package it.geosolutions.geostore.services.rest.security.keycloak;

import it.geosolutions.geostore.services.rest.security.TokenAuthenticationCache;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.keycloak.OAuth2Constants;
import org.keycloak.adapters.AdapterDeploymentContext;
import org.keycloak.adapters.KeycloakDeployment;
import org.keycloak.adapters.RequestAuthenticator;
import org.keycloak.adapters.spi.HttpFacade;
import org.keycloak.adapters.springsecurity.facade.SimpleHttpFacade;
import org.keycloak.adapters.springsecurity.token.SpringSecurityAdapterTokenStoreFactory;
import org.keycloak.authorization.client.Configuration;
import org.keycloak.authorization.client.util.Http;
import org.keycloak.enums.TokenStore;
import org.keycloak.representations.AccessTokenResponse;
import org.keycloak.representations.adapters.config.AdapterConfig;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken;

/* loaded from: input_file:WEB-INF/lib/geostore-rest-impl-2.0.0.jar:it/geosolutions/geostore/services/rest/security/keycloak/KeyCloakHelper.class */
public class KeyCloakHelper {
    private static final Logger LOGGER = LogManager.getLogger((Class<?>) KeycloakSessionServiceDelegate.class);
    protected final SpringSecurityAdapterTokenStoreFactory adapterTokenStoreFactory = new SpringSecurityAdapterTokenStoreFactory();
    protected AdapterDeploymentContext keycloakContext;

    public KeyCloakHelper(AdapterDeploymentContext adapterDeploymentContext) {
        this.keycloakContext = adapterDeploymentContext;
    }

    public KeycloakDeployment getDeployment(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        return getDeployment(new SimpleHttpFacade(httpServletRequest, httpServletResponse));
    }

    public KeycloakDeployment getDeployment(HttpFacade httpFacade) {
        KeycloakDeployment resolveDeployment = this.keycloakContext.resolveDeployment(httpFacade);
        resolveDeployment.setTokenStore(TokenStore.COOKIE);
        resolveDeployment.setDelegateBearerErrorResponseSending(true);
        return resolveDeployment;
    }

    public RequestAuthenticator getAuthenticator(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, KeycloakDeployment keycloakDeployment) {
        KeyCloakRequestWrapper keyCloakRequestWrapper = new KeyCloakRequestWrapper(httpServletRequest);
        return new GeoStoreKeycloakAuthenticator(new SimpleHttpFacade(keyCloakRequestWrapper, httpServletResponse), keyCloakRequestWrapper, keycloakDeployment, this.adapterTokenStoreFactory.createAdapterTokenStore(keycloakDeployment, keyCloakRequestWrapper, httpServletResponse), -1);
    }

    public AccessTokenResponse refreshToken(AdapterConfig adapterConfig, String str) {
        Configuration clientConfiguration = getClientConfiguration(adapterConfig);
        String str2 = adapterConfig.getAuthServerUrl() + "/realms/" + adapterConfig.getRealm() + "/protocol/openid-connect/token";
        return (AccessTokenResponse) new Http(clientConfiguration, (map, map2) -> {
        }).post(str2).authentication().client().form().param("grant_type", "refresh_token").param("refresh_token", str).param("client_id", adapterConfig.getResource()).param(OAuth2Constants.CLIENT_SECRET, (String) adapterConfig.getCredentials().get("secret")).response().json(AccessTokenResponse.class).execute();
    }

    public Configuration getClientConfiguration(AdapterConfig adapterConfig) {
        return new Configuration(adapterConfig.getAuthServerUrl(), adapterConfig.getRealm(), adapterConfig.getResource(), adapterConfig.getCredentials(), null);
    }

    public Authentication updateAuthentication(TokenAuthenticationCache tokenAuthenticationCache, String str, String str2, String str3, long j) {
        Authentication authentication = tokenAuthenticationCache.get(str);
        if (authentication == null) {
            authentication = SecurityContextHolder.getContext().getAuthentication();
        }
        if (authentication instanceof PreAuthenticatedAuthenticationToken) {
            if (LOGGER.isDebugEnabled()) {
                LOGGER.info("Updating the cache and the SecurityContext with new Auth details");
            }
            tokenAuthenticationCache.removeEntry(str);
            PreAuthenticatedAuthenticationToken preAuthenticatedAuthenticationToken = new PreAuthenticatedAuthenticationToken(authentication.getPrincipal(), authentication.getCredentials(), authentication.getAuthorities());
            if (LOGGER.isDebugEnabled()) {
                LOGGER.debug("Updating keycloak details.");
            }
            preAuthenticatedAuthenticationToken.setDetails(new KeycloakTokenDetails(str2, str3, j));
            tokenAuthenticationCache.putCacheEntry(str2, preAuthenticatedAuthenticationToken);
            SecurityContextHolder.getContext().setAuthentication(preAuthenticatedAuthenticationToken);
            authentication = preAuthenticatedAuthenticationToken;
        }
        return authentication;
    }
}
