package org.keycloak.services.managers;

import java.security.MessageDigest;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import org.jboss.logging.Logger;
import org.keycloak.common.util.Time;
import org.keycloak.models.ClientModel;
import org.keycloak.models.ClientSessionModel;
import org.keycloak.models.ClientTemplateModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.ProtocolMapperModel;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleModel;
import org.keycloak.models.utils.KeycloakModelUtils;
import org.keycloak.models.utils.TimeBasedOTP;

/* loaded from: input_file:org/keycloak/services/managers/ClientSessionCode.class */
public class ClientSessionCode {
    private static final String ACTIVE_CODE = "active_code";
    private static final Logger logger = Logger.getLogger(ClientSessionCode.class);
    private static final String NEXT_CODE = ClientSessionCode.class.getName() + ".nextCode";
    private KeycloakSession session;
    private final RealmModel realm;
    private final ClientSessionModel clientSession;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.keycloak.services.managers.ClientSessionCode$1, reason: invalid class name */
    /* loaded from: input_file:org/keycloak/services/managers/ClientSessionCode$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$keycloak$services$managers$ClientSessionCode$ActionType = new int[ActionType.values().length];

        static {
            try {
                $SwitchMap$org$keycloak$services$managers$ClientSessionCode$ActionType[ActionType.CLIENT.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$keycloak$services$managers$ClientSessionCode$ActionType[ActionType.LOGIN.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$keycloak$services$managers$ClientSessionCode$ActionType[ActionType.USER.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
        }
    }

    /* loaded from: input_file:org/keycloak/services/managers/ClientSessionCode$ActionType.class */
    public enum ActionType {
        CLIENT,
        LOGIN,
        USER
    }

    /* loaded from: input_file:org/keycloak/services/managers/ClientSessionCode$ParseResult.class */
    public static class ParseResult {
        ClientSessionCode code;
        boolean clientSessionNotFound;
        boolean illegalHash;
        ClientSessionModel clientSession;

        public ClientSessionCode getCode() {
            return this.code;
        }

        public boolean isClientSessionNotFound() {
            return this.clientSessionNotFound;
        }

        public boolean isIllegalHash() {
            return this.illegalHash;
        }

        public ClientSessionModel getClientSession() {
            return this.clientSession;
        }
    }

    public ClientSessionCode(KeycloakSession keycloakSession, RealmModel realmModel, ClientSessionModel clientSessionModel) {
        this.session = keycloakSession;
        this.realm = realmModel;
        this.clientSession = clientSessionModel;
    }

    public static ParseResult parseResult(String str, KeycloakSession keycloakSession, RealmModel realmModel) {
        ParseResult parseResult = new ParseResult();
        if (str == null) {
            parseResult.illegalHash = true;
            return parseResult;
        }
        try {
            parseResult.clientSession = getClientSession(str, keycloakSession, realmModel);
            if (parseResult.clientSession == null) {
                parseResult.clientSessionNotFound = true;
                return parseResult;
            }
            if (verifyCode(str, parseResult.clientSession)) {
                parseResult.code = new ClientSessionCode(keycloakSession, realmModel, parseResult.clientSession);
                return parseResult;
            }
            parseResult.illegalHash = true;
            return parseResult;
        } catch (RuntimeException e) {
            parseResult.illegalHash = true;
            return parseResult;
        }
    }

    public static ClientSessionCode parse(String str, KeycloakSession keycloakSession, RealmModel realmModel) {
        try {
            ClientSessionModel clientSession = getClientSession(str, keycloakSession, realmModel);
            if (clientSession != null && verifyCode(str, clientSession)) {
                return new ClientSessionCode(keycloakSession, realmModel, clientSession);
            }
            return null;
        } catch (RuntimeException e) {
            return null;
        }
    }

    public static ClientSessionModel getClientSession(String str, KeycloakSession keycloakSession, RealmModel realmModel) {
        try {
            return keycloakSession.sessions().getClientSession(realmModel, str.split("\\.")[1]);
        } catch (ArrayIndexOutOfBoundsException e) {
            return null;
        }
    }

    public ClientSessionModel getClientSession() {
        return this.clientSession;
    }

    public boolean isValid(String str, ActionType actionType) {
        if (isValidAction(str)) {
            return isActionActive(actionType);
        }
        return false;
    }

    public boolean isActionActive(ActionType actionType) {
        int accessCodeLifespanUserAction;
        int timestamp = this.clientSession.getTimestamp();
        switch (AnonymousClass1.$SwitchMap$org$keycloak$services$managers$ClientSessionCode$ActionType[actionType.ordinal()]) {
            case TimeBasedOTP.DEFAULT_DELAY_WINDOW /* 1 */:
                accessCodeLifespanUserAction = this.realm.getAccessCodeLifespan();
                break;
            case 2:
                accessCodeLifespanUserAction = this.realm.getAccessCodeLifespanLogin() > 0 ? this.realm.getAccessCodeLifespanLogin() : this.realm.getAccessCodeLifespanUserAction();
                break;
            case 3:
                accessCodeLifespanUserAction = this.realm.getAccessCodeLifespanUserAction();
                break;
            default:
                throw new IllegalArgumentException();
        }
        return timestamp + accessCodeLifespanUserAction > Time.currentTime();
    }

    public boolean isValidAction(String str) {
        String action = this.clientSession.getAction();
        return action != null && action.equals(str);
    }

    public Set<RoleModel> getRequestedRoles() {
        HashSet hashSet = new HashSet();
        Iterator it = this.clientSession.getRoles().iterator();
        while (it.hasNext()) {
            RoleModel roleById = this.realm.getRoleById((String) it.next());
            if (roleById != null) {
                hashSet.add(roleById);
            }
        }
        return hashSet;
    }

    public Set<ProtocolMapperModel> getRequestedProtocolMappers() {
        HashSet hashSet = new HashSet();
        Set<String> protocolMappers = this.clientSession.getProtocolMappers();
        ClientModel client = this.clientSession.getClient();
        ClientTemplateModel clientTemplate = client.getClientTemplate();
        if (protocolMappers != null) {
            for (String str : protocolMappers) {
                ProtocolMapperModel protocolMapperById = client.getProtocolMapperById(str);
                if (protocolMapperById == null && clientTemplate != null) {
                    protocolMapperById = clientTemplate.getProtocolMapperById(str);
                }
                if (protocolMapperById != null) {
                    hashSet.add(protocolMapperById);
                }
            }
        }
        return hashSet;
    }

    public void setAction(String str) {
        this.clientSession.setAction(str);
        this.clientSession.setTimestamp(Time.currentTime());
    }

    public String getCode() {
        String str = (String) this.session.getAttribute(NEXT_CODE + "." + this.clientSession.getId());
        if (str == null) {
            str = generateCode(this.clientSession);
            this.session.setAttribute(NEXT_CODE + "." + this.clientSession.getId(), str);
        } else {
            logger.debug("Code already generated for session, using code from session attributes");
        }
        return str;
    }

    private static String generateCode(ClientSessionModel clientSessionModel) {
        try {
            String str = KeycloakModelUtils.generateSecret() + '.' + clientSessionModel.getId();
            clientSessionModel.setNote(ACTIVE_CODE, str);
            return str;
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    private static boolean verifyCode(String str, ClientSessionModel clientSessionModel) {
        try {
            String note = clientSessionModel.getNote(ACTIVE_CODE);
            if (note == null) {
                logger.debug("Active code not found in client session");
                return false;
            }
            clientSessionModel.removeNote(ACTIVE_CODE);
            return MessageDigest.isEqual(str.getBytes(), note.getBytes());
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }
}
