package io.jans.kc.spi.rest;

import io.jans.kc.spi.auth.SessionAttributes;
import java.util.HashMap;
import java.util.Map;
import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.core.Response;
import org.jboss.logging.Logger;
import org.jboss.resteasy.annotations.cache.NoCache;
import org.keycloak.forms.login.LoginFormsProvider;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.services.resource.RealmResourceProvider;

/* loaded from: input_file:io/jans/kc/spi/rest/JansAuthResponseResourceProvider.class */
public class JansAuthResponseResourceProvider implements RealmResourceProvider {
    private static final Logger log = Logger.getLogger(JansAuthResponseResourceProvider.class);
    private static final String ACTION_URI_TPL_PARAM = "actionuri";
    private static final String ERR_MSG_TPL_PARAM = "authError";
    private static final String JANS_AUTH_RESPONSE_ERR_FTL = "jans-auth-response-error.ftl";
    private static final String JANS_AUTH_RESPONSE_COMPLETE_FTL = "jans-auth-response-complete.ftl";
    private static final String ERR_MSG_INVALID_REALM = "jans.error-invalid-realm";
    private static final String ERR_MSG_MISSING_DATA = "jans.error-missing-data";
    private KeycloakSession session;

    public JansAuthResponseResourceProvider(KeycloakSession keycloakSession) {
        this.session = keycloakSession;
    }

    public Object getResource() {
        return this;
    }

    public void close() {
    }

    @GET
    @NoCache
    @Path("/auth-complete")
    @Produces({"text/html"})
    public Response completeAuthentication(@QueryParam("code") String str, @QueryParam("scope") String str2, @QueryParam("state") String str3) {
        RealmModel authenticationRealm = getAuthenticationRealm();
        if (!stateIsAssociatedToRealm(authenticationRealm, str3)) {
            log.infov("Realm {0} is not associated to authz response and state {1}", authenticationRealm.getName(), str3);
            return createErrorResponse(ERR_MSG_INVALID_REALM);
        }
        if (realmHasActionUri(authenticationRealm)) {
            saveAuthResultInRealm(authenticationRealm, str, str3);
            return createFinalizeAuthResponse(authenticationRealm.getAttribute(SessionAttributes.KC_ACTION_URI));
        }
        log.infov("Realm {0} has no action uri set to complete authentication", authenticationRealm.getName());
        return createErrorResponse(ERR_MSG_MISSING_DATA);
    }

    private final RealmModel getAuthenticationRealm() {
        return this.session.getContext().getRealm();
    }

    private final boolean stateIsAssociatedToRealm(RealmModel realmModel, String str) {
        return str.equals(realmModel.getAttribute(SessionAttributes.JANS_OIDC_STATE));
    }

    private final boolean realmHasActionUri(RealmModel realmModel) {
        return realmModel.getAttribute(SessionAttributes.KC_ACTION_URI) != null;
    }

    private final void saveAuthResultInRealm(RealmModel realmModel, String str, String str2) {
        realmModel.setAttribute(SessionAttributes.JANS_OIDC_CODE, str);
        realmModel.setAttribute(SessionAttributes.JANS_SESSION_STATE, str2);
    }

    private final Response createResponseWithForm(String str, Map<String, String> map) {
        LoginFormsProvider provider = this.session.getProvider(LoginFormsProvider.class);
        if (map != null && !map.isEmpty()) {
            for (String str2 : map.keySet()) {
                provider.setAttribute(str2, map.get(str2));
            }
        }
        return provider.createForm(str);
    }

    private final Response createErrorResponse(String str) {
        HashMap hashMap = new HashMap();
        hashMap.put(ERR_MSG_TPL_PARAM, str);
        return createResponseWithForm(JANS_AUTH_RESPONSE_ERR_FTL, hashMap);
    }

    private final Response createFinalizeAuthResponse(String str) {
        HashMap hashMap = new HashMap();
        hashMap.put(ACTION_URI_TPL_PARAM, str);
        return createResponseWithForm(JANS_AUTH_RESPONSE_COMPLETE_FTL, hashMap);
    }
}
