package org.keycloak.adapters.springsecurity.authentication;

import java.util.Set;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.keycloak.KeycloakPrincipal;
import org.keycloak.KeycloakSecurityContext;
import org.keycloak.adapters.AdapterTokenStore;
import org.keycloak.adapters.AdapterUtils;
import org.keycloak.adapters.KeycloakDeployment;
import org.keycloak.adapters.OAuthRequestAuthenticator;
import org.keycloak.adapters.RefreshableKeycloakSecurityContext;
import org.keycloak.adapters.RequestAuthenticator;
import org.keycloak.adapters.spi.HttpFacade;
import org.keycloak.adapters.springsecurity.account.SimpleKeycloakAccount;
import org.keycloak.adapters.springsecurity.token.KeycloakAuthenticationToken;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder;

/* loaded from: input_file:BOOT-INF/lib/keycloak-spring-security-adapter-19.0.1.jar:org/keycloak/adapters/springsecurity/authentication/SpringSecurityRequestAuthenticator.class */
public class SpringSecurityRequestAuthenticator extends RequestAuthenticator {
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) SpringSecurityRequestAuthenticator.class);
    private final HttpServletRequest request;

    public SpringSecurityRequestAuthenticator(HttpFacade httpFacade, HttpServletRequest httpServletRequest, KeycloakDeployment keycloakDeployment, AdapterTokenStore adapterTokenStore, int i) {
        super(httpFacade, keycloakDeployment, adapterTokenStore, i);
        this.request = httpServletRequest;
    }

    @Override // org.keycloak.adapters.RequestAuthenticator
    protected OAuthRequestAuthenticator createOAuthAuthenticator() {
        return new OAuthRequestAuthenticator(this, this.facade, this.deployment, this.sslRedirectPort, this.tokenStore);
    }

    @Override // org.keycloak.adapters.RequestAuthenticator
    protected void completeOAuthAuthentication(KeycloakPrincipal<RefreshableKeycloakSecurityContext> keycloakPrincipal) {
        RefreshableKeycloakSecurityContext keycloakSecurityContext = keycloakPrincipal.getKeycloakSecurityContext();
        SimpleKeycloakAccount simpleKeycloakAccount = new SimpleKeycloakAccount(keycloakPrincipal, AdapterUtils.getRolesFromSecurityContext(keycloakSecurityContext), keycloakSecurityContext);
        this.request.setAttribute(KeycloakSecurityContext.class.getName(), keycloakSecurityContext);
        this.tokenStore.saveAccountInfo(simpleKeycloakAccount);
    }

    @Override // org.keycloak.adapters.RequestAuthenticator
    protected void completeBearerAuthentication(KeycloakPrincipal<RefreshableKeycloakSecurityContext> keycloakPrincipal, String str) {
        RefreshableKeycloakSecurityContext keycloakSecurityContext = keycloakPrincipal.getKeycloakSecurityContext();
        Set<String> rolesFromSecurityContext = AdapterUtils.getRolesFromSecurityContext(keycloakSecurityContext);
        SimpleKeycloakAccount simpleKeycloakAccount = new SimpleKeycloakAccount(keycloakPrincipal, rolesFromSecurityContext, keycloakSecurityContext);
        logger.debug("Completing bearer authentication. Bearer roles: {} ", rolesFromSecurityContext);
        SecurityContext createEmptyContext = SecurityContextHolder.createEmptyContext();
        createEmptyContext.setAuthentication(new KeycloakAuthenticationToken(simpleKeycloakAccount, false));
        SecurityContextHolder.setContext(createEmptyContext);
        this.request.setAttribute(KeycloakSecurityContext.class.getName(), keycloakSecurityContext);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.keycloak.adapters.RequestAuthenticator
    public String changeHttpSessionId(boolean z) {
        HttpSession session = this.request.getSession(z);
        if (session != null) {
            return session.getId();
        }
        return null;
    }
}
