package org.nuxeo.ecm.platform.ui.web.keycloak;

import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.UUID;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.keycloak.adapters.AdapterDeploymentContext;
import org.keycloak.adapters.spi.AuthOutcome;
import org.keycloak.representations.AccessToken;
import org.nuxeo.ecm.platform.api.login.UserIdentificationInfo;
import org.nuxeo.ecm.platform.ui.web.auth.interfaces.NuxeoAuthenticationPlugin;
import org.nuxeo.ecm.platform.ui.web.auth.interfaces.NuxeoAuthenticationPluginLogoutExtension;
import org.nuxeo.ecm.platform.ui.web.keycloak.KeycloakUserInfo;
import org.nuxeo.runtime.api.Framework;
import org.nuxeo.usermapper.service.UserMapperService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/nuxeo/ecm/platform/ui/web/keycloak/KeycloakAuthenticationPlugin.class */
public class KeycloakAuthenticationPlugin implements NuxeoAuthenticationPlugin, NuxeoAuthenticationPluginLogoutExtension {
    private static final Logger LOGGER = LoggerFactory.getLogger(KeycloakAuthenticationPlugin.class);
    private static final String PROTOCOL_CLASSPATH = "classpath:";
    public static final String KEYCLOAK_CONFIG_FILE_KEY = "keycloakConfigFilename";
    public static final String KEYCLOAK_MAPPING_NAME_KEY = "mappingName";
    public static final String DEFAULT_MAPPING_NAME = "keycloak";
    private KeycloakAuthenticatorProvider keycloakAuthenticatorProvider;
    private String keycloakConfigFile = "classpath:keycloak.json";
    protected String mappingName = DEFAULT_MAPPING_NAME;

    public void initPlugin(Map<String, String> map) {
        LOGGER.info("INITIALIZE KEYCLOAK");
        if (map.containsKey(KEYCLOAK_CONFIG_FILE_KEY)) {
            this.keycloakConfigFile = PROTOCOL_CLASSPATH + map.get(KEYCLOAK_CONFIG_FILE_KEY);
        }
        if (map.containsKey(KEYCLOAK_MAPPING_NAME_KEY)) {
            this.mappingName = map.get(KEYCLOAK_MAPPING_NAME_KEY);
        }
        this.keycloakAuthenticatorProvider = new KeycloakAuthenticatorProvider(new AdapterDeploymentContext(KeycloakNuxeoDeployment.build(loadKeycloakConfigFile())));
        LOGGER.info("Keycloak is using a per-deployment configuration loaded from: " + this.keycloakConfigFile);
    }

    public Boolean needLoginPrompt(HttpServletRequest httpServletRequest) {
        return Boolean.TRUE;
    }

    public Boolean handleLoginPrompt(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) {
        return Boolean.TRUE;
    }

    public List<String> getUnAuthenticatedURLPrefix() {
        return null;
    }

    public UserIdentificationInfo handleRetrieveIdentity(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        LOGGER.debug("KEYCLOAK will handle identification");
        KeycloakRequestAuthenticator provide = this.keycloakAuthenticatorProvider.provide(httpServletRequest, httpServletResponse);
        String resourceName = this.keycloakAuthenticatorProvider.getResolvedDeployment().getResourceName();
        if (provide.authenticate() != AuthOutcome.AUTHENTICATED) {
            return null;
        }
        AccessToken accessToken = (AccessToken) httpServletRequest.getAttribute(KeycloakRequestAuthenticator.KEYCLOAK_ACCESS_TOKEN);
        KeycloakUserInfo keycloakUserInfo = getKeycloakUserInfo(accessToken);
        UserMapperService userMapperService = (UserMapperService) Framework.getService(UserMapperService.class);
        keycloakUserInfo.setRoles(getRoles(accessToken, resourceName));
        userMapperService.getOrCreateAndUpdateNuxeoPrincipal(this.mappingName, keycloakUserInfo);
        return keycloakUserInfo;
    }

    public Boolean handleLogout(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        LOGGER.debug("KEYCLOAK will handle logout");
        String logout = this.keycloakAuthenticatorProvider.logout(httpServletRequest, httpServletResponse);
        try {
            httpServletResponse.sendRedirect(logout);
            return Boolean.TRUE;
        } catch (IOException e) {
            String str = "Could note handle logout with URI: " + logout;
            LOGGER.error(str);
            throw new RuntimeException(str);
        }
    }

    private KeycloakUserInfo getKeycloakUserInfo(AccessToken accessToken) {
        return KeycloakUserInfo.KeycloakUserInfoBuilder.aKeycloakUserInfo().withUserName(accessToken.getEmail()).withFirstName(accessToken.getGivenName()).withLastName(accessToken.getFamilyName()).withCompany(accessToken.getPreferredUsername()).withAuthPluginName("KEYCLOAK_AUTH").withPassword(UUID.randomUUID().toString()).build();
    }

    private Set<String> getRoles(AccessToken accessToken, String str) {
        HashSet hashSet = new HashSet();
        Set roles = accessToken.getRealmAccess().getRoles();
        if (roles != null) {
            hashSet.addAll(roles);
        }
        AccessToken.Access resourceAccess = accessToken.getResourceAccess(str);
        if (resourceAccess != null) {
            hashSet.addAll(resourceAccess.getRoles());
        }
        return hashSet;
    }

    private InputStream loadKeycloakConfigFile() {
        if (!this.keycloakConfigFile.startsWith(PROTOCOL_CLASSPATH)) {
            try {
                LOGGER.debug("Loading config from file: " + this.keycloakConfigFile);
                return new FileInputStream(this.keycloakConfigFile);
            } catch (FileNotFoundException e) {
                String str = "Config not found on " + this.keycloakConfigFile;
                LOGGER.error(str);
                throw new RuntimeException(str, e);
            }
        }
        String replace = this.keycloakConfigFile.replace(PROTOCOL_CLASSPATH, "");
        LOGGER.debug("Loading config from classpath on location: " + replace);
        InputStream resourceAsStream = getClass().getClassLoader().getResourceAsStream(replace);
        if (resourceAsStream == null) {
            resourceAsStream = Thread.currentThread().getContextClassLoader().getResourceAsStream(replace);
        }
        if (resourceAsStream != null) {
            return resourceAsStream;
        }
        String str2 = "Unable to find config from classpath: " + this.keycloakConfigFile;
        LOGGER.error(str2);
        throw new RuntimeException(str2);
    }

    public void setKeycloakAuthenticatorProvider(KeycloakAuthenticatorProvider keycloakAuthenticatorProvider) {
        this.keycloakAuthenticatorProvider = keycloakAuthenticatorProvider;
    }
}
