package org.keycloak.example;

import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Map;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.http.HttpEntity;
import org.apache.http.HttpResponse;
import org.apache.http.client.HttpClient;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.http.message.BasicNameValuePair;
import org.keycloak.RSATokenVerifier;
import org.keycloak.adapters.KeycloakDeployment;
import org.keycloak.adapters.KeycloakDeploymentBuilder;
import org.keycloak.adapters.ServerRequest;
import org.keycloak.adapters.authentication.ClientCredentialsProviderUtils;
import org.keycloak.common.VerificationException;
import org.keycloak.common.util.UriUtils;
import org.keycloak.representations.AccessToken;
import org.keycloak.representations.AccessTokenResponse;
import org.keycloak.util.JsonSerialization;

/* loaded from: input_file:WEB-INF/classes/org/keycloak/example/ProductServiceAccountServlet.class */
public abstract class ProductServiceAccountServlet extends HttpServlet {
    public static final String ERROR = "error";
    public static final String TOKEN = "token";
    public static final String TOKEN_PARSED = "idTokenParsed";
    public static final String REFRESH_TOKEN = "refreshToken";
    public static final String PRODUCTS = "products";
    public static final String CLIENT_AUTH_METHOD = "clientAuthMethod";

    protected abstract String getAdapterConfigLocation();

    protected abstract String getClientAuthenticationMethod();

    public static String getLoginUrl(HttpServletRequest httpServletRequest) {
        return "/service-account-portal/app-" + httpServletRequest.getAttribute(CLIENT_AUTH_METHOD) + "/login";
    }

    public static String getRefreshUrl(HttpServletRequest httpServletRequest) {
        return "/service-account-portal/app-" + httpServletRequest.getAttribute(CLIENT_AUTH_METHOD) + "/refresh";
    }

    public static String getLogoutUrl(HttpServletRequest httpServletRequest) {
        return "/service-account-portal/app-" + httpServletRequest.getAttribute(CLIENT_AUTH_METHOD) + "/logout";
    }

    public void init() throws ServletException {
        getServletContext().setAttribute("deployment-" + getClientAuthenticationMethod(), KeycloakDeploymentBuilder.build(getServletContext().getResourceAsStream(getAdapterConfigLocation())));
        getServletContext().setAttribute(HttpClient.class.getName(), new DefaultHttpClient());
    }

    public void destroy() {
        getHttpClient().getConnectionManager().shutdown();
    }

    protected void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        httpServletRequest.setAttribute(CLIENT_AUTH_METHOD, getClientAuthenticationMethod());
        String requestURI = httpServletRequest.getRequestURI();
        if (requestURI.endsWith("/login")) {
            serviceAccountLogin(httpServletRequest);
        } else if (requestURI.endsWith("/refresh")) {
            refreshToken(httpServletRequest);
        } else if (requestURI.endsWith("/logout")) {
            logout(httpServletRequest);
        }
        if (httpServletRequest.getAttribute(ERROR) == null) {
            loadProducts(httpServletRequest);
        }
        httpServletRequest.getRequestDispatcher("/WEB-INF/page.jsp").forward(httpServletRequest, httpServletResponse);
    }

    private void serviceAccountLogin(HttpServletRequest httpServletRequest) {
        KeycloakDeployment keycloakDeployment = getKeycloakDeployment();
        HttpClient httpClient = getHttpClient();
        try {
            HttpPost httpPost = new HttpPost(keycloakDeployment.getTokenUrl());
            ArrayList arrayList = new ArrayList();
            arrayList.add(new BasicNameValuePair("grant_type", "client_credentials"));
            HashMap hashMap = new HashMap();
            HashMap hashMap2 = new HashMap();
            ClientCredentialsProviderUtils.setClientCredentials(keycloakDeployment, hashMap, hashMap2);
            for (Map.Entry entry : hashMap.entrySet()) {
                httpPost.setHeader((String) entry.getKey(), (String) entry.getValue());
            }
            for (Map.Entry entry2 : hashMap2.entrySet()) {
                arrayList.add(new BasicNameValuePair((String) entry2.getKey(), (String) entry2.getValue()));
            }
            httpPost.setEntity(new UrlEncodedFormEntity(arrayList, "UTF-8"));
            HttpResponse execute = httpClient.execute(httpPost);
            int statusCode = execute.getStatusLine().getStatusCode();
            HttpEntity entity = execute.getEntity();
            if (statusCode != 200) {
                httpServletRequest.setAttribute(ERROR, "Service account login failed. Bad status: " + statusCode + " response: " + getContent(entity));
            } else if (entity == null) {
                httpServletRequest.setAttribute(ERROR, "No entity");
            } else {
                setTokens(httpServletRequest, keycloakDeployment, (AccessTokenResponse) JsonSerialization.readValue(getContent(entity), AccessTokenResponse.class));
            }
        } catch (IOException e) {
            e.printStackTrace();
            httpServletRequest.setAttribute(ERROR, "Service account login failed. IOException occured. See server.log for details. Message is: " + e.getMessage());
        } catch (VerificationException e2) {
            httpServletRequest.setAttribute(ERROR, "Service account login failed. Failed to verify token Message is: " + e2.getMessage());
        }
    }

