package org.keycloak.protocol.oidc.utils;

import java.util.HashSet;
import java.util.Set;
import javax.ws.rs.core.UriInfo;
import org.jboss.logging.Logger;
import org.keycloak.common.util.UriUtils;
import org.keycloak.models.ClientModel;
import org.keycloak.models.Constants;
import org.keycloak.models.RealmModel;
import org.keycloak.services.Urls;

/* loaded from: input_file:wildfly-10.1.0.Final/modules/system/add-ons/keycloak/org/keycloak/keycloak-services/main/keycloak-services-2.5.5.Final.jar:org/keycloak/protocol/oidc/utils/RedirectUtils.class */
public class RedirectUtils {
    private static final Logger logger = Logger.getLogger((Class<?>) RedirectUtils.class);

    public static String verifyRealmRedirectUri(UriInfo uriInfo, String str, RealmModel realmModel) {
        return verifyRedirectUri(uriInfo, null, str, realmModel, getValidateRedirectUris(uriInfo, realmModel));
    }

    public static String verifyRedirectUri(UriInfo uriInfo, String str, RealmModel realmModel, ClientModel clientModel) {
        if (clientModel != null) {
            return verifyRedirectUri(uriInfo, clientModel.getRootUrl(), str, realmModel, clientModel.getRedirectUris());
        }
        return null;
    }

    public static Set<String> resolveValidRedirects(UriInfo uriInfo, String str, Set<String> set) {
        HashSet hashSet = new HashSet();
        for (String str2 : set) {
            hashSet.add(str2);
            if (str2.startsWith("/")) {
                String relativeToAbsoluteURI = relativeToAbsoluteURI(uriInfo, str, str2);
                logger.debugv("replacing relative valid redirect with: {0}", relativeToAbsoluteURI);
                hashSet.add(relativeToAbsoluteURI);
            }
        }
        return hashSet;
    }

    private static Set<String> getValidateRedirectUris(UriInfo uriInfo, RealmModel realmModel) {
        HashSet hashSet = new HashSet();
        for (ClientModel clientModel : realmModel.getClients()) {
            hashSet.addAll(resolveValidRedirects(uriInfo, clientModel.getRootUrl(), clientModel.getRedirectUris()));
        }
        return hashSet;
    }

    private static String verifyRedirectUri(UriInfo uriInfo, String str, String str2, RealmModel realmModel, Set<String> set) {
        String str3;
        if (str2 == null) {
            logger.debug("No Redirect URI parameter specified");
            return null;
        }
        if (set.isEmpty()) {
            logger.debug("No Redirect URIs supplied");
            str3 = null;
        } else {
            String lowerCaseHostname = lowerCaseHostname(str2);
            Set<String> resolveValidRedirects = resolveValidRedirects(uriInfo, str, set);
            boolean matchesRedirects = matchesRedirects(resolveValidRedirects, lowerCaseHostname);
            if (!matchesRedirects && lowerCaseHostname.startsWith(Constants.INSTALLED_APP_URL) && lowerCaseHostname.indexOf(58, Constants.INSTALLED_APP_URL.length()) >= 0) {
                int indexOf = lowerCaseHostname.indexOf(58, Constants.INSTALLED_APP_URL.length());
                StringBuilder sb = new StringBuilder();
                sb.append(lowerCaseHostname.substring(0, indexOf));
                int indexOf2 = lowerCaseHostname.indexOf(47, indexOf);
                if (indexOf2 >= 0) {
                    sb.append(lowerCaseHostname.substring(indexOf2));
                }
                matchesRedirects = matchesRedirects(resolveValidRedirects, sb.toString());
            }
            if (matchesRedirects && lowerCaseHostname.startsWith("/")) {
                lowerCaseHostname = relativeToAbsoluteURI(uriInfo, str, lowerCaseHostname);
            }
            str3 = matchesRedirects ? lowerCaseHostname : null;
        }
        return Constants.INSTALLED_APP_URN.equals(str3) ? Urls.realmInstalledAppUrnCallback(uriInfo.getBaseUri(), realmModel.getName()).toString() : str3;
    }

    private static String lowerCaseHostname(String str) {
        int indexOf = str.indexOf(47, 7);
        return indexOf == -1 ? str.toLowerCase() : str.substring(0, indexOf).toLowerCase() + str.substring(indexOf);
    }

    private static String relativeToAbsoluteURI(UriInfo uriInfo, String str, String str2) {
        if (str == null || str.isEmpty()) {
            str = UriUtils.getOrigin(uriInfo.getBaseUri());
        }
        return str + str2;
    }

    private static boolean matchesRedirects(Set<String> set, String str) {
        for (String str2 : set) {
            if (str2.endsWith("*") && !str2.contains("?")) {
                String substring = str.contains("?") ? str.substring(0, str.indexOf("?")) : str;
                int length = str2.length() - 1;
                String substring2 = str2.substring(0, length);
                if (substring.startsWith(substring2)) {
                    return true;
                }
                if (length - 1 > 0 && substring2.charAt(length - 1) == '/') {
                    length--;
                }
                if (substring2.substring(0, length).equals(substring)) {
                    return true;
                }
            } else if (str2.equals(str)) {
                return true;
            }
        }
        return false;
    }
}
