package org.keycloak.services.managers;

import java.security.MessageDigest;
import java.util.HashMap;
import java.util.Map;
import java.util.function.Supplier;
import org.jboss.logging.Logger;
import org.keycloak.common.util.Base64Url;
import org.keycloak.common.util.SecretGenerator;
import org.keycloak.events.EventBuilder;
import org.keycloak.models.ClientModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.utils.KeycloakModelUtils;
import org.keycloak.sessions.AuthenticationSessionModel;
import org.keycloak.sessions.CommonClientSessionModel;
import org.keycloak.sessions.RootAuthenticationSessionModel;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:org/keycloak/services/managers/CodeGenerateUtil.class */
public class CodeGenerateUtil {
    private static final String ACTIVE_CODE = "active_code";
    private static final Logger logger = Logger.getLogger(CodeGenerateUtil.class);
    private static final Map<Class<? extends CommonClientSessionModel>, Supplier<ClientSessionParser>> PARSERS = new HashMap();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/keycloak/services/managers/CodeGenerateUtil$AuthenticationSessionModelParser.class */
    public static class AuthenticationSessionModelParser implements ClientSessionParser<AuthenticationSessionModel> {
        private AuthenticationSessionModelParser() {
        }

        @Override // org.keycloak.services.managers.CodeGenerateUtil.ClientSessionParser
        public AuthenticationSessionModel parseSession(String str, String str2, KeycloakSession keycloakSession, RealmModel realmModel, ClientModel clientModel, EventBuilder eventBuilder) {
            return new AuthenticationSessionManager(keycloakSession).getCurrentAuthenticationSession(realmModel, clientModel, str2);
        }

        @Override // org.keycloak.services.managers.CodeGenerateUtil.ClientSessionParser
        public String retrieveCode(KeycloakSession keycloakSession, AuthenticationSessionModel authenticationSessionModel) {
            String authNote = authenticationSessionModel.getAuthNote(CodeGenerateUtil.ACTIVE_CODE);
            if (authNote == null) {
                String encode = Base64Url.encode(SecretGenerator.getInstance().randomBytes());
                authenticationSessionModel.setAuthNote(CodeGenerateUtil.ACTIVE_CODE, encode);
                KeycloakModelUtils.runJobInTransaction(keycloakSession.getKeycloakSessionFactory(), keycloakSession2 -> {
                    RootAuthenticationSessionModel rootAuthenticationSession = keycloakSession2.authenticationSessions().getRootAuthenticationSession(authenticationSessionModel.getRealm(), authenticationSessionModel.getParentSession().getId());
                    AuthenticationSessionModel authenticationSession = rootAuthenticationSession == null ? null : rootAuthenticationSession.getAuthenticationSession(authenticationSessionModel.getClient(), authenticationSessionModel.getTabId());
                    if (authenticationSession != null) {
                        authenticationSession.setAuthNote(CodeGenerateUtil.ACTIVE_CODE, encode);
                    }
                });
                authNote = encode;
            } else {
                CodeGenerateUtil.logger.debug("Code already generated for authentication session, using same code");
            }
            return authNote;
        }

        @Override // org.keycloak.services.managers.CodeGenerateUtil.ClientSessionParser
        public void removeExpiredSession(KeycloakSession keycloakSession, AuthenticationSessionModel authenticationSessionModel) {
            new AuthenticationSessionManager(keycloakSession).removeAuthenticationSession(authenticationSessionModel.getRealm(), authenticationSessionModel, true);
        }

        @Override // org.keycloak.services.managers.CodeGenerateUtil.ClientSessionParser
        public boolean verifyCode(KeycloakSession keycloakSession, String str, AuthenticationSessionModel authenticationSessionModel) {
            String authNote = authenticationSessionModel.getAuthNote(CodeGenerateUtil.ACTIVE_CODE);
            if (authNote == null) {
                CodeGenerateUtil.logger.debug("Active code not found in authentication session");
                return false;
            }
            authenticationSessionModel.removeAuthNote(CodeGenerateUtil.ACTIVE_CODE);
            KeycloakModelUtils.runJobInTransaction(keycloakSession.getKeycloakSessionFactory(), keycloakSession2 -> {
                keycloakSession2.authenticationSessions().getRootAuthenticationSession(authenticationSessionModel.getRealm(), authenticationSessionModel.getParentSession().getId()).getAuthenticationSession(authenticationSessionModel.getClient(), authenticationSessionModel.getTabId()).removeAuthNote(CodeGenerateUtil.ACTIVE_CODE);
            });
            return MessageDigest.isEqual(str.getBytes(), authNote.getBytes());
        }

        @Override // org.keycloak.services.managers.CodeGenerateUtil.ClientSessionParser
        public boolean isExpired(KeycloakSession keycloakSession, String str, AuthenticationSessionModel authenticationSessionModel) {
            return false;
        }

        @Override // org.keycloak.services.managers.CodeGenerateUtil.ClientSessionParser
        public int getTimestamp(AuthenticationSessionModel authenticationSessionModel) {
            return authenticationSessionModel.getParentSession().getTimestamp();
        }

        @Override // org.keycloak.services.managers.CodeGenerateUtil.ClientSessionParser
        public void setTimestamp(AuthenticationSessionModel authenticationSessionModel, int i) {
            authenticationSessionModel.getParentSession().setTimestamp(i);
        }

        @Override // org.keycloak.services.managers.CodeGenerateUtil.ClientSessionParser
        public String getClientNote(AuthenticationSessionModel authenticationSessionModel, String str) {
            return authenticationSessionModel.getClientNote(str);
        }
    }

    /* loaded from: input_file:org/keycloak/services/managers/CodeGenerateUtil$ClientSessionParser.class */
    interface ClientSessionParser<CS extends CommonClientSessionModel> {
        CS parseSession(String str, String str2, KeycloakSession keycloakSession, RealmModel realmModel, ClientModel clientModel, EventBuilder eventBuilder);

        String retrieveCode(KeycloakSession keycloakSession, CS cs);

        void removeExpiredSession(KeycloakSession keycloakSession, CS cs);

        boolean verifyCode(KeycloakSession keycloakSession, String str, CS cs);

        boolean isExpired(KeycloakSession keycloakSession, String str, CS cs);

        int getTimestamp(CS cs);

        void setTimestamp(CS cs, int i);

        String getClientNote(CS cs, String str);
    }

    CodeGenerateUtil() {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static <CS extends CommonClientSessionModel> ClientSessionParser<CS> getParser(Class<CS> cls) {
        for (Class<? extends CommonClientSessionModel> cls2 : PARSERS.keySet()) {
            if (cls2.isAssignableFrom(cls)) {
                return PARSERS.get(cls2).get();
            }
        }
        return null;
    }

    static {
        PARSERS.put(AuthenticationSessionModel.class, () -> {
            return new AuthenticationSessionModelParser();
        });
    }
}
