package org.keycloak.services.managers;

import jakarta.ws.rs.core.Response;
import jakarta.ws.rs.core.UriBuilder;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.atomic.AtomicInteger;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.message.BasicNameValuePair;
import org.apache.http.util.EntityUtils;
import org.jboss.logging.Logger;
import org.keycloak.TokenIdGenerator;
import org.keycloak.common.util.KeycloakUriBuilder;
import org.keycloak.common.util.MultivaluedHashMap;
import org.keycloak.common.util.Time;
import org.keycloak.connections.httpclient.HttpClientProvider;
import org.keycloak.models.AuthenticatedClientSessionModel;
import org.keycloak.models.ClientModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.ModelIllegalStateException;
import org.keycloak.models.RealmModel;
import org.keycloak.protocol.LoginProtocol;
import org.keycloak.protocol.oidc.OIDCAdvancedConfigWrapper;
import org.keycloak.representations.LogoutToken;
import org.keycloak.representations.adapters.action.GlobalRequestResult;
import org.keycloak.representations.adapters.action.LogoutAction;
import org.keycloak.representations.adapters.action.TestAvailabilityAction;
import org.keycloak.services.ServicesLogger;
import org.keycloak.services.util.ResolveRelative;

/* loaded from: input_file:org/keycloak/services/managers/ResourceAdminManager.class */
public class ResourceAdminManager {
    private static final Logger logger = Logger.getLogger(ResourceAdminManager.class);
    private static final String CLIENT_SESSION_HOST_PROPERTY = "${application.session.host}";
    private KeycloakSession session;

    public ResourceAdminManager(KeycloakSession keycloakSession) {
        this.session = keycloakSession;
    }

    public static String resolveUri(KeycloakSession keycloakSession, String str, String str2) {
        return ResolveRelative.resolveRelativeUri(keycloakSession, str, str2);
    }

    public static String getManagementUrl(KeycloakSession keycloakSession, ClientModel clientModel) {
        String managementUrl = clientModel.getManagementUrl();
        if (managementUrl == null || managementUrl.equals("")) {
            return null;
        }
        return ResolveRelative.resolveRelativeUri(keycloakSession, clientModel.getRootUrl(), managementUrl);
    }

    private List<String> getAllManagementUrls(ClientModel clientModel) {
        String managementUrl = getManagementUrl(this.session, clientModel);
        if (managementUrl == null) {
            return Collections.emptyList();
        }
        Set<String> validateRegisteredNodes = new ClientManager().validateRegisteredNodes(clientModel);
        if (validateRegisteredNodes.isEmpty()) {
            return Arrays.asList(managementUrl);
        }
        LinkedList linkedList = new LinkedList();
        KeycloakUriBuilder fromUri = KeycloakUriBuilder.fromUri(managementUrl);
        Iterator<String> it = validateRegisteredNodes.iterator();
        while (it.hasNext()) {
            linkedList.add(fromUri.clone().host(it.next()).build(new Object[0]).toString());
        }
        return linkedList;
    }

    public Response logoutClientSession(RealmModel realmModel, ClientModel clientModel, AuthenticatedClientSessionModel authenticatedClientSessionModel) {
        return logoutClientSessions(realmModel, clientModel, Arrays.asList(authenticatedClientSessionModel));
    }

    protected Response logoutClientSessions(RealmModel realmModel, ClientModel clientModel, List<AuthenticatedClientSessionModel> list) {
        String managementUrl = getManagementUrl(this.session, clientModel);
        if (managementUrl == null) {
            logger.debugv("Can't logout {0}: no management url", clientModel.getClientId());
            return null;
        }
        MultivaluedHashMap multivaluedHashMap = null;
        LinkedList linkedList = new LinkedList();
        if (list != null && list.size() > 0) {
            multivaluedHashMap = new MultivaluedHashMap();
            for (AuthenticatedClientSessionModel authenticatedClientSessionModel : list) {
                String note = authenticatedClientSessionModel.getNote("client_session_state");
                if (note != null) {
                    multivaluedHashMap.add(authenticatedClientSessionModel.getNote("client_session_host"), note);
                }
                if (authenticatedClientSessionModel.getUserSession() != null) {
                    linkedList.add(authenticatedClientSessionModel.getUserSession().getId());
                }
            }
        }
        if (multivaluedHashMap == null || multivaluedHashMap.isEmpty()) {
            logger.debugv("Can't logout {0}: no logged adapter sessions", clientModel.getClientId());
            return null;
        }
        if (!managementUrl.contains(CLIENT_SESSION_HOST_PROPERTY)) {
            ArrayList arrayList = new ArrayList();
            Iterator it = multivaluedHashMap.values().iterator();
            while (it.hasNext()) {
                arrayList.addAll((List) it.next());
            }
            return sendLogoutRequest(realmModel, clientModel, arrayList, linkedList, 0, managementUrl);
        }
        for (Map.Entry entry : multivaluedHashMap.entrySet()) {
            sendLogoutRequest(realmModel, clientModel, (List) entry.getValue(), linkedList, 0, managementUrl.replace(CLIENT_SESSION_HOST_PROPERTY, (String) entry.getKey()));
        }
        return Response.ok().build();
    }

