package org.keycloak.adapters.elytron;

import javax.security.auth.callback.CallbackHandler;
import org.jboss.logging.Logger;
import org.keycloak.KeycloakPrincipal;
import org.keycloak.KeycloakSecurityContext;
import org.keycloak.adapters.CookieTokenStore;
import org.keycloak.adapters.KeycloakDeployment;
import org.keycloak.adapters.OidcKeycloakAccount;
import org.keycloak.adapters.RefreshableKeycloakSecurityContext;
import org.keycloak.adapters.RequestAuthenticator;
import org.wildfly.security.http.HttpScope;
import org.wildfly.security.http.Scope;

/* loaded from: input_file:org/keycloak/adapters/elytron/ElytronCookieTokenStore.class */
public class ElytronCookieTokenStore implements ElytronTokeStore {
    protected static Logger log = Logger.getLogger(ElytronCookieTokenStore.class);
    private final ElytronHttpFacade httpFacade;
    private final CallbackHandler callbackHandler;

    public ElytronCookieTokenStore(ElytronHttpFacade elytronHttpFacade, CallbackHandler callbackHandler) {
        this.httpFacade = elytronHttpFacade;
        this.callbackHandler = callbackHandler;
    }

    public void checkCurrentToken() {
        KeycloakPrincipal principalFromCookie = CookieTokenStore.getPrincipalFromCookie(this.httpFacade.getDeployment(), this.httpFacade, this);
        if (principalFromCookie == null) {
            return;
        }
        RefreshableKeycloakSecurityContext keycloakSecurityContext = principalFromCookie.getKeycloakSecurityContext();
        if (!keycloakSecurityContext.isActive() || keycloakSecurityContext.getDeployment().isAlwaysRefreshToken()) {
            if (keycloakSecurityContext.refreshExpiredToken(false) && keycloakSecurityContext.isActive()) {
                return;
            }
            saveAccountInfo(new ElytronAccount(principalFromCookie));
        }
    }

    public boolean isCached(RequestAuthenticator requestAuthenticator) {
        KeycloakDeployment deployment = this.httpFacade.getDeployment();
        KeycloakPrincipal principalFromCookie = CookieTokenStore.getPrincipalFromCookie(deployment, this.httpFacade, this);
        if (principalFromCookie == null) {
            log.debug("Account was not in cookie or was invalid, returning null");
            return false;
        }
        ElytronAccount elytronAccount = new ElytronAccount(principalFromCookie);
        if (!deployment.getRealm().equals(elytronAccount.m1getKeycloakSecurityContext().getRealm())) {
            log.debug("Account in session belongs to a different realm than for this request.");
            return false;
        }
        boolean checkActive = elytronAccount.checkActive();
        if (!checkActive) {
            checkActive = elytronAccount.tryRefresh(this.callbackHandler);
        }
        if (!checkActive) {
            log.debug("Account was not active, removing cookie and returning false");
            CookieTokenStore.removeCookie(this.httpFacade);
            return false;
        }
        log.debug("Cached account found");
        restoreRequest();
        this.httpFacade.authenticationComplete(elytronAccount, true);
        return true;
    }

    public void saveAccountInfo(OidcKeycloakAccount oidcKeycloakAccount) {
        CookieTokenStore.setTokenCookie(this.httpFacade.getDeployment(), this.httpFacade, oidcKeycloakAccount.getKeycloakSecurityContext());
        HttpScope scope = this.httpFacade.getScope(Scope.EXCHANGE);
        scope.registerForNotification(httpScopeNotification -> {
            logout();
        });
        scope.setAttachment(ElytronAccount.class.getName(), oidcKeycloakAccount);
        scope.setAttachment(KeycloakSecurityContext.class.getName(), oidcKeycloakAccount.getKeycloakSecurityContext());
        restoreRequest();
    }

    public void logout() {
        logout(false);
    }

    public void refreshCallback(RefreshableKeycloakSecurityContext refreshableKeycloakSecurityContext) {
        CookieTokenStore.setTokenCookie(this.httpFacade.getDeployment(), this.httpFacade, refreshableKeycloakSecurityContext);
    }

    public void saveRequest() {
    }

    public boolean restoreRequest() {
        return false;
    }

    @Override // org.keycloak.adapters.elytron.ElytronTokeStore
    public void logout(boolean z) {
        RefreshableKeycloakSecurityContext keycloakSecurityContext;
        KeycloakPrincipal principalFromCookie = CookieTokenStore.getPrincipalFromCookie(this.httpFacade.getDeployment(), this.httpFacade, this);
        if (principalFromCookie == null) {
            return;
        }
        CookieTokenStore.removeCookie(this.httpFacade);
        if (!z || (keycloakSecurityContext = principalFromCookie.getKeycloakSecurityContext()) == null) {
            return;
        }
        KeycloakDeployment deployment = this.httpFacade.getDeployment();
        if (deployment.isBearerOnly() || keycloakSecurityContext == null || !(keycloakSecurityContext instanceof RefreshableKeycloakSecurityContext)) {
            return;
        }
        keycloakSecurityContext.logout(deployment);
    }
}
