package ma.co.omnidata.framework.oauth2.feign;

import com.google.common.base.Strings;
import feign.RequestInterceptor;
import feign.RequestTemplate;
import org.keycloak.KeycloakPrincipal;
import org.keycloak.KeycloakSecurityContext;
import org.keycloak.adapters.springsecurity.token.KeycloakAuthenticationToken;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.core.context.SecurityContextHolder;

/* loaded from: input_file:ma/co/omnidata/framework/oauth2/feign/OAuth2FeignRequestInterceptor.class */
public class OAuth2FeignRequestInterceptor implements RequestInterceptor {
    private static final Logger LOGGER = LoggerFactory.getLogger(OAuth2FeignRequestInterceptor.class);
    private static final String AUTHORIZATION_HEADER = "Authorization";
    private static final String BEARER_TOKEN_TYPE = "Bearer";

    public void apply(RequestTemplate requestTemplate) {
        KeycloakSecurityContext keycloakSecurityContext = getKeycloakSecurityContext();
        if (requestTemplate.headers().containsKey(AUTHORIZATION_HEADER)) {
            LOGGER.warn("The Authorization token has been already set");
        } else if (keycloakSecurityContext.getIdToken() == null && Strings.isNullOrEmpty(keycloakSecurityContext.getTokenString())) {
            LOGGER.warn("Can not obtain existing token for request, if it is a non secured request, ignore.");
        } else {
            LOGGER.debug("Constructing Header {} for Token {}", AUTHORIZATION_HEADER, BEARER_TOKEN_TYPE);
            requestTemplate.header(AUTHORIZATION_HEADER, new String[]{String.format("%s %s", BEARER_TOKEN_TYPE, keycloakSecurityContext.getTokenString())});
        }
    }

    protected KeycloakSecurityContext getKeycloakSecurityContext() {
        KeycloakAuthenticationToken authentication = SecurityContextHolder.getContext().getAuthentication();
        if (authentication == null) {
            throw new IllegalStateException("Cannot set authorization header because there is no authenticated principal");
        }
        if (authentication.getPrincipal() instanceof KeycloakPrincipal) {
            return ((KeycloakPrincipal) authentication.getPrincipal()).getKeycloakSecurityContext();
        }
        throw new IllegalStateException(String.format("Cannot set authorization header because the principal type %s does not provide the KeycloakSecurityContext", authentication.getPrincipal().getClass()));
    }
}
