package org.keycloak.protocol.oidc.endpoints;

import java.io.InputStream;
import java.util.Set;
import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.core.CacheControl;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Response;
import org.keycloak.common.Version;
import org.keycloak.common.util.UriUtils;
import org.keycloak.models.ClientModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.KeycloakUriInfo;
import org.keycloak.protocol.oidc.utils.WebOriginsUtils;
import org.keycloak.services.resources.Cors;
import org.keycloak.services.util.CacheControlUtil;
import org.keycloak.services.util.P3PHelper;
import org.keycloak.utils.MediaType;

/* loaded from: input_file:org/keycloak/protocol/oidc/endpoints/LoginStatusIframeEndpoint.class */
public class LoginStatusIframeEndpoint {

    @Context
    private KeycloakSession session;

    @GET
    @Produces({MediaType.TEXT_HTML_UTF_8})
    public Response getLoginStatusIframe(@QueryParam("version") String str) {
        CacheControl noCache;
        if (str == null) {
            noCache = CacheControlUtil.noCache();
        } else {
            if (!str.equals(Version.RESOURCES_VERSION)) {
                return Response.status(Response.Status.NOT_FOUND).build();
            }
            noCache = CacheControlUtil.getDefaultCacheControl();
        }
        InputStream resourceAsStream = getClass().getClassLoader().getResourceAsStream("login-status-iframe.html");
        if (resourceAsStream == null) {
            return Response.status(Response.Status.NOT_FOUND).build();
        }
        P3PHelper.addP3PHeader(this.session);
        return Response.ok(resourceAsStream).cacheControl(noCache).build();
    }

    @GET
    @Path("init")
    public Response preCheck(@QueryParam("client_id") String str, @QueryParam("origin") String str2) {
        try {
            KeycloakUriInfo uri = this.session.getContext().getUri();
            ClientModel clientByClientId = this.session.realms().getClientByClientId(str, this.session.getContext().getRealm());
            if (clientByClientId != null) {
                Set<String> resolveValidWebOrigins = WebOriginsUtils.resolveValidWebOrigins(uri, clientByClientId);
                resolveValidWebOrigins.add(UriUtils.getOrigin(uri.getRequestUri()));
                if (resolveValidWebOrigins.contains(Cors.ACCESS_CONTROL_ALLOW_ORIGIN_WILDCARD) || resolveValidWebOrigins.contains(str2)) {
                    return Response.noContent().build();
                }
            }
        } catch (Throwable th) {
        }
        return Response.status(Response.Status.FORBIDDEN).build();
    }
}
