package org.keycloak.services.resources;

import java.io.IOException;
import java.io.InputStream;
import java.net.InetAddress;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.UnknownHostException;
import java.util.HashMap;
import java.util.concurrent.atomic.AtomicBoolean;
import javax.ws.rs.Consumes;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Cookie;
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.core.Response;
import org.jboss.logging.Logger;
import org.keycloak.common.ClientConnection;
import org.keycloak.common.Version;
import org.keycloak.common.util.Base64Url;
import org.keycloak.common.util.MimeTypeUtil;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.utils.KeycloakModelUtils;
import org.keycloak.services.ForbiddenException;
import org.keycloak.services.ServicesLogger;
import org.keycloak.services.managers.ApplianceBootstrap;
import org.keycloak.services.util.CacheControlUtil;
import org.keycloak.services.util.CookieHelper;
import org.keycloak.theme.FreeMarkerUtil;
import org.keycloak.theme.Theme;
import org.keycloak.urls.UrlType;

@Path("/")
/* loaded from: input_file:org/keycloak/services/resources/QuarkusWelcomeResource.class */
public class QuarkusWelcomeResource {
    protected static final Logger logger = Logger.getLogger(WelcomeResource.class);
    private static final String KEYCLOAK_STATE_CHECKER = "WELCOME_STATE_CHECKER";
    private AtomicBoolean shouldBootstrap;

    @Context
    protected HttpHeaders headers;

    @Context
    private KeycloakSession session;

    @GET
    @Produces({"text/html; charset=utf-8"})
    public Response getWelcomePage() throws URISyntaxException {
        String uri = this.session.getContext().getUri().getRequestUri().toString();
        return !uri.endsWith("/") ? Response.seeOther(new URI(uri + "/")).build() : createWelcomePage(null, null);
    }

    @POST
    @Produces({"text/html; charset=utf-8"})
    @Consumes({"application/x-www-form-urlencoded"})
    public Response createUser(MultivaluedMap<String, String> multivaluedMap) {
        if (!shouldBootstrap()) {
            return createWelcomePage(null, null);
        }
        if (!isLocal()) {
            ServicesLogger.LOGGER.rejectedNonLocalAttemptToCreateInitialUser(this.session.getContext().getConnection().getRemoteAddr());
            throw new WebApplicationException(Response.Status.BAD_REQUEST);
        }
        csrfCheck(multivaluedMap);
        String str = (String) multivaluedMap.getFirst("username");
        String str2 = (String) multivaluedMap.getFirst("password");
        String str3 = (String) multivaluedMap.getFirst("passwordConfirmation");
        if (str != null) {
            str = str.trim();
        }
        if (str == null || str.length() == 0) {
            return createWelcomePage(null, "Username is missing");
        }
        if (str2 == null || str2.length() == 0) {
            return createWelcomePage(null, "Password is missing");
        }
        if (!str2.equals(str3)) {
            return createWelcomePage(null, "Password and confirmation doesn't match");
        }
        expireCsrfCookie();
        new ApplianceBootstrap(this.session).createMasterRealmUser(str, str2);
        this.shouldBootstrap.set(false);
        ServicesLogger.LOGGER.createdInitialAdminUser(str);
        return createWelcomePage("User created", null);
    }

    @GET
    @Produces({"text/html; charset=utf-8"})
    @Path("/welcome-content/{path}")
    public Response getResource(@PathParam("path") String str) {
        try {
            InputStream resourceAsStream = getTheme().getResourceAsStream(str);
            if (resourceAsStream == null) {
                return Response.status(Response.Status.NOT_FOUND).build();
            }
            return Response.ok(resourceAsStream).type(MimeTypeUtil.getContentType(str)).cacheControl(CacheControlUtil.getDefaultCacheControl()).build();
        } catch (IOException e) {
            throw new WebApplicationException(Response.Status.INTERNAL_SERVER_ERROR);
        }
    }

