package org.keycloak.services.managers;

import java.io.IOException;
import java.net.URI;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.ws.rs.core.UriBuilder;
import org.jboss.logging.Logger;
import org.keycloak.TokenIdGenerator;
import org.keycloak.connections.httpclient.HttpClientProvider;
import org.keycloak.constants.AdapterConstants;
import org.keycloak.models.ClientModel;
import org.keycloak.models.ClientSessionModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.LDAPConstants;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.UserSessionModel;
import org.keycloak.protocol.oidc.TokenManager;
import org.keycloak.representations.adapters.action.GlobalRequestResult;
import org.keycloak.representations.adapters.action.LogoutAction;
import org.keycloak.representations.adapters.action.PushNotBeforeAction;
import org.keycloak.representations.adapters.action.TestAvailabilityAction;
import org.keycloak.services.util.ResolveRelative;
import org.keycloak.util.KeycloakUriBuilder;
import org.keycloak.util.MultivaluedHashMap;
import org.keycloak.util.StringPropertyReplacer;
import org.keycloak.util.Time;

/* loaded from: input_file:WEB-INF/lib/keycloak-services-1.3.1.Final.jar:org/keycloak/services/managers/ResourceAdminManager.class */
public class ResourceAdminManager {
    protected static Logger logger = Logger.getLogger((Class<?>) ResourceAdminManager.class);
    private static final String CLIENT_SESSION_HOST_PROPERTY = "${application.session.host}";
    private KeycloakSession session;

    public ResourceAdminManager(KeycloakSession keycloakSession) {
        this.session = keycloakSession;
    }

    public static String resolveUri(URI uri, String str) {
        return StringPropertyReplacer.replaceProperties(ResolveRelative.resolveRelativeUri(uri, str));
    }

    public static String getManagementUrl(URI uri, ClientModel clientModel) {
        String managementUrl = clientModel.getManagementUrl();
        if (managementUrl == null || managementUrl.equals(LDAPConstants.EMPTY_MEMBER_ATTRIBUTE_VALUE)) {
            return null;
        }
        return StringPropertyReplacer.replaceProperties(ResolveRelative.resolveRelativeUri(uri, managementUrl));
    }

    private List<String> getAllManagementUrls(URI uri, ClientModel clientModel) {
        String managementUrl = getManagementUrl(uri, clientModel);
        if (managementUrl == null) {
            return Collections.emptyList();
        }
        Set<String> validateRegisteredNodes = new ClientManager().validateRegisteredNodes(clientModel);
        if (validateRegisteredNodes.isEmpty()) {
            return Arrays.asList(managementUrl);
        }
        LinkedList linkedList = new LinkedList();
        KeycloakUriBuilder fromUri = KeycloakUriBuilder.fromUri(managementUrl);
        Iterator<String> it = validateRegisteredNodes.iterator();
        while (it.hasNext()) {
            linkedList.add(fromUri.m895clone().host(it.next()).build(new Object[0]).toString());
        }
        return linkedList;
    }

    public void logoutUser(URI uri, RealmModel realmModel, UserModel userModel, KeycloakSession keycloakSession) {
        logoutUserSessions(uri, realmModel, keycloakSession.sessions().getUserSessions(realmModel, userModel));
    }

    protected void logoutUserSessions(URI uri, RealmModel realmModel, List<UserSessionModel> list) {
        MultivaluedHashMap<ClientModel, ClientSessionModel> multivaluedHashMap = new MultivaluedHashMap<>();
        Iterator<UserSessionModel> it = list.iterator();
        while (it.hasNext()) {
            putClientSessions(multivaluedHashMap, it.next());
        }
        logger.debugv("logging out {0} resources ", Integer.valueOf(multivaluedHashMap.size()));
        for (Map.Entry<ClientModel, ClientSessionModel> entry : multivaluedHashMap.entrySet()) {
            logoutClientSessions(uri, realmModel, entry.getKey(), (List) entry.getValue());
        }
    }

    private void putClientSessions(MultivaluedHashMap<ClientModel, ClientSessionModel> multivaluedHashMap, UserSessionModel userSessionModel) {
        for (ClientSessionModel clientSessionModel : userSessionModel.getClientSessions()) {
            multivaluedHashMap.add(clientSessionModel.getClient(), clientSessionModel);
        }
    }

    public void logoutUserFromClient(URI uri, RealmModel realmModel, ClientModel clientModel, UserModel userModel) {
        List<UserSessionModel> userSessions = this.session.sessions().getUserSessions(realmModel, userModel);
        List<ClientSessionModel> list = null;
        if (userSessions != null) {
            MultivaluedHashMap<ClientModel, ClientSessionModel> multivaluedHashMap = new MultivaluedHashMap<>();
            Iterator<UserSessionModel> it = userSessions.iterator();
            while (it.hasNext()) {
                putClientSessions(multivaluedHashMap, it.next());
            }
            list = (List) multivaluedHashMap.get(clientModel);
        }
        logoutClientSessions(uri, realmModel, clientModel, list);
    }

