package org.apache.camel.undertow.spring.boot;

import java.net.URISyntaxException;
import java.util.Collections;
import java.util.LinkedList;
import org.apache.camel.component.spring.security.SpringSecurityConfiguration;
import org.apache.camel.component.spring.security.keycloak.KeycloakUsernameSubClaimAdapter;
import org.apache.camel.component.undertow.UndertowComponent;
import org.apache.camel.spring.boot.ComponentConfigurationProperties;
import org.apache.camel.undertow.spring.boot.providers.AbstractProviderConfiguration;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.AutoConfigureAfter;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.boot.web.servlet.DelegatingFilterProxyRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.oauth2.client.InMemoryOAuth2AuthorizedClientService;
import org.springframework.security.oauth2.client.OAuth2AuthorizedClientService;
import org.springframework.security.oauth2.client.registration.ClientRegistration;
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
import org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository;
import org.springframework.security.oauth2.jwt.JwtDecoder;
import org.springframework.security.oauth2.jwt.NimbusJwtDecoder;

@EnableConfigurationProperties({ComponentConfigurationProperties.class, UndertowSpringSecurityConfiguration.class})
@Configuration(proxyBeanMethods = false)
@AutoConfigureAfter({UndertowSpringSecurityConfiguration.class})
/* loaded from: input_file:org/apache/camel/undertow/spring/boot/UndertowSpringSecurityAutoConfiguration.class */
public class UndertowSpringSecurityAutoConfiguration {
    private AbstractProviderConfiguration provider;
    private ClientRegistration clientRegistration;

    @Autowired
    private UndertowSpringSecurityConfiguration configuration;

    @Autowired
    private DelegatingFilterProxyRegistrationBean delegatingFilterProxyRegistrationBean;

    @EnableWebSecurity
    /* loaded from: input_file:org/apache/camel/undertow/spring/boot/UndertowSpringSecurityAutoConfiguration$OAuth2LoginSecurityConfig.class */
    public class OAuth2LoginSecurityConfig extends WebSecurityConfigurerAdapter {
        public OAuth2LoginSecurityConfig() {
        }

        public void init(WebSecurity webSecurity) throws Exception {
            super.init(webSecurity);
        }

        protected void configure(HttpSecurity httpSecurity) throws Exception {
            ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and().authorizeRequests().anyRequest()).authenticated().and().oauth2ResourceServer().jwt().jwtAuthenticationConverter(UndertowSpringSecurityAutoConfiguration.this.getProvider().getJwtAuthenticationConverter());
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/camel/undertow/spring/boot/UndertowSpringSecurityAutoConfiguration$ProviderType.class */
    public enum ProviderType {
        keycloak
    }

    @Bean
    public JwtDecoder jwtDecoderByIssuerUri() {
        NimbusJwtDecoder build = NimbusJwtDecoder.withJwkSetUri(getClientRegistration().getProviderDetails().getJwkSetUri()).build();
        build.setClaimSetConverter(new KeycloakUsernameSubClaimAdapter(getProvider().getUserNameAttribute()));
        return build;
    }

    @Bean
    public ClientRegistrationRepository clientRegistrationRepository() {
        return new InMemoryClientRegistrationRepository(Collections.singletonList(getClientRegistration()));
    }

    @Bean
    public OAuth2AuthorizedClientService authorizedClientService(ClientRegistrationRepository clientRegistrationRepository) {
        return new InMemoryOAuth2AuthorizedClientService(clientRegistrationRepository);
    }

    @Bean
    public SpringSecurityConfiguration securityConfiguration(UndertowComponent undertowComponent) {
        SpringSecurityConfiguration springSecurityConfiguration = () -> {
            return this.delegatingFilterProxyRegistrationBean.getFilter();
        };
        undertowComponent.setSecurityConfiguration(springSecurityConfiguration);
        return springSecurityConfiguration;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public AbstractProviderConfiguration getProvider() {
        if (this.provider == null) {
            LinkedList linkedList = new LinkedList();
            if (this.configuration.getKeycloak() != null) {
                linkedList.add(this.configuration.getKeycloak());
            }
            if (linkedList.isEmpty()) {
                throw new IllegalArgumentException(String.format("Properties camel.component.undertow.spring.security.provider.* are not defined. Allowed providers are (%s)", ProviderType.values()));
            }
            if (linkedList.size() > 1) {
                throw new IllegalArgumentException(String.format("Two or more providers are defined (%s)", linkedList));
            }
            this.provider = (AbstractProviderConfiguration) linkedList.getFirst();
        }
        return this.provider;
    }

    private ClientRegistration getClientRegistration() {
        if (this.clientRegistration == null) {
            try {
                this.clientRegistration = getProvider().getClientRegistration();
            } catch (URISyntaxException e) {
                throw new IllegalArgumentException("Client url is not correct.", e);
            }
        }
        return this.clientRegistration;
    }
}
