package org.keycloak.services.resources.admin;

import java.util.HashMap;
import java.util.Map;
import javax.ws.rs.DELETE;
import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.UriInfo;
import org.jboss.resteasy.annotations.cache.NoCache;
import org.keycloak.common.ClientConnection;
import org.keycloak.events.admin.OperationType;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UsernameLoginFailureModel;
import org.keycloak.services.ServicesLogger;
import org.keycloak.services.managers.BruteForceProtector;
import org.keycloak.services.resources.admin.RealmAuth;
import org.keycloak.utils.MediaType;

/* loaded from: input_file:org/keycloak/services/resources/admin/AttackDetectionResource.class */
public class AttackDetectionResource {
    protected static final ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
    protected RealmAuth auth;
    protected RealmModel realm;
    private AdminEventBuilder adminEvent;

    @Context
    protected KeycloakSession session;

    @Context
    protected UriInfo uriInfo;

    @Context
    protected ClientConnection connection;

    @Context
    protected HttpHeaders headers;

    public AttackDetectionResource(RealmAuth realmAuth, RealmModel realmModel, AdminEventBuilder adminEventBuilder) {
        this.auth = realmAuth;
        this.realm = realmModel;
        this.adminEvent = adminEventBuilder.realm(realmModel);
        realmAuth.init(RealmAuth.Resource.USER);
    }

    @GET
    @Path("brute-force/usernames/{username}")
    @NoCache
    @Produces({MediaType.APPLICATION_JSON})
    public Map<String, Object> bruteForceUserStatus(@PathParam("username") String str) {
        UsernameLoginFailureModel userLoginFailure;
        this.auth.requireView();
        HashMap hashMap = new HashMap();
        hashMap.put("disabled", false);
        hashMap.put("numFailures", 0);
        hashMap.put("lastFailure", 0);
        hashMap.put("lastIPFailure", "n/a");
        if (this.realm.isBruteForceProtected() && (userLoginFailure = this.session.sessions().getUserLoginFailure(this.realm, str.toLowerCase())) != null) {
            if (this.session.getProvider(BruteForceProtector.class).isTemporarilyDisabled(this.session, this.realm, str)) {
                hashMap.put("disabled", true);
            }
            hashMap.put("numFailures", Integer.valueOf(userLoginFailure.getNumFailures()));
            hashMap.put("lastFailure", Long.valueOf(userLoginFailure.getLastFailure()));
            hashMap.put("lastIPFailure", userLoginFailure.getLastIPFailure());
            return hashMap;
        }
        return hashMap;
    }

    @Path("brute-force/usernames/{username}")
    @DELETE
    public void clearBruteForceForUser(@PathParam("username") String str) {
        this.auth.requireManage();
        if (this.session.sessions().getUserLoginFailure(this.realm, str.toLowerCase()) != null) {
            this.session.sessions().removeUserLoginFailure(this.realm, str);
            this.adminEvent.operation(OperationType.DELETE).resourcePath(this.uriInfo).success();
        }
    }

    @Path("brute-force/usernames")
    @DELETE
    public void clearAllBruteForce() {
        this.auth.requireManage();
        this.session.sessions().removeAllUserLoginFailures(this.realm);
        this.adminEvent.operation(OperationType.DELETE).resourcePath(this.uriInfo).success();
    }
}
