package cz.integsoft.mule.security.api;

import java.io.IOException;
import java.io.InputStream;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import org.keycloak.adapters.KeycloakConfigResolver;
import org.keycloak.adapters.KeycloakDeployment;
import org.keycloak.adapters.KeycloakDeploymentBuilder;
import org.keycloak.adapters.spi.HttpFacade;
import org.keycloak.representations.AccessToken;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.access.AccessDeniedException;

/* loaded from: input_file:cz/integsoft/mule/security/api/HeaderKeycloakConfigResolver.class */
public class HeaderKeycloakConfigResolver implements KeycloakConfigResolver {
    private static final Logger a = LoggerFactory.getLogger(HeaderKeycloakConfigResolver.class);
    private final Map<String, KeycloakDeployment> b = new ConcurrentHashMap();
    public static final String TENANT_HEADER_REALM_KEY = "TENANT_REALM_NAME";
    public static final String TENANT_HEADER_CLIENT_ID_KEY = "TENANT_CLIENT_ID";
    private String c;
    private String d;

    public KeycloakDeployment resolve(HttpFacade.Request request) {
        AccessToken accessToken = null;
        try {
            accessToken = SecurityUtils.parseToken(request);
        } catch (IOException e) {
            a.warn("Failed to parse access token.", e);
        }
        String lowerCase = a(request, accessToken).toLowerCase();
        String lowerCase2 = b(request, accessToken).toLowerCase();
        KeycloakDeployment keycloakDeployment = this.b.get(a(lowerCase, lowerCase2));
        if (null == keycloakDeployment) {
            InputStream resourceAsStream = getClass().getResourceAsStream("/keycloak-" + lowerCase + '$' + lowerCase2 + ".json");
            if (resourceAsStream == null) {
                throw new AccessDeniedException("Not able to find the file /keycloak-" + lowerCase + '$' + lowerCase2 + ".json");
            }
            keycloakDeployment = KeycloakDeploymentBuilder.build(resourceAsStream);
            this.b.put(a(lowerCase, lowerCase2), keycloakDeployment);
        }
        return keycloakDeployment;
    }

    private String a(HttpFacade.Request request, AccessToken accessToken) {
        if (request.getHeader(SecurityConstants.HEADER_REALM_OVERRIDE_NAME) != null) {
            return request.getHeader(SecurityConstants.HEADER_REALM_OVERRIDE_NAME);
        }
        if (accessToken != null) {
            return accessToken.getIssuer().substring(accessToken.getIssuer().lastIndexOf(47) + 1);
        }
        String header = request.getHeader(TENANT_HEADER_REALM_KEY);
        if (header != null && !header.isEmpty()) {
            return header;
        }
        if (this.c == null) {
            throw new AccessDeniedException("Not able to resolve realm from the request header!");
        }
        a.debug("Using default realm name {}", this.c);
        return this.c;
    }

    private String b(HttpFacade.Request request, AccessToken accessToken) {
        if (request.getHeader(SecurityConstants.HEADER_CLIENT_ID_OVERRIDE_NAME) != null) {
            return request.getHeader(SecurityConstants.HEADER_CLIENT_ID_OVERRIDE_NAME);
        }
        String header = request.getHeader(TENANT_HEADER_CLIENT_ID_KEY);
        if (header != null && !header.isEmpty()) {
            return header;
        }
        if (this.d == null) {
            throw new AccessDeniedException("Not able to resolve clientId from the request header!");
        }
        a.debug("Using default client id {}", this.d);
        return this.d;
    }

    private String a(String str, String str2) {
        return str + '-' + str2;
    }

    public String getDefaultRealmName() {
        return this.c;
    }

    public void setDefaultRealmName(String str) {
        this.c = str;
    }

    public void setDefaultClientId(String str) {
        this.d = str;
    }

    public String getDefaultClientId() {
        return this.d;
    }
}
