package org.jboss.errai.security.keycloak;

import java.io.Serializable;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import javax.enterprise.context.SessionScoped;
import javax.inject.Inject;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import org.jboss.errai.bus.server.annotations.Service;
import org.jboss.errai.bus.server.api.RpcContext;
import org.jboss.errai.security.keycloak.extension.Filtered;
import org.jboss.errai.security.keycloak.properties.KeycloakPropertyNames;
import org.jboss.errai.security.shared.api.Role;
import org.jboss.errai.security.shared.api.RoleImpl;
import org.jboss.errai.security.shared.api.identity.User;
import org.jboss.errai.security.shared.api.identity.UserImpl;
import org.jboss.errai.security.shared.exception.AlreadyLoggedInException;
import org.jboss.errai.security.shared.exception.AuthenticationException;
import org.jboss.errai.security.shared.service.AuthenticationService;
import org.keycloak.KeycloakSecurityContext;
import org.keycloak.representations.AccessToken;

@Service
@SessionScoped
/* loaded from: input_file:WEB-INF/lib/errai-security-keycloak-4.0.0-SNAPSHOT.jar:org/jboss/errai/security/keycloak/KeycloakAuthenticationService.class */
public class KeycloakAuthenticationService implements AuthenticationService, Serializable {
    private static final long serialVersionUID = 1;

    @Inject
    @Filtered
    private AuthenticationService wrappedAuthService;
    private User keycloakUser;
    private KeycloakSecurityContext keycloakSecurityContext;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/errai-security-keycloak-4.0.0-SNAPSHOT.jar:org/jboss/errai/security/keycloak/KeycloakAuthenticationService$KeycloakProperty.class */
    public static class KeycloakProperty {
        final String name;
        final String value;

        KeycloakProperty(String str, String str2) {
            this.name = str;
            this.value = str2;
        }

        boolean hasValue() {
            return this.value != null;
        }
    }

    @Override // org.jboss.errai.security.shared.service.AuthenticationService
    public User login(String str, String str2) {
        if (keycloakIsLoggedIn()) {
            throw new AlreadyLoggedInException("Already logged in through Keycloak.");
        }
        return this.wrappedAuthService.login(str, str2);
    }

    @Override // org.jboss.errai.security.shared.service.AuthenticationService
    public boolean isLoggedIn() {
        return keycloakIsLoggedIn() || this.wrappedAuthService.isLoggedIn();
    }

    private boolean keycloakIsLoggedIn() {
        return (this.keycloakSecurityContext == null || this.keycloakSecurityContext.getToken() == null) ? false : true;
    }

    @Override // org.jboss.errai.security.shared.service.AuthenticationService
    public void logout() {
        if (!keycloakIsLoggedIn()) {
            if (this.wrappedAuthService.isLoggedIn()) {
                this.wrappedAuthService.logout();
            }
        } else {
            keycloakLogout();
            try {
                if (RpcContext.getMessage() != null) {
                    ((HttpServletRequest) RpcContext.getServletRequest()).logout();
                }
            } catch (ServletException e) {
                throw new AuthenticationException("An error occurred while attempting to log out of Keycloak.");
            }
        }
    }

    private void keycloakLogout() {
        setSecurityContext(null);
    }

    @Override // org.jboss.errai.security.shared.service.AuthenticationService
    public User getUser() {
        return keycloakIsLoggedIn() ? getKeycloakUser() : this.wrappedAuthService.isLoggedIn() ? this.wrappedAuthService.getUser() : User.ANONYMOUS;
    }

    private User getKeycloakUser() {
        if (!keycloakIsLoggedIn()) {
            throw new IllegalStateException("Cannot call getKeycloakUser if not logged in through Keycloak.");
        }
        if (this.keycloakUser == null) {
            this.keycloakUser = createKeycloakUser(this.keycloakSecurityContext.getToken());
        }
        return this.keycloakUser;
    }

    protected User createKeycloakUser(AccessToken accessToken) {
        UserImpl userImpl = new UserImpl(accessToken.getPreferredUsername(), createRoles(accessToken));
        for (KeycloakProperty keycloakProperty : getKeycloakUserProperties(accessToken)) {
            if (keycloakProperty.hasValue()) {
                userImpl.setProperty(keycloakProperty.name, keycloakProperty.value);
            }
        }
        return userImpl;
    }

