package org.keycloak.adapters.springboot;

import io.undertow.servlet.api.DeploymentInfo;
import io.undertow.servlet.api.WebResourceCollection;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import org.apache.catalina.Context;
import org.apache.tomcat.util.descriptor.web.LoginConfig;
import org.apache.tomcat.util.descriptor.web.SecurityCollection;
import org.apache.tomcat.util.descriptor.web.SecurityConstraint;
import org.eclipse.jetty.security.ConstraintMapping;
import org.eclipse.jetty.security.ConstraintSecurityHandler;
import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.util.security.Constraint;
import org.eclipse.jetty.webapp.WebAppContext;
import org.keycloak.adapters.jetty.KeycloakJettyAuthenticator;
import org.keycloak.adapters.springboot.KeycloakSpringBootProperties;
import org.keycloak.adapters.tomcat.KeycloakAuthenticatorValve;
import org.keycloak.adapters.undertow.KeycloakServletExtension;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication;
import org.springframework.boot.context.embedded.ConfigurableEmbeddedServletContainer;
import org.springframework.boot.context.embedded.EmbeddedServletContainerCustomizer;
import org.springframework.boot.context.embedded.jetty.JettyEmbeddedServletContainerFactory;
import org.springframework.boot.context.embedded.jetty.JettyServerCustomizer;
import org.springframework.boot.context.embedded.tomcat.TomcatContextCustomizer;
import org.springframework.boot.context.embedded.tomcat.TomcatEmbeddedServletContainerFactory;
import org.springframework.boot.context.embedded.undertow.UndertowDeploymentInfoCustomizer;
import org.springframework.boot.context.embedded.undertow.UndertowEmbeddedServletContainerFactory;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

@EnableConfigurationProperties({KeycloakSpringBootProperties.class})
@Configuration
@ConditionalOnProperty(value = {"keycloak.enabled"}, matchIfMissing = true)
@ConditionalOnWebApplication
/* loaded from: input_file:BOOT-INF/lib/keycloak-spring-boot-adapter-3.4.3.Final.jar:org/keycloak/adapters/springboot/KeycloakAutoConfiguration.class */
public class KeycloakAutoConfiguration {
    private KeycloakSpringBootProperties keycloakProperties;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:BOOT-INF/lib/keycloak-spring-boot-adapter-3.4.3.Final.jar:org/keycloak/adapters/springboot/KeycloakAutoConfiguration$KeycloakJettyServerCustomizer.class */
    public static class KeycloakJettyServerCustomizer implements JettyServerCustomizer {
        private final KeycloakSpringBootProperties keycloakProperties;

        public KeycloakJettyServerCustomizer(KeycloakSpringBootProperties keycloakSpringBootProperties) {
            this.keycloakProperties = keycloakSpringBootProperties;
        }

        @Override // org.springframework.boot.context.embedded.jetty.JettyServerCustomizer
        public void customize(Server server) {
            KeycloakJettyAuthenticator keycloakJettyAuthenticator = new KeycloakJettyAuthenticator();
            keycloakJettyAuthenticator.setConfigResolver(new KeycloakSpringBootConfigResolver());
            ArrayList arrayList = new ArrayList();
            for (KeycloakSpringBootProperties.SecurityConstraint securityConstraint : this.keycloakProperties.getSecurityConstraints()) {
                for (KeycloakSpringBootProperties.SecurityCollection securityCollection : securityConstraint.getSecurityCollections()) {
                    Constraint constraint = new Constraint();
                    if (securityConstraint.getAuthRoles().size() > 0) {
                        constraint.setAuthenticate(true);
                        constraint.setRoles((String[]) securityConstraint.getAuthRoles().toArray(new String[0]));
                    }
                    constraint.setName(securityCollection.getName());
                    for (String str : securityCollection.getPatterns()) {
                        if (securityCollection.getMethods().size() > 0) {
                            for (String str2 : securityCollection.getMethods()) {
                                ConstraintMapping constraintMapping = new ConstraintMapping();
                                arrayList.add(constraintMapping);
                                constraintMapping.setConstraint(constraint);
                                constraintMapping.setPathSpec(str);
                                constraintMapping.setMethod(str2);
                            }
                        } else if (securityCollection.getOmittedMethods().size() > 0) {
                            ConstraintMapping constraintMapping2 = new ConstraintMapping();
                            arrayList.add(constraintMapping2);
                            constraintMapping2.setConstraint(constraint);
                            constraintMapping2.setPathSpec(str);
                            constraintMapping2.setMethodOmissions((String[]) securityCollection.getOmittedMethods().toArray(new String[0]));
                        } else {
                            ConstraintMapping constraintMapping3 = new ConstraintMapping();
                            arrayList.add(constraintMapping3);
                            constraintMapping3.setConstraint(constraint);
                            constraintMapping3.setPathSpec(str);
                        }
                    }
                }
            }
            WebAppContext webAppContext = (WebAppContext) server.getBean(WebAppContext.class);
            if (webAppContext == null) {
                webAppContext = (WebAppContext) server.getHandler();
            }
            ConstraintSecurityHandler constraintSecurityHandler = new ConstraintSecurityHandler();
            constraintSecurityHandler.setConstraintMappings(arrayList);
            constraintSecurityHandler.setAuthenticator(keycloakJettyAuthenticator);
            webAppContext.setSecurityHandler(constraintSecurityHandler);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:BOOT-INF/lib/keycloak-spring-boot-adapter-3.4.3.Final.jar:org/keycloak/adapters/springboot/KeycloakAutoConfiguration$KeycloakTomcatContextCustomizer.class */
    public static class KeycloakTomcatContextCustomizer implements TomcatContextCustomizer {
        private final KeycloakSpringBootProperties keycloakProperties;

