package org.keycloak.quarkus.runtime.hostname;

import java.net.URI;
import java.util.function.BiFunction;
import java.util.function.Function;
import javax.ws.rs.core.UriInfo;
import org.jboss.logging.Logger;
import org.jboss.resteasy.spi.HttpRequest;
import org.keycloak.Config;
import org.keycloak.common.util.Resteasy;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.quarkus.runtime.cli.Picocli;
import org.keycloak.quarkus.runtime.configuration.Configuration;
import org.keycloak.urls.HostnameProvider;
import org.keycloak.urls.HostnameProviderFactory;
import org.keycloak.urls.UrlType;
import org.keycloak.utils.StringUtil;

/* loaded from: input_file:org/keycloak/quarkus/runtime/hostname/DefaultHostnameProvider.class */
public final class DefaultHostnameProvider implements HostnameProvider, HostnameProviderFactory {
    private static final Logger LOGGER = Logger.getLogger(DefaultHostnameProvider.class);
    private static final String REALM_URI_SESSION_ATTRIBUTE = DefaultHostnameProvider.class.getName() + ".realmUrl";
    private String frontChannelHostName;
    private String defaultPath;
    private String defaultHttpScheme;
    private int defaultTlsPort;
    private boolean noProxy;
    private String adminHostName;
    private Boolean strictBackChannel;
    private boolean hostnameEnabled;

    public String getScheme(UriInfo uriInfo, UrlType urlType) {
        String str = (String) forNonStrictBackChannel(uriInfo, urlType, this::getScheme, this::getScheme);
        return str != null ? str : (String) fromFrontChannel(uriInfo, (v0) -> {
            return v0.getScheme();
        }, this::getScheme, this.defaultHttpScheme);
    }

    public String getHostname(UriInfo uriInfo, UrlType urlType) {
        String str = (String) forNonStrictBackChannel(uriInfo, urlType, this::getHostname, this::getHostname);
        return str != null ? str : (!UrlType.ADMIN.equals(urlType) || this.adminHostName == null) ? (String) fromFrontChannel(uriInfo, (v0) -> {
            return v0.getHost();
        }, this::getHostname, this.frontChannelHostName) : this.adminHostName;
    }

    public String getContextPath(UriInfo uriInfo, UrlType urlType) {
        String str = (String) forNonStrictBackChannel(uriInfo, urlType, this::getContextPath, this::getContextPath);
        return str != null ? str : UrlType.ADMIN.equals(urlType) ? getContextPath(uriInfo) : (String) fromFrontChannel(uriInfo, (v0) -> {
            return v0.getPath();
        }, this::getContextPath, this.defaultPath);
    }

    public int getPort(UriInfo uriInfo, UrlType urlType) {
        Integer num = (Integer) forNonStrictBackChannel(uriInfo, urlType, this::getPort, this::getPort);
        if (num != null) {
            return num.intValue();
        }
        if (!this.hostnameEnabled || this.noProxy) {
            return ((Integer) fromFrontChannel(uriInfo, (v0) -> {
                return v0.getPort();
            }, this::getPort, null)).intValue();
        }
        return -1;
    }

    public int getPort(UriInfo uriInfo) {
        return this.noProxy ? this.defaultTlsPort : ((HttpRequest) ((KeycloakSession) Resteasy.getContextData(KeycloakSession.class)).getContext().getContextObject(HttpRequest.class)).getUri().getBaseUri().getPort();
    }

    private <T> T forNonStrictBackChannel(UriInfo uriInfo, UrlType urlType, BiFunction<UriInfo, UrlType, T> biFunction, Function<UriInfo, T> function) {
        if (!UrlType.BACKEND.equals(urlType) || this.strictBackChannel.booleanValue()) {
            return null;
        }
        return isHostFromFrontEndUrl(uriInfo) ? biFunction.apply(uriInfo, UrlType.FRONTEND) : function.apply(uriInfo);
    }

    private <T> T fromFrontChannel(UriInfo uriInfo, Function<URI, T> function, Function<UriInfo, T> function2, T t) {
        URI realmFrontEndUrl = getRealmFrontEndUrl();
        return realmFrontEndUrl != null ? function.apply(realmFrontEndUrl) : t == null ? function2.apply(uriInfo) : t;
    }

    private boolean isHostFromFrontEndUrl(UriInfo uriInfo) {
        String hostname = getHostname(uriInfo);
        if (hostname.equals(getHostname(uriInfo, UrlType.FRONTEND))) {
            return true;
        }
        URI realmFrontEndUrl = getRealmFrontEndUrl();
        return realmFrontEndUrl != null && hostname.equals(realmFrontEndUrl.getHost());
    }

    protected URI getRealmFrontEndUrl() {
        RealmModel realm;
        KeycloakSession keycloakSession = (KeycloakSession) Resteasy.getContextData(KeycloakSession.class);
        URI uri = (URI) keycloakSession.getAttribute(REALM_URI_SESSION_ATTRIBUTE);
        if (uri == null && (realm = keycloakSession.getContext().getRealm()) != null) {
            String attribute = realm.getAttribute("frontendUrl");
            if (StringUtil.isNotBlank(attribute)) {
                URI create = URI.create(attribute);
                keycloakSession.setAttribute(REALM_URI_SESSION_ATTRIBUTE, create);
                return create;
            }
        }
        return uri;
    }

    public void close() {
    }

    public String getId() {
        return "default";
    }

    /* renamed from: create, reason: merged with bridge method [inline-methods] */
    public HostnameProvider m15create(KeycloakSession keycloakSession) {
        return this;
    }

    public void init(Config.Scope scope) {
        this.frontChannelHostName = scope.get("hostname");
        if (scope.getBoolean("strict", false).booleanValue() && this.frontChannelHostName == null) {
            throw new RuntimeException("Strict hostname resolution configured but no hostname was set");
        }
        this.hostnameEnabled = this.frontChannelHostName != null;
        Boolean bool = scope.getBoolean("strict-https", false);
        if (bool.booleanValue()) {
            this.defaultHttpScheme = "https";
        }
        this.defaultPath = scope.get("path");
        this.noProxy = Configuration.getConfigValue("kc.proxy").getValue().equals(Picocli.NO_PARAM_LABEL);
        this.defaultTlsPort = Integer.parseInt(Configuration.getConfigValue("kc.https.port").getValue());
        this.adminHostName = scope.get("admin");
        this.strictBackChannel = scope.getBoolean("strict-backchannel", false);
        Logger logger = LOGGER;
        Object[] objArr = new Object[5];
        objArr[0] = this.frontChannelHostName == null ? "<request>" : this.frontChannelHostName;
        objArr[1] = bool;
        objArr[2] = this.defaultPath == null ? "<request>" : this.defaultPath;
        objArr[3] = this.strictBackChannel;
        objArr[4] = this.adminHostName == null ? "<request>" : this.adminHostName;
        logger.infov("Hostname settings: FrontEnd: {0}, Strict HTTPS: {1}, Path: {2}, Strict BackChannel: {3}, Admin: {4}", objArr);
    }
}
