package org.keycloak.services.managers;

import java.net.URI;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.UriBuilder;
import org.jboss.logging.Logger;
import org.jboss.resteasy.client.ClientResponse;
import org.jboss.resteasy.client.core.executors.ApacheHttpClient4Executor;
import org.keycloak.TokenIdGenerator;
import org.keycloak.models.ApplicationModel;
import org.keycloak.models.ClientSessionModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.UserSessionModel;
import org.keycloak.protocol.oidc.TokenManager;
import org.keycloak.representations.adapters.action.GlobalRequestResult;
import org.keycloak.representations.adapters.action.LogoutAction;
import org.keycloak.representations.adapters.action.PushNotBeforeAction;
import org.keycloak.representations.adapters.action.TestAvailabilityAction;
import org.keycloak.services.util.HttpClientBuilder;
import org.keycloak.services.util.ResolveRelative;
import org.keycloak.util.KeycloakUriBuilder;
import org.keycloak.util.MultivaluedHashMap;
import org.keycloak.util.StringPropertyReplacer;
import org.keycloak.util.Time;

/* loaded from: input_file:org/keycloak/services/managers/ResourceAdminManager.class */
public class ResourceAdminManager {
    protected static Logger logger = Logger.getLogger(ResourceAdminManager.class);
    private static final String APPLICATION_SESSION_HOST_PROPERTY = "${application.session.host}";

    public static ApacheHttpClient4Executor createExecutor() {
        return new ApacheHttpClient4Executor(new HttpClientBuilder().disableTrustManager().build());
    }

    public static String resolveUri(URI uri, String str) {
        return StringPropertyReplacer.replaceProperties(ResolveRelative.resolveRelativeUri(uri, str));
    }

    public static String getManagementUrl(URI uri, ApplicationModel applicationModel) {
        String managementUrl = applicationModel.getManagementUrl();
        if (managementUrl == null || managementUrl.equals("")) {
            return null;
        }
        return StringPropertyReplacer.replaceProperties(ResolveRelative.resolveRelativeUri(uri, managementUrl));
    }

    private List<String> getAllManagementUrls(URI uri, ApplicationModel applicationModel) {
        String managementUrl = getManagementUrl(uri, applicationModel);
        if (managementUrl == null) {
            return Collections.emptyList();
        }
        Set<String> validateRegisteredNodes = new ApplicationManager().validateRegisteredNodes(applicationModel);
        if (validateRegisteredNodes.isEmpty()) {
            return Arrays.asList(managementUrl);
        }
        LinkedList linkedList = new LinkedList();
        KeycloakUriBuilder fromUri = KeycloakUriBuilder.fromUri(managementUrl);
        Iterator<String> it = validateRegisteredNodes.iterator();
        while (it.hasNext()) {
            linkedList.add(fromUri.clone().host(it.next()).build(new Object[0]).toString());
        }
        return linkedList;
    }

    public void logoutUser(URI uri, RealmModel realmModel, UserModel userModel, KeycloakSession keycloakSession) {
        logoutUserSessions(uri, realmModel, keycloakSession.sessions().getUserSessions(realmModel, userModel));
    }

    protected void logoutUserSessions(URI uri, RealmModel realmModel, List<UserSessionModel> list) {
        ApacheHttpClient4Executor createExecutor = createExecutor();
        try {
            MultivaluedHashMap<ApplicationModel, ClientSessionModel> multivaluedHashMap = new MultivaluedHashMap<>();
            Iterator<UserSessionModel> it = list.iterator();
            while (it.hasNext()) {
                putClientSessions(multivaluedHashMap, it.next());
            }
            logger.debugv("logging out {0} resources ", Integer.valueOf(multivaluedHashMap.size()));
            for (Map.Entry entry : multivaluedHashMap.entrySet()) {
                logoutClientSessions(uri, realmModel, (ApplicationModel) entry.getKey(), (List) entry.getValue(), createExecutor);
            }
        } finally {
            createExecutor.getHttpClient().getConnectionManager().shutdown();
        }
    }

    private void putClientSessions(MultivaluedHashMap<ApplicationModel, ClientSessionModel> multivaluedHashMap, UserSessionModel userSessionModel) {
        for (ClientSessionModel clientSessionModel : userSessionModel.getClientSessions()) {
            ApplicationModel client = clientSessionModel.getClient();
            if (client instanceof ApplicationModel) {
                multivaluedHashMap.add(client, clientSessionModel);
            }
        }
    }

