package org.keycloak.protocol.oidc.endpoints;

import jakarta.ws.rs.GET;
import jakarta.ws.rs.Path;
import jakarta.ws.rs.Produces;
import jakarta.ws.rs.QueryParam;
import jakarta.ws.rs.core.Response;
import java.net.URI;
import java.util.HashMap;
import java.util.Set;
import org.jboss.logging.Logger;
import org.keycloak.common.util.UriUtils;
import org.keycloak.models.ClientModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.KeycloakUriInfo;
import org.keycloak.protocol.oidc.utils.WebOriginsUtils;
import org.keycloak.services.Urls;
import org.keycloak.urls.UrlType;
import org.keycloak.utils.FreemarkerUtils;
import org.keycloak.utils.MediaType;
import org.keycloak.utils.SecureContextResolver;

/* loaded from: input_file:org/keycloak/protocol/oidc/endpoints/LoginStatusIframeEndpoint.class */
public class LoginStatusIframeEndpoint {
    private static final Logger logger = Logger.getLogger(LoginStatusIframeEndpoint.class);
    private final KeycloakSession session;

    public LoginStatusIframeEndpoint(KeycloakSession keycloakSession) {
        this.session = keycloakSession;
    }

    @Produces({MediaType.TEXT_HTML_UTF_8})
    @GET
    public Response getLoginStatusIframe(@QueryParam("version") String str) {
        HashMap hashMap = new HashMap();
        boolean isSecureContext = SecureContextResolver.isSecureContext(this.session);
        URI baseUri = this.session.getContext().getUri(UrlType.FRONTEND).getBaseUri();
        hashMap.put("isSecureContext", Boolean.valueOf(isSecureContext));
        hashMap.put("resourceCommonUrl", Urls.themeRoot(baseUri).getPath() + "/common/keycloak");
        return IframeUtil.returnIframe(str, this.session, () -> {
            try {
                return FreemarkerUtils.loadTemplateFromClasspath(hashMap, "login-status-iframe.ftl", getClass());
            } catch (Exception e) {
                logger.error("Failure when loading login-status-iframe.ftl", e);
                return null;
            }
        });
    }

    @GET
    @Path("init")
    public Response preCheck(@QueryParam("client_id") String str, @QueryParam("origin") String str2) {
        try {
            KeycloakUriInfo uri = this.session.getContext().getUri();
            ClientModel clientByClientId = this.session.clients().getClientByClientId(this.session.getContext().getRealm(), str);
            if (clientByClientId == null || !clientByClientId.isEnabled()) {
                logger.debugf("client %s does not exist or not enabled, init will return a 403", str);
            } else {
                Set<String> resolveValidWebOrigins = WebOriginsUtils.resolveValidWebOrigins(this.session, clientByClientId);
                String origin = UriUtils.getOrigin(uri.getRequestUri());
                resolveValidWebOrigins.add(origin);
                if (resolveValidWebOrigins.contains("*") || resolveValidWebOrigins.contains(str2)) {
                    return Response.noContent().build();
                }
                logger.debugf("client %s does not allow origin=%s for requestOrigin=%s (as determined by the proxy-header setting), init will return a 403", str, str2, origin);
            }
        } catch (Throwable th) {
            logger.debug("Exception in init, will return a 403", th);
        }
        return Response.status(Response.Status.FORBIDDEN).build();
    }
}
