedirectUri(this.session, str2, clientByClientId2)) == null) {
            return null;
        }
        return new String[]{str, str, verifyRedirectUri};
    }
}