    public void logoutUserFromApplication(URI uri, RealmModel realmModel, ApplicationModel applicationModel, UserModel userModel, KeycloakSession keycloakSession) {
        ApacheHttpClient4Executor createExecutor = createExecutor();
        try {
            List userSessions = keycloakSession.sessions().getUserSessions(realmModel, userModel);
            List<ClientSessionModel> list = null;
            if (userSessions != null) {
                MultivaluedHashMap<ApplicationModel, ClientSessionModel> multivaluedHashMap = new MultivaluedHashMap<>();
                Iterator it = userSessions.iterator();
                while (it.hasNext()) {
                    putClientSessions(multivaluedHashMap, (UserSessionModel) it.next());
                }
                list = (List) multivaluedHashMap.get(applicationModel);
            }
            logoutClientSessions(uri, realmModel, applicationModel, list, createExecutor);
            createExecutor.getHttpClient().getConnectionManager().shutdown();
        } catch (Throwable th) {
            createExecutor.getHttpClient().getConnectionManager().shutdown();
            throw th;
        }
    }

    public boolean logoutClientSession(URI uri, RealmModel realmModel, ApplicationModel applicationModel, ClientSessionModel clientSessionModel, ApacheHttpClient4Executor apacheHttpClient4Executor) {
        return logoutClientSessions(uri, realmModel, applicationModel, Arrays.asList(clientSessionModel), apacheHttpClient4Executor);
    }

    protected boolean logoutClientSessions(URI uri, RealmModel realmModel, ApplicationModel applicationModel, List<ClientSessionModel> list, ApacheHttpClient4Executor apacheHttpClient4Executor) {
        String managementUrl = getManagementUrl(uri, applicationModel);
        if (managementUrl == null) {
            logger.debugv("Can't logout {0}: no management url", applicationModel.getName());
            return false;
        }
        MultivaluedHashMap multivaluedHashMap = null;
        LinkedList linkedList = new LinkedList();
        if (list != null && list.size() > 0) {
            multivaluedHashMap = new MultivaluedHashMap();
            for (ClientSessionModel clientSessionModel : list) {
                String note = clientSessionModel.getNote("application_session_state");
                if (note != null) {
                    multivaluedHashMap.add(clientSessionModel.getNote("application_session_host"), note);
                }
                if (clientSessionModel.getUserSession() != null) {
                    linkedList.add(clientSessionModel.getUserSession().getId());
                }
            }
        }
        if (multivaluedHashMap == null || multivaluedHashMap.isEmpty()) {
            logger.debugv("Can't logout {0}: no logged adapter sessions", applicationModel.getName());
            return false;
        }
        if (!managementUrl.contains(APPLICATION_SESSION_HOST_PROPERTY)) {
            ArrayList arrayList = new ArrayList();
            Iterator it = multivaluedHashMap.values().iterator();
            while (it.hasNext()) {
                arrayList.addAll((List) it.next());
            }
            return sendLogoutRequest(realmModel, applicationModel, arrayList, linkedList, apacheHttpClient4Executor, 0, managementUrl);
        }
        boolean z = true;
        for (Map.Entry entry : multivaluedHashMap.entrySet()) {
            z = sendLogoutRequest(realmModel, applicationModel, (List) entry.getValue(), linkedList, apacheHttpClient4Executor, 0, managementUrl.replace(APPLICATION_SESSION_HOST_PROPERTY, (String) entry.getKey())) && z;
        }
        return z;
    }

    public GlobalRequestResult logoutAll(URI uri, RealmModel realmModel) {
        ApacheHttpClient4Executor createExecutor = createExecutor();
        try {
            realmModel.setNotBefore(Time.currentTime());
            List applications = realmModel.getApplications();
            logger.debugv("logging out {0} resources ", Integer.valueOf(applications.size()));
            GlobalRequestResult globalRequestResult = new GlobalRequestResult();
            Iterator it = applications.iterator();
            while (it.hasNext()) {
                globalRequestResult.addAll(logoutApplication(uri, realmModel, (ApplicationModel) it.next(), createExecutor, realmModel.getNotBefore()));
            }
            return globalRequestResult;
        } finally {
            createExecutor.getHttpClient().getConnectionManager().shutdown();
        }
    }

