package io.apiman.manager.api.security.impl;

import io.apiman.common.logging.ApimanLoggerFactory;
import io.apiman.common.logging.IApimanLogger;
import io.apiman.manager.api.beans.idm.UserDto;
import io.apiman.manager.api.core.IStorage;
import io.apiman.manager.api.core.IStorageQuery;
import io.apiman.manager.api.core.config.ApiManagerConfig;
import java.util.List;
import java.util.Locale;
import java.util.Optional;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.enterprise.context.ApplicationScoped;
import javax.enterprise.inject.Alternative;
import javax.inject.Inject;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang3.LocaleUtils;
import org.keycloak.adapters.RefreshableKeycloakSecurityContext;

@Alternative
@ApplicationScoped
/* loaded from: input_file:io/apiman/manager/api/security/impl/KeycloakSecurityContext.class */
public class KeycloakSecurityContext extends AbstractSecurityContext {
    private static final IApimanLogger LOGGER = ApimanLoggerFactory.getLogger(KeycloakSecurityContext.class);
    private volatile KeycloakAdminClient keycloakAdminClient;

    @Inject
    public KeycloakSecurityContext(IStorageQuery iStorageQuery, IStorage iStorage, ApiManagerConfig apiManagerConfig) {
        super(iStorageQuery, iStorage, apiManagerConfig);
    }

    @Override // io.apiman.manager.api.security.impl.AbstractSecurityContext, io.apiman.manager.api.security.ISecurityContext
    public String getCurrentUser() {
        return servletRequest.get().getRemoteUser();
    }

    @Override // io.apiman.manager.api.security.impl.AbstractSecurityContext, io.apiman.manager.api.security.ISecurityContext
    public String getFullName() {
        org.keycloak.KeycloakSecurityContext keycloakSecurityContext = (org.keycloak.KeycloakSecurityContext) servletRequest.get().getAttribute(org.keycloak.KeycloakSecurityContext.class.getName());
        if (keycloakSecurityContext != null) {
            return keycloakSecurityContext.getToken().getName();
        }
        return null;
    }

    @Override // io.apiman.manager.api.security.impl.AbstractSecurityContext, io.apiman.manager.api.security.ISecurityContext
    public String getEmail() {
        org.keycloak.KeycloakSecurityContext keycloakSecurityContext = (org.keycloak.KeycloakSecurityContext) servletRequest.get().getAttribute(org.keycloak.KeycloakSecurityContext.class.getName());
        if (keycloakSecurityContext != null) {
            return keycloakSecurityContext.getToken().getEmail();
        }
        return null;
    }

    @Override // io.apiman.manager.api.security.impl.AbstractSecurityContext, io.apiman.manager.api.security.ISecurityContext
    public Locale getLocale() {
        HttpServletRequest httpServletRequest = servletRequest.get();
        org.keycloak.KeycloakSecurityContext keycloakSecurityContext = (org.keycloak.KeycloakSecurityContext) httpServletRequest.getAttribute(org.keycloak.KeycloakSecurityContext.class.getName());
        if (keycloakSecurityContext != null) {
            return (Locale) Optional.ofNullable(LocaleUtils.toLocale(keycloakSecurityContext.getToken().getLocale())).orElse(httpServletRequest.getLocale());
        }
        return null;
    }

    @Override // io.apiman.manager.api.security.ISecurityContext
    public List<UserDto> getRemoteUsersWithRole(String str) {
        List<UserDto> usersForRole = getKeycloakAdminClient().getUsersForRole(str);
        LOGGER.debug("Keycloak users for role {0} (using same realm as configured): {2}", new Object[]{str, usersForRole});
        return usersForRole;
    }

    @Override // io.apiman.manager.api.security.impl.AbstractSecurityContext, io.apiman.manager.api.security.ISecurityContext
    public List<UserDto> getUsersWithRole(String str, String str2) {
        List<UserDto> usersWithRole = super.getUsersWithRole(str, str2);
        LOGGER.debug("Apiman stored users for role {0} and org {1}: {2}", new Object[]{str, str2, usersWithRole});
        return (List) Stream.concat(usersWithRole.stream(), getRemoteUsersWithRole(str).stream()).distinct().collect(Collectors.toUnmodifiableList());
    }

    private KeycloakAdminClient getKeycloakAdminClient() {
        KeycloakAdminClient keycloakAdminClient;
        if (this.keycloakAdminClient != null) {
            return this.keycloakAdminClient;
        }
        synchronized (this) {
            this.keycloakAdminClient = new KeycloakAdminClient(((RefreshableKeycloakSecurityContext) servletRequest.get().getAttribute(org.keycloak.KeycloakSecurityContext.class.getName())).getDeployment());
            keycloakAdminClient = this.keycloakAdminClient;
        }
        return keycloakAdminClient;
    }
}
