package org.keycloak.quarkus.runtime.services.resources;

import io.quarkus.resteasy.reactive.server.EndpointDisabled;
import jakarta.ws.rs.DefaultValue;
import jakarta.ws.rs.GET;
import jakarta.ws.rs.NotFoundException;
import jakarta.ws.rs.Path;
import jakarta.ws.rs.PathParam;
import jakarta.ws.rs.Produces;
import jakarta.ws.rs.QueryParam;
import jakarta.ws.rs.core.Context;
import jakarta.ws.rs.core.HttpHeaders;
import jakarta.ws.rs.core.Response;
import jakarta.ws.rs.ext.Provider;
import java.io.IOException;
import java.net.URI;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.LinkedHashMap;
import java.util.Map;
import java.util.Objects;
import java.util.TreeMap;
import java.util.function.Consumer;
import java.util.stream.Stream;
import org.keycloak.common.util.UriUtils;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.quarkus.runtime.Environment;
import org.keycloak.quarkus.runtime.configuration.Configuration;
import org.keycloak.quarkus.runtime.configuration.mappers.HostnameV2PropertyMappers;
import org.keycloak.services.Urls;
import org.keycloak.theme.FreeMarkerException;
import org.keycloak.theme.Theme;
import org.keycloak.theme.freemarker.FreeMarkerProvider;
import org.keycloak.urls.UrlType;
import org.keycloak.utils.SecureContextResolver;

@Provider
@Path("/realms")
@EndpointDisabled(name = "kc.hostname-debug", stringValue = "false", disableIfMissing = true)
/* loaded from: input_file:org/keycloak/quarkus/runtime/services/resources/DebugHostnameSettingsResource.class */
public class DebugHostnameSettingsResource {
    public static final String DEFAULT_PATH_SUFFIX = "hostname-debug";
    public static final String PATH_FOR_TEST_CORS_IN_HEADERS = "test";

    @Context
    private KeycloakSession keycloakSession;
    private final Map<String, String> allConfigPropertiesMap = new LinkedHashMap();

    public DebugHostnameSettingsResource() {
        for (String str : ConstantsDebugHostname.RELEVANT_OPTIONS_V2) {
            addOption(str);
        }
    }

    @Produces({"text/html"})
    @GET
    @Path("/{realmName}/hostname-debug")
    public String debug(@PathParam("realmName") String str) throws IOException, FreeMarkerException {
        RealmModel realmByName = this.keycloakSession.realms().getRealmByName(str);
        if (realmByName == null) {
            throw new NotFoundException();
        }
        FreeMarkerProvider provider = this.keycloakSession.getProvider(FreeMarkerProvider.class);
        ArrayList arrayList = new ArrayList();
        Objects.requireNonNull(arrayList);
        HostnameV2PropertyMappers.validateConfig((Consumer<String>) (v1) -> {
            r0.add(v1);
        });
        URI baseUri = this.keycloakSession.getContext().getUri(UrlType.FRONTEND).getBaseUri();
        URI baseUri2 = this.keycloakSession.getContext().getUri(UrlType.BACKEND).getBaseUri();
        URI baseUri3 = this.keycloakSession.getContext().getUri(UrlType.ADMIN).getBaseUri();
        String test = getTest(realmByName, baseUri, true);
        String test2 = getTest(realmByName, baseUri2, false);
        String test3 = getTest(realmByName, baseUri3, false);
        HashMap hashMap = new HashMap();
        hashMap.put("configWarnings", arrayList);
        hashMap.put("frontendUrl", baseUri.toString());
        hashMap.put("backendUrl", baseUri2.toString());
        hashMap.put("adminUrl", baseUri3.toString());
        hashMap.put("realm", realmByName.getName());
        hashMap.put("realmUrl", realmByName.getAttribute("frontendUrl"));
        hashMap.put("implVersion", "V2");
        hashMap.put("frontendTestUrl", test);
        hashMap.put("backendTestUrl", test2);
        hashMap.put("adminTestUrl", test3);
        hashMap.put("serverMode", Environment.isDevMode() ? "dev [start-dev]" : "production [start]");
        hashMap.put("config", this.allConfigPropertiesMap);
        hashMap.put("headers", getHeaders());
        return provider.processTemplate(hashMap, "debug-hostname-settings.ftl", this.keycloakSession.theme().getTheme("base", Theme.Type.LOGIN));
    }

