package org.keycloak.services.managers;

import java.security.Key;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import javax.crypto.Mac;
import org.keycloak.common.util.Base64Url;
import org.keycloak.common.util.Time;
import org.keycloak.models.ClientModel;
import org.keycloak.models.ClientSessionModel;
import org.keycloak.models.ClientTemplateModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.ProtocolMapperModel;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleModel;

/* loaded from: input_file:wildfly-10.1.0.Final/modules/system/add-ons/keycloak/org/keycloak/keycloak-server-spi/main/keycloak-server-spi-2.1.0.Final.jar:org/keycloak/services/managers/ClientSessionCode.class */
public class ClientSessionCode {
    private static final byte[] HASH_SEPERATOR = "//".getBytes();
    private final RealmModel realm;
    private final ClientSessionModel clientSession;

    /* loaded from: input_file:wildfly-10.1.0.Final/modules/system/add-ons/keycloak/org/keycloak/keycloak-server-spi/main/keycloak-server-spi-2.1.0.Final.jar:org/keycloak/services/managers/ClientSessionCode$ActionType.class */
    public enum ActionType {
        CLIENT,
        LOGIN,
        USER
    }

    /* loaded from: input_file:wildfly-10.1.0.Final/modules/system/add-ons/keycloak/org/keycloak/keycloak-server-spi/main/keycloak-server-spi-2.1.0.Final.jar:org/keycloak/services/managers/ClientSessionCode$ParseResult.class */
    public static class ParseResult {
        ClientSessionCode code;
        boolean clientSessionNotFound;
        boolean illegalHash;
        ClientSessionModel clientSession;

        public ClientSessionCode getCode() {
            return this.code;
        }

        public boolean isClientSessionNotFound() {
            return this.clientSessionNotFound;
        }

        public boolean isIllegalHash() {
            return this.illegalHash;
        }

        public ClientSessionModel getClientSession() {
            return this.clientSession;
        }
    }

    public ClientSessionCode(RealmModel realmModel, ClientSessionModel clientSessionModel) {
        this.realm = realmModel;
        this.clientSession = clientSessionModel;
    }

    public static ClientSessionCode parse(String str, KeycloakSession keycloakSession) {
        try {
            String[] split = str.split("\\.");
            ClientSessionModel clientSession = keycloakSession.sessions().getClientSession(split[1]);
            if (clientSession != null && createHash(clientSession.getRealm(), clientSession).equals(split[0])) {
                return new ClientSessionCode(clientSession.getRealm(), clientSession);
            }
            return null;
        } catch (RuntimeException e) {
            return null;
        }
    }

    public static ParseResult parseResult(String str, KeycloakSession keycloakSession, RealmModel realmModel) {
        ParseResult parseResult = new ParseResult();
        if (str == null) {
            parseResult.illegalHash = true;
            return parseResult;
        }
        try {
            String[] split = str.split("\\.");
            parseResult.clientSession = keycloakSession.sessions().getClientSession(realmModel, split[1]);
            if (parseResult.clientSession == null) {
                parseResult.clientSessionNotFound = true;
                return parseResult;
            }
            if (createHash(realmModel, parseResult.clientSession).equals(split[0])) {
                parseResult.code = new ClientSessionCode(realmModel, parseResult.clientSession);
                return parseResult;
            }
            parseResult.illegalHash = true;
            return parseResult;
        } catch (RuntimeException e) {
            parseResult.illegalHash = true;
            return parseResult;
        }
    }

    public static ClientSessionCode parse(String str, KeycloakSession keycloakSession, RealmModel realmModel) {
        try {
            String[] split = str.split("\\.");
            ClientSessionModel clientSession = keycloakSession.sessions().getClientSession(realmModel, split[1]);
            if (clientSession != null && createHash(realmModel, clientSession).equals(split[0])) {
                return new ClientSessionCode(realmModel, clientSession);
            }
            return null;
        } catch (RuntimeException e) {
            return null;
        }
    }

    public ClientSessionModel getClientSession() {
        return this.clientSession;
    }

    public boolean isValid(String str, ActionType actionType) {
        if (isValidAction(str)) {
            return isActionActive(actionType);
        }
        return false;
    }

    public boolean isActionActive(ActionType actionType) {
        int accessCodeLifespanUserAction;
        int timestamp = this.clientSession.getTimestamp();
        switch (actionType) {
            case CLIENT:
                accessCodeLifespanUserAction = this.realm.getAccessCodeLifespan();
                break;
            case LOGIN:
                accessCodeLifespanUserAction = this.realm.getAccessCodeLifespanLogin() > 0 ? this.realm.getAccessCodeLifespanLogin() : this.realm.getAccessCodeLifespanUserAction();
                break;
            case USER:
                accessCodeLifespanUserAction = this.realm.getAccessCodeLifespanUserAction();
                break;
            default:
                throw new IllegalArgumentException();
        }
        return timestamp + accessCodeLifespanUserAction > Time.currentTime();
    }

    public boolean isValidAction(String str) {
        String action = this.clientSession.getAction();
        return action != null && action.equals(str);
    }

    public Set<RoleModel> getRequestedRoles() {
        HashSet hashSet = new HashSet();
        Iterator<String> it = this.clientSession.getRoles().iterator();
        while (it.hasNext()) {
            RoleModel roleById = this.realm.getRoleById(it.next());
            if (roleById != null) {
                hashSet.add(roleById);
            }
        }
        return hashSet;
    }

    public Set<ProtocolMapperModel> getRequestedProtocolMappers() {
        HashSet hashSet = new HashSet();
        Set<String> protocolMappers = this.clientSession.getProtocolMappers();
        ClientModel client = this.clientSession.getClient();
        ClientTemplateModel clientTemplate = client.getClientTemplate();
        if (protocolMappers != null) {
            for (String str : protocolMappers) {
                ProtocolMapperModel protocolMapperById = client.getProtocolMapperById(str);
                if (protocolMapperById == null && clientTemplate != null) {
                    protocolMapperById = clientTemplate.getProtocolMapperById(str);
                }
                if (protocolMapperById != null) {
                    hashSet.add(protocolMapperById);
                }
            }
        }
        return hashSet;
    }

    public void setAction(String str) {
        this.clientSession.setAction(str);
        this.clientSession.setTimestamp(Time.currentTime());
    }

    public String getCode() {
        return generateCode(this.realm, this.clientSession);
    }

    private static String generateCode(RealmModel realmModel, ClientSessionModel clientSessionModel) {
        return createHash(realmModel, clientSessionModel) + "." + clientSessionModel.getId();
    }

    private static String createHash(RealmModel realmModel, ClientSessionModel clientSessionModel) {
        try {
            Key codeSecretKey = realmModel.getCodeSecretKey();
            Mac mac = Mac.getInstance(codeSecretKey.getAlgorithm());
            mac.init(codeSecretKey);
            mac.update(clientSessionModel.getId().getBytes());
            mac.update(HASH_SEPERATOR);
            mac.update(clientSessionModel.getNote(ClientSessionModel.ACTION_KEY).getBytes());
            return Base64Url.encode(mac.doFinal());
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }
}
