package org.keycloak.adapters.springboot.client;

import de.adorsys.aspsp.xs2a.spi.config.keycloak.AuthorizationConstant;
import java.io.IOException;
import java.security.Principal;
import org.keycloak.KeycloakPrincipal;
import org.keycloak.KeycloakSecurityContext;
import org.springframework.http.HttpRequest;
import org.springframework.http.client.ClientHttpRequestExecution;
import org.springframework.http.client.ClientHttpRequestInterceptor;
import org.springframework.http.client.ClientHttpResponse;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;

/* loaded from: input_file:BOOT-INF/lib/keycloak-spring-boot-adapter-3.4.3.Final.jar:org/keycloak/adapters/springboot/client/KeycloakSecurityContextClientRequestInterceptor.class */
public class KeycloakSecurityContextClientRequestInterceptor implements ClientHttpRequestInterceptor {
    private static final String AUTHORIZATION_HEADER = "Authorization";

    protected KeycloakSecurityContext getKeycloakSecurityContext() {
        Principal userPrincipal = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest().getUserPrincipal();
        if (userPrincipal == null) {
            throw new IllegalStateException("Cannot set authorization header because there is no authenticated principal");
        }
        if (userPrincipal instanceof KeycloakPrincipal) {
            return ((KeycloakPrincipal) userPrincipal).getKeycloakSecurityContext();
        }
        throw new IllegalStateException(String.format("Cannot set authorization header because the principal type %s does not provide the KeycloakSecurityContext", userPrincipal.getClass()));
    }

    @Override // org.springframework.http.client.ClientHttpRequestInterceptor
    public ClientHttpResponse intercept(HttpRequest httpRequest, byte[] bArr, ClientHttpRequestExecution clientHttpRequestExecution) throws IOException {
        httpRequest.getHeaders().set("Authorization", AuthorizationConstant.BEARER_TOKEN_PREFIX + getKeycloakSecurityContext().getTokenString());
        return clientHttpRequestExecution.execute(httpRequest, bArr);
    }
}
