package de.ahus1.keycloak.dropwizard;

import com.google.common.base.Optional;
import com.google.common.base.Preconditions;
import io.dropwizard.auth.AuthFilter;
import io.dropwizard.auth.AuthenticationException;
import java.io.IOException;
import java.security.Principal;
import javax.annotation.Priority;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.InternalServerErrorException;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.core.SecurityContext;
import org.eclipse.jetty.server.HttpChannel;
import org.eclipse.jetty.server.Request;
import org.keycloak.adapters.AdapterDeploymentContext;
import org.keycloak.adapters.AdapterTokenStore;
import org.keycloak.adapters.KeycloakDeployment;
import org.keycloak.adapters.KeycloakDeploymentBuilder;
import org.keycloak.adapters.jetty.JettyAdapterSessionStore;
import org.keycloak.adapters.jetty.core.JettyCookieTokenStore;
import org.keycloak.adapters.jetty.core.JettyRequestAuthenticator;
import org.keycloak.adapters.jetty.core.JettySessionTokenStore;
import org.keycloak.adapters.spi.AuthChallenge;
import org.keycloak.adapters.spi.AuthOutcome;
import org.keycloak.adapters.spi.HttpFacade;
import org.keycloak.enums.TokenStore;
import org.keycloak.representations.adapters.config.AdapterConfig;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Priority(1000)
/* loaded from: input_file:de/ahus1/keycloak/dropwizard/KeycloakAuthFilter.class */
public class KeycloakAuthFilter<P extends Principal> extends AuthFilter<HttpServletRequest, P> {
    private static final Logger LOGGER = LoggerFactory.getLogger(KeycloakAuthFilter.class);
    public static final String TOKEN_STORE_NOTE = "TOKEN_STORE_NOTE";
    protected AdapterDeploymentContext deploymentContext;
    private AdapterConfig adapterConfig;

    /* loaded from: input_file:de/ahus1/keycloak/dropwizard/KeycloakAuthFilter$Builder.class */
    public static class Builder<P extends Principal> extends AuthFilter.AuthFilterBuilder<HttpServletRequest, P, KeycloakAuthFilter<P>> {
        private AdapterConfig adapterConfig;

        /* JADX INFO: Access modifiers changed from: protected */
        /* renamed from: newInstance, reason: merged with bridge method [inline-methods] */
        public KeycloakAuthFilter<P> m1newInstance() {
            return new KeycloakAuthFilter<>(this.adapterConfig);
        }

        public Builder<P> setConfig(AdapterConfig adapterConfig) {
            this.adapterConfig = adapterConfig;
            return this;
        }

        /* renamed from: buildAuthFilter, reason: merged with bridge method [inline-methods] */
        public KeycloakAuthFilter<P> m2buildAuthFilter() {
            Preconditions.checkArgument(this.adapterConfig != null, "Keycloak config is not set");
            KeycloakAuthFilter<P> keycloakAuthFilter = (KeycloakAuthFilter) super.buildAuthFilter();
            keycloakAuthFilter.initializeKeycloak();
            return keycloakAuthFilter;
        }
    }

    public void initializeKeycloak() {
        this.deploymentContext = new AdapterDeploymentContext(KeycloakDeploymentBuilder.build(this.adapterConfig));
    }

    private KeycloakAuthFilter(AdapterConfig adapterConfig) {
        this.adapterConfig = adapterConfig;
    }

    public void filter(final ContainerRequestContext containerRequestContext) throws IOException {
        validateRequest(containerRequestContext);
        try {
            final Optional authenticate = this.authenticator.authenticate(HttpChannel.getCurrentHttpChannel().getRequest());
            if (authenticate.isPresent()) {
                containerRequestContext.setSecurityContext(new SecurityContext() { // from class: de.ahus1.keycloak.dropwizard.KeycloakAuthFilter.1
                    public Principal getUserPrincipal() {
                        return (Principal) authenticate.get();
                    }

                    public boolean isUserInRole(String str) {
                        return KeycloakAuthFilter.this.authorizer.authorize((Principal) authenticate.get(), str);
                    }

                    public boolean isSecure() {
                        return containerRequestContext.getSecurityContext().isSecure();
                    }

                    public String getAuthenticationScheme() {
                        return "BASIC";
                    }
                });
            }
        } catch (AuthenticationException e) {
            LOGGER.warn("Error authenticating credentials", e);
            throw new InternalServerErrorException();
        }
    }

    public void validateRequest(ContainerRequestContext containerRequestContext) {
        AuthChallenge challenge;
        Request request = HttpChannel.getCurrentHttpChannel().getRequest();
        JaxrsHttpFacade jaxrsHttpFacade = new JaxrsHttpFacade(containerRequestContext, containerRequestContext.getSecurityContext());
        request.setAttribute(AdapterDeploymentContext.class.getName(), this.deploymentContext);
        KeycloakDeployment resolveDeployment = this.deploymentContext.resolveDeployment(jaxrsHttpFacade);
        if (resolveDeployment == null || !resolveDeployment.isConfigured()) {
            return;
        }
        AdapterTokenStore tokenStore = getTokenStore(request, jaxrsHttpFacade, resolveDeployment);
        tokenStore.checkCurrentToken();
        JettyRequestAuthenticator createRequestAuthenticator = createRequestAuthenticator(request, jaxrsHttpFacade, resolveDeployment, tokenStore);
        if (createRequestAuthenticator.authenticate() == AuthOutcome.AUTHENTICATED || (challenge = createRequestAuthenticator.getChallenge()) == null) {
            return;
        }
        challenge.challenge(jaxrsHttpFacade);
        jaxrsHttpFacade.getResponse().setCookie("JSESSIONID", request.getSession().getId(), "/", (String) null, -1, false, false);
        jaxrsHttpFacade.getResponse().end();
    }

    protected JettyRequestAuthenticator createRequestAuthenticator(HttpServletRequest httpServletRequest, JaxrsHttpFacade jaxrsHttpFacade, KeycloakDeployment keycloakDeployment, AdapterTokenStore adapterTokenStore) {
        return new JettyRequestAuthenticator(jaxrsHttpFacade, keycloakDeployment, adapterTokenStore, -1, httpServletRequest instanceof Request ? (Request) httpServletRequest : HttpChannel.getCurrentHttpChannel().getRequest());
    }

    public static AdapterTokenStore getTokenStore(HttpServletRequest httpServletRequest, HttpFacade httpFacade, KeycloakDeployment keycloakDeployment) {
        AdapterTokenStore adapterTokenStore = (AdapterTokenStore) httpServletRequest.getAttribute(TOKEN_STORE_NOTE);
        if (adapterTokenStore != null) {
            return adapterTokenStore;
        }
        Request request = httpServletRequest instanceof Request ? (Request) httpServletRequest : HttpChannel.getCurrentHttpChannel().getRequest();
        JettySessionTokenStore jettySessionTokenStore = keycloakDeployment.getTokenStore() == TokenStore.SESSION ? new JettySessionTokenStore(request, keycloakDeployment, new JettyAdapterSessionStore(request)) : new JettyCookieTokenStore(request, httpFacade, keycloakDeployment);
        httpServletRequest.setAttribute(TOKEN_STORE_NOTE, jettySessionTokenStore);
        return jettySessionTokenStore;
    }
}
