package com.evolveum.midpoint.authentication.impl.module.configurer;

import com.evolveum.midpoint.authentication.api.AuthenticationChannel;
import com.evolveum.midpoint.authentication.api.util.AuthUtil;
import com.evolveum.midpoint.authentication.impl.filter.oidc.OidcClientLogoutSuccessHandler;
import com.evolveum.midpoint.authentication.impl.filter.oidc.OidcLoginConfigurer;
import com.evolveum.midpoint.authentication.impl.handler.MidPointAuthenticationSuccessHandler;
import com.evolveum.midpoint.authentication.impl.handler.MidpointAuthenticationFailureHandler;
import com.evolveum.midpoint.authentication.impl.module.configuration.OidcClientModuleWebSecurityConfiguration;
import com.evolveum.midpoint.authentication.impl.provider.OidcClientProvider;
import com.evolveum.midpoint.model.api.ModelAuditRecorder;
import com.evolveum.midpoint.util.logging.Trace;
import com.evolveum.midpoint.util.logging.TraceManager;
import com.evolveum.midpoint.xml.ns._public.common.common_3.OidcAuthenticationModuleType;
import jakarta.servlet.ServletRequest;
import java.util.Collections;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.ProviderManager;
import org.springframework.security.config.annotation.ObjectPostProcessor;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.core.Authentication;
import org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationToken;
import org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;

/* loaded from: input_file:com/evolveum/midpoint/authentication/impl/module/configurer/OidcClientModuleWebSecurityConfigurer.class */
public class OidcClientModuleWebSecurityConfigurer extends RemoteModuleWebSecurityConfigurer<OidcClientModuleWebSecurityConfiguration, OidcAuthenticationModuleType> {
    private static final Trace LOGGER = TraceManager.getTrace(OidcClientModuleWebSecurityConfigurer.class);
    public static final String OIDC_LOGIN_PATH = "/oidc/select";

    @Autowired
    private ModelAuditRecorder auditProvider;
    private String publicUrlPrefix;

    public OidcClientModuleWebSecurityConfigurer(OidcAuthenticationModuleType oidcAuthenticationModuleType, String str, AuthenticationChannel authenticationChannel, ObjectPostProcessor<Object> objectPostProcessor, ServletRequest servletRequest) {
        super(oidcAuthenticationModuleType, str, authenticationChannel, objectPostProcessor, servletRequest, null);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.evolveum.midpoint.authentication.impl.module.configurer.ModuleWebSecurityConfigurer
    public OidcClientModuleWebSecurityConfiguration buildConfiguration(OidcAuthenticationModuleType oidcAuthenticationModuleType, String str, AuthenticationChannel authenticationChannel, ServletRequest servletRequest) {
        OidcClientModuleWebSecurityConfiguration build = OidcClientModuleWebSecurityConfiguration.build(oidcAuthenticationModuleType, str, getPublicUrlPrefix(servletRequest), servletRequest);
        build.setSequenceSuffix(str);
        build.addAuthenticationProvider((AuthenticationProvider) getObjectPostProcessor().postProcess(new OidcClientProvider(build.getAdditionalConfiguration())));
        return build;
    }

    @Autowired
    public final void initHttpPublicUrl(ServletRequest servletRequest) {
        this.publicUrlPrefix = getPublicUrlPrefix(servletRequest);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.evolveum.midpoint.authentication.impl.module.configurer.RemoteModuleWebSecurityConfigurer, com.evolveum.midpoint.authentication.impl.module.configurer.ModuleWebSecurityConfigurer
    public void configure(HttpSecurity httpSecurity) throws Exception {
        super.configure(httpSecurity);
        OidcLoginConfigurer oidcLoginConfigurer = new OidcLoginConfigurer(this.auditProvider);
        oidcLoginConfigurer.clientRegistrationRepository(clientRegistrationRepository()).midpointFailureHandler(new MidpointAuthenticationFailureHandler()).m43loginProcessingUrl(AuthUtil.stripEndingSlashes(getPrefix()) + "/authenticate/{registrationId}").authorizationRequestBaseUri(AuthUtil.stripEndingSlashes(getPrefix()) + "/authorization").successHandler((AuthenticationSuccessHandler) getObjectPostProcessor().postProcess(new MidPointAuthenticationSuccessHandler()));
        try {
            oidcLoginConfigurer.authenticationManager(new ProviderManager(Collections.emptyList(), authenticationManager()));
        } catch (Exception e) {
            LOGGER.error("Couldn't initialize authentication manager for oidc module");
        }
        getOrApply(httpSecurity, oidcLoginConfigurer);
    }

    @Override // com.evolveum.midpoint.authentication.impl.module.configurer.RemoteModuleWebSecurityConfigurer
    protected String getAuthEntryPointUrl() {
        return OIDC_LOGIN_PATH;
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // com.evolveum.midpoint.authentication.impl.module.configurer.RemoteModuleWebSecurityConfigurer
    protected LogoutSuccessHandler getLogoutRequestSuccessHandler() {
        OidcClientLogoutSuccessHandler oidcClientLogoutSuccessHandler = (OidcClientLogoutSuccessHandler) getObjectPostProcessor().postProcess(new OidcClientLogoutSuccessHandler(clientRegistrationRepository()));
        oidcClientLogoutSuccessHandler.setPostLogoutRedirectUri(((OidcClientModuleWebSecurityConfiguration) getConfiguration()).getPrefixOfSequence());
        oidcClientLogoutSuccessHandler.setPublicUrlPrefix(this.publicUrlPrefix);
        return oidcClientLogoutSuccessHandler;
    }

    /* JADX WARN: Multi-variable type inference failed */
    private InMemoryClientRegistrationRepository clientRegistrationRepository() {
        return ((OidcClientModuleWebSecurityConfiguration) getConfiguration()).getClientRegistrationRepository();
    }

    @Override // com.evolveum.midpoint.authentication.impl.module.configurer.RemoteModuleWebSecurityConfigurer
    protected Class<? extends Authentication> getAuthTokenClass() {
        return OAuth2LoginAuthenticationToken.class;
    }

    public void setPublicUrlPrefix(String str) {
        this.publicUrlPrefix = str;
    }
}
