package org.keycloak.adapters.tomcat7;

import java.security.Principal;
import java.util.logging.Logger;
import org.apache.catalina.Session;
import org.apache.catalina.connector.Request;
import org.apache.catalina.realm.GenericPrincipal;
import org.keycloak.KeycloakSecurityContext;
import org.keycloak.adapters.AdapterTokenStore;
import org.keycloak.adapters.KeycloakAccount;
import org.keycloak.adapters.KeycloakDeployment;
import org.keycloak.adapters.RefreshableKeycloakSecurityContext;
import org.keycloak.adapters.RequestAuthenticator;

/* loaded from: input_file:org/keycloak/adapters/tomcat7/CatalinaSessionTokenStore.class */
public class CatalinaSessionTokenStore implements AdapterTokenStore {
    private static final Logger log = Logger.getLogger("" + CatalinaSessionTokenStore.class);
    private Request request;
    private KeycloakDeployment deployment;
    private CatalinaUserSessionManagement sessionManagement;

    public CatalinaSessionTokenStore(Request request, KeycloakDeployment keycloakDeployment, CatalinaUserSessionManagement catalinaUserSessionManagement) {
        this.request = request;
        this.deployment = keycloakDeployment;
        this.sessionManagement = catalinaUserSessionManagement;
    }

    public void checkCurrentToken() {
        RefreshableKeycloakSecurityContext refreshableKeycloakSecurityContext;
        if (this.request.getSessionInternal(false) == null || this.request.getSessionInternal().getPrincipal() == null || (refreshableKeycloakSecurityContext = (RefreshableKeycloakSecurityContext) this.request.getSessionInternal().getNote(KeycloakSecurityContext.class.getName())) == null) {
            return;
        }
        if (refreshableKeycloakSecurityContext.getDeployment() == null) {
            refreshableKeycloakSecurityContext.setCurrentRequestInfo(this.deployment, this);
        }
        if (!refreshableKeycloakSecurityContext.isActive() || refreshableKeycloakSecurityContext.getDeployment().isAlwaysRefreshToken()) {
            if (refreshableKeycloakSecurityContext.refreshExpiredToken(false) && refreshableKeycloakSecurityContext.isActive()) {
                return;
            }
            Session sessionInternal = this.request.getSessionInternal();
            log.fine("Cleanup and expire session " + sessionInternal.getId() + " after failed refresh");
            sessionInternal.removeNote(KeycloakSecurityContext.class.getName());
            this.request.setUserPrincipal((Principal) null);
            this.request.setAuthType((String) null);
            sessionInternal.setPrincipal((Principal) null);
            sessionInternal.setAuthType((String) null);
            sessionInternal.expire();
        }
    }

    public boolean isCached(RequestAuthenticator requestAuthenticator) {
        if (this.request.getSessionInternal(false) == null || this.request.getSessionInternal().getPrincipal() == null) {
            return false;
        }
        log.fine("remote logged in already. Establish state from session");
        RefreshableKeycloakSecurityContext refreshableKeycloakSecurityContext = (RefreshableKeycloakSecurityContext) this.request.getSessionInternal().getNote(KeycloakSecurityContext.class.getName());
        if (refreshableKeycloakSecurityContext != null) {
            if (!this.deployment.getRealm().equals(refreshableKeycloakSecurityContext.getRealm())) {
                log.fine("Account from cookie is from a different realm than for the request.");
                return false;
            }
            refreshableKeycloakSecurityContext.setCurrentRequestInfo(this.deployment, this);
            this.request.setAttribute(KeycloakSecurityContext.class.getName(), refreshableKeycloakSecurityContext);
        }
        this.request.setUserPrincipal(this.request.getSessionInternal().getPrincipal());
        this.request.setAuthType("KEYCLOAK");
        ((CatalinaRequestAuthenticator) requestAuthenticator).restoreRequest();
        return true;
    }

    public void saveAccountInfo(KeycloakAccount keycloakAccount) {
        KeycloakSecurityContext keycloakSecurityContext = (RefreshableKeycloakSecurityContext) keycloakAccount.getKeycloakSecurityContext();
        GenericPrincipal createPrincipal = new CatalinaSecurityContextHelper().createPrincipal(this.request.getContext().getRealm(), keycloakAccount.getPrincipal(), keycloakAccount.getRoles(), keycloakSecurityContext);
        Session sessionInternal = this.request.getSessionInternal(true);
        sessionInternal.setPrincipal(createPrincipal);
        sessionInternal.setAuthType("OAUTH");
        sessionInternal.setNote(KeycloakSecurityContext.class.getName(), keycloakSecurityContext);
        log.fine("userSessionManagement.login: " + keycloakSecurityContext.getToken().getSubject());
        this.sessionManagement.login(sessionInternal);
    }

    public void logout() {
        Session sessionInternal = this.request.getSessionInternal(false);
        if (sessionInternal != null) {
            sessionInternal.removeNote(KeycloakSecurityContext.class.getName());
        }
    }

    public void refreshCallback(RefreshableKeycloakSecurityContext refreshableKeycloakSecurityContext) {
    }
}