    private void setTokens(HttpServletRequest httpServletRequest, KeycloakDeployment keycloakDeployment, AccessTokenResponse accessTokenResponse) throws IOException, VerificationException {
        String token = accessTokenResponse.getToken();
        String refreshToken = accessTokenResponse.getRefreshToken();
        AccessToken verifyToken = RSATokenVerifier.verifyToken(token, keycloakDeployment.getRealmKey(), keycloakDeployment.getRealmInfoUrl());
        httpServletRequest.getSession().setAttribute(TOKEN, token);
        httpServletRequest.getSession().setAttribute(REFRESH_TOKEN, refreshToken);
        httpServletRequest.getSession().setAttribute(TOKEN_PARSED, verifyToken);
    }

    private void loadProducts(HttpServletRequest httpServletRequest) {
        HttpClient httpClient = getHttpClient();
        String str = (String) httpServletRequest.getSession().getAttribute(TOKEN);
        HttpGet httpGet = new HttpGet(UriUtils.getOrigin(httpServletRequest.getRequestURL().toString()) + "/database/products");
        if (str != null) {
            httpGet.addHeader("Authorization", "Bearer " + str);
        }
        try {
            HttpResponse execute = httpClient.execute(httpGet);
            HttpEntity entity = execute.getEntity();
            int statusCode = execute.getStatusLine().getStatusCode();
            if (statusCode != 200) {
                getContent(entity);
                httpServletRequest.setAttribute(ERROR, "Failed retrieve products. Status: " + statusCode);
            } else if (entity == null) {
                httpServletRequest.setAttribute(ERROR, "No entity");
            } else {
                httpServletRequest.setAttribute(PRODUCTS, getContent(entity));
            }
        } catch (IOException e) {
            e.printStackTrace();
            httpServletRequest.setAttribute(ERROR, "Failed retrieve products. IOException occured. See server.log for details. Message is: " + e.getMessage());
        }
    }

    private void refreshToken(HttpServletRequest httpServletRequest) {
        KeycloakDeployment keycloakDeployment = getKeycloakDeployment();
        String str = (String) httpServletRequest.getSession().getAttribute(REFRESH_TOKEN);
        if (str == null) {
            httpServletRequest.setAttribute(ERROR, "No refresh token available. Please login first");
            return;
        }
        try {
            setTokens(httpServletRequest, keycloakDeployment, ServerRequest.invokeRefresh(keycloakDeployment, str));
        } catch (Exception e) {
            e.printStackTrace();
            httpServletRequest.setAttribute(ERROR, "Failed refresh token. See server.log for details. Message is: " + e.getMessage());
        } catch (ServerRequest.HttpFailure e2) {
            e2.printStackTrace();
            httpServletRequest.setAttribute(ERROR, "Failed refresh token. See server.log for details. Status was: " + e2.getStatus() + ", Error is: " + e2.getError());
        }
    }

    private void logout(HttpServletRequest httpServletRequest) {
        KeycloakDeployment keycloakDeployment = getKeycloakDeployment();
        String str = (String) httpServletRequest.getSession().getAttribute(REFRESH_TOKEN);
        if (str == null) {
            httpServletRequest.setAttribute(ERROR, "No refresh token available. Please login first");
            return;
        }
        try {
            ServerRequest.invokeLogout(keycloakDeployment, str);
            httpServletRequest.getSession().removeAttribute(TOKEN);
            httpServletRequest.getSession().removeAttribute(REFRESH_TOKEN);
            httpServletRequest.getSession().removeAttribute(TOKEN_PARSED);
        } catch (IOException e) {
            e.printStackTrace();
            httpServletRequest.setAttribute(ERROR, "Failed refresh token. See server.log for details. Message is: " + e.getMessage());
        } catch (ServerRequest.HttpFailure e2) {
            e2.printStackTrace();
            httpServletRequest.setAttribute(ERROR, "Failed refresh token. See server.log for details. Status was: " + e2.getStatus() + ", Error is: " + e2.getError());
        }
    }

    private String getContent(HttpEntity httpEntity) throws IOException {
        if (httpEntity == null) {
            return null;
        }
        InputStream content = httpEntity.getContent();
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            while (true) {
                int read = content.read();
                if (read == -1) {
                    break;
                }
                byteArrayOutputStream.write(read);
            }
            return new String(byteArrayOutputStream.toByteArray());
        } finally {
            try {
                content.close();
            } catch (IOException e) {
            }
        }
    }

    private KeycloakDeployment getKeycloakDeployment() {
        return (KeycloakDeployment) getServletContext().getAttribute("deployment-" + getClientAuthenticationMethod());
    }

    private HttpClient getHttpClient() {
        return (HttpClient) getServletContext().getAttribute(HttpClient.class.getName());
    }
}
