package org.keycloak.quarkus.runtime.hostname;

import java.net.MalformedURLException;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URL;
import java.util.function.BiFunction;
import java.util.function.Function;
import javax.ws.rs.core.UriInfo;
import org.jboss.logging.Logger;
import org.keycloak.Config;
import org.keycloak.common.util.Resteasy;
import org.keycloak.config.HostnameOptions;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.quarkus.runtime.configuration.Configuration;
import org.keycloak.urls.HostnameProvider;
import org.keycloak.urls.HostnameProviderFactory;
import org.keycloak.urls.UrlType;
import org.keycloak.utils.StringUtil;

/* loaded from: input_file:org/keycloak/quarkus/runtime/hostname/DefaultHostnameProvider.class */
public final class DefaultHostnameProvider implements HostnameProvider, HostnameProviderFactory {
    private static final Logger LOGGER = Logger.getLogger(DefaultHostnameProvider.class);
    private static final String REALM_URI_SESSION_ATTRIBUTE = DefaultHostnameProvider.class.getName() + ".realmUrl";
    private static final int DEFAULT_HTTPS_PORT_VALUE = 443;
    private static final int RESTEASY_DEFAULT_PORT_VALUE = -1;
    private String frontEndHostName;
    private String defaultPath;
    private String defaultHttpScheme;
    private int defaultTlsPort;
    private boolean noProxy;
    private String adminHostName;
    private Boolean strictBackChannel;
    private boolean hostnameEnabled;
    private boolean strictHttps;
    private int hostnamePort;
    private URI frontEndBaseUri;
    private URI adminBaseUri;

    public String getScheme(UriInfo uriInfo, UrlType urlType) {
        if (UrlType.ADMIN.equals(urlType)) {
            return (String) fromBaseUriOrDefault((v0) -> {
                return v0.getScheme();
            }, this.adminBaseUri, getScheme(uriInfo));
        }
        String str = (String) forNonStrictBackChannel(uriInfo, urlType, this::getScheme, this::getScheme);
        return str != null ? str : (String) fromFrontEndUrl(uriInfo, (v0) -> {
            return v0.getScheme();
        }, this::getScheme, this.defaultHttpScheme);
    }

    public String getHostname(UriInfo uriInfo, UrlType urlType) {
        if (UrlType.ADMIN.equals(urlType)) {
            return (String) fromBaseUriOrDefault((v0) -> {
                return v0.getHost();
            }, this.adminBaseUri, this.adminHostName == null ? getHostname(uriInfo) : this.adminHostName);
        }
        String str = (String) forNonStrictBackChannel(uriInfo, urlType, this::getHostname, this::getHostname);
        return str != null ? str : (String) fromFrontEndUrl(uriInfo, (v0) -> {
            return v0.getHost();
        }, this::getHostname, this.frontEndHostName);
    }

    public String getContextPath(UriInfo uriInfo, UrlType urlType) {
        if (UrlType.ADMIN.equals(urlType)) {
            return (String) fromBaseUriOrDefault((v0) -> {
                return v0.getPath();
            }, this.adminBaseUri, getContextPath(uriInfo));
        }
        String str = (String) forNonStrictBackChannel(uriInfo, urlType, this::getContextPath, this::getContextPath);
        return str != null ? str : (String) fromFrontEndUrl(uriInfo, (v0) -> {
            return v0.getPath();
        }, this::getContextPath, this.defaultPath);
    }

