package org.keycloak.adapters;

import org.jboss.logging.Logger;
import org.keycloak.KeycloakPrincipal;
import org.keycloak.adapters.rotation.AdapterTokenVerifier;
import org.keycloak.adapters.spi.HttpFacade;
import org.keycloak.common.VerificationException;
import org.keycloak.common.util.KeycloakUriBuilder;
import org.keycloak.constants.AdapterConstants;
import org.keycloak.jose.jws.JWSInput;
import org.keycloak.jose.jws.JWSInputException;
import org.keycloak.representations.AccessToken;
import org.keycloak.representations.IDToken;

/* loaded from: input_file:WEB-INF/lib/keycloak-adapter-core-11.0.2.jar:org/keycloak/adapters/CookieTokenStore.class */
public class CookieTokenStore {
    private static final Logger log = Logger.getLogger((Class<?>) CookieTokenStore.class);
    private static final String DELIM = "___";

    public static void setTokenCookie(KeycloakDeployment keycloakDeployment, HttpFacade httpFacade, RefreshableKeycloakSecurityContext refreshableKeycloakSecurityContext) {
        log.debugf("Set new %s cookie now", AdapterConstants.KEYCLOAK_ADAPTER_STATE_COOKIE);
        httpFacade.getResponse().setCookie(AdapterConstants.KEYCLOAK_ADAPTER_STATE_COOKIE, refreshableKeycloakSecurityContext.getTokenString() + DELIM + refreshableKeycloakSecurityContext.getIdTokenString() + DELIM + refreshableKeycloakSecurityContext.getRefreshToken(), getCookiePath(keycloakDeployment, httpFacade), null, -1, keycloakDeployment.getSslRequired().isRequired(httpFacade.getRequest().getRemoteAddr()), true);
    }

    public static KeycloakPrincipal<RefreshableKeycloakSecurityContext> getPrincipalFromCookie(KeycloakDeployment keycloakDeployment, HttpFacade httpFacade, AdapterTokenStore adapterTokenStore) {
        IDToken iDToken;
        HttpFacade.Cookie cookie = httpFacade.getRequest().getCookie(AdapterConstants.KEYCLOAK_ADAPTER_STATE_COOKIE);
        if (cookie == null) {
            log.debug("Not found adapter state cookie in current request");
            return null;
        }
        String[] split = cookie.getValue().split(DELIM);
        if (split.length != 3) {
            log.warnf("Invalid format of %s cookie. Count of tokens: %s, expected 3", AdapterConstants.KEYCLOAK_ADAPTER_STATE_COOKIE, Integer.valueOf(split.length));
            return null;
        }
        String str = split[0];
        String str2 = split[1];
        String str3 = split[2];
        try {
            AccessToken accessToken = (AccessToken) AdapterTokenVerifier.createVerifier(str, keycloakDeployment, true, AccessToken.class).checkActive(false).verify().getToken();
            if (str2 == null || str2.length() <= 0) {
                iDToken = null;
            } else {
                try {
                    iDToken = (IDToken) new JWSInput(str2).readJsonContent(IDToken.class);
                } catch (JWSInputException e) {
                    throw new VerificationException(e);
                }
            }
            log.debug("Token Verification succeeded!");
            return new KeycloakPrincipal<>(AdapterUtils.getPrincipalName(keycloakDeployment, accessToken), new RefreshableKeycloakSecurityContext(keycloakDeployment, adapterTokenStore, str, accessToken, str2, iDToken, str3));
        } catch (VerificationException e2) {
            log.warn("Failed verify token", e2);
            return null;
        }
    }

    public static void removeCookie(KeycloakDeployment keycloakDeployment, HttpFacade httpFacade) {
        httpFacade.getResponse().resetCookie(AdapterConstants.KEYCLOAK_ADAPTER_STATE_COOKIE, getCookiePath(keycloakDeployment, httpFacade));
    }

    static String getCookiePath(KeycloakDeployment keycloakDeployment, HttpFacade httpFacade) {
        String trim = keycloakDeployment.getAdapterStateCookiePath() == null ? "" : keycloakDeployment.getAdapterStateCookiePath().trim();
        if (trim.startsWith("/")) {
            return trim;
        }
        String contextPath = getContextPath(httpFacade);
        StringBuilder sb = new StringBuilder(contextPath);
        if (!contextPath.endsWith("/") && !trim.isEmpty()) {
            sb.append("/");
        }
        return sb.append(trim).toString();
    }

    static String getContextPath(HttpFacade httpFacade) {
        String path = KeycloakUriBuilder.fromUri(httpFacade.getRequest().getURI()).getPath();
        if (path == null || path.isEmpty()) {
            return "/";
        }
        int indexOf = path.indexOf("/", 1);
        return indexOf == -1 ? path : path.substring(0, indexOf);
    }
}
