package com.evolveum.midpoint.authentication.impl.factory.module;

import com.evolveum.midpoint.authentication.api.AuthModule;
import com.evolveum.midpoint.authentication.api.AuthenticationChannel;
import com.evolveum.midpoint.authentication.api.IdentityProvider;
import com.evolveum.midpoint.authentication.impl.channel.RestAuthenticationChannel;
import com.evolveum.midpoint.authentication.impl.module.authentication.ModuleAuthenticationImpl;
import com.evolveum.midpoint.authentication.impl.module.authentication.OidcClientModuleAuthenticationImpl;
import com.evolveum.midpoint.authentication.impl.module.configuration.OidcClientModuleWebSecurityConfiguration;
import com.evolveum.midpoint.authentication.impl.module.configurer.OidcClientModuleWebSecurityConfigurer;
import com.evolveum.midpoint.authentication.impl.provider.OidcClientProvider;
import com.evolveum.midpoint.authentication.impl.util.AuthModuleImpl;
import com.evolveum.midpoint.util.logging.Trace;
import com.evolveum.midpoint.util.logging.TraceManager;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AbstractAuthenticationModuleType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AuthenticationModulesType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AuthenticationSequenceModuleType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.CredentialsPolicyType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.OidcAuthenticationModuleType;
import java.util.ArrayList;
import java.util.Map;
import javax.servlet.ServletRequest;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:BOOT-INF/lib/authentication-impl-4.6.2-SNAPSHOT.jar:com/evolveum/midpoint/authentication/impl/factory/module/OidcClientModuleFactory.class */
public class OidcClientModuleFactory extends RemoteModuleFactory {
    private static final Trace LOGGER = TraceManager.getTrace((Class<?>) OidcClientModuleFactory.class);

    @Override // com.evolveum.midpoint.authentication.impl.factory.module.AbstractModuleFactory
    public boolean match(AbstractAuthenticationModuleType abstractAuthenticationModuleType, AuthenticationChannel authenticationChannel) {
        return (abstractAuthenticationModuleType instanceof OidcAuthenticationModuleType) && !(authenticationChannel instanceof RestAuthenticationChannel);
    }

    @Override // com.evolveum.midpoint.authentication.impl.factory.module.AbstractModuleFactory
    public AuthModule createModuleFilter(AbstractAuthenticationModuleType abstractAuthenticationModuleType, String str, ServletRequest servletRequest, Map<Class<?>, Object> map, AuthenticationModulesType authenticationModulesType, CredentialsPolicyType credentialsPolicyType, AuthenticationChannel authenticationChannel, AuthenticationSequenceModuleType authenticationSequenceModuleType) throws Exception {
        if (!(abstractAuthenticationModuleType instanceof OidcAuthenticationModuleType)) {
            LOGGER.error("This factory support only OidcAuthenticationModuleType, but modelType is " + abstractAuthenticationModuleType);
            return null;
        }
        if (((OidcAuthenticationModuleType) abstractAuthenticationModuleType).getClient().isEmpty()) {
            LOGGER.error("Client configuration of OidcAuthenticationModuleType is null");
            return null;
        }
        isSupportedChannel(authenticationChannel);
        OidcClientModuleWebSecurityConfiguration build = OidcClientModuleWebSecurityConfiguration.build((OidcAuthenticationModuleType) abstractAuthenticationModuleType, str, getPublicUrlPrefix(servletRequest), servletRequest);
        build.setSequenceSuffix(str);
        build.addAuthenticationProvider((AuthenticationProvider) getObjectObjectPostProcessor().postProcess(new OidcClientProvider(build.getAdditionalConfiguration())));
        OidcClientModuleWebSecurityConfigurer oidcClientModuleWebSecurityConfigurer = (OidcClientModuleWebSecurityConfigurer) getObjectObjectPostProcessor().postProcess(new OidcClientModuleWebSecurityConfigurer(build));
        oidcClientModuleWebSecurityConfigurer.setObjectPostProcessor(getObjectObjectPostProcessor());
        HttpSecurity newHttpSecurity = oidcClientModuleWebSecurityConfigurer.getNewHttpSecurity();
        setSharedObjects(newHttpSecurity, map);
        ModuleAuthenticationImpl createEmptyModuleAuthentication = createEmptyModuleAuthentication(build, authenticationSequenceModuleType, servletRequest);
        createEmptyModuleAuthentication.setFocusType(abstractAuthenticationModuleType.getFocusType());
        return AuthModuleImpl.build(newHttpSecurity.build(), build, createEmptyModuleAuthentication);
    }

    public ModuleAuthenticationImpl createEmptyModuleAuthentication(OidcClientModuleWebSecurityConfiguration oidcClientModuleWebSecurityConfiguration, AuthenticationSequenceModuleType authenticationSequenceModuleType, ServletRequest servletRequest) {
        OidcClientModuleAuthenticationImpl oidcClientModuleAuthenticationImpl = new OidcClientModuleAuthenticationImpl(authenticationSequenceModuleType);
        ArrayList arrayList = new ArrayList();
        oidcClientModuleWebSecurityConfiguration.getClientRegistrationRepository().forEach(clientRegistration -> {
            arrayList.add(new IdentityProvider().setLinkText(clientRegistration.getClientName()).setRedirectLink((servletRequest.getServletContext().getContextPath() + oidcClientModuleWebSecurityConfiguration.getPrefixOfModule() + "/authorization/{registrationId}").replace("{registrationId}", clientRegistration.getRegistrationId())));
        });
        oidcClientModuleAuthenticationImpl.setClientsRepository(oidcClientModuleWebSecurityConfiguration.getClientRegistrationRepository());
        oidcClientModuleAuthenticationImpl.setProviders(arrayList);
        oidcClientModuleAuthenticationImpl.setNameOfModule(oidcClientModuleWebSecurityConfiguration.getNameOfModule());
        oidcClientModuleAuthenticationImpl.setPrefix(oidcClientModuleWebSecurityConfiguration.getPrefixOfModule());
        return oidcClientModuleAuthenticationImpl;
    }
}
