package org.keycloak.services.managers;

import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import javax.ws.rs.core.MultivaluedMap;
import org.jboss.resteasy.jose.Base64Url;
import org.jboss.resteasy.jose.jws.JWSBuilder;
import org.jboss.resteasy.jwt.JsonSerialization;
import org.jboss.resteasy.logging.Logger;
import org.keycloak.models.ApplicationModel;
import org.keycloak.models.Constants;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleModel;
import org.keycloak.models.UserModel;
import org.keycloak.representations.SkeletonKeyScope;
import org.keycloak.representations.SkeletonKeyToken;

/* loaded from: input_file:WEB-INF/lib/keycloak-services-1.0-alpha-1-12062013.jar:org/keycloak/services/managers/TokenManager.class */
public class TokenManager {
    protected static final Logger logger = Logger.getLogger(TokenManager.class);
    protected Map<String, AccessCodeEntry> accessCodeMap = new ConcurrentHashMap();

    public void clearAccessCodes() {
        this.accessCodeMap.clear();
    }

    public AccessCodeEntry getAccessCode(String str) {
        return this.accessCodeMap.get(str);
    }

    public AccessCodeEntry pullAccessCode(String str) {
        return this.accessCodeMap.remove(str);
    }

    public AccessCodeEntry createAccessCode(String str, String str2, String str3, RealmModel realmModel, UserModel userModel, UserModel userModel2) {
        boolean hasRole = realmModel.hasRole(userModel, realmModel.getRole(Constants.APPLICATION_ROLE));
        AccessCodeEntry accessCodeEntry = new AccessCodeEntry();
        SkeletonKeyScope decodeScope = str != null ? decodeScope(str) : null;
        List<RoleModel> realmRolesRequested = accessCodeEntry.getRealmRolesRequested();
        MultivaluedMap<String, RoleModel> resourceRolesRequested = accessCodeEntry.getResourceRolesRequested();
        Set<String> roleMappingValues = realmModel.getRoleMappingValues(userModel2);
        if (roleMappingValues != null && roleMappingValues.size() > 0 && (decodeScope == null || decodeScope.containsKey("realm"))) {
            Set<String> scopeMappingValues = realmModel.getScopeMappingValues(userModel);
            if (scopeMappingValues.size() > 0) {
                HashSet hashSet = decodeScope != null ? new HashSet(decodeScope.get("realm")) : null;
                for (String str4 : roleMappingValues) {
                    if (hashSet == null || hashSet.contains(str4)) {
                        if (scopeMappingValues.contains(str4)) {
                            realmRolesRequested.add(realmModel.getRole(str4));
                        }
                    }
                }
            }
        }
        for (ApplicationModel applicationModel : realmModel.getApplications()) {
            if (hasRole && applicationModel.getApplicationUser().getLoginName().equals(userModel.getLoginName())) {
                Iterator<String> it = applicationModel.getRoleMappingValues(userModel2).iterator();
                while (it.hasNext()) {
                    resourceRolesRequested.addAll(applicationModel.getName(), new RoleModel[]{applicationModel.getRole(it.next())});
                }
            } else {
                Set<String> roleMappingValues2 = applicationModel.getRoleMappingValues(userModel2);
                if (roleMappingValues2 != null && roleMappingValues2.size() > 0 && (decodeScope == null || decodeScope.containsKey(applicationModel.getName()))) {
                    Set<String> scopeMappingValues2 = applicationModel.getScopeMappingValues(userModel);
                    if (scopeMappingValues2.size() > 0) {
                        HashSet hashSet2 = decodeScope != null ? new HashSet(decodeScope.get(applicationModel.getName())) : null;
                        for (String str5 : roleMappingValues2) {
                            if (hashSet2 == null || hashSet2.contains(str5)) {
                                if (scopeMappingValues2.contains(str5)) {
                                    resourceRolesRequested.add(applicationModel.getName(), applicationModel.getRole(str5));
                                }
                            }
                        }
                    }
                }
            }
        }
        createToken(accessCodeEntry, realmModel, userModel, userModel2);
        accessCodeEntry.setRealm(realmModel);
        accessCodeEntry.setExpiration((System.currentTimeMillis() / 1000) + realmModel.getAccessCodeLifespan());
        accessCodeEntry.setClient(userModel);
        accessCodeEntry.setUser(userModel2);
        accessCodeEntry.setState(str2);
        accessCodeEntry.setRedirectUri(str3);
        this.accessCodeMap.put(accessCodeEntry.getId(), accessCodeEntry);
        try {
            accessCodeEntry.setCode(new JWSBuilder().content(accessCodeEntry.getId().getBytes("UTF-8")).rsa256(realmModel.getPrivateKey()));
            return accessCodeEntry;
        } catch (UnsupportedEncodingException e) {
            throw new RuntimeException(e);
        }
    }

