package org.keycloak.protocol;

import javax.ws.rs.core.Context;
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriInfo;
import org.jboss.logging.Logger;
import org.jboss.resteasy.spi.HttpRequest;
import org.keycloak.authentication.AuthenticationProcessor;
import org.keycloak.common.ClientConnection;
import org.keycloak.events.EventBuilder;
import org.keycloak.forms.login.LoginFormsProvider;
import org.keycloak.models.AuthenticationFlowModel;
import org.keycloak.models.ClientModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.utils.AuthenticationFlowResolver;
import org.keycloak.protocol.LoginProtocol;
import org.keycloak.services.ErrorPageException;
import org.keycloak.services.managers.AuthenticationManager;
import org.keycloak.services.managers.AuthenticationSessionManager;
import org.keycloak.services.managers.UserSessionCrossDCManager;
import org.keycloak.services.messages.Messages;
import org.keycloak.services.resources.LoginActionsService;
import org.keycloak.sessions.AuthenticationSessionModel;
import org.keycloak.sessions.RootAuthenticationSessionModel;

/* loaded from: input_file:org/keycloak/protocol/AuthorizationEndpointBase.class */
public abstract class AuthorizationEndpointBase {
    private static final Logger logger = Logger.getLogger(AuthorizationEndpointBase.class);
    public static final String APP_INITIATED_FLOW = "APP_INITIATED_FLOW";
    protected RealmModel realm;
    protected EventBuilder event;
    protected AuthenticationManager authManager;

    @Context
    protected UriInfo uriInfo;

    @Context
    protected HttpHeaders headers;

    @Context
    protected HttpRequest httpRequest;

    @Context
    protected KeycloakSession session;

    @Context
    protected ClientConnection clientConnection;

    public AuthorizationEndpointBase(RealmModel realmModel, EventBuilder eventBuilder) {
        this.realm = realmModel;
        this.event = eventBuilder;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AuthenticationProcessor createProcessor(AuthenticationSessionModel authenticationSessionModel, String str, String str2) {
        AuthenticationProcessor authenticationProcessor = new AuthenticationProcessor();
        authenticationProcessor.setAuthenticationSession(authenticationSessionModel).setFlowPath(str2).setFlowId(str).setBrowserFlow(true).setConnection(this.clientConnection).setEventBuilder(this.event).setRealm(this.realm).setSession(this.session).setUriInfo(this.uriInfo).setRequest(this.httpRequest);
        authenticationSessionModel.setAuthNote(AuthenticationProcessor.CURRENT_FLOW_PATH, str2);
        return authenticationProcessor;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Response handleBrowserAuthenticationRequest(AuthenticationSessionModel authenticationSessionModel, LoginProtocol loginProtocol, boolean z, boolean z2) {
        AuthenticationProcessor createProcessor = createProcessor(authenticationSessionModel, getAuthenticationFlow(authenticationSessionModel).getId(), LoginActionsService.AUTHENTICATE_PATH);
        this.event.detail("code_id", authenticationSessionModel.getParentSession().getId());
        if (!z) {
            try {
                RestartLoginCookie.setRestartCookie(this.session, this.realm, this.clientConnection, this.uriInfo, authenticationSessionModel);
                return z2 ? createProcessor.redirectToFlow() : createProcessor.authenticate();
            } catch (Exception e) {
                return createProcessor.handleBrowserException(e);
            }
        }
        try {
            if (createProcessor.authenticateOnly() != null) {
                return loginProtocol.sendError(authenticationSessionModel, LoginProtocol.Error.PASSIVE_LOGIN_REQUIRED);
            }
            AuthenticationManager.setRolesAndMappersInSession(authenticationSessionModel);
            if (createProcessor.nextRequiredAction() != null) {
                return loginProtocol.sendError(authenticationSessionModel, LoginProtocol.Error.PASSIVE_INTERACTION_REQUIRED);
            }
            createProcessor.attachSession();
            return createProcessor.finishAuthentication(loginProtocol);
        } catch (Exception e2) {
            return createProcessor.handleBrowserException(e2);
        }
    }

    protected AuthenticationFlowModel getAuthenticationFlow(AuthenticationSessionModel authenticationSessionModel) {
        return AuthenticationFlowResolver.resolveBrowserFlow(authenticationSessionModel);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void checkSsl() {
        if (this.uriInfo.getBaseUri().getScheme().equals("https") || !this.realm.getSslRequired().isRequired(this.clientConnection)) {
            return;
        }
        this.event.error("ssl_required");
        throw new ErrorPageException(this.session, Response.Status.BAD_REQUEST, Messages.HTTPS_REQUIRED, new Object[0]);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void checkRealm() {
        if (this.realm.isEnabled()) {
            return;
        }
        this.event.error("realm_disabled");
        throw new ErrorPageException(this.session, Response.Status.BAD_REQUEST, Messages.REALM_NOT_ENABLED, new Object[0]);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AuthenticationSessionModel createAuthenticationSession(ClientModel clientModel, String str) {
        AuthenticationSessionModel createAuthenticationSession;
        AuthenticationSessionManager authenticationSessionManager = new AuthenticationSessionManager(this.session);
        String currentAuthenticationSessionId = authenticationSessionManager.getCurrentAuthenticationSessionId(this.realm);
        RootAuthenticationSessionModel rootAuthenticationSession = currentAuthenticationSessionId == null ? null : this.session.authenticationSessions().getRootAuthenticationSession(this.realm, currentAuthenticationSessionId);
        if (rootAuthenticationSession != null) {
            createAuthenticationSession = rootAuthenticationSession.createAuthenticationSession(clientModel);
            logger.debugf("Sent request to authz endpoint. Root authentication session with ID '%s' exists. Client is '%s' . Created new authentication session with tab ID: %s", rootAuthenticationSession.getId(), clientModel.getClientId(), createAuthenticationSession.getTabId());
        } else {
            if ((currentAuthenticationSessionId == null ? null : new UserSessionCrossDCManager(this.session).getUserSessionIfExistsRemotely(this.realm, currentAuthenticationSessionId)) != null) {
                createAuthenticationSession = this.session.authenticationSessions().createRootAuthenticationSession(currentAuthenticationSessionId, this.realm).createAuthenticationSession(clientModel);
                logger.debugf("Sent request to authz endpoint. We don't have root authentication session with ID '%s' but we have userSession.Re-created root authentication session with same ID. Client is: %s . New authentication session tab ID: %s", currentAuthenticationSessionId, clientModel.getClientId(), createAuthenticationSession.getTabId());
            } else {
                RootAuthenticationSessionModel createAuthenticationSession2 = authenticationSessionManager.createAuthenticationSession(this.realm, true);
                createAuthenticationSession = createAuthenticationSession2.createAuthenticationSession(clientModel);
                logger.debugf("Sent request to authz endpoint. Created new root authentication session with ID '%s' . Client: %s . New authentication session tab ID: %s", createAuthenticationSession2.getId(), clientModel.getClientId(), createAuthenticationSession.getTabId());
            }
        }
        this.session.getProvider(LoginFormsProvider.class).setAuthenticationSession(createAuthenticationSession);
        return createAuthenticationSession;
    }
}
