package org.keycloak.protocol.oidc.utils;

import java.util.Map;
import java.util.UUID;
import java.util.regex.Pattern;
import org.jboss.logging.Logger;
import org.keycloak.common.util.Time;
import org.keycloak.events.EventBuilder;
import org.keycloak.models.AuthenticatedClientSessionModel;
import org.keycloak.models.CodeToTokenStoreProvider;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserSessionModel;
import org.keycloak.services.managers.UserSessionCrossDCManager;

/* loaded from: input_file:org/keycloak/protocol/oidc/utils/OAuth2CodeParser.class */
public class OAuth2CodeParser {
    private static final Logger logger = Logger.getLogger(OAuth2CodeParser.class);
    private static final Pattern DOT = Pattern.compile("\\.");

    /* loaded from: input_file:org/keycloak/protocol/oidc/utils/OAuth2CodeParser$ParseResult.class */
    public static class ParseResult {
        private final String code;
        private OAuth2Code codeData;
        private AuthenticatedClientSessionModel clientSession;
        private boolean isIllegalCode;
        private boolean isExpiredCode;

        private ParseResult(String str, OAuth2Code oAuth2Code, AuthenticatedClientSessionModel authenticatedClientSessionModel) {
            this.isIllegalCode = false;
            this.isExpiredCode = false;
            this.code = str;
            this.codeData = oAuth2Code;
            this.clientSession = authenticatedClientSessionModel;
            this.isIllegalCode = false;
            this.isExpiredCode = false;
        }

        private ParseResult(String str) {
            this.isIllegalCode = false;
            this.isExpiredCode = false;
            this.code = str;
        }

        public String getCode() {
            return this.code;
        }

        public OAuth2Code getCodeData() {
            return this.codeData;
        }

        public AuthenticatedClientSessionModel getClientSession() {
            return this.clientSession;
        }

        public boolean isIllegalCode() {
            return this.isIllegalCode;
        }

        public boolean isExpiredCode() {
            return this.isExpiredCode;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public ParseResult illegalCode() {
            this.isIllegalCode = true;
            return this;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public ParseResult expiredCode() {
            this.isExpiredCode = true;
            return this;
        }
    }

    public static String persistCode(KeycloakSession keycloakSession, AuthenticatedClientSessionModel authenticatedClientSessionModel, OAuth2Code oAuth2Code) {
        CodeToTokenStoreProvider provider = keycloakSession.getProvider(CodeToTokenStoreProvider.class);
        UUID id = oAuth2Code.getId();
        if (id == null) {
            throw new IllegalStateException("ID not present in the data");
        }
        provider.put(id, authenticatedClientSessionModel.getUserSession().getRealm().getAccessCodeLifespan(), oAuth2Code.serializeCode());
        return id.toString() + "." + authenticatedClientSessionModel.getUserSession().getId() + "." + authenticatedClientSessionModel.getClient().getId();
    }

    public static ParseResult parseCode(KeycloakSession keycloakSession, String str, RealmModel realmModel, EventBuilder eventBuilder) {
        ParseResult parseResult = new ParseResult(str);
        String[] split = DOT.split(str, 3);
        if (split.length < 3) {
            logger.warn("Invalid format of the code");
            return parseResult.illegalCode();
        }
        String str2 = split[1];
        String str3 = split[2];
        eventBuilder.detail("code_id", str2);
        eventBuilder.session(str2);
        try {
            UUID fromString = UUID.fromString(split[0]);
            UserSessionModel userSessionWithClient = new UserSessionCrossDCManager(keycloakSession).getUserSessionWithClient(realmModel, str2, str3);
            if (userSessionWithClient == null) {
                userSessionWithClient = keycloakSession.sessions().getUserSession(realmModel, str2);
                if (userSessionWithClient == null) {
                    return parseResult.illegalCode();
                }
            }
            parseResult.clientSession = userSessionWithClient.getAuthenticatedClientSessionByClient(str3);
            Map remove = keycloakSession.getProvider(CodeToTokenStoreProvider.class).remove(fromString);
            if (remove == null) {
                logger.warnf("Code '%s' already used for userSession '%s' and client '%s'.", fromString, str2, str3);
                return parseResult.illegalCode();
            }
            logger.tracef("Successfully verified code '%s'. User session: '%s', client: '%s'", fromString, str2, str3);
            parseResult.codeData = OAuth2Code.deserializeCode(remove);
            return Time.currentTime() > parseResult.codeData.getExpiration() ? parseResult.expiredCode() : parseResult;
        } catch (IllegalArgumentException e) {
            logger.warn("Invalid format of the UUID in the code");
            return parseResult.illegalCode();
        }
    }
}
