package org.keycloak.services.resources.account;

import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.stream.Collectors;
import javax.ws.rs.DELETE;
import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.core.Response;
import org.jboss.resteasy.annotations.cache.NoCache;
import org.jboss.resteasy.spi.HttpRequest;
import org.keycloak.device.DeviceActivityManager;
import org.keycloak.models.AccountRoles;
import org.keycloak.models.ClientModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.UserSessionModel;
import org.keycloak.representations.account.ClientRepresentation;
import org.keycloak.representations.account.DeviceRepresentation;
import org.keycloak.representations.account.SessionRepresentation;
import org.keycloak.services.managers.Auth;
import org.keycloak.services.managers.AuthenticationManager;
import org.keycloak.services.resources.Cors;

/* loaded from: input_file:BOOT-INF/lib/keycloak-services-11.0.2.jar:org/keycloak/services/resources/account/SessionResource.class */
public class SessionResource {
    private final KeycloakSession session;
    private final Auth auth;
    private final RealmModel realm;
    private final UserModel user;
    private HttpRequest request;

    public SessionResource(KeycloakSession keycloakSession, Auth auth, HttpRequest httpRequest) {
        this.session = keycloakSession;
        this.auth = auth;
        this.realm = auth.getRealm();
        this.user = auth.getUser();
        this.request = httpRequest;
    }

    @GET
    @Produces({"application/json"})
    @NoCache
    public Response toRepresentation() {
        return Cors.add(this.request, Response.ok(this.session.sessions().getUserSessions(this.realm, this.user).stream().map(this::toRepresentation).collect(Collectors.toList()))).auth().allowedOrigins(this.auth.getToken()).build();
    }

    @GET
    @Path("devices")
    @NoCache
    @Produces({"application/json"})
    public Response devices() {
        HashMap hashMap = new HashMap();
        for (UserSessionModel userSessionModel : this.session.sessions().getUserSessions(this.realm, this.user)) {
            DeviceRepresentation attachedDevice = getAttachedDevice(userSessionModel);
            DeviceRepresentation deviceRepresentation = (DeviceRepresentation) hashMap.computeIfAbsent(attachedDevice.getOs() + attachedDevice.getOsVersion(), str -> {
                DeviceRepresentation deviceRepresentation2 = new DeviceRepresentation();
                deviceRepresentation2.setLastAccess(attachedDevice.getLastAccess());
                deviceRepresentation2.setOs(attachedDevice.getOs());
                deviceRepresentation2.setOsVersion(attachedDevice.getOsVersion());
                deviceRepresentation2.setDevice(attachedDevice.getDevice());
                deviceRepresentation2.setMobile(attachedDevice.isMobile());
                return deviceRepresentation2;
            });
            if (isCurrentSession(userSessionModel)) {
                deviceRepresentation.setCurrent(true);
            }
            if (deviceRepresentation.getLastAccess() == 0 || deviceRepresentation.getLastAccess() < userSessionModel.getLastSessionRefresh()) {
                deviceRepresentation.setLastAccess(userSessionModel.getLastSessionRefresh());
            }
            deviceRepresentation.addSession(createSessionRepresentation(userSessionModel, attachedDevice));
        }
        return Cors.add(this.request, Response.ok(hashMap.values())).auth().allowedOrigins(this.auth.getToken()).build();
    }

    @Produces({"application/json"})
    @NoCache
    @DELETE
    public Response logout(@QueryParam("current") boolean z) {
        this.auth.require(AccountRoles.MANAGE_ACCOUNT);
        for (UserSessionModel userSessionModel : this.session.sessions().getUserSessions(this.realm, this.user)) {
            if (z || !isCurrentSession(userSessionModel)) {
                AuthenticationManager.backchannelLogout(this.session, userSessionModel, true);
            }
        }
        return Cors.add(this.request, Response.noContent()).auth().allowedOrigins(this.auth.getToken()).build();
    }

    @Path("/{id}")
    @NoCache
    @DELETE
    @Produces({"application/json"})
    public Response logout(@PathParam("id") String str) {
        this.auth.require(AccountRoles.MANAGE_ACCOUNT);
        UserSessionModel userSession = this.session.sessions().getUserSession(this.realm, str);
        if (userSession != null && userSession.getUser().equals(this.user)) {
            AuthenticationManager.backchannelLogout(this.session, userSession, true);
        }
        return Cors.add(this.request, Response.noContent()).auth().allowedOrigins(this.auth.getToken()).build();
    }

    private SessionRepresentation createSessionRepresentation(UserSessionModel userSessionModel, DeviceRepresentation deviceRepresentation) {
        SessionRepresentation sessionRepresentation = new SessionRepresentation();
        sessionRepresentation.setId(userSessionModel.getId());
        sessionRepresentation.setIpAddress(userSessionModel.getIpAddress());
        sessionRepresentation.setStarted(userSessionModel.getStarted());
        sessionRepresentation.setLastAccess(userSessionModel.getLastSessionRefresh());
        sessionRepresentation.setExpires(userSessionModel.getStarted() + this.realm.getSsoSessionMaxLifespan());
        sessionRepresentation.setBrowser(deviceRepresentation.getBrowser());
        if (isCurrentSession(userSessionModel)) {
            sessionRepresentation.setCurrent(true);
        }
        sessionRepresentation.setClients(new LinkedList());
        Iterator<String> it = userSessionModel.getAuthenticatedClientSessions().keySet().iterator();
        while (it.hasNext()) {
            ClientModel clientById = this.realm.getClientById(it.next());
            ClientRepresentation clientRepresentation = new ClientRepresentation();
            clientRepresentation.setClientId(clientById.getClientId());
            clientRepresentation.setClientName(clientById.getName());
            sessionRepresentation.getClients().add(clientRepresentation);
        }
        return sessionRepresentation;
    }

    private DeviceRepresentation getAttachedDevice(UserSessionModel userSessionModel) {
        DeviceRepresentation currentDevice = DeviceActivityManager.getCurrentDevice(userSessionModel);
        if (currentDevice == null) {
            currentDevice = DeviceRepresentation.unknown();
            currentDevice.setIpAddress(userSessionModel.getIpAddress());
        }
        return currentDevice;
    }

    private boolean isCurrentSession(UserSessionModel userSessionModel) {
        return userSessionModel.getId().equals(this.auth.getSession().getId());
    }

    private SessionRepresentation toRepresentation(UserSessionModel userSessionModel) {
        return createSessionRepresentation(userSessionModel, getAttachedDevice(userSessionModel));
    }
}