    public Response logoutClientSessionWithBackchannelLogoutUrl(ClientModel clientModel, AuthenticatedClientSessionModel authenticatedClientSessionModel) {
        String backchannelLogoutUrl = getBackchannelLogoutUrl(this.session, clientModel);
        return backchannelLogoutUrl.contains(CLIENT_SESSION_HOST_PROPERTY) ? sendBackChannelLogoutRequestToClientUri(clientModel, authenticatedClientSessionModel, backchannelLogoutUrl.replace(CLIENT_SESSION_HOST_PROPERTY, authenticatedClientSessionModel.getNote("client_session_host"))) : sendBackChannelLogoutRequestToClientUri(clientModel, authenticatedClientSessionModel, backchannelLogoutUrl);
    }

    public static String getBackchannelLogoutUrl(KeycloakSession keycloakSession, ClientModel clientModel) {
        String backchannelLogoutUrl = OIDCAdvancedConfigWrapper.fromClientModel(clientModel).getBackchannelLogoutUrl();
        if (backchannelLogoutUrl == null || backchannelLogoutUrl.equals("")) {
            return null;
        }
        return ResolveRelative.resolveRelativeUri(keycloakSession, clientModel.getRootUrl(), backchannelLogoutUrl);
    }

    protected Response sendBackChannelLogoutRequestToClientUri(ClientModel clientModel, AuthenticatedClientSessionModel authenticatedClientSessionModel, String str) {
        LogoutToken initLogoutToken = this.session.tokens().initLogoutToken(clientModel, authenticatedClientSessionModel.getUserSession().getUser(), authenticatedClientSessionModel);
        String encode = this.session.tokens().encode(initLogoutToken);
        if (logger.isDebugEnabled()) {
            logger.debugv("logout resource {0} url: {1} sessionIds: ", clientModel.getClientId(), str);
        }
        HttpPost httpPost = null;
        try {
            try {
                HttpPost httpPost2 = new HttpPost(str);
                LinkedList linkedList = new LinkedList();
                if (initLogoutToken != null) {
                    linkedList.add(new BasicNameValuePair("logout_token", encode));
                }
                CloseableHttpClient httpClient = this.session.getProvider(HttpClientProvider.class).getHttpClient();
                httpPost2.setEntity(new UrlEncodedFormEntity(linkedList));
                CloseableHttpResponse execute = httpClient.execute(httpPost2);
                try {
                    try {
                        int statusCode = execute.getStatusLine().getStatusCode();
                        EntityUtils.consumeQuietly(execute.getEntity());
                        logger.debugf("logout success for %s: %s", str, Boolean.valueOf(statusCode == 204 || statusCode == 200));
                        Response build = Response.status(statusCode).build();
                        EntityUtils.consumeQuietly(execute.getEntity());
                        if (execute != null) {
                            execute.close();
                        }
                        if (httpPost2 != null) {
                            httpPost2.reset();
                        }
                        return build;
                    } catch (Throwable th) {
                        EntityUtils.consumeQuietly(execute.getEntity());
                        throw th;
                    }
                } catch (Throwable th2) {
                    if (execute != null) {
                        try {
                            execute.close();
                        } catch (Throwable th3) {
                            th2.addSuppressed(th3);
                        }
                    }
                    throw th2;
                }
            } catch (IOException e) {
                ServicesLogger.LOGGER.logoutFailed(e, clientModel.getClientId());
                Response build2 = Response.serverError().build();
                if (0 != 0) {
                    httpPost.reset();
                }
                return build2;
            }
        } catch (Throwable th4) {
            if (0 != 0) {
                httpPost.reset();
            }
            throw th4;
        }
    }

    public GlobalRequestResult logoutAll(RealmModel realmModel) {
        realmModel.setNotBefore(Time.currentTime());
        GlobalRequestResult globalRequestResult = new GlobalRequestResult();
        AtomicInteger atomicInteger = new AtomicInteger(0);
        realmModel.getClientsStream().forEach(clientModel -> {
            try {
                atomicInteger.getAndIncrement();
                globalRequestResult.addAll(logoutClient(realmModel, clientModel, realmModel.getNotBefore()));
            } catch (ModelIllegalStateException e) {
                logger.warn("unable to retrieve client information for logout, skipping resource", e);
            }
        });
        logger.debugv("logging out {0} resources ", atomicInteger);
        return globalRequestResult;
    }

    public GlobalRequestResult logoutClient(RealmModel realmModel, ClientModel clientModel) {
        clientModel.setNotBefore(Time.currentTime());
        return logoutClient(realmModel, clientModel, clientModel.getNotBefore());
    }

