package org.keycloak.services.clientpolicy.condition;

import com.fasterxml.jackson.annotation.JsonProperty;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.util.LinkedList;
import java.util.List;
import java.util.stream.Collectors;
import org.jboss.logging.Logger;
import org.keycloak.models.KeycloakSession;
import org.keycloak.representations.idm.ClientPolicyConditionConfigurationRepresentation;
import org.keycloak.services.clientpolicy.ClientPolicyContext;
import org.keycloak.services.clientpolicy.ClientPolicyEvent;
import org.keycloak.services.clientpolicy.ClientPolicyException;
import org.keycloak.services.clientpolicy.ClientPolicyVote;
import org.keycloak.services.util.DPoPUtil;
import org.keycloak.userprofile.DeclarativeUserProfileProvider;

/* loaded from: input_file:org/keycloak/services/clientpolicy/condition/ClientUpdaterSourceHostsCondition.class */
public class ClientUpdaterSourceHostsCondition extends AbstractClientPolicyConditionProvider<Configuration> {
    private static final Logger logger = Logger.getLogger(ClientUpdaterSourceHostsCondition.class);

    /* renamed from: org.keycloak.services.clientpolicy.condition.ClientUpdaterSourceHostsCondition$1, reason: invalid class name */
    /* loaded from: input_file:org/keycloak/services/clientpolicy/condition/ClientUpdaterSourceHostsCondition$1.class */
    static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$keycloak$services$clientpolicy$ClientPolicyEvent = new int[ClientPolicyEvent.values().length];

        static {
            try {
                $SwitchMap$org$keycloak$services$clientpolicy$ClientPolicyEvent[ClientPolicyEvent.REGISTER.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$keycloak$services$clientpolicy$ClientPolicyEvent[ClientPolicyEvent.UPDATE.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
        }
    }

    /* loaded from: input_file:org/keycloak/services/clientpolicy/condition/ClientUpdaterSourceHostsCondition$Configuration.class */
    public static class Configuration extends ClientPolicyConditionConfigurationRepresentation {

        @JsonProperty("trusted-hosts")
        protected List<String> trustedHosts;

        public List<String> getTrustedHosts() {
            return this.trustedHosts;
        }

        public void setTrustedHosts(List<String> list) {
            this.trustedHosts = list;
        }
    }

    public ClientUpdaterSourceHostsCondition(KeycloakSession keycloakSession) {
        super(keycloakSession);
    }

    public Class<Configuration> getConditionConfigurationClass() {
        return Configuration.class;
    }

    public String getProviderId() {
        return ClientUpdaterSourceHostsConditionFactory.PROVIDER_ID;
    }

    public ClientPolicyVote applyPolicy(ClientPolicyContext clientPolicyContext) throws ClientPolicyException {
        switch (AnonymousClass1.$SwitchMap$org$keycloak$services$clientpolicy$ClientPolicyEvent[clientPolicyContext.getEvent().ordinal()]) {
            case DeclarativeUserProfileProvider.PROVIDER_PRIORITY /* 1 */:
            case DPoPUtil.DEFAULT_ALLOWED_CLOCK_SKEW /* 2 */:
                return isHostMatched() ? ClientPolicyVote.YES : ClientPolicyVote.NO;
            default:
                return ClientPolicyVote.ABSTAIN;
        }
    }

    private boolean isHostMatched() {
        String remoteAddr = this.session.getContext().getConnection().getRemoteAddr();
        logger.tracev("Verifying remote host = {0}", remoteAddr);
        return (verifyHostInTrustedHosts(remoteAddr, getTrustedHosts()) == null && verifyHostInTrustedDomains(remoteAddr, getTrustedDomains()) == null) ? false : true;
    }

    protected List<String> getTrustedHosts() {
        return (List) ((Configuration) this.configuration).getTrustedHosts().stream().filter(str -> {
            return !str.startsWith("*.");
        }).collect(Collectors.toList());
    }

    protected List<String> getTrustedDomains() {
        List<String> trustedHosts = ((Configuration) this.configuration).getTrustedHosts();
        LinkedList linkedList = new LinkedList();
        for (String str : trustedHosts) {
            if (str.startsWith("*.")) {
                linkedList.add(str.substring(2));
            }
        }
        return linkedList;
    }

    protected String verifyHostInTrustedHosts(String str, List<String> list) {
        String hostAddress;
        for (String str2 : list) {
            try {
                hostAddress = InetAddress.getByName(str2).getHostAddress();
                logger.tracev("Trying host {0} of address {1}", str2, hostAddress);
            } catch (UnknownHostException e) {
                logger.tracev("Unknown host from realm configuration = {0}", str2);
            }
            if (hostAddress.equals(str)) {
                logger.tracev("Successfully verified host = {0}", str2);
                return str2;
            }
            continue;
        }
        return null;
    }

    protected String verifyHostInTrustedDomains(String str, List<String> list) {
        if (list.isEmpty()) {
            return null;
        }
        try {
            String hostName = InetAddress.getByName(str).getHostName();
            logger.tracev("Trying verify request from address {0} of host {1} by domains", str, hostName);
            for (String str2 : list) {
                if (hostName.endsWith(str2)) {
                    logger.tracev("Successfully verified host {0} by trusted domain {1}", hostName, str2);
                    return hostName;
                }
            }
            return null;
        } catch (UnknownHostException e) {
            logger.tracev("Request of address {0} came from unknown host. Skip verification by domains", str);
            return null;
        }
    }
}
