package io.phasetwo.service.resource;

import jakarta.ws.rs.NotAuthorizedException;
import jakarta.ws.rs.NotFoundException;
import jakarta.ws.rs.core.HttpHeaders;
import jakarta.ws.rs.core.UriInfo;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.ParameterizedType;
import java.lang.reflect.Type;
import org.jboss.logging.Logger;
import org.keycloak.Config;
import org.keycloak.common.ClientConnection;
import org.keycloak.jose.jws.JWSInput;
import org.keycloak.jose.jws.JWSInputException;
import org.keycloak.models.ClientModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.representations.AccessToken;
import org.keycloak.services.managers.AppAuthManager;
import org.keycloak.services.managers.AuthenticationManager;
import org.keycloak.services.managers.RealmManager;
import org.keycloak.services.resources.admin.AdminAuth;
import org.keycloak.services.resources.admin.AdminEventBuilder;
import org.keycloak.services.resources.admin.permissions.AdminPermissionEvaluator;
import org.keycloak.services.resources.admin.permissions.Permissions;

/* loaded from: input_file:io/phasetwo/service/resource/AbstractAdminResource.class */
public abstract class AbstractAdminResource<T extends AdminAuth> {
    private static final Logger log = Logger.getLogger(AbstractAdminResource.class);
    protected final ClientConnection connection;
    protected final HttpHeaders headers;
    protected final KeycloakSession session;
    protected final RealmModel realm;
    protected T auth;
    protected AdminPermissionEvaluator permissions;
    protected AdminEventBuilder adminEvent;
    protected UserModel user;
    protected RealmModel adminRealm;

    /* JADX INFO: Access modifiers changed from: protected */
    public AbstractAdminResource(KeycloakSession keycloakSession) {
        this.session = keycloakSession;
        this.realm = keycloakSession.getContext().getRealm();
        this.headers = keycloakSession.getContext().getRequestHeaders();
        this.connection = keycloakSession.getContext().getConnection();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AbstractAdminResource(AbstractAdminResource<T> abstractAdminResource) {
        this.connection = abstractAdminResource.connection;
        this.headers = abstractAdminResource.headers;
        this.session = abstractAdminResource.session;
        this.realm = abstractAdminResource.realm;
        this.auth = abstractAdminResource.auth;
        this.permissions = abstractAdminResource.permissions;
        this.adminEvent = abstractAdminResource.adminEvent;
        this.user = abstractAdminResource.user;
        this.adminRealm = abstractAdminResource.adminRealm;
    }

    public final void setup() {
        setupAuth();
        setupEvents();
        setupPermissions();
        setupCors();
    }

    private void setupCors() {
        Cors.add(this.session.getContext().getHttpRequest()).allowedOrigins(this.auth.getToken()).allowedMethods(CorsResource.METHODS).exposedHeaders("Location").auth().build(this.session.getContext().getHttpResponse());
    }

    private void setupAuth() {
        new AppAuthManager();
        String extractAuthorizationHeaderToken = AppAuthManager.extractAuthorizationHeaderToken(this.headers);
        if (extractAuthorizationHeaderToken == null) {
            throw new NotAuthorizedException("Bearer", new Object[0]);
        }
        try {
            AccessToken accessToken = (AccessToken) new JWSInput(extractAuthorizationHeaderToken).readJsonContent(AccessToken.class);
            String substring = accessToken.getIssuer().substring(accessToken.getIssuer().lastIndexOf(47) + 1);
            RealmManager realmManager = new RealmManager(this.session);
            this.adminRealm = realmManager.getRealmByName(substring);
            if (this.adminRealm == null) {
                throw new NotAuthorizedException("Unknown realm in token", new Object[0]);
            }
            log.debugf("Realm from resource provider is %s. Realm from token is %s", this.realm.getName(), this.adminRealm.getName());
            this.session.getContext().setRealm(this.adminRealm);
            AuthenticationManager.AuthResult authenticateBearerToken = authenticateBearerToken(extractAuthorizationHeaderToken, this.session, this.adminRealm, this.session.getContext().getUri(), this.connection, this.headers);
            if (authenticateBearerToken == null) {
                throw new NotAuthorizedException("Bearer", new Object[0]);
            }
            this.session.getContext().setRealm(this.realm);
            ClientModel masterAdminClient = this.adminRealm.getName().equals(Config.getAdminRealm()) ? this.realm.getMasterAdminClient() : this.realm.getClientByClientId(realmManager.getRealmAdminClientId(this.realm));
            if (masterAdminClient == null) {
                throw new NotFoundException("Could not find client for authorization");
            }
            this.user = authenticateBearerToken.getUser();
            Type genericSuperclass = getClass().getGenericSuperclass();
            ParameterizedType parameterizedType = null;
            while (parameterizedType == null) {
                if (genericSuperclass instanceof ParameterizedType) {
                    parameterizedType = (ParameterizedType) genericSuperclass;
                } else {
                    genericSuperclass = ((Class) genericSuperclass).getGenericSuperclass();
                }
            }
            try {
                this.auth = (T) ((Class) parameterizedType.getActualTypeArguments()[0]).getConstructor(RealmModel.class, AccessToken.class, UserModel.class, ClientModel.class).newInstance(this.realm, accessToken, this.user, masterAdminClient);
            } catch (IllegalAccessException | IllegalArgumentException | InstantiationException | NoSuchMethodException | SecurityException | InvocationTargetException e) {
                log.error("Failed to instantiate AdminAuth instance", e);
            }
        } catch (JWSInputException e2) {
            throw new NotAuthorizedException("Bearer token format error", new Object[0]);
        }
    }

    private void setupEvents() {
        this.adminEvent = new AdminEventBuilder(this.realm, this.auth, this.session, this.session.getContext().getConnection()).realm(this.realm);
    }

    private void setupPermissions() {
        this.permissions = Permissions.evaluator(this.session, this.realm, this.adminRealm, this.user);
    }

    private AuthenticationManager.AuthResult authenticateBearerToken(String str, KeycloakSession keycloakSession, RealmModel realmModel, UriInfo uriInfo, ClientConnection clientConnection, HttpHeaders httpHeaders) {
        return new AppAuthManager.BearerTokenAuthenticator(keycloakSession).setRealm(realmModel).setUriInfo(uriInfo).setTokenString(str).setConnection(clientConnection).setHeaders(httpHeaders).authenticate();
    }
}
