package org.eclipse.hawkbit.amqp;

import com.google.common.collect.Lists;
import java.util.Iterator;
import java.util.List;
import javax.annotation.PostConstruct;
import org.eclipse.hawkbit.dmf.json.model.TenantSecurityToken;
import org.eclipse.hawkbit.im.authentication.TenantAwareAuthenticationDetails;
import org.eclipse.hawkbit.repository.ControllerManagement;
import org.eclipse.hawkbit.repository.SystemManagement;
import org.eclipse.hawkbit.repository.TenantConfigurationManagement;
import org.eclipse.hawkbit.security.ControllerPreAuthenticateSecurityTokenFilter;
import org.eclipse.hawkbit.security.ControllerPreAuthenticatedAnonymousDownload;
import org.eclipse.hawkbit.security.ControllerPreAuthenticatedAnonymousFilter;
import org.eclipse.hawkbit.security.ControllerPreAuthenticatedGatewaySecurityTokenFilter;
import org.eclipse.hawkbit.security.ControllerPreAuthenticatedSecurityHeaderFilter;
import org.eclipse.hawkbit.security.DdiSecurityProperties;
import org.eclipse.hawkbit.security.HeaderAuthentication;
import org.eclipse.hawkbit.security.PreAuthTokenSourceTrustAuthenticationProvider;
import org.eclipse.hawkbit.security.PreAuthentificationFilter;
import org.eclipse.hawkbit.security.SystemSecurityContext;
import org.eclipse.hawkbit.tenancy.TenantAware;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken;

/* loaded from: input_file:BOOT-INF/lib/hawkbit-dmf-amqp-0.2.0M3.jar:org/eclipse/hawkbit/amqp/AmqpControllerAuthentication.class */
public class AmqpControllerAuthentication {
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) AmqpControllerAuthentication.class);
    private final PreAuthTokenSourceTrustAuthenticationProvider preAuthenticatedAuthenticationProvider = new PreAuthTokenSourceTrustAuthenticationProvider();
    private List<PreAuthentificationFilter> filterChain;
    private final ControllerManagement controllerManagement;
    private final SystemManagement systemManagement;
    private final TenantConfigurationManagement tenantConfigurationManagement;
    private final TenantAware tenantAware;
    private final DdiSecurityProperties ddiSecruityProperties;
    private final SystemSecurityContext systemSecurityContext;

    public AmqpControllerAuthentication(SystemManagement systemManagement, ControllerManagement controllerManagement, TenantConfigurationManagement tenantConfigurationManagement, TenantAware tenantAware, DdiSecurityProperties ddiSecurityProperties, SystemSecurityContext systemSecurityContext) {
        this.controllerManagement = controllerManagement;
        this.systemManagement = systemManagement;
        this.tenantConfigurationManagement = tenantConfigurationManagement;
        this.tenantAware = tenantAware;
        this.ddiSecruityProperties = ddiSecurityProperties;
        this.systemSecurityContext = systemSecurityContext;
    }

    @PostConstruct
    public void postConstruct() {
        addFilter();
    }

    private void addFilter() {
        this.filterChain = Lists.newArrayListWithExpectedSize(5);
        this.filterChain.add(new ControllerPreAuthenticatedGatewaySecurityTokenFilter(this.tenantConfigurationManagement, this.tenantAware, this.systemSecurityContext));
        this.filterChain.add(new ControllerPreAuthenticatedSecurityHeaderFilter(this.ddiSecruityProperties.getRp().getCnHeader(), this.ddiSecruityProperties.getRp().getSslIssuerHashHeader(), this.tenantConfigurationManagement, this.tenantAware, this.systemSecurityContext));
        this.filterChain.add(new ControllerPreAuthenticateSecurityTokenFilter(this.tenantConfigurationManagement, this.controllerManagement, this.tenantAware, this.systemSecurityContext));
        this.filterChain.add(new ControllerPreAuthenticatedAnonymousDownload(this.tenantConfigurationManagement, this.tenantAware, this.systemSecurityContext));
        this.filterChain.add(new ControllerPreAuthenticatedAnonymousFilter(this.ddiSecruityProperties));
    }

    public Authentication doAuthenticate(TenantSecurityToken tenantSecurityToken) {
        resolveTenant(tenantSecurityToken);
        PreAuthenticatedAuthenticationToken preAuthenticatedAuthenticationToken = new PreAuthenticatedAuthenticationToken(null, null);
        Iterator<PreAuthentificationFilter> it = this.filterChain.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            PreAuthenticatedAuthenticationToken createAuthentication = createAuthentication(it.next(), tenantSecurityToken);
            if (createAuthentication != null) {
                preAuthenticatedAuthenticationToken = createAuthentication;
                preAuthenticatedAuthenticationToken.setDetails(new TenantAwareAuthenticationDetails(tenantSecurityToken.getTenant(), true));
                break;
            }
        }
        return this.preAuthenticatedAuthenticationProvider.authenticate(preAuthenticatedAuthenticationToken);
    }

    private void resolveTenant(TenantSecurityToken tenantSecurityToken) {
        if (tenantSecurityToken.getTenant() == null) {
            tenantSecurityToken.setTenant((String) this.systemSecurityContext.runAsSystem(() -> {
                return this.systemManagement.getTenantMetadata(tenantSecurityToken.getTenantId()).getTenant();
            }));
        }
    }

    private static PreAuthenticatedAuthenticationToken createAuthentication(PreAuthentificationFilter preAuthentificationFilter, TenantSecurityToken tenantSecurityToken) {
        if (!preAuthentificationFilter.isEnable(tenantSecurityToken)) {
            return null;
        }
        HeaderAuthentication preAuthenticatedPrincipal = preAuthentificationFilter.getPreAuthenticatedPrincipal(tenantSecurityToken);
        Object preAuthenticatedCredentials = preAuthentificationFilter.getPreAuthenticatedCredentials(tenantSecurityToken);
        if (preAuthenticatedPrincipal == null) {
            LOGGER.debug("No pre-authenticated principal found in message");
            return null;
        }
        LOGGER.debug("preAuthenticatedPrincipal = {} trying to authenticate", preAuthenticatedPrincipal);
        return new PreAuthenticatedAuthenticationToken(preAuthenticatedPrincipal, preAuthenticatedCredentials);
    }
}