    public GlobalRequestResult logoutApplication(URI uri, RealmModel realmModel, ApplicationModel applicationModel) {
        ApacheHttpClient4Executor createExecutor = createExecutor();
        try {
            applicationModel.setNotBefore(Time.currentTime());
            GlobalRequestResult logoutApplication = logoutApplication(uri, realmModel, applicationModel, createExecutor, applicationModel.getNotBefore());
            createExecutor.getHttpClient().getConnectionManager().shutdown();
            return logoutApplication;
        } catch (Throwable th) {
            createExecutor.getHttpClient().getConnectionManager().shutdown();
            throw th;
        }
    }

    protected GlobalRequestResult logoutApplication(URI uri, RealmModel realmModel, ApplicationModel applicationModel, ApacheHttpClient4Executor apacheHttpClient4Executor, int i) {
        List<String> allManagementUrls = getAllManagementUrls(uri, applicationModel);
        if (allManagementUrls.isEmpty()) {
            logger.debug("No management URL or no registered cluster nodes for the application " + applicationModel.getName());
            return new GlobalRequestResult();
        }
        if (logger.isDebugEnabled()) {
            logger.debug("Send logoutApplication for URLs: " + allManagementUrls);
        }
        GlobalRequestResult globalRequestResult = new GlobalRequestResult();
        for (String str : allManagementUrls) {
            if (sendLogoutRequest(realmModel, applicationModel, null, null, apacheHttpClient4Executor, i, str)) {
                globalRequestResult.addSuccessRequest(str);
            } else {
                globalRequestResult.addFailedRequest(str);
            }
        }
        return globalRequestResult;
    }

    protected boolean sendLogoutRequest(RealmModel realmModel, ApplicationModel applicationModel, List<String> list, List<String> list2, ApacheHttpClient4Executor apacheHttpClient4Executor, int i, String str) {
        String encodeToken = new TokenManager().encodeToken(realmModel, new LogoutAction(TokenIdGenerator.generateId(), Time.currentTime() + 30, applicationModel.getName(), list, i, list2));
        if (logger.isDebugEnabled()) {
            logger.debugv("logout resource {0} url: {1} sessionIds: " + list, applicationModel.getName(), str);
        }
        try {
            ClientResponse post = apacheHttpClient4Executor.createRequest(UriBuilder.fromUri(str).path("k_logout").build(new Object[0]).toString()).body(MediaType.TEXT_PLAIN_TYPE, encodeToken).post();
            try {
                boolean z = post.getStatus() == 204 || post.getStatus() == 200;
                logger.debugf("logout success for %s: %s", str, Boolean.valueOf(z));
                post.releaseConnection();
                return z;
            } catch (Throwable th) {
                post.releaseConnection();
                throw th;
            }
        } catch (Exception e) {
            logger.warn("Logout for application '" + applicationModel.getName() + "' failed", e);
            return false;
        }
    }

    public GlobalRequestResult pushRealmRevocationPolicy(URI uri, RealmModel realmModel) {
        ApacheHttpClient4Executor createExecutor = createExecutor();
        try {
            GlobalRequestResult globalRequestResult = new GlobalRequestResult();
            Iterator it = realmModel.getApplications().iterator();
            while (it.hasNext()) {
                globalRequestResult.addAll(pushRevocationPolicy(uri, realmModel, (ApplicationModel) it.next(), realmModel.getNotBefore(), createExecutor));
            }
            return globalRequestResult;
        } finally {
            createExecutor.getHttpClient().getConnectionManager().shutdown();
        }
    }

    public GlobalRequestResult pushApplicationRevocationPolicy(URI uri, RealmModel realmModel, ApplicationModel applicationModel) {
        ApacheHttpClient4Executor createExecutor = createExecutor();
        try {
            GlobalRequestResult pushRevocationPolicy = pushRevocationPolicy(uri, realmModel, applicationModel, applicationModel.getNotBefore(), createExecutor);
            createExecutor.getHttpClient().getConnectionManager().shutdown();
            return pushRevocationPolicy;
        } catch (Throwable th) {
            createExecutor.getHttpClient().getConnectionManager().shutdown();
            throw th;
        }
    }

