package org.keycloak.protocol.oidc.utils;

import java.net.URI;
import java.net.URISyntaxException;
import java.util.Collection;
import java.util.HashSet;
import java.util.Set;
import org.jboss.logging.Logger;
import org.keycloak.common.util.UriUtils;
import org.keycloak.models.ClientModel;
import org.keycloak.models.Constants;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.KeycloakUriInfo;
import org.keycloak.models.RealmModel;
import org.keycloak.services.Urls;
import org.keycloak.services.util.ResolveRelative;
import org.springframework.jdbc.datasource.init.ScriptUtils;

/* loaded from: input_file:BOOT-INF/lib/keycloak-services-8.0.0.jar:org/keycloak/protocol/oidc/utils/RedirectUtils.class */
public class RedirectUtils {
    private static final Logger logger = Logger.getLogger((Class<?>) RedirectUtils.class);

    public static String verifyRealmRedirectUri(KeycloakSession keycloakSession, String str) {
        return verifyRedirectUri(keycloakSession, null, str, getValidateRedirectUris(keycloakSession), true);
    }

    public static String verifyRedirectUri(KeycloakSession keycloakSession, String str, ClientModel clientModel) {
        return verifyRedirectUri(keycloakSession, str, clientModel, true);
    }

    public static String verifyRedirectUri(KeycloakSession keycloakSession, String str, ClientModel clientModel, boolean z) {
        if (clientModel != null) {
            return verifyRedirectUri(keycloakSession, clientModel.getRootUrl(), str, clientModel.getRedirectUris(), z);
        }
        return null;
    }

    public static Set<String> resolveValidRedirects(KeycloakSession keycloakSession, String str, Set<String> set) {
        HashSet hashSet = new HashSet();
        for (String str2 : set) {
            if (str2.startsWith("/")) {
                String relativeToAbsoluteURI = relativeToAbsoluteURI(keycloakSession, str, str2);
                logger.debugv("replacing relative valid redirect with: {0}", relativeToAbsoluteURI);
                hashSet.add(relativeToAbsoluteURI);
            } else {
                hashSet.add(str2);
            }
        }
        return hashSet;
    }

    private static Set<String> getValidateRedirectUris(KeycloakSession keycloakSession) {
        HashSet hashSet = new HashSet();
        for (ClientModel clientModel : keycloakSession.getContext().getRealm().getClients()) {
            if (clientModel.isEnabled()) {
                hashSet.addAll(resolveValidRedirects(keycloakSession, clientModel.getRootUrl(), clientModel.getRedirectUris()));
            }
        }
        return hashSet;
    }

    private static String verifyRedirectUri(KeycloakSession keycloakSession, String str, String str2, Set<String> set, boolean z) {
        KeycloakUriInfo uri = keycloakSession.getContext().getUri();
        RealmModel realm = keycloakSession.getContext().getRealm();
        if (str2 != null) {
            str2 = normalizeUrl(str2);
        }
        if (str2 == null) {
            if (!z) {
                str2 = getSingleValidRedirectUri(set);
            }
            if (str2 == null) {
                logger.debug("No Redirect URI parameter specified");
                return null;
            }
        } else if (set.isEmpty()) {
            logger.debug("No Redirect URIs supplied");
            str2 = null;
        } else {
            String lowerCaseHostname = lowerCaseHostname(str2);
            Set<String> resolveValidRedirects = resolveValidRedirects(keycloakSession, str, set);
            boolean matchesRedirects = matchesRedirects(resolveValidRedirects, lowerCaseHostname);
            if (!matchesRedirects && lowerCaseHostname.startsWith(Constants.INSTALLED_APP_URL) && lowerCaseHostname.indexOf(58, Constants.INSTALLED_APP_URL.length()) >= 0) {
                int indexOf = lowerCaseHostname.indexOf(58, Constants.INSTALLED_APP_URL.length());
                StringBuilder sb = new StringBuilder();
                sb.append(lowerCaseHostname.substring(0, indexOf));
                int indexOf2 = lowerCaseHostname.indexOf(47, indexOf);
                if (indexOf2 >= 0) {
                    sb.append(lowerCaseHostname.substring(indexOf2));
                }
                matchesRedirects = matchesRedirects(resolveValidRedirects, sb.toString());
            }
            if (matchesRedirects && lowerCaseHostname.startsWith("/")) {
                lowerCaseHostname = relativeToAbsoluteURI(keycloakSession, str, lowerCaseHostname);
            }
            str2 = matchesRedirects ? lowerCaseHostname : null;
        }
        return Constants.INSTALLED_APP_URN.equals(str2) ? Urls.realmInstalledAppUrnCallback(uri.getBaseUri(), realm.getName()).toString() : str2;
    }

    private static String lowerCaseHostname(String str) {
        int indexOf = str.indexOf(47, 7);
        return indexOf == -1 ? str.toLowerCase() : str.substring(0, indexOf).toLowerCase() + str.substring(indexOf);
    }

    private static String relativeToAbsoluteURI(KeycloakSession keycloakSession, String str, String str2) {
        if (str != null) {
            str = ResolveRelative.resolveRootUrl(keycloakSession, str);
        }
        if (str == null || str.isEmpty()) {
            str = UriUtils.getOrigin(keycloakSession.getContext().getUri().getBaseUri());
        }
        return str + str2;
    }

    private static boolean matchesRedirects(Set<String> set, String str) {
        for (String str2 : set) {
            if (str2.endsWith("*") && !str2.contains("?")) {
                String substring = str.contains("?") ? str.substring(0, str.indexOf("?")) : str;
                int length = str2.length() - 1;
                String substring2 = str2.substring(0, length);
                if (substring.startsWith(substring2)) {
                    return true;
                }
                if (length - 1 > 0 && substring2.charAt(length - 1) == '/') {
                    length--;
                }
                if (substring2.substring(0, length).equals(substring)) {
                    return true;
                }
            } else if (str2.equals(str)) {
                return true;
            }
        }
        return false;
    }

    private static String getSingleValidRedirectUri(Collection<String> collection) {
        if (collection.size() != 1) {
            return null;
        }
        String next = collection.iterator().next();
        int indexOf = next.indexOf(ScriptUtils.DEFAULT_BLOCK_COMMENT_START_DELIMITER);
        if (indexOf > -1) {
            next = next.substring(0, indexOf);
        }
        return next;
    }

    private static String normalizeUrl(String str) {
        try {
            return new URI(str).normalize().toString();
        } catch (URISyntaxException e) {
            throw new IllegalArgumentException("Invalid URL syntax: " + e.getMessage());
        }
    }
}
