package org.keycloak.protocol;

import com.fasterxml.jackson.annotation.JsonProperty;
import jakarta.ws.rs.core.Cookie;
import jakarta.ws.rs.core.UriInfo;
import java.util.HashMap;
import java.util.Map;
import org.jboss.logging.Logger;
import org.keycloak.Token;
import org.keycloak.TokenCategory;
import org.keycloak.common.ClientConnection;
import org.keycloak.models.ClientModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.services.managers.AuthenticationManager;
import org.keycloak.services.managers.AuthenticationSessionManager;
import org.keycloak.services.util.CookieHelper;
import org.keycloak.sessions.AuthenticationSessionModel;
import org.keycloak.sessions.RootAuthenticationSessionModel;

/* loaded from: input_file:org/keycloak/protocol/RestartLoginCookie.class */
public class RestartLoginCookie implements Token {
    private static final Logger logger = Logger.getLogger(RestartLoginCookie.class);
    public static final String KC_RESTART = "KC_RESTART";

    @JsonProperty("cid")
    protected String clientId;

    @JsonProperty("pty")
    protected String authMethod;

    @JsonProperty("ruri")
    protected String redirectUri;

    @JsonProperty("act")
    protected String action;

    @JsonProperty("notes")
    protected Map<String, String> notes = new HashMap();

    @JsonProperty("cs")
    @Deprecated
    protected String cs;

    public Map<String, String> getNotes() {
        return this.notes;
    }

    public void setNotes(Map<String, String> map) {
        this.notes = map;
    }

    public String getClientId() {
        return this.clientId;
    }

    public void setClientId(String str) {
        this.clientId = str;
    }

    public String getAuthMethod() {
        return this.authMethod;
    }

    public void setAuthMethod(String str) {
        this.authMethod = str;
    }

    public String getRedirectUri() {
        return this.redirectUri;
    }

    public void setRedirectUri(String str) {
        this.redirectUri = str;
    }

    public String getAction() {
        return this.action;
    }

    public void setAction(String str) {
        this.action = str;
    }

    public RestartLoginCookie() {
    }

    public RestartLoginCookie(AuthenticationSessionModel authenticationSessionModel) {
        this.action = authenticationSessionModel.getAction();
        this.clientId = authenticationSessionModel.getClient().getClientId();
        this.authMethod = authenticationSessionModel.getProtocol();
        this.redirectUri = authenticationSessionModel.getRedirectUri();
        for (Map.Entry entry : authenticationSessionModel.getClientNotes().entrySet()) {
            this.notes.put((String) entry.getKey(), (String) entry.getValue());
        }
    }

    public static void setRestartCookie(KeycloakSession keycloakSession, RealmModel realmModel, ClientConnection clientConnection, UriInfo uriInfo, AuthenticationSessionModel authenticationSessionModel) {
        CookieHelper.addCookie(KC_RESTART, keycloakSession.tokens().encode(new RestartLoginCookie(authenticationSessionModel)), AuthenticationManager.getRealmCookiePath(realmModel, uriInfo), null, null, -1, realmModel.getSslRequired().isRequired(clientConnection), true, keycloakSession);
    }

    public static void expireRestartCookie(RealmModel realmModel, UriInfo uriInfo, KeycloakSession keycloakSession) {
        CookieHelper.addCookie(KC_RESTART, "", AuthenticationManager.getRealmCookiePath(realmModel, uriInfo), null, null, 0, realmModel.getSslRequired().isRequired(keycloakSession.getContext().getConnection()), true, keycloakSession);
    }

    public static Cookie getRestartCookie(KeycloakSession keycloakSession) {
        Cookie cookie = (Cookie) keycloakSession.getContext().getRequestHeaders().getCookies().get(KC_RESTART);
        if (cookie != null) {
            return cookie;
        }
        logger.debug("KC_RESTART cookie doesn't exist");
        return null;
    }

    public static AuthenticationSessionModel restartSession(KeycloakSession keycloakSession, RealmModel realmModel, RootAuthenticationSessionModel rootAuthenticationSessionModel, String str, Cookie cookie) throws Exception {
        RestartLoginCookie restartLoginCookie = (RestartLoginCookie) keycloakSession.tokens().decode(cookie.getValue(), RestartLoginCookie.class);
        if (restartLoginCookie == null) {
            logger.debug("Failed to verify encoded RestartLoginCookie");
            return null;
        }
        ClientModel clientByClientId = realmModel.getClientByClientId(restartLoginCookie.getClientId());
        if (clientByClientId == null) {
            return null;
        }
        if (!clientByClientId.getClientId().equals(str)) {
            logger.debugf("Skip restarting from the KC_RESTART. Clients doesn't match: Cookie client: %s, Requested client: %s", clientByClientId.getClientId(), str);
            return null;
        }
        if (rootAuthenticationSessionModel == null) {
            rootAuthenticationSessionModel = new AuthenticationSessionManager(keycloakSession).createAuthenticationSession(realmModel, true);
        }
        AuthenticationSessionModel createAuthenticationSession = rootAuthenticationSessionModel.createAuthenticationSession(clientByClientId);
        createAuthenticationSession.setProtocol(restartLoginCookie.getAuthMethod());
        createAuthenticationSession.setRedirectUri(restartLoginCookie.getRedirectUri());
        createAuthenticationSession.setAction(restartLoginCookie.getAction());
        for (Map.Entry<String, String> entry : restartLoginCookie.getNotes().entrySet()) {
            createAuthenticationSession.setClientNote(entry.getKey(), entry.getValue());
        }
        return createAuthenticationSession;
    }

    public TokenCategory getCategory() {
        return TokenCategory.INTERNAL;
    }
}
