package eu.openanalytics.containerproxy.security;

import eu.openanalytics.containerproxy.auth.impl.SocialAuthenticationBackend;
import java.util.ArrayList;
import java.util.List;
import javax.inject.Inject;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import javax.sql.DataSource;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.env.Environment;
import org.springframework.core.io.ClassPathResource;
import org.springframework.jdbc.datasource.embedded.EmbeddedDatabaseFactory;
import org.springframework.jdbc.datasource.embedded.EmbeddedDatabaseType;
import org.springframework.jdbc.datasource.init.DatabasePopulator;
import org.springframework.jdbc.datasource.init.ResourceDatabasePopulator;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.crypto.encrypt.Encryptors;
import org.springframework.security.web.WebAttributes;
import org.springframework.security.web.savedrequest.HttpSessionRequestCache;
import org.springframework.security.web.savedrequest.RequestCache;
import org.springframework.security.web.savedrequest.SavedRequest;
import org.springframework.social.UserIdSource;
import org.springframework.social.config.annotation.ConnectionFactoryConfigurer;
import org.springframework.social.config.annotation.EnableSocial;
import org.springframework.social.config.annotation.SocialConfigurer;
import org.springframework.social.connect.Connection;
import org.springframework.social.connect.ConnectionFactory;
import org.springframework.social.connect.ConnectionFactoryLocator;
import org.springframework.social.connect.UsersConnectionRepository;
import org.springframework.social.connect.jdbc.JdbcUsersConnectionRepository;
import org.springframework.social.connect.web.ProviderSignInController;
import org.springframework.social.connect.web.SignInAdapter;
import org.springframework.social.facebook.connect.FacebookConnectionFactory;
import org.springframework.social.github.connect.GitHubConnectionFactory;
import org.springframework.social.google.connect.GoogleConnectionFactory;
import org.springframework.social.linkedin.connect.LinkedInConnectionFactory;
import org.springframework.social.twitter.connect.TwitterConnectionFactory;
import org.springframework.web.context.request.NativeWebRequest;

@Configuration
@EnableSocial
@ConditionalOnProperty(name = {"proxy.authentication"}, havingValue = SocialAuthenticationBackend.NAME)
/* loaded from: input_file:BOOT-INF/lib/containerproxy-0.8.3.jar:eu/openanalytics/containerproxy/security/SocialSecurityConfig.class */
public class SocialSecurityConfig implements SocialConfigurer {

    /* loaded from: input_file:BOOT-INF/lib/containerproxy-0.8.3.jar:eu/openanalytics/containerproxy/security/SocialSecurityConfig$Provider.class */
    public enum Provider {
        facebook("Facebook"),
        twitter("Twitter"),
        google("Google+"),
        linkedin("LinkedIn"),
        github("GitHub");

        private String label;

        Provider(String str) {
            this.label = str;
        }

        public ConnectionFactory<?> createConnectionFactory(String str, String str2) {
            switch (this) {
                case facebook:
                    return new FacebookConnectionFactory(str, str2);
                case twitter:
                    return new TwitterConnectionFactory(str, str2);
                case google:
                    GoogleConnectionFactory googleConnectionFactory = new GoogleConnectionFactory(str, str2);
                    googleConnectionFactory.setScope("openid profile");
                    return googleConnectionFactory;
                case linkedin:
                    return new LinkedInConnectionFactory(str, str2);
                case github:
                    return new GitHubConnectionFactory(str, str2);
                default:
                    return null;
            }
        }

        public String label() {
            return this.label;
        }

        public String getAppId(Environment environment) {
            return environment.getProperty(String.format("proxy.social.%s.app-id", toString()));
        }

        public String getAppSecret(Environment environment) {
            return environment.getProperty(String.format("proxy.social.%s.app-secret", toString()));
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:BOOT-INF/lib/containerproxy-0.8.3.jar:eu/openanalytics/containerproxy/security/SocialSecurityConfig$SimpleSignInAdapter.class */
    public static class SimpleSignInAdapter implements SignInAdapter {
        private final RequestCache requestCache;

        @Inject
        public SimpleSignInAdapter(RequestCache requestCache) {
            this.requestCache = requestCache;
        }