    @Produces({"text/plain"})
    @GET
    @Path("/{realmName}/hostname-debug/test")
    public Response test(@PathParam("realmName") String str, @QueryParam("frontEnd") @DefaultValue("false") boolean z) {
        String str2 = "OK";
        String headerString = this.keycloakSession.getContext().getRequestHeaders().getHeaderString("Origin");
        URI requestUri = this.keycloakSession.getContext().getUri().getRequestUri();
        String origin = UriUtils.getOrigin(requestUri);
        URI baseUri = this.keycloakSession.getContext().getUri(UrlType.FRONTEND).getBaseUri();
        if (z) {
            boolean equals = origin.equals(UriUtils.getOrigin(baseUri));
            HttpHeaders requestHeaders = this.keycloakSession.getContext().getRequestHeaders();
            boolean z2 = requestHeaders.getHeaderString(ConstantsDebugHostname.FORWARDED_PROXY_HEADER) != null;
            Stream of = Stream.of((Object[]) ConstantsDebugHostname.X_FORWARDED_PROXY_HEADERS);
            Objects.requireNonNull(requestHeaders);
            boolean anyMatch = of.map(requestHeaders::getHeaderString).anyMatch((v0) -> {
                return Objects.nonNull(v0);
            });
            if (!equals) {
                str2 = "Default origin check failing, request hostname does not match frontend hostname. Please check you proxy settings.";
                str2 = this.keycloakSession.getContext().getHttpRequest().isProxyTrusted() ? "Default origin check failing, request hostname does not match frontend hostname. Please check you proxy settings." : str2 + " Note the proxy is not trusted.";
                if (!z2 && !anyMatch) {
                    str2 = str2 + " No proxy headers are set on the request.";
                }
            }
            if (!requestUri.getScheme().equals("https") && !SecureContextResolver.isSecureContext(this.keycloakSession)) {
                str2 = str2 + " Non-secure context detected - Keycloak will not function properly when accessed over http at a non-localhost host.";
            }
        }
        Response.ResponseBuilder ok = Response.ok(str2);
        ok.header("Access-Control-Allow-Origin", headerString);
        ok.header("Access-Control-Allow-Methods", "GET");
        return ok.build();
    }

    private void addOption(String str) {
        String rawValue = Configuration.getRawValue("kc." + str);
        if (rawValue == null || rawValue.isEmpty()) {
            return;
        }
        this.allConfigPropertiesMap.put(str, rawValue);
    }

    private Map<String, String> getHeaders() {
        TreeMap treeMap = new TreeMap();
        HttpHeaders requestHeaders = this.keycloakSession.getContext().getRequestHeaders();
        for (String str : ConstantsDebugHostname.RELEVANT_HEADERS) {
            addProxyHeader(str, treeMap, requestHeaders);
        }
        return treeMap;
    }

    private void addProxyHeader(String str, Map<String, String> map, HttpHeaders httpHeaders) {
        String headerString = httpHeaders.getHeaderString(str);
        if (headerString == null || headerString.isEmpty()) {
            return;
        }
        map.put(str, headerString);
    }

    private String getTest(RealmModel realmModel, URI uri, boolean z) {
        return Urls.realmBase(uri).path("/{realmName}/{debugHostnameSettingsPath}/{pathForTestCORSInHeaders}").queryParam("frontEnd", new Object[]{Boolean.valueOf(z)}).build(new Object[]{realmModel.getName(), DEFAULT_PATH_SUFFIX, PATH_FOR_TEST_CORS_IN_HEADERS}).toString();
    }
}