    protected GlobalRequestResult pushRevocationPolicy(URI uri, RealmModel realmModel, ApplicationModel applicationModel, int i, ApacheHttpClient4Executor apacheHttpClient4Executor) {
        List<String> allManagementUrls = getAllManagementUrls(uri, applicationModel);
        if (allManagementUrls.isEmpty()) {
            logger.debugf("No management URL or no registered cluster nodes for the application %s", applicationModel.getName());
            return new GlobalRequestResult();
        }
        if (logger.isDebugEnabled()) {
            logger.debug("Sending push revocation to URLS: " + allManagementUrls);
        }
        GlobalRequestResult globalRequestResult = new GlobalRequestResult();
        for (String str : allManagementUrls) {
            if (sendPushRevocationPolicyRequest(realmModel, applicationModel, i, apacheHttpClient4Executor, str)) {
                globalRequestResult.addSuccessRequest(str);
            } else {
                globalRequestResult.addFailedRequest(str);
            }
        }
        return globalRequestResult;
    }

    protected boolean sendPushRevocationPolicyRequest(RealmModel realmModel, ApplicationModel applicationModel, int i, ApacheHttpClient4Executor apacheHttpClient4Executor, String str) {
        String encodeToken = new TokenManager().encodeToken(realmModel, new PushNotBeforeAction(TokenIdGenerator.generateId(), Time.currentTime() + 30, applicationModel.getName(), i));
        logger.infov("pushRevocation resource: {0} url: {1}", applicationModel.getName(), str);
        try {
            ClientResponse post = apacheHttpClient4Executor.createRequest(UriBuilder.fromUri(str).path("k_push_not_before").build(new Object[0]).toString()).body(MediaType.TEXT_PLAIN_TYPE, encodeToken).post();
            try {
                boolean z = post.getStatus() == 204 || post.getStatus() == 200;
                logger.debugf("pushRevocation success for %s: %s", str, Boolean.valueOf(z));
                post.releaseConnection();
                return z;
            } catch (Throwable th) {
                post.releaseConnection();
                throw th;
            }
        } catch (Exception e) {
            logger.warn("Failed to send revocation request", e);
            return false;
        }
    }

    public GlobalRequestResult testNodesAvailability(URI uri, RealmModel realmModel, ApplicationModel applicationModel) {
        List<String> allManagementUrls = getAllManagementUrls(uri, applicationModel);
        if (allManagementUrls.isEmpty()) {
            logger.debug("No management URL or no registered cluster nodes for the application " + applicationModel.getName());
            return new GlobalRequestResult();
        }
        ApacheHttpClient4Executor createExecutor = createExecutor();
        try {
            if (logger.isDebugEnabled()) {
                logger.debug("Sending test nodes availability: " + allManagementUrls);
            }
            GlobalRequestResult globalRequestResult = new GlobalRequestResult();
            for (String str : allManagementUrls) {
                if (sendTestNodeAvailabilityRequest(realmModel, applicationModel, createExecutor, str)) {
                    globalRequestResult.addSuccessRequest(str);
                } else {
                    globalRequestResult.addFailedRequest(str);
                }
            }
            return globalRequestResult;
        } finally {
            createExecutor.getHttpClient().getConnectionManager().shutdown();
        }
    }

    protected boolean sendTestNodeAvailabilityRequest(RealmModel realmModel, ApplicationModel applicationModel, ApacheHttpClient4Executor apacheHttpClient4Executor, String str) {
        String encodeToken = new TokenManager().encodeToken(realmModel, new TestAvailabilityAction(TokenIdGenerator.generateId(), Time.currentTime() + 30, applicationModel.getName()));
        logger.debugv("testNodes availability resource: {0} url: {1}", applicationModel.getName(), str);
        try {
            ClientResponse post = apacheHttpClient4Executor.createRequest(UriBuilder.fromUri(str).path("k_test_available").build(new Object[0]).toString()).body(MediaType.TEXT_PLAIN_TYPE, encodeToken).post();
            try {
                boolean z = post.getStatus() == 204 || post.getStatus() == 200;
                logger.debugf("testAvailability success for %s: %s", str, Boolean.valueOf(z));
                post.releaseConnection();
                return z;
            } catch (Throwable th) {
                post.releaseConnection();
                throw th;
            }
        } catch (Exception e) {
            logger.warn("Availability test failed for uri '" + str + "'", e);
            return false;
        }
    }
}
