package org.keycloak.forms.login.freemarker;

import jakarta.ws.rs.core.UriInfo;
import java.util.List;
import java.util.Set;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.jboss.logging.Logger;
import org.keycloak.common.VerificationException;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.utils.KeycloakModelUtils;
import org.keycloak.services.managers.AuthenticationManager;
import org.keycloak.services.util.CookieHelper;

/* loaded from: input_file:org/keycloak/forms/login/freemarker/DetachedInfoStateChecker.class */
public class DetachedInfoStateChecker {
    private static final Logger logger = Logger.getLogger(DetachedInfoStateChecker.class);
    private static final String STATE_CHECKER_COOKIE_NAME = "KC_STATE_CHECKER";
    public static final String STATE_CHECKER_PARAM = "kc_state_checker";
    private final KeycloakSession session;
    private final RealmModel realm;

    public DetachedInfoStateChecker(KeycloakSession keycloakSession, RealmModel realmModel) {
        this.session = keycloakSession;
        this.realm = realmModel;
    }

    public DetachedInfoStateCookie generateAndSetCookie(String str, String str2, Integer num, String str3, Object[] objArr) {
        UriInfo uri = this.session.getContext().getHttpRequest().getUri();
        String realmCookiePath = AuthenticationManager.getRealmCookiePath(this.realm, uri);
        boolean isRequired = this.realm.getSslRequired().isRequired(this.session.getContext().getConnection());
        String str4 = (String) uri.getQueryParameters().getFirst(STATE_CHECKER_PARAM);
        String generateId = KeycloakModelUtils.generateId();
        int accessCodeLifespanUserAction = this.realm.getAccessCodeLifespanUserAction();
        DetachedInfoStateCookie detachedInfoStateCookie = new DetachedInfoStateCookie();
        detachedInfoStateCookie.setMessageKey(str);
        detachedInfoStateCookie.setMessageType(str2);
        detachedInfoStateCookie.setStatus(num);
        detachedInfoStateCookie.setClientUuid(str3);
        detachedInfoStateCookie.setCurrentUrlState(str4);
        detachedInfoStateCookie.setRenderedUrlState(generateId);
        if (objArr != null) {
            detachedInfoStateCookie.setMessageParameters((List) Stream.of(objArr).map((v0) -> {
                return v0.toString();
            }).collect(Collectors.toList()));
        }
        String encode = this.session.tokens().encode(detachedInfoStateCookie);
        logger.tracef("Generating new %s cookie. Cookie: %s, Cookie lifespan: %d", STATE_CHECKER_COOKIE_NAME, detachedInfoStateCookie, Integer.valueOf(accessCodeLifespanUserAction));
        CookieHelper.addCookie(STATE_CHECKER_COOKIE_NAME, encode, realmCookiePath, null, null, accessCodeLifespanUserAction, isRequired, true, this.session);
        return detachedInfoStateCookie;
    }

    public DetachedInfoStateCookie verifyStateCheckerParameter(String str) throws VerificationException {
        Set<String> cookieValue = CookieHelper.getCookieValue(this.session, STATE_CHECKER_COOKIE_NAME);
        if (cookieValue == null || cookieValue.isEmpty()) {
            throw new VerificationException("State checker cookie is empty");
        }
        if (str == null || str.isEmpty()) {
            throw new VerificationException("State checker parameter is empty");
        }
        DetachedInfoStateCookie detachedInfoStateCookie = (DetachedInfoStateCookie) this.session.tokens().decode(cookieValue.iterator().next(), DetachedInfoStateCookie.class);
        if (detachedInfoStateCookie == null) {
            throw new VerificationException("Failed to verify DetachedInfoStateCookie");
        }
        if (str.equals(detachedInfoStateCookie.getCurrentUrlState()) || str.equals(detachedInfoStateCookie.getRenderedUrlState())) {
            return detachedInfoStateCookie;
        }
        throw new VerificationException(String.format("Failed to verify state. StateCheckerParameter: %s, cookie current state checker: %s, Cookie rendered state checker: %s", str, detachedInfoStateCookie.getCurrentUrlState(), detachedInfoStateCookie.getRenderedUrlState()));
    }
}
