package org.geoserver.security.keycloak;

import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.keycloak.KeycloakPrincipal;
import org.keycloak.adapters.spi.AuthChallenge;
import org.keycloak.adapters.springsecurity.account.SimpleKeycloakAccount;
import org.keycloak.adapters.springsecurity.facade.SimpleHttpFacade;
import org.springframework.http.HttpStatus;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.AuthenticationEntryPoint;

/* loaded from: input_file:org/geoserver/security/keycloak/AuthResults.class */
class AuthResults implements AuthenticationEntryPoint {
    private final Authentication authentication;
    private final AuthChallenge challenge;
    static final /* synthetic */ boolean $assertionsDisabled;

    public AuthResults() {
        this.authentication = null;
        this.challenge = null;
    }

    public AuthResults(AuthChallenge authChallenge) {
        this.authentication = null;
        this.challenge = authChallenge;
    }

    public AuthResults(Authentication authentication) {
        Object principal;
        Object details;
        if (authentication.getDetails() instanceof SimpleKeycloakAccount) {
            details = (SimpleKeycloakAccount) authentication.getDetails();
            if (!$assertionsDisabled && !(((SimpleKeycloakAccount) details).getPrincipal() instanceof KeycloakPrincipal)) {
                throw new AssertionError();
            }
            KeycloakPrincipal principal2 = ((SimpleKeycloakAccount) details).getPrincipal();
            principal = principal2.getName();
            if (principal2.getKeycloakSecurityContext().getIdToken() != null) {
                principal = principal2.getKeycloakSecurityContext().getIdToken().getPreferredUsername();
            }
        } else {
            principal = authentication.getPrincipal();
            details = authentication.getDetails();
        }
        this.authentication = new UsernamePasswordAuthenticationToken(principal, authentication.getCredentials(), authentication.getAuthorities());
        this.authentication.setDetails(details);
        this.challenge = null;
    }

    public boolean challenge(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        if (this.authentication != null) {
            return true;
        }
        if (this.challenge != null) {
            return this.challenge.challenge(new SimpleHttpFacade(httpServletRequest, httpServletResponse));
        }
        httpServletResponse.setStatus(HttpStatus.FORBIDDEN.value());
        return false;
    }

    public void commence(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException authenticationException) throws IOException, ServletException {
        challenge(httpServletRequest, httpServletResponse);
    }

    public Authentication getAuthentication() {
        return this.authentication;
    }

    public boolean hasAuthentication() {
        return this.authentication != null;
    }

    static {
        $assertionsDisabled = !AuthResults.class.desiredAssertionStatus();
    }
}
