package org.keycloak.adapters.tomcat7;

import java.io.IOException;
import java.security.Principal;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.servlet.http.HttpSession;
import org.apache.catalina.connector.Request;
import org.keycloak.KeycloakPrincipal;
import org.keycloak.KeycloakSecurityContext;
import org.keycloak.adapters.AdapterTokenStore;
import org.keycloak.adapters.AdapterUtils;
import org.keycloak.adapters.KeycloakAccount;
import org.keycloak.adapters.KeycloakDeployment;
import org.keycloak.adapters.OAuthRequestAuthenticator;
import org.keycloak.adapters.RefreshableKeycloakSecurityContext;
import org.keycloak.adapters.RequestAuthenticator;
import org.keycloak.enums.TokenStore;

/* loaded from: input_file:org/keycloak/adapters/tomcat7/CatalinaRequestAuthenticator.class */
public class CatalinaRequestAuthenticator extends RequestAuthenticator {
    private static final Logger log = Logger.getLogger("" + CatalinaRequestAuthenticator.class);
    protected KeycloakAuthenticatorValve valve;
    protected Request request;

    public CatalinaRequestAuthenticator(KeycloakDeployment keycloakDeployment, KeycloakAuthenticatorValve keycloakAuthenticatorValve, AdapterTokenStore adapterTokenStore, CatalinaHttpFacade catalinaHttpFacade, Request request) {
        super(catalinaHttpFacade, keycloakDeployment, adapterTokenStore, request.getConnector().getRedirectPort());
        this.valve = keycloakAuthenticatorValve;
        this.request = request;
    }

    protected OAuthRequestAuthenticator createOAuthAuthenticator() {
        return new OAuthRequestAuthenticator(this, this.facade, this.deployment, this.sslRedirectPort) { // from class: org.keycloak.adapters.tomcat7.CatalinaRequestAuthenticator.1
            protected void saveRequest() {
                try {
                    if (this.deployment.getTokenStore() == TokenStore.SESSION) {
                        CatalinaRequestAuthenticator.this.valve.keycloakSaveRequest(CatalinaRequestAuthenticator.this.request);
                    }
                } catch (IOException e) {
                    throw new RuntimeException(e);
                }
            }
        };
    }

    protected void completeOAuthAuthentication(final KeycloakPrincipal<RefreshableKeycloakSecurityContext> keycloakPrincipal) {
        final RefreshableKeycloakSecurityContext keycloakSecurityContext = keycloakPrincipal.getKeycloakSecurityContext();
        final Set rolesFromSecurityContext = AdapterUtils.getRolesFromSecurityContext(keycloakSecurityContext);
        KeycloakAccount keycloakAccount = new KeycloakAccount() { // from class: org.keycloak.adapters.tomcat7.CatalinaRequestAuthenticator.2
            public Principal getPrincipal() {
                return keycloakPrincipal;
            }

            public Set<String> getRoles() {
                return rolesFromSecurityContext;
            }

            public KeycloakSecurityContext getKeycloakSecurityContext() {
                return keycloakSecurityContext;
            }
        };
        this.request.setAttribute(KeycloakSecurityContext.class.getName(), keycloakSecurityContext);
        this.tokenStore.saveAccountInfo(keycloakAccount);
    }

    protected void completeBearerAuthentication(KeycloakPrincipal<RefreshableKeycloakSecurityContext> keycloakPrincipal) {
        KeycloakSecurityContext keycloakSecurityContext = (RefreshableKeycloakSecurityContext) keycloakPrincipal.getKeycloakSecurityContext();
        Set<String> rolesFromSecurityContext = AdapterUtils.getRolesFromSecurityContext(keycloakSecurityContext);
        if (log.isLoggable(Level.FINE)) {
            log.fine("Completing bearer authentication. Bearer roles: " + rolesFromSecurityContext);
        }
        this.request.setUserPrincipal(new CatalinaSecurityContextHelper().createPrincipal(this.request.getContext().getRealm(), keycloakPrincipal, rolesFromSecurityContext, keycloakSecurityContext));
        this.request.setAuthType("KEYCLOAK");
        this.request.setAttribute(KeycloakSecurityContext.class.getName(), keycloakSecurityContext);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void restoreRequest() {
        if (this.request.getSessionInternal().getNote("org.apache.catalina.authenticator.REQUEST") != null) {
            if (this.valve.keycloakRestoreRequest(this.request)) {
                log.finer("restoreRequest");
            } else {
                log.finer("Restore of original request failed");
                throw new RuntimeException("Restore of original request failed");
            }
        }
    }

    protected String getHttpSessionId(boolean z) {
        HttpSession session = this.request.getSession(z);
        if (session != null) {
            return session.getId();
        }
        return null;
    }
}
