package org.keycloak.services.managers;

import java.security.Key;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import java.util.UUID;
import javax.crypto.Mac;
import org.keycloak.models.ClientSessionModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.ProtocolMapperModel;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleModel;
import org.keycloak.models.UserModel;
import org.keycloak.util.Base64Url;
import org.keycloak.util.Time;

/* loaded from: input_file:org/keycloak/services/managers/ClientSessionCode.class */
public class ClientSessionCode {
    public static final String ACTION_KEY = "action_key";
    private static final byte[] HASH_SEPERATOR = "//".getBytes();
    private final RealmModel realm;
    private final ClientSessionModel clientSession;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.keycloak.services.managers.ClientSessionCode$1, reason: invalid class name */
    /* loaded from: input_file:org/keycloak/services/managers/ClientSessionCode$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$keycloak$models$ClientSessionModel$Action;
        static final /* synthetic */ int[] $SwitchMap$org$keycloak$models$UserModel$RequiredAction = new int[UserModel.RequiredAction.values().length];

        static {
            try {
                $SwitchMap$org$keycloak$models$UserModel$RequiredAction[UserModel.RequiredAction.CONFIGURE_TOTP.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$keycloak$models$UserModel$RequiredAction[UserModel.RequiredAction.UPDATE_PASSWORD.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$keycloak$models$UserModel$RequiredAction[UserModel.RequiredAction.UPDATE_PROFILE.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$org$keycloak$models$UserModel$RequiredAction[UserModel.RequiredAction.VERIFY_EMAIL.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
            $SwitchMap$org$keycloak$models$ClientSessionModel$Action = new int[ClientSessionModel.Action.values().length];
            try {
                $SwitchMap$org$keycloak$models$ClientSessionModel$Action[ClientSessionModel.Action.CODE_TO_TOKEN.ordinal()] = 1;
            } catch (NoSuchFieldError e5) {
            }
            try {
                $SwitchMap$org$keycloak$models$ClientSessionModel$Action[ClientSessionModel.Action.AUTHENTICATE.ordinal()] = 2;
            } catch (NoSuchFieldError e6) {
            }
        }
    }

    public ClientSessionCode(RealmModel realmModel, ClientSessionModel clientSessionModel) {
        this.realm = realmModel;
        this.clientSession = clientSessionModel;
    }

    public static ClientSessionCode parse(String str, KeycloakSession keycloakSession) {
        try {
            String[] split = str.split("\\.");
            ClientSessionModel clientSession = keycloakSession.sessions().getClientSession(split[1]);
            if (clientSession != null && createHash(clientSession.getRealm(), clientSession).equals(split[0])) {
                return new ClientSessionCode(clientSession.getRealm(), clientSession);
            }
            return null;
        } catch (RuntimeException e) {
            return null;
        }
    }

    public static ClientSessionCode parse(String str, KeycloakSession keycloakSession, RealmModel realmModel) {
        try {
            String[] split = str.split("\\.");
            ClientSessionModel clientSession = keycloakSession.sessions().getClientSession(realmModel, split[1]);
            if (clientSession != null && createHash(realmModel, clientSession).equals(split[0])) {
                return new ClientSessionCode(realmModel, clientSession);
            }
            return null;
        } catch (RuntimeException e) {
            return null;
        }
    }

    public ClientSessionModel getClientSession() {
        return this.clientSession;
    }

    public boolean isValid(ClientSessionModel.Action action) {
        int accessCodeLifespanUserAction;
        ClientSessionModel.Action action2 = this.clientSession.getAction();
        if (action2 == null) {
            return false;
        }
        int timestamp = this.clientSession.getTimestamp();
        if (!action2.equals(action)) {
            return false;
        }
        switch (AnonymousClass1.$SwitchMap$org$keycloak$models$ClientSessionModel$Action[action2.ordinal()]) {
            case 1:
                accessCodeLifespanUserAction = this.realm.getAccessCodeLifespan();
                break;
            case 2:
                accessCodeLifespanUserAction = this.realm.getAccessCodeLifespanLogin() > 0 ? this.realm.getAccessCodeLifespanLogin() : this.realm.getAccessCodeLifespanUserAction();
                break;
            default:
                accessCodeLifespanUserAction = this.realm.getAccessCodeLifespanUserAction();
                break;
        }
        return timestamp + accessCodeLifespanUserAction > Time.currentTime();
    }

    public Set<RoleModel> getRequestedRoles() {
        HashSet hashSet = new HashSet();
        Iterator it = this.clientSession.getRoles().iterator();
        while (it.hasNext()) {
            RoleModel roleById = this.realm.getRoleById((String) it.next());
            if (roleById != null) {
                hashSet.add(roleById);
            }
        }
        return hashSet;
    }

    public Set<ProtocolMapperModel> getRequestedProtocolMappers() {
        HashSet hashSet = new HashSet();
        if (this.clientSession.getProtocolMappers() != null) {
            Iterator it = this.clientSession.getProtocolMappers().iterator();
            while (it.hasNext()) {
                ProtocolMapperModel protocolMapperById = this.clientSession.getClient().getProtocolMapperById((String) it.next());
                if (protocolMapperById != null) {
                    hashSet.add(protocolMapperById);
                }
            }
        }
        return hashSet;
    }

    public void setAction(ClientSessionModel.Action action) {
        this.clientSession.setAction(action);
        this.clientSession.setNote(ACTION_KEY, UUID.randomUUID().toString());
        this.clientSession.setTimestamp(Time.currentTime());
    }

    public void setRequiredAction(UserModel.RequiredAction requiredAction) {
        setAction(convertToAction(requiredAction));
    }

    private ClientSessionModel.Action convertToAction(UserModel.RequiredAction requiredAction) {
        switch (AnonymousClass1.$SwitchMap$org$keycloak$models$UserModel$RequiredAction[requiredAction.ordinal()]) {
            case 1:
                return ClientSessionModel.Action.CONFIGURE_TOTP;
            case 2:
                return ClientSessionModel.Action.UPDATE_PASSWORD;
            case 3:
                return ClientSessionModel.Action.UPDATE_PROFILE;
            case 4:
                return ClientSessionModel.Action.VERIFY_EMAIL;
            default:
                throw new IllegalArgumentException("Unknown required action " + requiredAction);
        }
    }

    public String getCode() {
        return generateCode(this.realm, this.clientSession);
    }

    private static String generateCode(RealmModel realmModel, ClientSessionModel clientSessionModel) {
        return createHash(realmModel, clientSessionModel) + "." + clientSessionModel.getId();
    }

    private static String createHash(RealmModel realmModel, ClientSessionModel clientSessionModel) {
        try {
            Key codeSecretKey = realmModel.getCodeSecretKey();
            Mac mac = Mac.getInstance(codeSecretKey.getAlgorithm());
            mac.init(codeSecretKey);
            mac.update(clientSessionModel.getId().getBytes());
            mac.update(HASH_SEPERATOR);
            mac.update(clientSessionModel.getNote(ACTION_KEY).getBytes());
            return Base64Url.encode(mac.doFinal());
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }
}
