package eu.openanalytics.containerproxy.auth.impl;

import eu.openanalytics.containerproxy.auth.IAuthenticationBackend;
import java.io.Serializable;
import java.util.Collection;
import java.util.HashMap;
import java.util.List;
import java.util.stream.Collectors;
import javax.inject.Inject;
import javax.servlet.Filter;
import javax.servlet.ServletException;
import org.keycloak.adapters.AdapterDeploymentContext;
import org.keycloak.adapters.KeycloakConfigResolver;
import org.keycloak.adapters.KeycloakDeployment;
import org.keycloak.adapters.KeycloakDeploymentBuilder;
import org.keycloak.adapters.spi.HttpFacade;
import org.keycloak.adapters.spi.KeycloakAccount;
import org.keycloak.adapters.springsecurity.AdapterDeploymentContextFactoryBean;
import org.keycloak.adapters.springsecurity.account.KeycloakRole;
import org.keycloak.adapters.springsecurity.authentication.KeycloakAuthenticationEntryPoint;
import org.keycloak.adapters.springsecurity.authentication.KeycloakAuthenticationProvider;
import org.keycloak.adapters.springsecurity.authentication.KeycloakLogoutHandler;
import org.keycloak.adapters.springsecurity.filter.KeycloakAuthenticationProcessingFilter;
import org.keycloak.adapters.springsecurity.filter.KeycloakPreAuthActionsFilter;
import org.keycloak.adapters.springsecurity.management.HttpSessionManager;
import org.keycloak.adapters.springsecurity.token.KeycloakAuthenticationToken;
import org.keycloak.representations.adapters.config.AdapterConfig;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.context.ApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.core.env.Environment;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.session.SessionRegistryImpl;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.authentication.logout.LogoutFilter;
import org.springframework.security.web.authentication.session.RegisterSessionAuthenticationStrategy;
import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy;
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:BOOT-INF/lib/containerproxy-0.5.0.jar:eu/openanalytics/containerproxy/auth/impl/KeycloakAuthenticationBackend.class */
public class KeycloakAuthenticationBackend implements IAuthenticationBackend {
    public static final String NAME = "keycloak";

    @Inject
    Environment environment;

    @Inject
    AuthenticationManager authenticationManager;

    @Inject
    ApplicationContext ctx;

    /* loaded from: input_file:BOOT-INF/lib/containerproxy-0.5.0.jar:eu/openanalytics/containerproxy/auth/impl/KeycloakAuthenticationBackend$KeycloakAuthenticationToken2.class */
    private static class KeycloakAuthenticationToken2 extends KeycloakAuthenticationToken implements Serializable {
        private static final long serialVersionUID = -521347733024996150L;

        public KeycloakAuthenticationToken2(KeycloakAccount keycloakAccount, Collection<? extends GrantedAuthority> collection) {
            super(keycloakAccount, collection);
        }

        @Override // org.springframework.security.authentication.AbstractAuthenticationToken, java.security.Principal
        public String getName() {
            return getAccount().getKeycloakSecurityContext().getIdToken().getName();
        }
    }

    @Override // eu.openanalytics.containerproxy.auth.IAuthenticationBackend
    public String getName() {
        return NAME;
    }

    @Override // eu.openanalytics.containerproxy.auth.IAuthenticationBackend
    public boolean hasAuthorization() {
        return true;
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // eu.openanalytics.containerproxy.auth.IAuthenticationBackend
    public void configureHttpSecurity(HttpSecurity httpSecurity) throws Exception {
        httpSecurity.formLogin().disable();
        ((HttpSecurity) ((HttpSecurity) httpSecurity.sessionManagement().sessionAuthenticationStrategy(sessionAuthenticationStrategy()).and()).addFilterBefore((Filter) keycloakPreAuthActionsFilter(), LogoutFilter.class).addFilterBefore((Filter) keycloakAuthenticationProcessingFilter(), BasicAuthenticationFilter.class).exceptionHandling().authenticationEntryPoint(authenticationEntryPoint()).and()).logout().addLogoutHandler(keycloakLogoutHandler());
    }

    @Override // eu.openanalytics.containerproxy.auth.IAuthenticationBackend
    public void configureAuthenticationManagerBuilder(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception {
        authenticationManagerBuilder.authenticationProvider((AuthenticationProvider) keycloakAuthenticationProvider());
    }

    @Override // eu.openanalytics.containerproxy.auth.IAuthenticationBackend
    public String getLogoutSuccessURL() {
        return "/";
    }