        @Override // org.springframework.social.connect.web.SignInAdapter
        public String signIn(String str, Connection<?> connection, NativeWebRequest nativeWebRequest) {
            SecurityContextHolder.getContext().setAuthentication(new UsernamePasswordAuthenticationToken(str, null, null));
            return extractOriginalUrl(nativeWebRequest);
        }

        private String extractOriginalUrl(NativeWebRequest nativeWebRequest) {
            HttpServletRequest httpServletRequest = (HttpServletRequest) nativeWebRequest.getNativeRequest(HttpServletRequest.class);
            HttpServletResponse httpServletResponse = (HttpServletResponse) nativeWebRequest.getNativeResponse(HttpServletResponse.class);
            SavedRequest request = this.requestCache.getRequest(httpServletRequest, httpServletResponse);
            if (request == null) {
                return null;
            }
            this.requestCache.removeRequest(httpServletRequest, httpServletResponse);
            removeAutheticationAttributes(httpServletRequest.getSession(false));
            return request.getRedirectUrl();
        }

        private void removeAutheticationAttributes(HttpSession httpSession) {
            if (httpSession == null) {
                return;
            }
            httpSession.removeAttribute(WebAttributes.AUTHENTICATION_EXCEPTION);
        }
    }

    @Bean
    public List<Provider> socialProviders(Environment environment) {
        ArrayList arrayList = new ArrayList();
        for (Provider provider : Provider.values()) {
            if (provider.getAppId(environment) != null && provider.getAppSecret(environment) != null) {
                arrayList.add(provider);
            }
        }
        return arrayList;
    }

    @Override // org.springframework.social.config.annotation.SocialConfigurer
    public void addConnectionFactories(ConnectionFactoryConfigurer connectionFactoryConfigurer, Environment environment) {
        for (Provider provider : socialProviders(environment)) {
            connectionFactoryConfigurer.addConnectionFactory(provider.createConnectionFactory(provider.getAppId(environment), provider.getAppSecret(environment)));
        }
    }

    @Override // org.springframework.social.config.annotation.SocialConfigurer
    public UserIdSource getUserIdSource() {
        return () -> {
            Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
            if (authentication == null) {
                throw new IllegalStateException("Cannot obtain user ID: no authentication found");
            }
            return authentication.getName();
        };
    }

    @Override // org.springframework.social.config.annotation.SocialConfigurer
    public UsersConnectionRepository getUsersConnectionRepository(ConnectionFactoryLocator connectionFactoryLocator) {
        JdbcUsersConnectionRepository jdbcUsersConnectionRepository = new JdbcUsersConnectionRepository(dataSource(), connectionFactoryLocator, Encryptors.noOpText());
        jdbcUsersConnectionRepository.setConnectionSignUp(connection -> {
            return connection.getDisplayName();
        });
        return jdbcUsersConnectionRepository;
    }

    @Bean
    public DataSource dataSource() {
        EmbeddedDatabaseFactory embeddedDatabaseFactory = new EmbeddedDatabaseFactory();
        embeddedDatabaseFactory.setDatabaseName("containerproxy-social-auth");
        embeddedDatabaseFactory.setDatabaseType(EmbeddedDatabaseType.H2);
        embeddedDatabaseFactory.setDatabasePopulator(databasePopulator());
        return embeddedDatabaseFactory.getDatabase();
    }

    private DatabasePopulator databasePopulator() {
        ResourceDatabasePopulator resourceDatabasePopulator = new ResourceDatabasePopulator();
        resourceDatabasePopulator.addScript(new ClassPathResource("JdbcUsersConnectionRepository.sql", (Class<?>) JdbcUsersConnectionRepository.class));
        return resourceDatabasePopulator;
    }

    @Bean
    public ProviderSignInController providerSignInController(ConnectionFactoryLocator connectionFactoryLocator, UsersConnectionRepository usersConnectionRepository) {
        return new ProviderSignInController(connectionFactoryLocator, usersConnectionRepository, signInAdapter());
    }

    @Bean
    public SignInAdapter signInAdapter() {
        return new SimpleSignInAdapter(new HttpSessionRequestCache());
    }
}
