package org.imixs.archive.service.util;

import jakarta.ws.rs.client.ClientRequestContext;
import jakarta.ws.rs.client.ClientRequestFilter;
import java.io.IOException;
import java.util.Collections;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.apache.http.impl.client.HttpClients;
import org.imixs.melman.RestAPIException;
import org.keycloak.authorization.client.AuthzClient;
import org.keycloak.authorization.client.Configuration;
import org.keycloak.jose.jws.JWSInput;
import org.keycloak.jose.jws.JWSInputException;
import org.keycloak.representations.AccessToken;
import org.keycloak.representations.idm.authorization.AuthorizationRequest;

/* loaded from: input_file:WEB-INF/classes/org/imixs/archive/service/util/KeycloakAuthenticator.class */
public class KeycloakAuthenticator implements ClientRequestFilter {
    private String token;
    public static final String KEYCLOAK_ENDPOINT = "keycloak.endpoint";
    public static final String KEYCLOAK_REALM = "keycloak.realm";
    public static final String KEYCLOAK_CLIENTID = "keycloak.clientid";
    public static final String KEYCLOAK_SECRET = "keycloak.secret";
    private static final Logger logger = Logger.getLogger(KeycloakAuthenticator.class.getName());
    String keycloakServer;
    String keycloakRealm;
    String keycloakClientId;
    String keycloakSecret;

    public KeycloakAuthenticator(String str, String str2, String str3) throws RestAPIException {
        this.token = null;
        logger.isLoggable(Level.FINE);
        logger.info("init KeycloakAuthenticator... (v2)");
        readConfig();
        if (1 != 0) {
            logger.info("keycloak login: " + str);
        }
        AuthzClient create = AuthzClient.create(new Configuration(this.keycloakServer, this.keycloakRealm, this.keycloakClientId, Collections.singletonMap("secret", this.keycloakSecret), HttpClients.createDefault()));
        this.token = create.authorization(str2, str3).authorize(new AuthorizationRequest()).getToken();
        logger.info("token=" + this.token);
        try {
            logger.info("---email=" + ((AccessToken) new JWSInput(this.token).readJsonContent(AccessToken.class)).getEmail());
        } catch (JWSInputException e) {
            throw new IllegalArgumentException("Failed to deserialize token", e);
        }
    }

    public void readConfig() {
        logger.info("read config KeycloakAuthenticator...");
        this.keycloakServer = System.getenv("KEYCLOAK_ENDPOINT");
        this.keycloakRealm = System.getenv("KEYCLOAK_REALM");
        this.keycloakClientId = System.getenv("KEYCLOAK_CLIENTID");
        this.keycloakSecret = System.getenv("KEYCLOAK_SECRET");
        logger.info("Keycloak Server: " + this.keycloakServer);
        logger.info("Keycloak Realm: " + this.keycloakRealm);
        logger.info("Keycloak ClientId: " + this.keycloakClientId);
    }

    public String getToken() {
        return this.token;
    }

    public void setToken(String str) {
        this.token = str;
    }

    public void filter(ClientRequestContext clientRequestContext) throws IOException {
        if (this.token == null || "".equals(this.token)) {
            return;
        }
        logger.info(" add authroization header....v2");
        clientRequestContext.getHeaders().add("Authorization", "Bearer " + getToken());
    }
}
