package org.keycloak.adapters.jetty.core;

import java.security.Principal;
import java.util.Set;
import javax.servlet.http.HttpSession;
import org.eclipse.jetty.server.Request;
import org.jboss.logging.Logger;
import org.keycloak.KeycloakPrincipal;
import org.keycloak.KeycloakSecurityContext;
import org.keycloak.adapters.AdapterTokenStore;
import org.keycloak.adapters.AdapterUtils;
import org.keycloak.adapters.KeycloakDeployment;
import org.keycloak.adapters.OAuthRequestAuthenticator;
import org.keycloak.adapters.OidcKeycloakAccount;
import org.keycloak.adapters.RefreshableKeycloakSecurityContext;
import org.keycloak.adapters.RequestAuthenticator;
import org.keycloak.adapters.spi.HttpFacade;

/* loaded from: input_file:BOOT-INF/lib/spring-boot-container-bundle-14.0.0.jar:org/keycloak/adapters/jetty/core/JettyRequestAuthenticator.class */
public class JettyRequestAuthenticator extends RequestAuthenticator {
    protected static final Logger log = Logger.getLogger((Class<?>) JettyRequestAuthenticator.class);
    protected Request request;
    protected KeycloakPrincipal<RefreshableKeycloakSecurityContext> principal;

    public JettyRequestAuthenticator(HttpFacade httpFacade, KeycloakDeployment keycloakDeployment, AdapterTokenStore adapterTokenStore, int i, Request request) {
        super(httpFacade, keycloakDeployment, adapterTokenStore, i);
        this.request = request;
    }

    @Override // org.keycloak.adapters.RequestAuthenticator
    protected OAuthRequestAuthenticator createOAuthAuthenticator() {
        return new OAuthRequestAuthenticator(this, this.facade, this.deployment, this.sslRedirectPort, this.tokenStore);
    }

    @Override // org.keycloak.adapters.RequestAuthenticator
    protected void completeOAuthAuthentication(final KeycloakPrincipal<RefreshableKeycloakSecurityContext> keycloakPrincipal) {
        this.principal = keycloakPrincipal;
        final RefreshableKeycloakSecurityContext keycloakSecurityContext = keycloakPrincipal.getKeycloakSecurityContext();
        final Set<String> rolesFromSecurityContext = AdapterUtils.getRolesFromSecurityContext(keycloakSecurityContext);
        OidcKeycloakAccount oidcKeycloakAccount = new OidcKeycloakAccount() { // from class: org.keycloak.adapters.jetty.core.JettyRequestAuthenticator.1
            @Override // org.keycloak.adapters.spi.KeycloakAccount
            public Principal getPrincipal() {
                return keycloakPrincipal;
            }

            @Override // org.keycloak.adapters.spi.KeycloakAccount
            public Set<String> getRoles() {
                return rolesFromSecurityContext;
            }

            @Override // org.keycloak.adapters.OidcKeycloakAccount
            public KeycloakSecurityContext getKeycloakSecurityContext() {
                return keycloakSecurityContext;
            }
        };
        this.request.setAttribute(KeycloakSecurityContext.class.getName(), keycloakSecurityContext);
        this.tokenStore.saveAccountInfo(oidcKeycloakAccount);
    }

    @Override // org.keycloak.adapters.RequestAuthenticator
    protected void completeBearerAuthentication(KeycloakPrincipal<RefreshableKeycloakSecurityContext> keycloakPrincipal, String str) {
        this.principal = keycloakPrincipal;
        RefreshableKeycloakSecurityContext keycloakSecurityContext = keycloakPrincipal.getKeycloakSecurityContext();
        Set<String> rolesFromSecurityContext = AdapterUtils.getRolesFromSecurityContext(keycloakSecurityContext);
        if (log.isDebugEnabled()) {
            log.debug("Completing bearer authentication. Bearer roles: " + rolesFromSecurityContext);
        }
        this.request.setAttribute(KeycloakSecurityContext.class.getName(), keycloakSecurityContext);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.keycloak.adapters.RequestAuthenticator
    public String changeHttpSessionId(boolean z) {
        HttpSession session = this.request.getSession(z);
        if (session != null) {
            return session.getId();
        }
        return null;
    }
}