        public KeycloakTomcatContextCustomizer(KeycloakSpringBootProperties keycloakSpringBootProperties) {
            this.keycloakProperties = keycloakSpringBootProperties;
        }

        @Override // org.springframework.boot.context.embedded.tomcat.TomcatContextCustomizer
        public void customize(Context context) {
            LoginConfig loginConfig = new LoginConfig();
            loginConfig.setAuthMethod("KEYCLOAK");
            context.setLoginConfig(loginConfig);
            HashSet hashSet = new HashSet();
            Iterator<KeycloakSpringBootProperties.SecurityConstraint> it = this.keycloakProperties.getSecurityConstraints().iterator();
            while (it.hasNext()) {
                for (String str : it.next().getAuthRoles()) {
                    if (!hashSet.contains(str)) {
                        context.addSecurityRole(str);
                        hashSet.add(str);
                    }
                }
            }
            for (KeycloakSpringBootProperties.SecurityConstraint securityConstraint : this.keycloakProperties.getSecurityConstraints()) {
                SecurityConstraint securityConstraint2 = new SecurityConstraint();
                for (String str2 : securityConstraint.getAuthRoles()) {
                    securityConstraint2.addAuthRole(str2);
                    if (str2.equals("*") || str2.equals(SecurityConstraint.ROLE_ALL_AUTHENTICATED_USERS)) {
                        securityConstraint2.setAuthConstraint(true);
                    }
                }
                for (KeycloakSpringBootProperties.SecurityCollection securityCollection : securityConstraint.getSecurityCollections()) {
                    SecurityCollection securityCollection2 = new SecurityCollection();
                    if (securityCollection.getName() != null) {
                        securityCollection2.setName(securityCollection.getName());
                    }
                    if (securityCollection.getDescription() != null) {
                        securityCollection2.setDescription(securityCollection.getDescription());
                    }
                    Iterator<String> it2 = securityCollection.getPatterns().iterator();
                    while (it2.hasNext()) {
                        securityCollection2.addPattern(it2.next());
                    }
                    Iterator<String> it3 = securityCollection.getMethods().iterator();
                    while (it3.hasNext()) {
                        securityCollection2.addMethod(it3.next());
                    }
                    Iterator<String> it4 = securityCollection.getOmittedMethods().iterator();
                    while (it4.hasNext()) {
                        securityCollection2.addOmittedMethod(it4.next());
                    }
                    securityConstraint2.addCollection(securityCollection2);
                }
                context.addConstraint(securityConstraint2);
            }
            context.addParameter("keycloak.config.resolver", KeycloakSpringBootConfigResolver.class.getName());
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:BOOT-INF/lib/keycloak-spring-boot-adapter-3.4.3.Final.jar:org/keycloak/adapters/springboot/KeycloakAutoConfiguration$KeycloakUndertowDeploymentInfoCustomizer.class */
    public static class KeycloakUndertowDeploymentInfoCustomizer implements UndertowDeploymentInfoCustomizer {
        private final KeycloakSpringBootProperties keycloakProperties;

        public KeycloakUndertowDeploymentInfoCustomizer(KeycloakSpringBootProperties keycloakSpringBootProperties) {
            this.keycloakProperties = keycloakSpringBootProperties;
        }