    @ConditionalOnProperty(name = {"proxy.authentication"}, havingValue = NAME)
    @Bean
    protected KeycloakAuthenticationProcessingFilter keycloakAuthenticationProcessingFilter() throws Exception {
        KeycloakAuthenticationProcessingFilter keycloakAuthenticationProcessingFilter = new KeycloakAuthenticationProcessingFilter(this.authenticationManager);
        keycloakAuthenticationProcessingFilter.setSessionAuthenticationStrategy(sessionAuthenticationStrategy());
        keycloakAuthenticationProcessingFilter.setApplicationContext(this.ctx);
        keycloakAuthenticationProcessingFilter.afterPropertiesSet();
        return keycloakAuthenticationProcessingFilter;
    }

    @ConditionalOnProperty(name = {"proxy.authentication"}, havingValue = NAME)
    @Bean
    protected KeycloakPreAuthActionsFilter keycloakPreAuthActionsFilter() {
        KeycloakPreAuthActionsFilter keycloakPreAuthActionsFilter = new KeycloakPreAuthActionsFilter(httpSessionManager());
        keycloakPreAuthActionsFilter.setApplicationContext(this.ctx);
        try {
            keycloakPreAuthActionsFilter.afterPropertiesSet();
        } catch (ServletException e) {
        }
        return keycloakPreAuthActionsFilter;
    }

    @ConditionalOnProperty(name = {"proxy.authentication"}, havingValue = NAME)
    @Bean
    protected HttpSessionManager httpSessionManager() {
        return new HttpSessionManager();
    }

    @ConditionalOnProperty(name = {"proxy.authentication"}, havingValue = NAME)
    @Bean
    protected SessionAuthenticationStrategy sessionAuthenticationStrategy() {
        return new RegisterSessionAuthenticationStrategy(new SessionRegistryImpl());
    }

    @ConditionalOnProperty(name = {"proxy.authentication"}, havingValue = NAME)
    @Bean
    protected AdapterDeploymentContext adapterDeploymentContext() throws Exception {
        AdapterConfig adapterConfig = new AdapterConfig();
        adapterConfig.setRealm(this.environment.getProperty("proxy.keycloak.realm"));
        adapterConfig.setAuthServerUrl(this.environment.getProperty("proxy.keycloak.auth-server-url"));
        adapterConfig.setResource(this.environment.getProperty("proxy.keycloak.resource"));
        adapterConfig.setSslRequired(this.environment.getProperty("proxy.keycloak.ssl-required", "external"));
        HashMap hashMap = new HashMap();
        hashMap.put("secret", this.environment.getProperty("proxy.keycloak.credentials-secret"));
        adapterConfig.setCredentials(hashMap);
        final KeycloakDeployment build = KeycloakDeploymentBuilder.build(adapterConfig);
        AdapterDeploymentContextFactoryBean adapterDeploymentContextFactoryBean = new AdapterDeploymentContextFactoryBean(new KeycloakConfigResolver() { // from class: eu.openanalytics.containerproxy.auth.impl.KeycloakAuthenticationBackend.1
            @Override // org.keycloak.adapters.KeycloakConfigResolver
            public KeycloakDeployment resolve(HttpFacade.Request request) {
                return build;
            }
        });
        adapterDeploymentContextFactoryBean.afterPropertiesSet();
        return adapterDeploymentContextFactoryBean.getObject2();
    }

    protected AuthenticationEntryPoint authenticationEntryPoint() throws Exception {
        return new KeycloakAuthenticationEntryPoint(adapterDeploymentContext());
    }

    protected KeycloakAuthenticationProvider keycloakAuthenticationProvider() {
        return new KeycloakAuthenticationProvider() { // from class: eu.openanalytics.containerproxy.auth.impl.KeycloakAuthenticationBackend.2
            @Override // org.keycloak.adapters.springsecurity.authentication.KeycloakAuthenticationProvider, org.springframework.security.authentication.AuthenticationProvider
            public Authentication authenticate(Authentication authentication) throws AuthenticationException {
                KeycloakAuthenticationToken keycloakAuthenticationToken = (KeycloakAuthenticationToken) super.authenticate(authentication);
                return new KeycloakAuthenticationToken2(keycloakAuthenticationToken.getAccount(), (List) keycloakAuthenticationToken.getAuthorities().stream().map(grantedAuthority -> {
                    return grantedAuthority.getAuthority().toUpperCase();
                }).map(str -> {
                    return str.startsWith("ROLE_") ? str : "ROLE_" + str;
                }).map(str2 -> {
                    return new KeycloakRole(str2);
                }).collect(Collectors.toList()));
            }
        };
    }

    protected KeycloakLogoutHandler keycloakLogoutHandler() throws Exception {
        return new KeycloakLogoutHandler(adapterDeploymentContext());
    }
}
