package org.apache.druid.security.pac4j;

import com.fasterxml.jackson.annotation.JacksonInject;
import com.fasterxml.jackson.annotation.JsonCreator;
import com.fasterxml.jackson.annotation.JsonProperty;
import com.fasterxml.jackson.annotation.JsonTypeName;
import com.google.common.base.Supplier;
import com.google.common.base.Suppliers;
import com.google.common.primitives.Ints;
import com.google.inject.Provider;
import com.nimbusds.oauth2.sdk.http.HTTPRequest;
import java.util.EnumSet;
import java.util.Map;
import javax.annotation.Nullable;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.servlet.DispatcherType;
import javax.servlet.Filter;
import org.apache.druid.server.security.AuthenticationResult;
import org.apache.druid.server.security.Authenticator;
import org.pac4j.core.config.Config;
import org.pac4j.core.http.callback.NoParameterCallbackUrlResolver;
import org.pac4j.core.http.url.DefaultUrlResolver;
import org.pac4j.oidc.client.OidcClient;
import org.pac4j.oidc.config.OidcConfiguration;

@JsonTypeName("pac4j")
/* loaded from: input_file:org/apache/druid/security/pac4j/Pac4jAuthenticator.class */
public class Pac4jAuthenticator implements Authenticator {
    private final String name;
    private final String authorizerName;
    private final Supplier<Config> pac4jConfigSupplier;
    private final Pac4jCommonConfig pac4jCommonConfig;
    private final SSLSocketFactory sslSocketFactory;

    @JsonCreator
    public Pac4jAuthenticator(@JsonProperty("name") String str, @JsonProperty("authorizerName") String str2, @JacksonInject Pac4jCommonConfig pac4jCommonConfig, @JacksonInject OIDCConfig oIDCConfig, @JacksonInject Provider<SSLContext> provider) {
        this.name = str;
        this.authorizerName = str2;
        this.pac4jCommonConfig = pac4jCommonConfig;
        if (pac4jCommonConfig.isEnableCustomSslContext()) {
            this.sslSocketFactory = ((SSLContext) provider.get()).getSocketFactory();
        } else {
            this.sslSocketFactory = null;
        }
        this.pac4jConfigSupplier = Suppliers.memoize(() -> {
            return createPac4jConfig(oIDCConfig);
        });
    }

    public Filter getFilter() {
        return new Pac4jFilter(this.name, this.authorizerName, (Config) this.pac4jConfigSupplier.get(), this.pac4jCommonConfig.getCookiePassphrase().getPassword());
    }

    public String getAuthChallengeHeader() {
        return null;
    }

    @Nullable
    public AuthenticationResult authenticateJDBCContext(Map<String, Object> map) {
        return null;
    }

    public Class<? extends Filter> getFilterClass() {
        return null;
    }

    public Map<String, String> getInitParameters() {
        return null;
    }

    public String getPath() {
        return "/*";
    }

    public EnumSet<DispatcherType> getDispatcherType() {
        return null;
    }

    private Config createPac4jConfig(OIDCConfig oIDCConfig) {
        OidcConfiguration oidcConfiguration = new OidcConfiguration();
        oidcConfiguration.setClientId(oIDCConfig.getClientID());
        oidcConfiguration.setSecret(oIDCConfig.getClientSecret().getPassword());
        oidcConfiguration.setDiscoveryURI(oIDCConfig.getDiscoveryURI());
        oidcConfiguration.setExpireSessionWithToken(true);
        oidcConfiguration.setUseNonce(true);
        oidcConfiguration.setReadTimeout(Ints.checkedCast(this.pac4jCommonConfig.getReadTimeout().getMillis()));
        oidcConfiguration.setResourceRetriever(new CustomSSLResourceRetriever(this.pac4jCommonConfig.getReadTimeout().getMillis(), this.sslSocketFactory));
        OidcClient oidcClient = new OidcClient(oidcConfiguration);
        oidcClient.setUrlResolver(new DefaultUrlResolver(true));
        oidcClient.setCallbackUrlResolver(new NoParameterCallbackUrlResolver());
        if (this.sslSocketFactory != null) {
            HTTPRequest.setDefaultSSLSocketFactory(this.sslSocketFactory);
        }
        return new Config(Pac4jCallbackResource.SELF_URL, oidcClient);
    }
}
