package org.keycloak.adapters.tomcat;

import java.security.Principal;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.servlet.http.HttpSession;
import org.apache.catalina.connector.Request;
import org.keycloak.KeycloakPrincipal;
import org.keycloak.KeycloakSecurityContext;
import org.keycloak.adapters.AdapterTokenStore;
import org.keycloak.adapters.AdapterUtils;
import org.keycloak.adapters.KeycloakDeployment;
import org.keycloak.adapters.OAuthRequestAuthenticator;
import org.keycloak.adapters.OidcKeycloakAccount;
import org.keycloak.adapters.RefreshableKeycloakSecurityContext;
import org.keycloak.adapters.RequestAuthenticator;

/* loaded from: input_file:BOOT-INF/lib/spring-boot-container-bundle-3.4.3.Final.jar:org/keycloak/adapters/tomcat/CatalinaRequestAuthenticator.class */
public class CatalinaRequestAuthenticator extends RequestAuthenticator {
    private static final Logger log = Logger.getLogger("" + CatalinaRequestAuthenticator.class);
    protected Request request;
    protected GenericPrincipalFactory principalFactory;

    public CatalinaRequestAuthenticator(KeycloakDeployment keycloakDeployment, AdapterTokenStore adapterTokenStore, CatalinaHttpFacade catalinaHttpFacade, Request request, GenericPrincipalFactory genericPrincipalFactory) {
        super(catalinaHttpFacade, keycloakDeployment, adapterTokenStore, request.getConnector().getRedirectPort());
        this.request = request;
        this.principalFactory = genericPrincipalFactory;
    }

    @Override // org.keycloak.adapters.RequestAuthenticator
    protected OAuthRequestAuthenticator createOAuthAuthenticator() {
        return new OAuthRequestAuthenticator(this, this.facade, this.deployment, this.sslRedirectPort, this.tokenStore);
    }

    @Override // org.keycloak.adapters.RequestAuthenticator
    protected void completeOAuthAuthentication(final KeycloakPrincipal<RefreshableKeycloakSecurityContext> keycloakPrincipal) {
        final RefreshableKeycloakSecurityContext keycloakSecurityContext = keycloakPrincipal.getKeycloakSecurityContext();
        final Set<String> rolesFromSecurityContext = AdapterUtils.getRolesFromSecurityContext(keycloakSecurityContext);
        OidcKeycloakAccount oidcKeycloakAccount = new OidcKeycloakAccount() { // from class: org.keycloak.adapters.tomcat.CatalinaRequestAuthenticator.1
            @Override // org.keycloak.adapters.spi.KeycloakAccount
            public Principal getPrincipal() {
                return keycloakPrincipal;
            }

            @Override // org.keycloak.adapters.spi.KeycloakAccount
            public Set<String> getRoles() {
                return rolesFromSecurityContext;
            }

            @Override // org.keycloak.adapters.OidcKeycloakAccount
            public KeycloakSecurityContext getKeycloakSecurityContext() {
                return keycloakSecurityContext;
            }
        };
        this.request.setAttribute(KeycloakSecurityContext.class.getName(), keycloakSecurityContext);
        this.tokenStore.saveAccountInfo(oidcKeycloakAccount);
    }

    @Override // org.keycloak.adapters.RequestAuthenticator
    protected void completeBearerAuthentication(KeycloakPrincipal<RefreshableKeycloakSecurityContext> keycloakPrincipal, String str) {
        RefreshableKeycloakSecurityContext keycloakSecurityContext = keycloakPrincipal.getKeycloakSecurityContext();
        Set<String> rolesFromSecurityContext = AdapterUtils.getRolesFromSecurityContext(keycloakSecurityContext);
        if (log.isLoggable(Level.FINE)) {
            log.fine("Completing bearer authentication. Bearer roles: " + rolesFromSecurityContext);
        }
        this.request.setUserPrincipal(this.principalFactory.createPrincipal(this.request.getContext().getRealm(), keycloakPrincipal, rolesFromSecurityContext));
        this.request.setAuthType(str);
        this.request.setAttribute(KeycloakSecurityContext.class.getName(), keycloakSecurityContext);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.keycloak.adapters.RequestAuthenticator
    public String changeHttpSessionId(boolean z) {
        HttpSession session = this.request.getSession(z);
        if (session != null) {
            return session.getId();
        }
        return null;
    }
}
