package com.evolveum.midpoint.authentication.impl.factory.module;

import com.evolveum.midpoint.authentication.api.AuthenticationChannel;
import com.evolveum.midpoint.authentication.impl.channel.RestAuthenticationChannel;
import com.evolveum.midpoint.authentication.impl.module.authentication.ModuleAuthenticationImpl;
import com.evolveum.midpoint.authentication.impl.module.authentication.OidcResourceServerModuleAuthentication;
import com.evolveum.midpoint.authentication.impl.module.configuration.RemoteModuleWebSecurityConfiguration;
import com.evolveum.midpoint.authentication.impl.module.configurer.ModuleWebSecurityConfigurer;
import com.evolveum.midpoint.authentication.impl.module.configurer.OidcResourceServerModuleWebSecurityConfigurer;
import com.evolveum.midpoint.schema.constants.SchemaConstants;
import com.evolveum.midpoint.util.logging.Trace;
import com.evolveum.midpoint.util.logging.TraceManager;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AbstractAuthenticationModuleType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AuthenticationSequenceModuleType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.OidcAuthenticationModuleType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.OidcResourceServerAuthenticationModuleType;
import jakarta.servlet.ServletRequest;
import org.springframework.security.config.annotation.ObjectPostProcessor;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:BOOT-INF/lib/authentication-impl-4.9.1-SNAPSHOT.jar:com/evolveum/midpoint/authentication/impl/factory/module/OidcResourceServerModuleFactory.class */
public class OidcResourceServerModuleFactory<C extends RemoteModuleWebSecurityConfiguration> extends RemoteModuleFactory<C, OidcResourceServerModuleWebSecurityConfigurer<C>, OidcAuthenticationModuleType, ModuleAuthenticationImpl> {
    private static final Trace LOGGER = TraceManager.getTrace((Class<?>) OidcResourceServerModuleFactory.class);

    @Override // com.evolveum.midpoint.authentication.impl.factory.module.AbstractModuleFactory, com.evolveum.midpoint.authentication.api.ModuleFactory
    public boolean match(AbstractAuthenticationModuleType abstractAuthenticationModuleType, AuthenticationChannel authenticationChannel) {
        return (abstractAuthenticationModuleType instanceof OidcAuthenticationModuleType) && (authenticationChannel instanceof RestAuthenticationChannel);
    }

    protected OidcResourceServerModuleWebSecurityConfigurer<C> createModuleConfigurer(OidcAuthenticationModuleType oidcAuthenticationModuleType, String str, AuthenticationChannel authenticationChannel, ObjectPostProcessor<Object> objectPostProcessor, ServletRequest servletRequest) {
        if (oidcAuthenticationModuleType.getResourceServer() != null) {
            return new OidcResourceServerModuleWebSecurityConfigurer<>(oidcAuthenticationModuleType, str, authenticationChannel, objectPostProcessor, servletRequest, null);
        }
        LOGGER.error("Resource configuration of OidcAuthenticationModuleType is null");
        return null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.evolveum.midpoint.authentication.impl.factory.module.AbstractModuleFactory
    public ModuleAuthenticationImpl createEmptyModuleAuthentication(OidcAuthenticationModuleType oidcAuthenticationModuleType, C c, AuthenticationSequenceModuleType authenticationSequenceModuleType, ServletRequest servletRequest) {
        OidcResourceServerModuleAuthentication oidcResourceServerModuleAuthentication = new OidcResourceServerModuleAuthentication(authenticationSequenceModuleType);
        oidcResourceServerModuleAuthentication.setPrefix(c.getPrefixOfModule());
        oidcResourceServerModuleAuthentication.setNameOfModule(c.getModuleIdentifier());
        oidcResourceServerModuleAuthentication.setRealm(getRealm(oidcAuthenticationModuleType.getResourceServer()));
        return oidcResourceServerModuleAuthentication;
    }

    private String getRealm(OidcResourceServerAuthenticationModuleType oidcResourceServerAuthenticationModuleType) {
        return oidcResourceServerAuthenticationModuleType.getJwt() != null ? oidcResourceServerAuthenticationModuleType.getJwt().getRealm() : oidcResourceServerAuthenticationModuleType.getOpaqueToken() != null ? oidcResourceServerAuthenticationModuleType.getOpaqueToken().getRealm() : oidcResourceServerAuthenticationModuleType.getRealm();
    }

    @Override // com.evolveum.midpoint.authentication.impl.factory.module.AbstractModuleFactory
    protected void isSupportedChannel(AuthenticationChannel authenticationChannel) {
        if (authenticationChannel != null && !SchemaConstants.CHANNEL_REST_URI.equals(authenticationChannel.getChannelId())) {
            throw new IllegalArgumentException("Unsupported factory " + getClass().getSimpleName() + " for channel " + authenticationChannel.getChannelId());
        }
    }

    @Override // com.evolveum.midpoint.authentication.impl.factory.module.AbstractModuleFactory
    protected /* bridge */ /* synthetic */ ModuleWebSecurityConfigurer createModuleConfigurer(AbstractAuthenticationModuleType abstractAuthenticationModuleType, String str, AuthenticationChannel authenticationChannel, ObjectPostProcessor objectPostProcessor, ServletRequest servletRequest) {
        return createModuleConfigurer((OidcAuthenticationModuleType) abstractAuthenticationModuleType, str, authenticationChannel, (ObjectPostProcessor<Object>) objectPostProcessor, servletRequest);
    }
}