    public boolean logoutClientSession(URI uri, RealmModel realmModel, ClientModel clientModel, ClientSessionModel clientSessionModel) {
        return logoutClientSessions(uri, realmModel, clientModel, Arrays.asList(clientSessionModel));
    }

    protected boolean logoutClientSessions(URI uri, RealmModel realmModel, ClientModel clientModel, List<ClientSessionModel> list) {
        String managementUrl = getManagementUrl(uri, clientModel);
        if (managementUrl == null) {
            logger.debugv("Can't logout {0}: no management url", clientModel.getClientId());
            return false;
        }
        MultivaluedHashMap multivaluedHashMap = null;
        LinkedList linkedList = new LinkedList();
        if (list != null && list.size() > 0) {
            multivaluedHashMap = new MultivaluedHashMap();
            for (ClientSessionModel clientSessionModel : list) {
                String note = clientSessionModel.getNote("client_session_state");
                if (note != null) {
                    multivaluedHashMap.add(clientSessionModel.getNote("client_session_host"), note);
                }
                if (clientSessionModel.getUserSession() != null) {
                    linkedList.add(clientSessionModel.getUserSession().getId());
                }
            }
        }
        if (multivaluedHashMap == null || multivaluedHashMap.isEmpty()) {
            logger.debugv("Can't logout {0}: no logged adapter sessions", clientModel.getClientId());
            return false;
        }
        if (!managementUrl.contains(CLIENT_SESSION_HOST_PROPERTY)) {
            ArrayList arrayList = new ArrayList();
            Iterator it = multivaluedHashMap.values().iterator();
            while (it.hasNext()) {
                arrayList.addAll((List) it.next());
            }
            return sendLogoutRequest(realmModel, clientModel, arrayList, linkedList, 0, managementUrl);
        }
        boolean z = true;
        Iterator it2 = multivaluedHashMap.entrySet().iterator();
        while (it2.hasNext()) {
            Map.Entry entry = (Map.Entry) it2.next();
            z = sendLogoutRequest(realmModel, clientModel, (List) entry.getValue(), linkedList, 0, managementUrl.replace(CLIENT_SESSION_HOST_PROPERTY, (String) entry.getKey())) && z;
        }
        return z;
    }

    public GlobalRequestResult logoutAll(URI uri, RealmModel realmModel) {
        realmModel.setNotBefore(Time.currentTime());
        List<ClientModel> clients = realmModel.getClients();
        logger.debugv("logging out {0} resources ", Integer.valueOf(clients.size()));
        GlobalRequestResult globalRequestResult = new GlobalRequestResult();
        Iterator<ClientModel> it = clients.iterator();
        while (it.hasNext()) {
            globalRequestResult.addAll(logoutClient(uri, realmModel, it.next(), realmModel.getNotBefore()));
        }
        return globalRequestResult;
    }

    public GlobalRequestResult logoutClient(URI uri, RealmModel realmModel, ClientModel clientModel) {
        clientModel.setNotBefore(Time.currentTime());
        return logoutClient(uri, realmModel, clientModel, clientModel.getNotBefore());
    }

    protected GlobalRequestResult logoutClient(URI uri, RealmModel realmModel, ClientModel clientModel, int i) {
        List<String> allManagementUrls = getAllManagementUrls(uri, clientModel);
        if (allManagementUrls.isEmpty()) {
            logger.debug("No management URL or no registered cluster nodes for the client " + clientModel.getClientId());
            return new GlobalRequestResult();
        }
        if (logger.isDebugEnabled()) {
            logger.debug("Send logoutClient for URLs: " + allManagementUrls);
        }
        GlobalRequestResult globalRequestResult = new GlobalRequestResult();
        for (String str : allManagementUrls) {
            if (sendLogoutRequest(realmModel, clientModel, null, null, i, str)) {
                globalRequestResult.addSuccessRequest(str);
            } else {
                globalRequestResult.addFailedRequest(str);
            }
        }
        return globalRequestResult;
    }

    protected boolean sendLogoutRequest(RealmModel realmModel, ClientModel clientModel, List<String> list, List<String> list2, int i, String str) {
        String encodeToken = new TokenManager().encodeToken(realmModel, new LogoutAction(TokenIdGenerator.generateId(), Time.currentTime() + 30, clientModel.getClientId(), list, i, list2));
        if (logger.isDebugEnabled()) {
            logger.debugv("logout resource {0} url: {1} sessionIds: " + list, clientModel.getClientId(), str);
        }
        try {
            int postText = ((HttpClientProvider) this.session.getProvider(HttpClientProvider.class)).postText(UriBuilder.fromUri(str).path(AdapterConstants.K_LOGOUT).build(new Object[0]).toString(), encodeToken);
            boolean z = postText == 204 || postText == 200;
            logger.debugf("logout success for %s: %s", str, Boolean.valueOf(z));
            return z;
        } catch (IOException e) {
            logger.warn("Logout for client '" + clientModel.getClientId() + "' failed", e);
            return false;
        }
    }