    public int getPort(UriInfo uriInfo, UrlType urlType) {
        if (UrlType.ADMIN.equals(urlType)) {
            return ((Integer) fromBaseUriOrDefault((v0) -> {
                return v0.getPort();
            }, this.adminBaseUri, Integer.valueOf(getRequestPort(uriInfo)))).intValue();
        }
        Integer num = (Integer) forNonStrictBackChannel(uriInfo, urlType, this::getPort, this::getRequestPort);
        if (num != null) {
            return num.intValue();
        }
        if (!this.hostnameEnabled || this.noProxy) {
            return ((Integer) fromFrontEndUrl(uriInfo, (v0) -> {
                return v0.getPort();
            }, this::getPort, Integer.valueOf(this.hostnamePort == RESTEASY_DEFAULT_PORT_VALUE ? getPort(uriInfo) : this.hostnamePort))).intValue();
        }
        return ((Integer) fromBaseUriOrDefault((v0) -> {
            return v0.getPort();
        }, this.frontEndBaseUri, Integer.valueOf(this.hostnamePort))).intValue();
    }

    public int getPort(UriInfo uriInfo) {
        return (this.noProxy && this.strictHttps) ? this.defaultTlsPort : getRequestPort(uriInfo);
    }

    private <T> T forNonStrictBackChannel(UriInfo uriInfo, UrlType urlType, BiFunction<UriInfo, UrlType, T> biFunction, Function<UriInfo, T> function) {
        if (!UrlType.BACKEND.equals(urlType) || this.strictBackChannel.booleanValue()) {
            return null;
        }
        return isHostFromFrontEndUrl(uriInfo) ? biFunction.apply(uriInfo, UrlType.FRONTEND) : function.apply(uriInfo);
    }

    private <T> T fromFrontEndUrl(UriInfo uriInfo, Function<URI, T> function, Function<UriInfo, T> function2, T t) {
        URI realmFrontEndUrl = getRealmFrontEndUrl();
        return realmFrontEndUrl != null ? function.apply(realmFrontEndUrl) : this.frontEndBaseUri != null ? function.apply(this.frontEndBaseUri) : t == null ? function2.apply(uriInfo) : t;
    }

    private boolean isHostFromFrontEndUrl(UriInfo uriInfo) {
        String hostname = getHostname(uriInfo);
        if (hostname.equals(getHostname(uriInfo, UrlType.FRONTEND))) {
            return true;
        }
        URI realmFrontEndUrl = getRealmFrontEndUrl();
        return realmFrontEndUrl != null && hostname.equals(realmFrontEndUrl.getHost());
    }

    protected URI getRealmFrontEndUrl() {
        KeycloakSession keycloakSession = (KeycloakSession) Resteasy.getContextData(KeycloakSession.class);
        RealmModel realm = keycloakSession.getContext().getRealm();
        if (realm == null) {
            return null;
        }
        String str = realm.getId() + REALM_URI_SESSION_ATTRIBUTE;
        URI uri = (URI) keycloakSession.getAttribute(str);
        if (uri == null) {
            String attribute = realm.getAttribute("frontendUrl");
            if (StringUtil.isNotBlank(attribute)) {
                URI create = URI.create(attribute);
                keycloakSession.setAttribute(str, create);
                return create;
            }
        }
        return uri;
    }

    public void close() {
    }

    public String getId() {
        return "default";
    }

    /* renamed from: create, reason: merged with bridge method [inline-methods] */
    public HostnameProvider m16create(KeycloakSession keycloakSession) {
        return this;
    }

