package io.dialob.security.aws.elb;

import com.nimbusds.jwt.proc.JWTProcessor;
import io.dialob.security.spring.AuthenticationStrategy;
import javax.servlet.Filter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.lang.NonNull;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;
import org.springframework.security.web.authentication.preauth.RequestHeaderAuthenticationFilter;

/* loaded from: input_file:BOOT-INF/lib/dialob-security-aws-2.1.23.jar:io/dialob/security/aws/elb/ElbAuthenticationStrategy.class */
public class ElbAuthenticationStrategy implements AuthenticationStrategy {
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) ElbAuthenticationStrategy.class);
    private final GrantedAuthoritiesMapper grantedAuthoritiesMapper;
    private final JWTProcessor jwtProcessor;
    private final AuthenticationManager authenticationManager;
    private String credentialsRequestHeader = "X-Amzn-Oidc-Data";
    private String principalRequestHeader = "X-Amzn-Oidc-Identity";
    private String groupsClaim = "cognito:groups";

    public ElbAuthenticationStrategy(@NonNull GrantedAuthoritiesMapper grantedAuthoritiesMapper, @NonNull JWTProcessor jWTProcessor, AuthenticationManager authenticationManager) {
        this.grantedAuthoritiesMapper = grantedAuthoritiesMapper;
        this.jwtProcessor = jWTProcessor;
        this.authenticationManager = authenticationManager;
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // io.dialob.security.spring.AuthenticationStrategy
    public HttpSecurity configureAuthentication(@NonNull HttpSecurity httpSecurity) throws Exception {
        httpSecurity.addFilter((Filter) createAuthenticationFilter(this.authenticationManager));
        return (HttpSecurity) httpSecurity.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and();
    }

    @NonNull
    RequestHeaderAuthenticationFilter createAuthenticationFilter(@NonNull AuthenticationManager authenticationManager) {
        RequestHeaderAuthenticationFilter requestHeaderAuthenticationFilter = new RequestHeaderAuthenticationFilter();
        LOGGER.debug("principalRequestHeader = {}, credentialsRequestHeader = {}", this.principalRequestHeader, this.credentialsRequestHeader);
        requestHeaderAuthenticationFilter.setPrincipalRequestHeader(this.principalRequestHeader);
        requestHeaderAuthenticationFilter.setCredentialsRequestHeader(this.credentialsRequestHeader);
        requestHeaderAuthenticationFilter.setAuthenticationManager(authenticationManager);
        requestHeaderAuthenticationFilter.setExceptionIfHeaderMissing(false);
        requestHeaderAuthenticationFilter.setContinueFilterChainOnUnsuccessfulAuthentication(false);
        requestHeaderAuthenticationFilter.setAuthenticationDetailsSource(createAuthenticationDetailsSource());
        requestHeaderAuthenticationFilter.setCheckForPrincipalChanges(false);
        return requestHeaderAuthenticationFilter;
    }

    GrantedAuthoritiesMapper getGrantedAuthoritiesMapper() {
        return this.grantedAuthoritiesMapper;
    }

    JWTProcessor getJwtProcessor() {
        return this.jwtProcessor;
    }

    @NonNull
    ElbBasedPreAuthenticatedWebAuthenticationDetailsSource createAuthenticationDetailsSource() {
        ElbBasedPreAuthenticatedWebAuthenticationDetailsSource elbBasedPreAuthenticatedWebAuthenticationDetailsSource = new ElbBasedPreAuthenticatedWebAuthenticationDetailsSource(getGrantedAuthoritiesMapper(), getJwtProcessor());
        elbBasedPreAuthenticatedWebAuthenticationDetailsSource.setCredentialsRequestHeader(this.credentialsRequestHeader);
        elbBasedPreAuthenticatedWebAuthenticationDetailsSource.setGroupsClaim(this.groupsClaim);
        return elbBasedPreAuthenticatedWebAuthenticationDetailsSource;
    }

    public String getCredentialsRequestHeader() {
        return this.credentialsRequestHeader;
    }

    public void setCredentialsRequestHeader(String str) {
        this.credentialsRequestHeader = str;
    }

    public String getPrincipalRequestHeader() {
        return this.principalRequestHeader;
    }

    public void setPrincipalRequestHeader(String str) {
        this.principalRequestHeader = str;
    }

    public void setGroupsClaim(String str) {
        this.groupsClaim = str;
    }

    public String getGroupsClaim() {
        return this.groupsClaim;
    }
}