        @Override // org.springframework.boot.context.embedded.undertow.UndertowDeploymentInfoCustomizer
        public void customize(DeploymentInfo deploymentInfo) {
            io.undertow.servlet.api.LoginConfig loginConfig = new io.undertow.servlet.api.LoginConfig(this.keycloakProperties.getRealm());
            loginConfig.addFirstAuthMethod("KEYCLOAK");
            deploymentInfo.setLoginConfig(loginConfig);
            deploymentInfo.addInitParameter("keycloak.config.resolver", KeycloakSpringBootConfigResolver.class.getName());
            deploymentInfo.addSecurityConstraints(getSecurityConstraints());
            deploymentInfo.addServletExtension(new KeycloakServletExtension());
        }

        private List<io.undertow.servlet.api.SecurityConstraint> getSecurityConstraints() {
            ArrayList arrayList = new ArrayList();
            for (KeycloakSpringBootProperties.SecurityConstraint securityConstraint : this.keycloakProperties.getSecurityConstraints()) {
                io.undertow.servlet.api.SecurityConstraint securityConstraint2 = new io.undertow.servlet.api.SecurityConstraint();
                securityConstraint2.addRolesAllowed(securityConstraint.getAuthRoles());
                for (KeycloakSpringBootProperties.SecurityCollection securityCollection : securityConstraint.getSecurityCollections()) {
                    WebResourceCollection webResourceCollection = new WebResourceCollection();
                    webResourceCollection.addHttpMethods(securityCollection.getMethods());
                    webResourceCollection.addHttpMethodOmissions(securityCollection.getOmittedMethods());
                    webResourceCollection.addUrlPatterns(securityCollection.getPatterns());
                    securityConstraint2.addWebResourceCollections(new WebResourceCollection[]{webResourceCollection});
                }
                arrayList.add(securityConstraint2);
            }
            return arrayList;
        }
    }

    @Autowired
    public void setKeycloakSpringBootProperties(KeycloakSpringBootProperties keycloakSpringBootProperties) {
        this.keycloakProperties = keycloakSpringBootProperties;
        KeycloakSpringBootConfigResolver.setAdapterConfig(keycloakSpringBootProperties);
    }

    @Bean
    public EmbeddedServletContainerCustomizer getKeycloakContainerCustomizer() {
        return new EmbeddedServletContainerCustomizer() { // from class: org.keycloak.adapters.springboot.KeycloakAutoConfiguration.1
            @Override // org.springframework.boot.context.embedded.EmbeddedServletContainerCustomizer
            public void customize(ConfigurableEmbeddedServletContainer configurableEmbeddedServletContainer) {
                if (configurableEmbeddedServletContainer instanceof TomcatEmbeddedServletContainerFactory) {
                    TomcatEmbeddedServletContainerFactory tomcatEmbeddedServletContainerFactory = (TomcatEmbeddedServletContainerFactory) configurableEmbeddedServletContainer;
                    tomcatEmbeddedServletContainerFactory.addContextValves(new KeycloakAuthenticatorValve());
                    tomcatEmbeddedServletContainerFactory.addContextCustomizers(KeycloakAutoConfiguration.this.tomcatKeycloakContextCustomizer());
                } else if (configurableEmbeddedServletContainer instanceof UndertowEmbeddedServletContainerFactory) {
                    ((UndertowEmbeddedServletContainerFactory) configurableEmbeddedServletContainer).addDeploymentInfoCustomizers(KeycloakAutoConfiguration.this.undertowKeycloakContextCustomizer());
                } else if (configurableEmbeddedServletContainer instanceof JettyEmbeddedServletContainerFactory) {
                    ((JettyEmbeddedServletContainerFactory) configurableEmbeddedServletContainer).addServerCustomizers(KeycloakAutoConfiguration.this.jettyKeycloakServerCustomizer());
                }
            }
        };
    }

    @ConditionalOnClass(name = {"org.eclipse.jetty.webapp.WebAppContext"})
    @Bean
    public JettyServerCustomizer jettyKeycloakServerCustomizer() {
        return new KeycloakJettyServerCustomizer(this.keycloakProperties);
    }

    @ConditionalOnClass(name = {"org.apache.catalina.startup.Tomcat"})
    @Bean
    public TomcatContextCustomizer tomcatKeycloakContextCustomizer() {
        return new KeycloakTomcatContextCustomizer(this.keycloakProperties);
    }

    @ConditionalOnClass(name = {"io.undertow.Undertow"})
    @Bean
    public UndertowDeploymentInfoCustomizer undertowKeycloakContextCustomizer() {
        return new KeycloakUndertowDeploymentInfoCustomizer(this.keycloakProperties);
    }
}
