package com.evolveum.midpoint.authentication.impl.oidc;

import com.evolveum.midpoint.authentication.impl.module.configurer.OidcClientModuleWebSecurityConfigurer;
import com.evolveum.midpoint.model.api.ModelAuditRecorder;
import javax.servlet.Filter;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.web.HttpSecurityBuilder;
import org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer;
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
import org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter;
import org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.savedrequest.RequestCache;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.security.web.util.matcher.RequestMatcher;
import org.springframework.util.Assert;

/* loaded from: input_file:BOOT-INF/lib/authentication-impl-4.7.5-SNAPSHOT.jar:com/evolveum/midpoint/authentication/impl/oidc/OidcLoginConfigurer.class */
public final class OidcLoginConfigurer<B extends HttpSecurityBuilder<B>> extends AbstractAuthenticationFilterConfigurer<B, OidcLoginConfigurer<B>, OidcLoginAuthenticationFilter> {
    private ClientRegistrationRepository clientRegistrations;
    private String authorizationRequestBaseUri;
    private String loginProcessingUrl = OAuth2LoginAuthenticationFilter.DEFAULT_FILTER_PROCESSES_URI;
    private AuthenticationManager authenticationManager;
    private final ModelAuditRecorder auditProvider;
    private AuthenticationFailureHandler failureHandler;

    public OidcLoginConfigurer(ModelAuditRecorder modelAuditRecorder) {
        this.auditProvider = modelAuditRecorder;
    }

    public OidcLoginConfigurer<B> authenticationManager(AuthenticationManager authenticationManager) {
        Assert.notNull(authenticationManager, "authenticationManager cannot be null");
        this.authenticationManager = authenticationManager;
        return this;
    }

    public OidcLoginConfigurer<B> clientRegistrationRepository(ClientRegistrationRepository clientRegistrationRepository) {
        this.clientRegistrations = clientRegistrationRepository;
        return this;
    }

    public OidcLoginConfigurer<B> authorizationRequestBaseUri(String str) {
        this.authorizationRequestBaseUri = str;
        return this;
    }

    @Override // org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer
    public OidcLoginConfigurer<B> loginProcessingUrl(String str) {
        Assert.hasText(str, "loginProcessingUrl cannot be empty");
        this.loginProcessingUrl = str;
        return this;
    }

    @Override // org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer, org.springframework.security.config.annotation.SecurityConfigurerAdapter, org.springframework.security.config.annotation.SecurityConfigurer
    public void init(B b) throws Exception {
        OidcLoginAuthenticationFilter oidcLoginAuthenticationFilter = new OidcLoginAuthenticationFilter(this.clientRegistrations, this.loginProcessingUrl, this.auditProvider);
        if (this.authenticationManager != null) {
            oidcLoginAuthenticationFilter.setAuthenticationManager(this.authenticationManager);
        }
        setAuthenticationFilter(oidcLoginAuthenticationFilter);
        super.loginProcessingUrl(this.loginProcessingUrl);
        super.loginPage(OidcClientModuleWebSecurityConfigurer.OIDC_LOGIN_PATH);
        super.init((OidcLoginConfigurer<B>) b);
    }

    @Override // org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer, org.springframework.security.config.annotation.SecurityConfigurerAdapter, org.springframework.security.config.annotation.SecurityConfigurer
    public void configure(B b) throws Exception {
        OidcAuthorizationRequestRedirectFilter oidcAuthorizationRequestRedirectFilter = new OidcAuthorizationRequestRedirectFilter(this.clientRegistrations, this.authorizationRequestBaseUri, this.auditProvider);
        oidcAuthorizationRequestRedirectFilter.setAuthenticationFailureHandler(this.failureHandler);
        RequestCache requestCache = (RequestCache) b.getSharedObject(RequestCache.class);
        if (requestCache != null) {
            oidcAuthorizationRequestRedirectFilter.setRequestCache(requestCache);
        }
        b.addFilterBefore((Filter) postProcess(oidcAuthorizationRequestRedirectFilter), OAuth2AuthorizationRequestRedirectFilter.class);
        super.configure((OidcLoginConfigurer<B>) b);
    }

    @Override // org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer
    protected RequestMatcher createLoginProcessingUrlMatcher(String str) {
        return new AntPathRequestMatcher(str);
    }

    public OidcLoginConfigurer<B> midpointFailureHandler(AuthenticationFailureHandler authenticationFailureHandler) {
        this.failureHandler = authenticationFailureHandler;
        return (OidcLoginConfigurer) super.failureHandler(authenticationFailureHandler);
    }
}
