package org.keycloak.services.managers;

import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import org.jboss.logging.Logger;
import org.keycloak.common.util.Time;
import org.keycloak.models.AuthenticatedClientSessionModel;
import org.keycloak.models.ClientModel;
import org.keycloak.models.ClientSessionContext;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.UserSessionModel;
import org.keycloak.models.session.UserSessionPersisterProvider;
import org.keycloak.services.ServicesLogger;

/* loaded from: input_file:BOOT-INF/lib/keycloak-services-8.0.0.jar:org/keycloak/services/managers/UserSessionManager.class */
public class UserSessionManager {
    private static final Logger logger = Logger.getLogger((Class<?>) UserSessionManager.class);
    private final KeycloakSession kcSession;
    private final UserSessionPersisterProvider persister;

    public UserSessionManager(KeycloakSession keycloakSession) {
        this.kcSession = keycloakSession;
        this.persister = (UserSessionPersisterProvider) keycloakSession.getProvider(UserSessionPersisterProvider.class);
    }

    public void createOrUpdateOfflineSession(AuthenticatedClientSessionModel authenticatedClientSessionModel, UserSessionModel userSessionModel) {
        UserModel user = userSessionModel.getUser();
        UserSessionModel offlineUserSession = this.kcSession.sessions().getOfflineUserSession(authenticatedClientSessionModel.getRealm(), userSessionModel.getId());
        if (offlineUserSession == null) {
            offlineUserSession = createOfflineUserSession(user, userSessionModel);
        } else {
            offlineUserSession.setLastSessionRefresh(Time.currentTime());
        }
        if (offlineUserSession.getAuthenticatedClientSessionByClient(authenticatedClientSessionModel.getClient().getId()) == null) {
            createOfflineClientSession(user, authenticatedClientSessionModel, offlineUserSession);
        }
    }

    public UserSessionModel findOfflineUserSession(RealmModel realmModel, String str) {
        return this.kcSession.sessions().getOfflineUserSession(realmModel, str);
    }

    public Set<ClientModel> findClientsWithOfflineToken(RealmModel realmModel, UserModel userModel) {
        List<UserSessionModel> offlineUserSessions = this.kcSession.sessions().getOfflineUserSessions(realmModel, userModel);
        HashSet hashSet = new HashSet();
        Iterator<UserSessionModel> it = offlineUserSessions.iterator();
        while (it.hasNext()) {
            Iterator<String> it2 = it.next().getAuthenticatedClientSessions().keySet().iterator();
            while (it2.hasNext()) {
                hashSet.add(realmModel.getClientById(it2.next()));
            }
        }
        return hashSet;
    }

    public List<UserSessionModel> findOfflineSessions(RealmModel realmModel, UserModel userModel) {
        return this.kcSession.sessions().getOfflineUserSessions(realmModel, userModel);
    }

    public boolean revokeOfflineToken(UserModel userModel, ClientModel clientModel) {
        RealmModel realm = clientModel.getRealm();
        boolean z = false;
        for (UserSessionModel userSessionModel : this.kcSession.sessions().getOfflineUserSessions(realm, userModel)) {
            AuthenticatedClientSessionModel authenticatedClientSessionByClient = userSessionModel.getAuthenticatedClientSessionByClient(clientModel.getId());
            if (authenticatedClientSessionByClient != null) {
                if (logger.isTraceEnabled()) {
                    logger.tracef("Removing existing offline token for user '%s' and client '%s' .", userModel.getUsername(), clientModel.getClientId());
                }
                authenticatedClientSessionByClient.detachFromUserSession();
                this.persister.removeClientSession(userSessionModel.getId(), clientModel.getId(), true);
                checkOfflineUserSessionHasClientSessions(realm, userModel, userSessionModel);
                z = true;
            }
        }
        return z;
    }

    public void revokeOfflineUserSession(UserSessionModel userSessionModel) {
        if (logger.isTraceEnabled()) {
            logger.tracef("Removing offline user session '%s' for user '%s' ", userSessionModel.getId(), userSessionModel.getLoginUsername());
        }
        this.kcSession.sessions().removeOfflineUserSession(userSessionModel.getRealm(), userSessionModel);
        this.persister.removeUserSession(userSessionModel.getId(), true);
    }

    public boolean isOfflineTokenAllowed(ClientSessionContext clientSessionContext) {
        RoleModel role = clientSessionContext.getClientSession().getRealm().getRole("offline_access");
        if (role != null) {
            return clientSessionContext.getRoles().contains(role);
        }
        ServicesLogger.LOGGER.roleNotInRealm("offline_access");
        return false;
    }

    private UserSessionModel createOfflineUserSession(UserModel userModel, UserSessionModel userSessionModel) {
        if (logger.isTraceEnabled()) {
            logger.tracef("Creating new offline user session. UserSessionID: '%s' , Username: '%s'", userSessionModel.getId(), userModel.getUsername());
        }
        UserSessionModel createOfflineUserSession = this.kcSession.sessions().createOfflineUserSession(userSessionModel);
        this.persister.createUserSession(createOfflineUserSession, true);
        return createOfflineUserSession;
    }

    private void createOfflineClientSession(UserModel userModel, AuthenticatedClientSessionModel authenticatedClientSessionModel, UserSessionModel userSessionModel) {
        if (logger.isTraceEnabled()) {
            logger.tracef("Creating new offline token client session. ClientSessionId: '%s', UserSessionID: '%s' , Username: '%s', Client: '%s'", authenticatedClientSessionModel.getId(), userSessionModel.getId(), userModel.getUsername(), authenticatedClientSessionModel.getClient().getClientId());
        }
        this.kcSession.sessions().createOfflineClientSession(authenticatedClientSessionModel, userSessionModel);
        this.persister.createClientSession(authenticatedClientSessionModel, true);
    }

    private void checkOfflineUserSessionHasClientSessions(RealmModel realmModel, UserModel userModel, UserSessionModel userSessionModel) {
        if (userSessionModel.getAuthenticatedClientSessions().isEmpty()) {
            if (logger.isTraceEnabled()) {
                logger.tracef("Removing offline userSession for user %s as it doesn't have any client sessions attached. UserSessionID: %s", userModel.getUsername(), userSessionModel.getId());
            }
            this.kcSession.sessions().removeOfflineUserSession(realmModel, userSessionModel);
            this.persister.removeUserSession(userSessionModel.getId(), true);
        }
    }
}
