package com.evolveum.midpoint.authentication.impl.factory.module;

import com.evolveum.midpoint.authentication.api.AuthModule;
import com.evolveum.midpoint.authentication.api.AuthenticationChannel;
import com.evolveum.midpoint.authentication.impl.channel.RestAuthenticationChannel;
import com.evolveum.midpoint.authentication.impl.module.authentication.ModuleAuthenticationImpl;
import com.evolveum.midpoint.authentication.impl.module.authentication.OidcResourceServerModuleAuthentication;
import com.evolveum.midpoint.authentication.impl.module.configuration.OidcResourceServerModuleWebSecurityConfiguration;
import com.evolveum.midpoint.authentication.impl.module.configurer.OidcResourceServerModuleWebSecurityConfigurer;
import com.evolveum.midpoint.authentication.impl.provider.OidcResourceServerProvider;
import com.evolveum.midpoint.authentication.impl.util.AuthModuleImpl;
import com.evolveum.midpoint.schema.constants.SchemaConstants;
import com.evolveum.midpoint.util.logging.Trace;
import com.evolveum.midpoint.util.logging.TraceManager;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AbstractAuthenticationModuleType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AuthenticationModulesType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.CredentialsPolicyType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.OidcAuthenticationModuleType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.OidcResourceServerAuthenticationModuleType;
import java.util.Map;
import javax.servlet.ServletRequest;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationConverter;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:WEB-INF/lib/authentication-impl-4.5.1-SNAPSHOT.jar:com/evolveum/midpoint/authentication/impl/factory/module/OidcResourceServerModuleFactory.class */
public class OidcResourceServerModuleFactory extends RemoteModuleFactory {
    private static final Trace LOGGER = TraceManager.getTrace((Class<?>) OidcResourceServerModuleFactory.class);

    @Override // com.evolveum.midpoint.authentication.impl.factory.module.AbstractModuleFactory
    public boolean match(AbstractAuthenticationModuleType abstractAuthenticationModuleType, AuthenticationChannel authenticationChannel) {
        return (abstractAuthenticationModuleType instanceof OidcAuthenticationModuleType) && (authenticationChannel instanceof RestAuthenticationChannel);
    }

    @Override // com.evolveum.midpoint.authentication.impl.factory.module.AbstractModuleFactory
    public AuthModule createModuleFilter(AbstractAuthenticationModuleType abstractAuthenticationModuleType, String str, ServletRequest servletRequest, Map<Class<?>, Object> map, AuthenticationModulesType authenticationModulesType, CredentialsPolicyType credentialsPolicyType, AuthenticationChannel authenticationChannel) throws Exception {
        if (!(abstractAuthenticationModuleType instanceof OidcAuthenticationModuleType)) {
            LOGGER.error("This factory support only OidcAuthenticationModuleType, but modelType is " + abstractAuthenticationModuleType);
            return null;
        }
        if (((OidcAuthenticationModuleType) abstractAuthenticationModuleType).getResourceServer() == null) {
            LOGGER.error("Resource configuration of OidcAuthenticationModuleType is null");
            return null;
        }
        isSupportedChannel(authenticationChannel);
        OidcResourceServerModuleWebSecurityConfiguration.setProtector(getProtector());
        OidcResourceServerModuleWebSecurityConfiguration build = OidcResourceServerModuleWebSecurityConfiguration.build((OidcAuthenticationModuleType) abstractAuthenticationModuleType, str);
        build.setSequenceSuffix(str);
        OidcResourceServerAuthenticationModuleType resourceServer = ((OidcAuthenticationModuleType) abstractAuthenticationModuleType).getResourceServer();
        JwtAuthenticationConverter jwtAuthenticationConverter = new JwtAuthenticationConverter();
        if (resourceServer.getNameOfUsernameClaim() != null) {
            jwtAuthenticationConverter.setPrincipalClaimName(resourceServer.getNameOfUsernameClaim());
        }
        build.addAuthenticationProvider((AuthenticationProvider) getObjectObjectPostProcessor().postProcess(new OidcResourceServerProvider(build.getDecoder(), jwtAuthenticationConverter)));
        OidcResourceServerModuleWebSecurityConfigurer oidcResourceServerModuleWebSecurityConfigurer = (OidcResourceServerModuleWebSecurityConfigurer) getObjectObjectPostProcessor().postProcess(new OidcResourceServerModuleWebSecurityConfigurer(build));
        oidcResourceServerModuleWebSecurityConfigurer.setObjectPostProcessor(getObjectObjectPostProcessor());
        HttpSecurity newHttpSecurity = oidcResourceServerModuleWebSecurityConfigurer.getNewHttpSecurity();
        setSharedObjects(newHttpSecurity, map);
        ModuleAuthenticationImpl createEmptyModuleAuthentication = createEmptyModuleAuthentication(build, resourceServer);
        createEmptyModuleAuthentication.setFocusType(abstractAuthenticationModuleType.getFocusType());
        return AuthModuleImpl.build(newHttpSecurity.build(), build, createEmptyModuleAuthentication);
    }

    public ModuleAuthenticationImpl createEmptyModuleAuthentication(OidcResourceServerModuleWebSecurityConfiguration oidcResourceServerModuleWebSecurityConfiguration, OidcResourceServerAuthenticationModuleType oidcResourceServerAuthenticationModuleType) {
        OidcResourceServerModuleAuthentication oidcResourceServerModuleAuthentication = new OidcResourceServerModuleAuthentication();
        oidcResourceServerModuleAuthentication.setPrefix(oidcResourceServerModuleWebSecurityConfiguration.getPrefixOfModule());
        oidcResourceServerModuleAuthentication.setNameOfModule(oidcResourceServerModuleWebSecurityConfiguration.getNameOfModule());
        oidcResourceServerModuleAuthentication.setRealm(oidcResourceServerAuthenticationModuleType.getRealm());
        return oidcResourceServerModuleAuthentication;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.evolveum.midpoint.authentication.impl.factory.module.AbstractModuleFactory
    public void isSupportedChannel(AuthenticationChannel authenticationChannel) {
        if (authenticationChannel != null && !SchemaConstants.CHANNEL_REST_URI.equals(authenticationChannel.getChannelId())) {
            throw new IllegalArgumentException("Unsupported factory " + getClass().getSimpleName() + " for channel " + authenticationChannel.getChannelId());
        }
    }
}
