package org.keycloak.services.managers;

import jakarta.ws.rs.NotAuthorizedException;
import jakarta.ws.rs.core.HttpHeaders;
import jakarta.ws.rs.core.UriInfo;
import java.util.regex.Pattern;
import org.keycloak.TokenVerifier;
import org.keycloak.common.ClientConnection;
import org.keycloak.common.util.ObjectUtil;
import org.keycloak.models.KeycloakContext;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.services.managers.AuthenticationManager;

/* loaded from: input_file:org/keycloak/services/managers/AppAuthManager.class */
public class AppAuthManager extends AuthenticationManager {
    private static final String BEARER = "Bearer";
    private static final Pattern WHITESPACES = Pattern.compile("\\s+");

    /* loaded from: input_file:org/keycloak/services/managers/AppAuthManager$BearerTokenAuthenticator.class */
    public static class BearerTokenAuthenticator {
        private KeycloakSession session;
        private RealmModel realm;
        private UriInfo uriInfo;
        private ClientConnection connection;
        private HttpHeaders headers;
        private String tokenString;
        private String audience;

        public BearerTokenAuthenticator(KeycloakSession keycloakSession) {
            this.session = keycloakSession;
        }

        public BearerTokenAuthenticator setSession(KeycloakSession keycloakSession) {
            this.session = keycloakSession;
            return this;
        }

        public BearerTokenAuthenticator setRealm(RealmModel realmModel) {
            this.realm = realmModel;
            return this;
        }

        public BearerTokenAuthenticator setUriInfo(UriInfo uriInfo) {
            this.uriInfo = uriInfo;
            return this;
        }

        public BearerTokenAuthenticator setConnection(ClientConnection clientConnection) {
            this.connection = clientConnection;
            return this;
        }

        public BearerTokenAuthenticator setHeaders(HttpHeaders httpHeaders) {
            this.headers = httpHeaders;
            return this;
        }

        public BearerTokenAuthenticator setTokenString(String str) {
            this.tokenString = str;
            return this;
        }

        public BearerTokenAuthenticator setAudience(String str) {
            this.audience = str;
            return this;
        }

        public AuthenticationManager.AuthResult authenticate() {
            KeycloakContext context = this.session.getContext();
            if (this.realm == null) {
                this.realm = context.getRealm();
            }
            if (this.uriInfo == null) {
                this.uriInfo = context.getUri();
            }
            if (this.connection == null) {
                this.connection = context.getConnection();
            }
            if (this.headers == null) {
                this.headers = context.getRequestHeaders();
            }
            if (this.tokenString == null) {
                this.tokenString = AppAuthManager.extractAuthorizationHeaderToken(this.headers);
            }
            return AuthenticationManager.verifyIdentityToken(this.session, this.realm, this.uriInfo, this.connection, true, true, this.audience, false, this.tokenString, this.headers, new TokenVerifier.Predicate[0]);
        }
    }

    @Override // org.keycloak.services.managers.AuthenticationManager
    public AuthenticationManager.AuthResult authenticateIdentityCookie(KeycloakSession keycloakSession, RealmModel realmModel) {
        AuthenticationManager.AuthResult authenticateIdentityCookie = super.authenticateIdentityCookie(keycloakSession, realmModel);
        if (authenticateIdentityCookie == null) {
            return null;
        }
        createLoginCookie(keycloakSession, realmModel, authenticateIdentityCookie.getUser(), authenticateIdentityCookie.getSession(), keycloakSession.getContext().getUri(), keycloakSession.getContext().getConnection());
        if (authenticateIdentityCookie.getSession().isRememberMe()) {
            createRememberMeCookie(authenticateIdentityCookie.getUser().getUsername(), keycloakSession.getContext().getUri(), keycloakSession);
        }
        return authenticateIdentityCookie;
    }

    private static String extractTokenStringFromAuthHeader(String str) {
        if (str == null) {
            return null;
        }
        String[] split = WHITESPACES.split(str.trim());
        if (split.length != 2) {
            return null;
        }
        String str2 = split[0];
        if (!str2.equalsIgnoreCase(BEARER) && !str2.equalsIgnoreCase("DPoP")) {
            return null;
        }
        String str3 = split[1];
        if (ObjectUtil.isBlank(str3)) {
            return null;
        }
        return str3;
    }

    public static String extractAuthorizationHeaderTokenOrReturnNull(HttpHeaders httpHeaders) {
        return extractTokenStringFromAuthHeader((String) httpHeaders.getRequestHeaders().getFirst("Authorization"));
    }

    public static String extractAuthorizationHeaderToken(HttpHeaders httpHeaders) {
        String str = (String) httpHeaders.getRequestHeaders().getFirst("Authorization");
        if (str == null) {
            return null;
        }
        String extractTokenStringFromAuthHeader = extractTokenStringFromAuthHeader(str);
        if (extractTokenStringFromAuthHeader == null) {
            throw new NotAuthorizedException(BEARER, new Object[0]);
        }
        return extractTokenStringFromAuthHeader;
    }
}
