package com.gentics.contentnode.auth.filter;

import com.gentics.lib.base.MapResolver;
import java.io.IOException;
import java.util.HashMap;
import java.util.Map;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import org.keycloak.KeycloakPrincipal;
import org.keycloak.KeycloakSecurityContext;
import org.keycloak.representations.AccessToken;

/* loaded from: input_file:com/gentics/contentnode/auth/filter/KeycloakIntegrationFilter.class */
public class KeycloakIntegrationFilter extends AbstractSSOFilter {
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        AccessToken token = getToken(httpServletRequest);
        if (token == null) {
            this.logger.warn("Could not get access token from request, skipping SSO login.");
        } else {
            new HashMap();
            HashMap hashMap = new HashMap();
            hashMap.put("firstname", token.getGivenName());
            hashMap.put("lastname", token.getFamilyName());
            hashMap.put("email", token.getEmail());
            HashMap hashMap2 = new HashMap();
            HashMap hashMap3 = new HashMap();
            if (token.getResourceAccess() != null) {
                for (Map.Entry entry : token.getResourceAccess().entrySet()) {
                    hashMap3.put((String) entry.getKey(), ((AccessToken.Access) entry.getValue()).getRoles());
                }
            }
            if (token.getRealmAccess() != null) {
                hashMap2.put("realm", token.getRealmAccess().getRoles());
            }
            hashMap2.put("resource", new MapResolver(hashMap3));
            hashMap.put("roles", new MapResolver(hashMap2));
            servletRequest = doSSOLogin(httpServletRequest, token.getPreferredUsername(), hashMap);
        }
        filterChain.doFilter(servletRequest, servletResponse);
    }

    private AccessToken getToken(HttpServletRequest httpServletRequest) {
        KeycloakSecurityContext keycloakSecurityContext;
        KeycloakPrincipal userPrincipal = httpServletRequest.getUserPrincipal();
        if (!(userPrincipal instanceof KeycloakPrincipal) || (keycloakSecurityContext = userPrincipal.getKeycloakSecurityContext()) == null) {
            return null;
        }
        return keycloakSecurityContext.getToken();
    }
}
