package ru.playa.keycloak.modules;

import javax.ws.rs.GET;
import javax.ws.rs.QueryParam;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.Response;
import org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider;
import org.keycloak.broker.oidc.OAuth2IdentityProviderConfig;
import org.keycloak.broker.provider.BrokeredIdentityContext;
import org.keycloak.broker.provider.IdentityProvider;
import org.keycloak.broker.provider.util.SimpleHttp;
import org.keycloak.common.ClientConnection;
import org.keycloak.events.EventBuilder;
import org.keycloak.events.EventType;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.services.ErrorPage;
import org.keycloak.sessions.AuthenticationSessionModel;

/* loaded from: input_file:ru/playa/keycloak/modules/AbstractRussianOAuth2IdentityProvider.class */
public abstract class AbstractRussianOAuth2IdentityProvider<C extends OAuth2IdentityProviderConfig> extends AbstractOAuth2IdentityProvider<C> {

    /* loaded from: input_file:ru/playa/keycloak/modules/AbstractRussianOAuth2IdentityProvider$Endpoint.class */
    protected class Endpoint {
        private IdentityProvider.AuthenticationCallback callback;
        private RealmModel realm;
        private EventBuilder event;

        @Context
        private KeycloakSession session;

        @Context
        private ClientConnection clientConnection;

        @Context
        private HttpHeaders headers;

        public Endpoint(IdentityProvider.AuthenticationCallback authenticationCallback, RealmModel realmModel, EventBuilder eventBuilder) {
            this.callback = authenticationCallback;
            this.realm = realmModel;
            this.event = eventBuilder;
        }

        @GET
        public Response authResponse(@QueryParam("state") String str, @QueryParam("code") String str2, @QueryParam("error") String str3) {
            if (str3 != null) {
                if (str3.equals("access_denied")) {
                    AbstractRussianOAuth2IdentityProvider.logger.error("access_denied for broker login " + AbstractRussianOAuth2IdentityProvider.this.getConfig().getProviderId());
                    return this.callback.cancelled(str);
                }
                AbstractRussianOAuth2IdentityProvider.logger.error(str3 + " for broker login " + AbstractRussianOAuth2IdentityProvider.this.getConfig().getProviderId());
                return this.callback.error(str, "identityProviderUnexpectedErrorMessage");
            }
            if (str2 != null) {
                try {
                    String asString = generateTokenRequest(str2).asString();
                    BrokeredIdentityContext federatedIdentity = AbstractRussianOAuth2IdentityProvider.this.getFederatedIdentity(asString);
                    if (AbstractRussianOAuth2IdentityProvider.this.getConfig().isStoreToken() && federatedIdentity.getToken() == null) {
                        federatedIdentity.setToken(asString);
                    }
                    federatedIdentity.setIdpConfig(AbstractRussianOAuth2IdentityProvider.this.getConfig());
                    federatedIdentity.setIdp(AbstractRussianOAuth2IdentityProvider.this);
                    federatedIdentity.setCode(str);
                    return this.callback.authenticated(federatedIdentity);
                } catch (WebApplicationException e) {
                    return e.getResponse();
                } catch (IllegalArgumentException e2) {
                    AbstractRussianOAuth2IdentityProvider.logger.error("Failed to make identity provider oauth callback illegal argument exception", e2);
                    this.event.event(EventType.LOGIN);
                    this.event.error("identity_provider_login_failure");
                    return ErrorPage.error(this.session, (AuthenticationSessionModel) null, Response.Status.BAD_GATEWAY, MessageUtils.EMAIL, new Object[0]);
                } catch (Exception e3) {
                    AbstractRussianOAuth2IdentityProvider.logger.error("Failed to make identity provider oauth callback", e3);
                }
            }
            this.event.event(EventType.LOGIN);
            this.event.error("identity_provider_login_failure");
            return ErrorPage.error(this.session, (AuthenticationSessionModel) null, Response.Status.BAD_GATEWAY, "identityProviderUnexpectedErrorMessage", new Object[0]);
        }

        public SimpleHttp generateTokenRequest(String str) {
            return SimpleHttp.doPost(AbstractRussianOAuth2IdentityProvider.this.getConfig().getTokenUrl(), this.session).param("code", str).param("client_id", AbstractRussianOAuth2IdentityProvider.this.getConfig().getClientId()).param("client_secret", AbstractRussianOAuth2IdentityProvider.this.getConfig().getClientSecret()).param("redirect_uri", this.session.getContext().getUri().getAbsolutePath().toString()).param("grant_type", "authorization_code");
        }
    }

    public AbstractRussianOAuth2IdentityProvider(KeycloakSession keycloakSession, C c) {
        super(keycloakSession, c);
    }

    public Object callback(RealmModel realmModel, IdentityProvider.AuthenticationCallback authenticationCallback, EventBuilder eventBuilder) {
        return new Endpoint(authenticationCallback, realmModel, eventBuilder);
    }
}
