package io.hawt.web.keycloak;

import com.fasterxml.jackson.core.util.MinimalPrettyPrinter;
import io.hawt.system.ConfigManager;
import io.hawt.util.IOHelper;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.PrintWriter;
import java.net.URL;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.eclipse.jgit.lib.ConfigConstants;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/hawtio-system-1.5.3.jar:io/hawt/web/keycloak/KeycloakServlet.class */
public class KeycloakServlet extends HttpServlet {
    private static final transient Logger LOG = LoggerFactory.getLogger((Class<?>) KeycloakServlet.class);
    public static final String KEYCLOAK_CLIENT_CONFIG = "keycloakClientConfig";
    public static final String KEYCLOAK_ENABLED = "keycloakEnabled";
    public static final String HAWTIO_KEYCLOAK_CLIENT_CONFIG = "hawtio.keycloakClientConfig";
    public static final String HAWTIO_KEYCLOAK_ENABLED = "hawtio.keycloakEnabled";
    private String keycloakConfig = null;
    private boolean keycloakEnabled;

    public void init() throws ServletException {
        ConfigManager configManager = (ConfigManager) getServletContext().getAttribute("ConfigManager");
        this.keycloakEnabled = isKeycloakEnabled(configManager);
        LOG.info("Keycloak integration is " + (this.keycloakEnabled ? "enabled" : "disabled"));
        if (this.keycloakEnabled) {
            String str = configManager.get(KEYCLOAK_CLIENT_CONFIG, null);
            if (System.getProperty(HAWTIO_KEYCLOAK_CLIENT_CONFIG) != null) {
                str = System.getProperty(HAWTIO_KEYCLOAK_CLIENT_CONFIG);
            }
            if (str == null || str.length() == 0) {
                str = defaultKeycloakConfigLocation();
            }
            LOG.info("Will load keycloak config from location: " + str);
            InputStream loadFile = loadFile(str);
            try {
                if (loadFile == null) {
                    LOG.warn("Keycloak client configuration not found!");
                    return;
                }
                try {
                    this.keycloakConfig = IOHelper.readFully(new BufferedReader(new InputStreamReader(loadFile))).replaceAll(MinimalPrettyPrinter.DEFAULT_ROOT_VALUE_SEPARATOR, "").replaceAll(System.lineSeparator(), "");
                    IOHelper.close(loadFile, "keycloakInputStream", LOG);
                } catch (IOException e) {
                    LOG.warn("Couldn't read keycloak configuration file", (Throwable) e);
                    IOHelper.close(loadFile, "keycloakInputStream", LOG);
                }
            } catch (Throwable th) {
                IOHelper.close(loadFile, "keycloakInputStream", LOG);
                throw th;
            }
        }
    }

    public static boolean isKeycloakEnabled(ConfigManager configManager) {
        String str = configManager.get(KEYCLOAK_ENABLED, ConfigConstants.CONFIG_KEY_FALSE);
        if (System.getProperty(HAWTIO_KEYCLOAK_ENABLED) != null) {
            str = System.getProperty(HAWTIO_KEYCLOAK_ENABLED);
        }
        return Boolean.parseBoolean(str);
    }

    protected String defaultKeycloakConfigLocation() {
        String property = System.getProperty("karaf.base");
        if (property != null) {
            return property + "/etc/keycloak.json";
        }
        String property2 = System.getProperty("jetty.home");
        if (property2 != null) {
            return property2 + "/etc/keycloak.json";
        }
        String property3 = System.getProperty("catalina.home");
        if (property3 != null) {
            return property3 + "/conf/keycloak.json";
        }
        String property4 = System.getProperty("jboss.server.config.dir");
        return property4 != null ? property4 + "/keycloak.json" : "classpath:keycloak.json";
    }

    protected InputStream loadFile(String str) {
        if (str.startsWith("classpath:")) {
            return getClass().getClassLoader().getResourceAsStream(str.substring(10));
        }
        try {
            if (!str.contains(":")) {
                str = "file://" + str;
            }
            return new URL(str).openStream();
        } catch (Exception e) {
            LOG.warn("Couldn't find keycloak config file on location: " + str);
            LOG.debug("Couldn't find keycloak config file", (Throwable) e);
            return null;
        }
    }

    protected void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        String pathInfo = httpServletRequest.getPathInfo();
        if ("/enabled".equals(pathInfo)) {
            renderJSONResponse(httpServletResponse, String.valueOf(this.keycloakEnabled));
            return;
        }
        if ("/client-config".equals(pathInfo)) {
            if (this.keycloakConfig == null) {
                httpServletResponse.sendError(404, "Keycloak client configuration not found");
                return;
            } else {
                renderJSONResponse(httpServletResponse, this.keycloakConfig);
                return;
            }
        }
        if ("/validate-subject-matches".equals(pathInfo)) {
            String parameter = httpServletRequest.getParameter("keycloakUser");
            if (parameter == null || parameter.length() == 0) {
                LOG.warn("Parameter 'keycloakUser' not found");
            }
            renderJSONResponse(httpServletResponse, String.valueOf(validateKeycloakUser(httpServletRequest, parameter)));
        }
    }

    protected boolean validateKeycloakUser(HttpServletRequest httpServletRequest, String str) {
        String str2;
        HttpSession session = httpServletRequest.getSession(false);
        if (session == null || (str2 = (String) session.getAttribute("user")) == null || str2.equals(str)) {
            return true;
        }
        LOG.debug("Non matching username found. JAAS username: " + str2 + ", keycloakUsername: " + str + ". Invalidating session");
        session.invalidate();
        return false;
    }

    private void renderJSONResponse(HttpServletResponse httpServletResponse, String str) throws ServletException, IOException {
        httpServletResponse.setContentType("application/json");
        PrintWriter writer = httpServletResponse.getWriter();
        writer.println(str);
        writer.flush();
        writer.close();
    }
}
