package org.keycloak.services.managers;

import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import org.keycloak.common.util.Time;
import org.keycloak.events.EventBuilder;
import org.keycloak.models.ClientModel;
import org.keycloak.models.ClientTemplateModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.ProtocolMapperModel;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleModel;
import org.keycloak.services.managers.CodeGenerateUtil;
import org.keycloak.sessions.CommonClientSessionModel;

/* loaded from: input_file:org/keycloak/services/managers/ClientSessionCode.class */
public class ClientSessionCode<CLIENT_SESSION extends CommonClientSessionModel> {
    private KeycloakSession session;
    private final RealmModel realm;
    private final CLIENT_SESSION commonLoginSession;

    /* loaded from: input_file:org/keycloak/services/managers/ClientSessionCode$ActionType.class */
    public enum ActionType {
        CLIENT,
        LOGIN,
        USER
    }

    /* loaded from: input_file:org/keycloak/services/managers/ClientSessionCode$ParseResult.class */
    public static class ParseResult<CLIENT_SESSION extends CommonClientSessionModel> {
        ClientSessionCode<CLIENT_SESSION> code;
        boolean authSessionNotFound;
        boolean illegalHash;
        boolean expiredToken;
        CLIENT_SESSION clientSession;

        public ClientSessionCode<CLIENT_SESSION> getCode() {
            return this.code;
        }

        public boolean isAuthSessionNotFound() {
            return this.authSessionNotFound;
        }

        public boolean isIllegalHash() {
            return this.illegalHash;
        }

        public boolean isExpiredToken() {
            return this.expiredToken;
        }

        public CLIENT_SESSION getClientSession() {
            return this.clientSession;
        }
    }

    public ClientSessionCode(KeycloakSession keycloakSession, RealmModel realmModel, CLIENT_SESSION client_session) {
        this.session = keycloakSession;
        this.realm = realmModel;
        this.commonLoginSession = client_session;
    }

    public static <CLIENT_SESSION extends CommonClientSessionModel> ParseResult<CLIENT_SESSION> parseResult(String str, KeycloakSession keycloakSession, RealmModel realmModel, ClientModel clientModel, EventBuilder eventBuilder, Class<CLIENT_SESSION> cls) {
        ParseResult<CLIENT_SESSION> parseResult = new ParseResult<>();
        if (str == null) {
            parseResult.illegalHash = true;
            return parseResult;
        }
        try {
            CodeGenerateUtil.ClientSessionParser parser = CodeGenerateUtil.getParser(cls);
            parseResult.clientSession = (CLIENT_SESSION) getClientSession(str, keycloakSession, realmModel, clientModel, eventBuilder, parser);
            if (parseResult.clientSession == null) {
                parseResult.authSessionNotFound = true;
                return parseResult;
            }
            if (!parser.verifyCode(keycloakSession, str, parseResult.clientSession)) {
                parseResult.illegalHash = true;
                return parseResult;
            }
            if (parser.isExpired(keycloakSession, str, parseResult.clientSession)) {
                parseResult.expiredToken = true;
                return parseResult;
            }
            parseResult.code = new ClientSessionCode<>(keycloakSession, realmModel, parseResult.clientSession);
            return parseResult;
        } catch (RuntimeException e) {
            parseResult.illegalHash = true;
            return parseResult;
        }
    }

    public static <CLIENT_SESSION extends CommonClientSessionModel> CLIENT_SESSION getClientSession(String str, KeycloakSession keycloakSession, RealmModel realmModel, ClientModel clientModel, EventBuilder eventBuilder, Class<CLIENT_SESSION> cls) {
        return (CLIENT_SESSION) getClientSession(str, keycloakSession, realmModel, clientModel, eventBuilder, CodeGenerateUtil.getParser(cls));
    }

    private static <CLIENT_SESSION extends CommonClientSessionModel> CLIENT_SESSION getClientSession(String str, KeycloakSession keycloakSession, RealmModel realmModel, ClientModel clientModel, EventBuilder eventBuilder, CodeGenerateUtil.ClientSessionParser<CLIENT_SESSION> clientSessionParser) {
        return clientSessionParser.parseSession(str, keycloakSession, realmModel, clientModel, eventBuilder);
    }

    public CLIENT_SESSION getClientSession() {
        return this.commonLoginSession;
    }

    public boolean isValid(String str, ActionType actionType) {
        if (isValidAction(str)) {
            return isActionActive(actionType);
        }
        return false;
    }

    public boolean isActionActive(ActionType actionType) {
        int accessCodeLifespanUserAction;
        int timestamp = CodeGenerateUtil.getParser(this.commonLoginSession.getClass()).getTimestamp(this.commonLoginSession);
        switch (actionType) {
            case CLIENT:
                accessCodeLifespanUserAction = this.realm.getAccessCodeLifespan();
                break;
            case LOGIN:
                accessCodeLifespanUserAction = this.realm.getAccessCodeLifespanLogin() > 0 ? this.realm.getAccessCodeLifespanLogin() : this.realm.getAccessCodeLifespanUserAction();
                break;
            case USER:
                accessCodeLifespanUserAction = this.realm.getAccessCodeLifespanUserAction();
                break;
            default:
                throw new IllegalArgumentException();
        }
        return timestamp + accessCodeLifespanUserAction > Time.currentTime();
    }

    public boolean isValidAction(String str) {
        String action = this.commonLoginSession.getAction();
        return action != null && action.equals(str);
    }

    public void removeExpiredClientSession() {
        CodeGenerateUtil.getParser(this.commonLoginSession.getClass()).removeExpiredSession(this.session, this.commonLoginSession);
    }

    public Set<RoleModel> getRequestedRoles() {
        return getRequestedRoles(this.commonLoginSession, this.realm);
    }

    public static Set<RoleModel> getRequestedRoles(CommonClientSessionModel commonClientSessionModel, RealmModel realmModel) {
        HashSet hashSet = new HashSet();
        Iterator it = commonClientSessionModel.getRoles().iterator();
        while (it.hasNext()) {
            RoleModel roleById = realmModel.getRoleById((String) it.next());
            if (roleById != null) {
                hashSet.add(roleById);
            }
        }
        return hashSet;
    }

    public Set<ProtocolMapperModel> getRequestedProtocolMappers() {
        return getRequestedProtocolMappers(this.commonLoginSession.getProtocolMappers(), this.commonLoginSession.getClient());
    }

    public static Set<ProtocolMapperModel> getRequestedProtocolMappers(Set<String> set, ClientModel clientModel) {
        HashSet hashSet = new HashSet();
        ClientTemplateModel clientTemplate = clientModel.getClientTemplate();
        if (set != null) {
            for (String str : set) {
                ProtocolMapperModel protocolMapperById = clientModel.getProtocolMapperById(str);
                if (protocolMapperById == null && clientTemplate != null) {
                    protocolMapperById = clientTemplate.getProtocolMapperById(str);
                }
                if (protocolMapperById != null) {
                    hashSet.add(protocolMapperById);
                }
            }
        }
        return hashSet;
    }

    public void setAction(String str) {
        this.commonLoginSession.setAction(str);
        CodeGenerateUtil.getParser(this.commonLoginSession.getClass()).setTimestamp(this.commonLoginSession, Time.currentTime());
    }

    public String getOrGenerateCode() {
        return CodeGenerateUtil.getParser(this.commonLoginSession.getClass()).retrieveCode(this.session, this.commonLoginSession);
    }
}
