package eu.openanalytics.containerproxy.auth.impl;

import eu.openanalytics.containerproxy.auth.IAuthenticationBackend;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import javax.inject.Inject;
import org.springframework.core.env.Environment;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;
import org.springframework.security.oauth2.client.registration.ClientRegistration;
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
import org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository;
import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.security.oauth2.core.oidc.user.OidcUserAuthority;
import org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter;

/* loaded from: input_file:BOOT-INF/lib/containerproxy-0.1.1-SNAPSHOT.jar:eu/openanalytics/containerproxy/auth/impl/OpenIDAuthenticationBackend.class */
public class OpenIDAuthenticationBackend implements IAuthenticationBackend {
    public static final String NAME = "openid";
    private static final String REG_ID = "shinyproxy";

    @Inject
    Environment environment;

    @Override // eu.openanalytics.containerproxy.auth.IAuthenticationBackend
    public String getName() {
        return "openid";
    }

    @Override // eu.openanalytics.containerproxy.auth.IAuthenticationBackend
    public boolean hasAuthorization() {
        return true;
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // eu.openanalytics.containerproxy.auth.IAuthenticationBackend
    public void configureHttpSecurity(HttpSecurity httpSecurity) throws Exception {
        ((HttpSecurity) httpSecurity.authorizeRequests().anyRequest().authenticated().and()).oauth2Login().loginPage(DefaultLoginPageGeneratingFilter.DEFAULT_LOGIN_PAGE_URL).clientRegistrationRepository(createClientRepo()).userInfoEndpoint().userAuthoritiesMapper(createAuthoritiesMapper());
    }

    @Override // eu.openanalytics.containerproxy.auth.IAuthenticationBackend
    public void configureAuthenticationManagerBuilder(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception {
    }

    public String getLoginRedirectURI() {
        return "/oauth2/authorization/shinyproxy";
    }

    protected ClientRegistrationRepository createClientRepo() {
        HashSet hashSet = new HashSet();
        hashSet.add("openid");
        hashSet.add("email");
        int i = 0;
        while (true) {
            String property = this.environment.getProperty(String.format("proxy.openid.scopes[%d]", Integer.valueOf(i)));
            if (property == null) {
                return new InMemoryClientRegistrationRepository((List<ClientRegistration>) Collections.singletonList(ClientRegistration.withRegistrationId(REG_ID).authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE).clientName(REG_ID).redirectUriTemplate("{baseUrl}/login/oauth2/code/{registrationId}").scope((String[]) hashSet.toArray(new String[hashSet.size()])).userNameAttributeName(this.environment.getProperty("username-attribute", "email")).authorizationUri(this.environment.getProperty("proxy.openid.auth-url")).tokenUri(this.environment.getProperty("proxy.openid.token-url")).jwkSetUri(this.environment.getProperty("proxy.openid.jwks-url")).clientId(this.environment.getProperty("proxy.openid.client-id")).clientSecret(this.environment.getProperty("proxy.openid.client-secret")).build()));
            }
            hashSet.add(property);
            i++;
        }
    }

    protected GrantedAuthoritiesMapper createAuthoritiesMapper() {
        String property = this.environment.getProperty("proxy.openid.roles-claim");
        return (property == null || property.isEmpty()) ? collection -> {
            return collection;
        } : collection2 -> {
            HashSet hashSet = new HashSet();
            Iterator it = collection2.iterator();
            while (it.hasNext()) {
                GrantedAuthority grantedAuthority = (GrantedAuthority) it.next();
                if (grantedAuthority instanceof OidcUserAuthority) {
                    for (String str : ((OidcUserAuthority) grantedAuthority).getIdToken().getClaimAsStringList(property)) {
                        hashSet.add(new SimpleGrantedAuthority((str.toUpperCase().startsWith("ROLE_") ? str : "ROLE_" + str).toUpperCase()));
                    }
                }
            }
            return hashSet;
        };
    }
}