    private Response createWelcomePage(String str, String str2) {
        try {
            Theme theme = getTheme();
            HashMap hashMap = new HashMap();
            hashMap.put("productName", Version.NAME);
            hashMap.put("productNameFull", Version.NAME_FULL);
            hashMap.put("properties", theme.getProperties());
            hashMap.put("adminUrl", this.session.getContext().getUri(UrlType.ADMIN).getBaseUriBuilder().path("/admin/").build(new Object[0]));
            hashMap.put("resourcesPath", "resources/" + Version.RESOURCES_VERSION + "/" + theme.getType().toString().toLowerCase() + "/" + theme.getName());
            hashMap.put("resourcesCommonPath", "resources/" + Version.RESOURCES_VERSION + "/common/keycloak");
            boolean shouldBootstrap = shouldBootstrap();
            hashMap.put("bootstrap", Boolean.valueOf(shouldBootstrap));
            if (shouldBootstrap) {
                boolean isLocal = isLocal();
                hashMap.put("localUser", Boolean.valueOf(isLocal));
                if (isLocal) {
                    hashMap.put("stateChecker", setCsrfCookie());
                }
            }
            if (str != null) {
                hashMap.put("successMessage", str);
            }
            if (str2 != null) {
                hashMap.put("errorMessage", str2);
            }
            return Response.status(str2 == null ? Response.Status.OK : Response.Status.BAD_REQUEST).entity(new FreeMarkerUtil().processTemplate(hashMap, "index.ftl", theme)).cacheControl(CacheControlUtil.noCache()).build();
        } catch (Exception e) {
            throw new WebApplicationException(Response.Status.INTERNAL_SERVER_ERROR);
        }
    }

    private Theme getTheme() {
        try {
            return this.session.theme().getTheme(Theme.Type.WELCOME);
        } catch (IOException e) {
            throw new WebApplicationException(Response.Status.INTERNAL_SERVER_ERROR);
        }
    }

    private boolean shouldBootstrap() {
        if (this.shouldBootstrap == null) {
            synchronized (this) {
                if (this.shouldBootstrap == null) {
                    this.shouldBootstrap = new AtomicBoolean(new ApplianceBootstrap(this.session).isNoMasterUser());
                }
            }
        }
        return this.shouldBootstrap.get();
    }

    private boolean isLocal() {
        try {
            ClientConnection connection = this.session.getContext().getConnection();
            InetAddress byName = InetAddress.getByName(connection.getRemoteAddr());
            InetAddress byName2 = InetAddress.getByName(connection.getLocalAddr());
            String headerString = this.headers.getHeaderString("X-Forwarded-For");
            logger.debugf("Checking WelcomePage. Remote address: %s, Local address: %s, X-Forwarded-For header: %s", byName.toString(), byName2.toString(), headerString);
            if (isLocalAddress(byName)) {
                if (isLocalAddress(byName2) && headerString == null) {
                    return true;
                }
            }
            return false;
        } catch (UnknownHostException e) {
            throw new WebApplicationException(Response.Status.INTERNAL_SERVER_ERROR);
        }
    }

    private boolean isLocalAddress(InetAddress inetAddress) {
        return inetAddress.isAnyLocalAddress() || inetAddress.isLoopbackAddress();
    }

    private String setCsrfCookie() {
        String encode = Base64Url.encode(KeycloakModelUtils.generateSecret());
        CookieHelper.addCookie(KEYCLOAK_STATE_CHECKER, encode, this.session.getContext().getUri().getPath(), (String) null, (String) null, 300, this.session.getContext().getUri().getRequestUri().getScheme().equalsIgnoreCase("https"), true);
        return encode;
    }

    private void expireCsrfCookie() {
        CookieHelper.addCookie(KEYCLOAK_STATE_CHECKER, "", this.session.getContext().getUri().getPath(), (String) null, (String) null, 0, this.session.getContext().getUri().getRequestUri().getScheme().equalsIgnoreCase("https"), true);
    }

    private void csrfCheck(MultivaluedMap<String, String> multivaluedMap) {
        String str = (String) multivaluedMap.getFirst("stateChecker");
        Cookie cookie = (Cookie) this.headers.getCookies().get(KEYCLOAK_STATE_CHECKER);
        if (cookie == null) {
            throw new ForbiddenException();
        }
        String value = cookie.getValue();
        if (value == null || !value.equals(str)) {
            throw new ForbiddenException();
        }
    }
}