    protected GlobalRequestResult logoutClient(RealmModel realmModel, ClientModel clientModel, int i) {
        if (!clientModel.isEnabled()) {
            return new GlobalRequestResult();
        }
        List<String> allManagementUrls = getAllManagementUrls(clientModel);
        if (allManagementUrls.isEmpty()) {
            logger.debug("No management URL or no registered cluster nodes for the client " + clientModel.getClientId());
            return new GlobalRequestResult();
        }
        if (logger.isDebugEnabled()) {
            logger.debug("Send logoutClient for URLs: " + allManagementUrls);
        }
        GlobalRequestResult globalRequestResult = new GlobalRequestResult();
        for (String str : allManagementUrls) {
            if (sendLogoutRequest(realmModel, clientModel, null, null, i, str) != null) {
                globalRequestResult.addSuccessRequest(str);
            } else {
                globalRequestResult.addFailedRequest(str);
            }
        }
        return globalRequestResult;
    }

    protected Response sendLogoutRequest(RealmModel realmModel, ClientModel clientModel, List<String> list, List<String> list2, int i, String str) {
        String encode = this.session.tokens().encode(new LogoutAction(TokenIdGenerator.generateId(), Time.currentTime() + 30, clientModel.getClientId(), list, i, list2));
        if (logger.isDebugEnabled()) {
            logger.debugv("logout resource {0} url: {1} sessionIds: " + list, clientModel.getClientId(), str);
        }
        try {
            int postText = this.session.getProvider(HttpClientProvider.class).postText(UriBuilder.fromUri(str).path("k_logout").build(new Object[0]).toString(), encode);
            logger.debugf("logout success for %s: %s", str, Boolean.valueOf(postText == 204 || postText == 200));
            return Response.ok().build();
        } catch (IOException e) {
            ServicesLogger.LOGGER.logoutFailed(e, clientModel.getClientId());
            return Response.serverError().build();
        }
    }

    public GlobalRequestResult pushRealmRevocationPolicy(RealmModel realmModel) {
        GlobalRequestResult globalRequestResult = new GlobalRequestResult();
        realmModel.getClientsStream().forEach(clientModel -> {
            globalRequestResult.addAll(pushRevocationPolicy(realmModel, clientModel, realmModel.getNotBefore()));
        });
        return globalRequestResult;
    }

    public GlobalRequestResult pushClientRevocationPolicy(RealmModel realmModel, ClientModel clientModel) {
        return pushRevocationPolicy(realmModel, clientModel, clientModel.getNotBefore());
    }

    protected GlobalRequestResult pushRevocationPolicy(RealmModel realmModel, ClientModel clientModel, int i) {
        List<String> allManagementUrls = getAllManagementUrls(clientModel);
        if (allManagementUrls.isEmpty()) {
            logger.debugf("No management URL or no registered cluster nodes for the client %s", clientModel.getClientId());
            return new GlobalRequestResult();
        }
        if (logger.isDebugEnabled()) {
            logger.debug("Sending push revocation to URLS: " + allManagementUrls);
        }
        GlobalRequestResult globalRequestResult = new GlobalRequestResult();
        for (String str : allManagementUrls) {
            if (sendPushRevocationPolicyRequest(realmModel, clientModel, i, str)) {
                globalRequestResult.addSuccessRequest(str);
            } else {
                globalRequestResult.addFailedRequest(str);
            }
        }
        return globalRequestResult;
    }

    protected boolean sendPushRevocationPolicyRequest(RealmModel realmModel, ClientModel clientModel, int i, String str) {
        String protocol = clientModel.getProtocol();
        if (protocol == null) {
            protocol = "openid-connect";
        }
        LoginProtocol provider = this.session.getProvider(LoginProtocol.class, protocol);
        if (provider == null) {
            return false;
        }
        return provider.sendPushRevocationPolicyRequest(realmModel, clientModel, i, str);
    }

    public GlobalRequestResult testNodesAvailability(RealmModel realmModel, ClientModel clientModel) {
        List<String> allManagementUrls = getAllManagementUrls(clientModel);
        if (allManagementUrls.isEmpty()) {
            logger.debug("No management URL or no registered cluster nodes for the application " + clientModel.getClientId());
            return new GlobalRequestResult();
        }
        if (logger.isDebugEnabled()) {
            logger.debug("Sending test nodes availability: " + allManagementUrls);
        }
        GlobalRequestResult globalRequestResult = new GlobalRequestResult();
        for (String str : allManagementUrls) {
            if (sendTestNodeAvailabilityRequest(realmModel, clientModel, str)) {
                globalRequestResult.addSuccessRequest(str);
            } else {
                globalRequestResult.addFailedRequest(str);
            }
        }
        return globalRequestResult;
    }

    protected boolean sendTestNodeAvailabilityRequest(RealmModel realmModel, ClientModel clientModel, String str) {
        String encode = this.session.tokens().encode(new TestAvailabilityAction(TokenIdGenerator.generateId(), Time.currentTime() + 30, clientModel.getClientId()));
        logger.debugv("testNodes availability resource: {0} url: {1}", clientModel.getClientId(), str);
        try {
            int postText = this.session.getProvider(HttpClientProvider.class).postText(UriBuilder.fromUri(str).path("k_test_available").build(new Object[0]).toString(), encode);
            boolean z = postText == 204 || postText == 200;
            logger.debugf("testAvailability success for %s: %s", str, Boolean.valueOf(z));
            return z;
        } catch (IOException e) {
            ServicesLogger.LOGGER.availabilityTestFailed(str);
            return false;
        }
    }
}