    public void init(Config.Scope scope) {
        this.frontEndHostName = scope.get("hostname");
        try {
            String str = scope.get("hostname-url");
            if (str != null) {
                this.frontEndBaseUri = new URL(str).toURI();
            }
            if (this.frontEndHostName != null && this.frontEndBaseUri != null) {
                throw new RuntimeException("You can not set both '" + HostnameOptions.HOSTNAME.getKey() + "' and '" + HostnameOptions.HOSTNAME_URL.getKey() + "' options");
            }
            if (scope.getBoolean("strict", false).booleanValue() && this.frontEndHostName == null && this.frontEndBaseUri == null) {
                throw new RuntimeException("Strict hostname resolution configured but no hostname setting provided");
            }
            this.hostnameEnabled = (this.frontEndHostName == null && this.frontEndBaseUri == null) ? false : true;
            if (this.frontEndBaseUri == null) {
                this.strictHttps = this.hostnameEnabled && scope.getBoolean("strict-https", false).booleanValue();
            } else {
                this.frontEndHostName = this.frontEndBaseUri.getHost();
                this.strictHttps = "https".equals(this.frontEndBaseUri.getScheme());
            }
            if (this.strictHttps) {
                this.defaultHttpScheme = "https";
            }
            this.defaultPath = scope.get("path", this.frontEndBaseUri == null ? null : this.frontEndBaseUri.getPath());
            this.noProxy = Configuration.getConfigValue("kc.proxy").getValue().equals("false");
            this.defaultTlsPort = Integer.parseInt(Configuration.getConfigValue("kc.https-port").getValue());
            if (this.defaultTlsPort == DEFAULT_HTTPS_PORT_VALUE) {
                this.defaultTlsPort = RESTEASY_DEFAULT_PORT_VALUE;
            }
            if (this.frontEndBaseUri == null) {
                this.hostnamePort = Integer.parseInt(Configuration.getConfigValue("kc.hostname-port").getValue());
            } else {
                this.hostnamePort = this.frontEndBaseUri.getPort();
            }
            this.adminHostName = scope.get("admin");
            try {
                String str2 = scope.get("admin-url");
                if (str2 != null) {
                    this.adminBaseUri = new URL(str2).toURI();
                }
                if (this.adminHostName != null && this.adminBaseUri != null) {
                    throw new RuntimeException("You can not set both '" + HostnameOptions.HOSTNAME_ADMIN.getKey() + "' and '" + HostnameOptions.HOSTNAME_ADMIN_URL.getKey() + "' options");
                }
                if (this.adminBaseUri != null) {
                    this.adminHostName = this.adminBaseUri.getHost();
                }
                this.strictBackChannel = scope.getBoolean("strict-backchannel", false);
                Logger logger = LOGGER;
                Object[] objArr = new Object[9];
                objArr[0] = this.frontEndBaseUri == null ? "<unset>" : this.frontEndBaseUri;
                objArr[1] = this.frontEndHostName == null ? this.frontEndBaseUri == null ? "<request>" : this.frontEndBaseUri : this.frontEndHostName;
                objArr[2] = Boolean.valueOf(this.strictHttps);
                objArr[3] = this.defaultPath == null ? "<request>" : "".equals(this.defaultPath) ? "/" : this.defaultPath;
                objArr[4] = this.strictBackChannel;
                objArr[5] = this.adminBaseUri == null ? "<unset>" : this.adminBaseUri;
                objArr[6] = this.adminHostName == null ? this.adminBaseUri == null ? "<request>" : this.adminBaseUri : this.adminHostName;
                objArr[7] = String.valueOf(this.hostnamePort);
                objArr[8] = Boolean.valueOf(!this.noProxy);
                logger.infov("Hostname settings: Base URL: {0}, Hostname: {1}, Strict HTTPS: {2}, Path: {3}, Strict BackChannel: {4}, Admin URL: {5}, Admin: {6}, Port: {7}, Proxied: {8}", objArr);
            } catch (MalformedURLException | URISyntaxException e) {
                throw new RuntimeException("Invalid base URL for Admin URLs: " + scope.get("admin-url"), e);
            }
        } catch (MalformedURLException | URISyntaxException e2) {
            throw new RuntimeException("Invalid base URL for FrontEnd URLs: " + scope.get("hostname-url"), e2);
        }
    }

    private int getRequestPort(UriInfo uriInfo) {
        return ((KeycloakSession) Resteasy.getContextData(KeycloakSession.class)).getContext().getHttpRequest().getUri().getBaseUri().getPort();
    }

    private <T> T fromBaseUriOrDefault(Function<URI, T> function, URI uri, T t) {
        return uri != null ? function.apply(uri) : t;
    }
}