    private Collection<KeycloakProperty> getKeycloakUserProperties(AccessToken accessToken) {
        ArrayList arrayList = new ArrayList();
        arrayList.add(new KeycloakProperty(User.StandardUserProperties.FIRST_NAME, accessToken.getGivenName()));
        arrayList.add(new KeycloakProperty(User.StandardUserProperties.LAST_NAME, accessToken.getFamilyName()));
        arrayList.add(new KeycloakProperty(User.StandardUserProperties.EMAIL, accessToken.getEmail()));
        arrayList.add(new KeycloakProperty("birthdate", accessToken.getBirthdate()));
        arrayList.add(new KeycloakProperty("gender", accessToken.getGender()));
        arrayList.add(new KeycloakProperty("locale", accessToken.getLocale()));
        arrayList.add(new KeycloakProperty(KeycloakPropertyNames.MIDDLE_NAME, accessToken.getMiddleName()));
        arrayList.add(new KeycloakProperty("name", accessToken.getName()));
        arrayList.add(new KeycloakProperty("nickname", accessToken.getNickName()));
        arrayList.add(new KeycloakProperty(KeycloakPropertyNames.PHONENUMBER, accessToken.getPhoneNumber()));
        arrayList.add(new KeycloakProperty("picture", accessToken.getPicture()));
        arrayList.add(new KeycloakProperty(KeycloakPropertyNames.PREFERRED_USERNAME, accessToken.getPreferredUsername()));
        arrayList.add(new KeycloakProperty("profile", accessToken.getProfile()));
        arrayList.add(new KeycloakProperty(KeycloakPropertyNames.SUBJECT, accessToken.getSubject()));
        arrayList.add(new KeycloakProperty("website", accessToken.getWebsite()));
        arrayList.add(new KeycloakProperty(KeycloakPropertyNames.ZONE_INFO, accessToken.getZoneinfo()));
        arrayList.add(new KeycloakProperty(KeycloakPropertyNames.EMAIL_VERIFIED, String.valueOf(accessToken.getEmailVerified())));
        arrayList.add(new KeycloakProperty(KeycloakPropertyNames.PHONENUMBER_VERIFIED, String.valueOf(accessToken.getPhoneNumberVerified())));
        if (accessToken.getAddress() != null) {
            arrayList.add(new KeycloakProperty("country", accessToken.getAddress().getCountry()));
            arrayList.add(new KeycloakProperty(KeycloakPropertyNames.FORMATTED_ADDRESS, accessToken.getAddress().getFormattedAddress()));
            arrayList.add(new KeycloakProperty("locality", accessToken.getAddress().getLocality()));
            arrayList.add(new KeycloakProperty(KeycloakPropertyNames.POSTAL_CODE, accessToken.getAddress().getPostalCode()));
            arrayList.add(new KeycloakProperty("region", accessToken.getAddress().getRegion()));
            arrayList.add(new KeycloakProperty(KeycloakPropertyNames.STREET_ADDRESS, accessToken.getAddress().getStreetAddress()));
        }
        return arrayList;
    }

    private Collection<? extends Role> createRoles(AccessToken accessToken) {
        HashSet hashSet = new HashSet();
        AccessToken.Access resourceAccess = accessToken.getResourceAccess(accessToken.getIssuedFor());
        if (resourceAccess != null && resourceAccess.getRoles() != null) {
            hashSet.addAll(resourceAccess.getRoles());
        }
        AccessToken.Access realmAccess = accessToken.getRealmAccess();
        if (realmAccess != null && realmAccess.getRoles() != null) {
            hashSet.addAll(realmAccess.getRoles());
        }
        ArrayList arrayList = new ArrayList(hashSet.size());
        Iterator it = hashSet.iterator();
        while (it.hasNext()) {
            arrayList.add(new RoleImpl((String) it.next()));
        }
        return arrayList;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setSecurityContext(KeycloakSecurityContext keycloakSecurityContext) {
        if (this.wrappedAuthService.isLoggedIn() && keycloakSecurityContext != null) {
            throw new AlreadyLoggedInException("Logged in as " + this.wrappedAuthService.getUser());
        }
        this.keycloakSecurityContext = keycloakSecurityContext;
        this.keycloakUser = null;
    }
}