    public GlobalRequestResult pushRealmRevocationPolicy(URI uri, RealmModel realmModel) {
        GlobalRequestResult globalRequestResult = new GlobalRequestResult();
        Iterator<ClientModel> it = realmModel.getClients().iterator();
        while (it.hasNext()) {
            globalRequestResult.addAll(pushRevocationPolicy(uri, realmModel, it.next(), realmModel.getNotBefore()));
        }
        return globalRequestResult;
    }

    public GlobalRequestResult pushClientRevocationPolicy(URI uri, RealmModel realmModel, ClientModel clientModel) {
        return pushRevocationPolicy(uri, realmModel, clientModel, clientModel.getNotBefore());
    }

    protected GlobalRequestResult pushRevocationPolicy(URI uri, RealmModel realmModel, ClientModel clientModel, int i) {
        List<String> allManagementUrls = getAllManagementUrls(uri, clientModel);
        if (allManagementUrls.isEmpty()) {
            logger.debugf("No management URL or no registered cluster nodes for the client %s", clientModel.getClientId());
            return new GlobalRequestResult();
        }
        if (logger.isDebugEnabled()) {
            logger.debug("Sending push revocation to URLS: " + allManagementUrls);
        }
        GlobalRequestResult globalRequestResult = new GlobalRequestResult();
        for (String str : allManagementUrls) {
            if (sendPushRevocationPolicyRequest(realmModel, clientModel, i, str)) {
                globalRequestResult.addSuccessRequest(str);
            } else {
                globalRequestResult.addFailedRequest(str);
            }
        }
        return globalRequestResult;
    }

    protected boolean sendPushRevocationPolicyRequest(RealmModel realmModel, ClientModel clientModel, int i, String str) {
        String encodeToken = new TokenManager().encodeToken(realmModel, new PushNotBeforeAction(TokenIdGenerator.generateId(), Time.currentTime() + 30, clientModel.getClientId(), i));
        logger.infov("pushRevocation resource: {0} url: {1}", clientModel.getClientId(), str);
        try {
            int postText = ((HttpClientProvider) this.session.getProvider(HttpClientProvider.class)).postText(UriBuilder.fromUri(str).path(AdapterConstants.K_PUSH_NOT_BEFORE).build(new Object[0]).toString(), encodeToken);
            boolean z = postText == 204 || postText == 200;
            logger.debugf("pushRevocation success for %s: %s", str, Boolean.valueOf(z));
            return z;
        } catch (IOException e) {
            logger.warn("Failed to send revocation request", e);
            return false;
        }
    }

    public GlobalRequestResult testNodesAvailability(URI uri, RealmModel realmModel, ClientModel clientModel) {
        List<String> allManagementUrls = getAllManagementUrls(uri, clientModel);
        if (allManagementUrls.isEmpty()) {
            logger.debug("No management URL or no registered cluster nodes for the application " + clientModel.getClientId());
            return new GlobalRequestResult();
        }
        if (logger.isDebugEnabled()) {
            logger.debug("Sending test nodes availability: " + allManagementUrls);
        }
        GlobalRequestResult globalRequestResult = new GlobalRequestResult();
        for (String str : allManagementUrls) {
            if (sendTestNodeAvailabilityRequest(realmModel, clientModel, str)) {
                globalRequestResult.addSuccessRequest(str);
            } else {
                globalRequestResult.addFailedRequest(str);
            }
        }
        return globalRequestResult;
    }

    protected boolean sendTestNodeAvailabilityRequest(RealmModel realmModel, ClientModel clientModel, String str) {
        String encodeToken = new TokenManager().encodeToken(realmModel, new TestAvailabilityAction(TokenIdGenerator.generateId(), Time.currentTime() + 30, clientModel.getClientId()));
        logger.debugv("testNodes availability resource: {0} url: {1}", clientModel.getClientId(), str);
        try {
            int postText = ((HttpClientProvider) this.session.getProvider(HttpClientProvider.class)).postText(UriBuilder.fromUri(str).path(AdapterConstants.K_TEST_AVAILABLE).build(new Object[0]).toString(), encodeToken);
            boolean z = postText == 204 || postText == 200;
            logger.debugf("testAvailability success for %s: %s", str, Boolean.valueOf(z));
            return z;
        } catch (IOException e) {
            logger.warn("Availability test failed for uri '" + str + "'", e);
            return false;
        }
    }
}
