package de.ahus1.keycloak.dropwizard;

import com.google.common.base.Optional;
import io.dropwizard.auth.AuthFactory;
import io.dropwizard.auth.AuthenticationException;
import io.dropwizard.auth.Authenticator;
import io.dropwizard.auth.DefaultUnauthorizedHandler;
import io.dropwizard.auth.UnauthorizedHandler;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.InternalServerErrorException;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Context;
import org.eclipse.jetty.server.HttpChannel;
import org.eclipse.jetty.server.Request;
import org.glassfish.jersey.server.ContainerRequest;
import org.keycloak.adapters.AdapterDeploymentContext;
import org.keycloak.adapters.AdapterTokenStore;
import org.keycloak.adapters.AuthChallenge;
import org.keycloak.adapters.AuthOutcome;
import org.keycloak.adapters.HttpFacade;
import org.keycloak.adapters.KeycloakDeployment;
import org.keycloak.adapters.KeycloakDeploymentBuilder;
import org.keycloak.adapters.jetty.core.JettyCookieTokenStore;
import org.keycloak.adapters.jetty.core.JettyRequestAuthenticator;
import org.keycloak.enums.TokenStore;
import org.keycloak.representations.adapters.config.AdapterConfig;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:de/ahus1/keycloak/dropwizard/KeycloakAuthFactory.class */
public class KeycloakAuthFactory<T> extends AuthFactory<HttpServletRequest, T> {
    private AdapterConfig adapterConfig;
    private Authenticator<HttpServletRequest, T> authenticator;
    public static final String TOKEN_STORE_NOTE = "TOKEN_STORE_NOTE";
    private String prefix;
    private static final Logger LOGGER = LoggerFactory.getLogger(KeycloakAuthFactory.class);
    private final String realm;
    private Class<T> generatedClass;
    private boolean required;
    protected AdapterDeploymentContext deploymentContext;
    private UnauthorizedHandler unauthorizedHandler;

    @Context
    private HttpServletRequest request;

    public KeycloakAuthFactory(AdapterConfig adapterConfig, String str, Authenticator<HttpServletRequest, T> authenticator, Class<T> cls) {
        super(authenticator);
        this.prefix = "Bearer";
        this.unauthorizedHandler = new DefaultUnauthorizedHandler();
        this.authenticator = authenticator;
        this.adapterConfig = adapterConfig;
        this.realm = str;
        this.generatedClass = cls;
        initializeKeycloak();
    }

    public void setRequest(HttpServletRequest httpServletRequest) {
        this.request = httpServletRequest;
    }

    public AuthFactory<HttpServletRequest, T> clone(boolean z) {
        this.required = z;
        return new KeycloakAuthFactory(this.adapterConfig, this.realm, this.authenticator, this.generatedClass);
    }

    public Class<T> getGeneratedClass() {
        return this.generatedClass;
    }

    public void initializeKeycloak() {
        this.deploymentContext = new AdapterDeploymentContext(KeycloakDeploymentBuilder.build(this.adapterConfig));
    }

    public T provide() {
        try {
            validateRequest(this.request);
            Optional authenticate = this.authenticator.authenticate(this.request);
            if (authenticate.isPresent()) {
                return (T) authenticate.get();
            }
            if (this.required) {
                throw new WebApplicationException(this.unauthorizedHandler.buildResponse(this.prefix, this.realm));
            }
            return null;
        } catch (AuthenticationException e) {
            LOGGER.warn("Error authenticating credentials", e);
            throw new InternalServerErrorException();
        }
    }

    public void validateRequest(HttpServletRequest httpServletRequest) {
        AuthChallenge challenge;
        JaxrsHttpFacade jaxrsHttpFacade = new JaxrsHttpFacade(httpServletRequest);
        httpServletRequest.setAttribute(AdapterDeploymentContext.class.getName(), this.deploymentContext);
        KeycloakDeployment resolveDeployment = this.deploymentContext.resolveDeployment(jaxrsHttpFacade);
        if (resolveDeployment == null || !resolveDeployment.isConfigured()) {
            return;
        }
        AdapterTokenStore tokenStore = getTokenStore(httpServletRequest, getContainerRequest(), jaxrsHttpFacade, resolveDeployment);
        tokenStore.checkCurrentToken();
        JettyRequestAuthenticator createRequestAuthenticator = createRequestAuthenticator(httpServletRequest, jaxrsHttpFacade, resolveDeployment, tokenStore);
        if (createRequestAuthenticator.authenticate() == AuthOutcome.AUTHENTICATED || (challenge = createRequestAuthenticator.getChallenge()) == null) {
            return;
        }
        challenge.challenge(jaxrsHttpFacade);
        jaxrsHttpFacade.getResponse().setCookie("JSESSIONID", httpServletRequest.getSession().getId(), "/", (String) null, -1, false, false);
        jaxrsHttpFacade.responseFacade.end();
    }

    protected JettyRequestAuthenticator createRequestAuthenticator(HttpServletRequest httpServletRequest, JaxrsHttpFacade jaxrsHttpFacade, KeycloakDeployment keycloakDeployment, AdapterTokenStore adapterTokenStore) {
        return new JettyRequestAuthenticator(jaxrsHttpFacade, keycloakDeployment, adapterTokenStore, -1, httpServletRequest instanceof Request ? (Request) httpServletRequest : HttpChannel.getCurrentHttpChannel().getRequest());
    }

    public static AdapterTokenStore getTokenStore(HttpServletRequest httpServletRequest, ContainerRequest containerRequest, HttpFacade httpFacade, KeycloakDeployment keycloakDeployment) {
        AdapterTokenStore adapterTokenStore = (AdapterTokenStore) httpServletRequest.getAttribute(TOKEN_STORE_NOTE);
        if (adapterTokenStore != null) {
            return adapterTokenStore;
        }
        Request request = httpServletRequest instanceof Request ? (Request) httpServletRequest : HttpChannel.getCurrentHttpChannel().getRequest();
        JaxrsSessionTokenStore jaxrsSessionTokenStore = keycloakDeployment.getTokenStore() == TokenStore.SESSION ? new JaxrsSessionTokenStore(request, containerRequest, keycloakDeployment) : new JettyCookieTokenStore(request, httpFacade, keycloakDeployment);
        httpServletRequest.setAttribute(TOKEN_STORE_NOTE, jaxrsSessionTokenStore);
        return jaxrsSessionTokenStore;
    }
}