    protected SkeletonKeyToken initToken(RealmModel realmModel, UserModel userModel, UserModel userModel2) {
        SkeletonKeyToken skeletonKeyToken = new SkeletonKeyToken();
        skeletonKeyToken.m260id(RealmManager.generateId());
        skeletonKeyToken.m254principal(userModel2.getLoginName());
        skeletonKeyToken.m255audience(realmModel.getName());
        skeletonKeyToken.issuedNow();
        skeletonKeyToken.issuedFor(userModel.getLoginName());
        if (realmModel.getTokenLifespan() > 0) {
            skeletonKeyToken.m259expiration((System.currentTimeMillis() / 1000) + realmModel.getTokenLifespan());
        }
        Set<String> webOrigins = userModel.getWebOrigins();
        if (webOrigins != null) {
            skeletonKeyToken.setAllowedOrigins(webOrigins);
        }
        return skeletonKeyToken;
    }

    protected void createToken(AccessCodeEntry accessCodeEntry, RealmModel realmModel, UserModel userModel, UserModel userModel2) {
        SkeletonKeyToken initToken = initToken(realmModel, userModel, userModel2);
        if (accessCodeEntry.getRealmRolesRequested().size() > 0) {
            SkeletonKeyToken.Access access = new SkeletonKeyToken.Access();
            Iterator<RoleModel> it = accessCodeEntry.getRealmRolesRequested().iterator();
            while (it.hasNext()) {
                access.addRole(it.next().getName());
            }
            initToken.setRealmAccess(access);
        }
        if (accessCodeEntry.getResourceRolesRequested().size() > 0) {
            Map<String, ApplicationModel> applicationNameMap = realmModel.getApplicationNameMap();
            for (String str : accessCodeEntry.getResourceRolesRequested().keySet()) {
                SkeletonKeyToken.Access verifyCaller = initToken.addAccess(str).verifyCaller(Boolean.valueOf(applicationNameMap.get(str).isSurrogateAuthRequired()));
                Iterator it2 = ((List) accessCodeEntry.getResourceRolesRequested().get(str)).iterator();
                while (it2.hasNext()) {
                    verifyCaller.addRole(((RoleModel) it2.next()).getName());
                }
            }
        }
        accessCodeEntry.setToken(initToken);
    }

    public String encodeScope(SkeletonKeyScope skeletonKeyScope) {
        try {
            return Base64Url.encode(JsonSerialization.toString(skeletonKeyScope, false).getBytes());
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    public SkeletonKeyScope decodeScope(String str) {
        try {
            return (SkeletonKeyScope) JsonSerialization.fromBytes(SkeletonKeyScope.class, Base64Url.decode(str));
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }

    public SkeletonKeyToken createAccessToken(RealmModel realmModel, UserModel userModel) {
        List<ApplicationModel> applications = realmModel.getApplications();
        SkeletonKeyToken skeletonKeyToken = new SkeletonKeyToken();
        skeletonKeyToken.m260id(RealmManager.generateId());
        skeletonKeyToken.issuedNow();
        skeletonKeyToken.m254principal(userModel.getLoginName());
        skeletonKeyToken.m255audience(realmModel.getId());
        if (realmModel.getTokenLifespan() > 0) {
            skeletonKeyToken.m259expiration((System.currentTimeMillis() / 1000) + realmModel.getTokenLifespan());
        }
        Set<String> roleMappingValues = realmModel.getRoleMappingValues(userModel);
        if (roleMappingValues != null && roleMappingValues.size() > 0) {
            SkeletonKeyToken.Access access = new SkeletonKeyToken.Access();
            Iterator<String> it = roleMappingValues.iterator();
            while (it.hasNext()) {
                access.addRole(it.next());
            }
            skeletonKeyToken.setRealmAccess(access);
        }
        if (applications != null) {
            for (ApplicationModel applicationModel : applications) {
                Set<String> roleMappingValues2 = applicationModel.getRoleMappingValues(userModel);
                if (roleMappingValues2 != null) {
                    SkeletonKeyToken.Access verifyCaller = skeletonKeyToken.addAccess(applicationModel.getName()).verifyCaller(Boolean.valueOf(applicationModel.isSurrogateAuthRequired()));
                    Iterator<String> it2 = roleMappingValues2.iterator();
                    while (it2.hasNext()) {
                        verifyCaller.addRole(it2.next());
                    }
                }
            }
        }
        return skeletonKeyToken;
    }

    public String encodeToken(RealmModel realmModel, Object obj) {
        try {
            return new JWSBuilder().content(JsonSerialization.toByteArray(obj, false)).rsa256(realmModel.getPrivateKey());
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }
}
