package org.eclipse.hawkbit.autoconfigure.security;

import java.io.IOException;
import java.util.Set;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletResponse;
import org.eclipse.hawkbit.im.authentication.TenantAwareAuthenticationDetails;
import org.eclipse.hawkbit.im.authentication.UserAuthenticationFilter;
import org.eclipse.hawkbit.repository.SystemManagement;
import org.eclipse.hawkbit.security.SystemSecurityContext;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken;
import org.springframework.security.oauth2.client.registration.ClientRegistration;
import org.springframework.security.oauth2.core.oidc.OidcIdToken;
import org.springframework.security.oauth2.core.oidc.OidcUserInfo;
import org.springframework.security.oauth2.core.oidc.user.DefaultOidcUser;
import org.springframework.security.oauth2.jwt.Jwt;
import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken;

/* compiled from: OidcUserManagementAutoConfiguration.java */
/* loaded from: input_file:BOOT-INF/lib/hawkbit-autoconfigure-0.3.0M6.jar:org/eclipse/hawkbit/autoconfigure/security/OidcBearerTokenAuthenticationFilter.class */
class OidcBearerTokenAuthenticationFilter implements UserAuthenticationFilter, Filter {

    @Autowired
    private JwtAuthoritiesExtractor authoritiesExtractor;

    @Autowired
    private SystemManagement systemManagement;

    @Autowired
    private SystemSecurityContext systemSecurityContext;
    private ClientRegistration clientRegistration;

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setClientRegistration(ClientRegistration clientRegistration) {
        this.clientRegistration = clientRegistration;
    }

    @Override // org.eclipse.hawkbit.im.authentication.UserAuthenticationFilter, javax.servlet.Filter
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (authentication instanceof JwtAuthenticationToken) {
            Jwt token = ((JwtAuthenticationToken) authentication).getToken();
            OidcIdToken oidcIdToken = new OidcIdToken(token.getTokenValue(), token.getIssuedAt(), token.getExpiresAt(), token.getClaims());
            OidcUserInfo oidcUserInfo = new OidcUserInfo(token.getClaims());
            Set<GrantedAuthority> extract = this.authoritiesExtractor.extract(this.clientRegistration.getClientId(), token.getClaims());
            if (extract.isEmpty()) {
                ((HttpServletResponse) servletResponse).sendError(403);
                return;
            }
            OAuth2AuthenticationToken oAuth2AuthenticationToken = new OAuth2AuthenticationToken(new DefaultOidcUser(extract, oidcIdToken, oidcUserInfo), extract, this.clientRegistration.getRegistrationId());
            oAuth2AuthenticationToken.setDetails(new TenantAwareAuthenticationDetails("DEFAULT", false));
            SystemSecurityContext systemSecurityContext = this.systemSecurityContext;
            SystemManagement systemManagement = this.systemManagement;
            systemManagement.getClass();
            systemSecurityContext.runAsSystemAsTenant(systemManagement::getTenantMetadata, "DEFAULT");
            SecurityContextHolder.getContext().setAuthentication(oAuth2AuthenticationToken);
        }
        filterChain.doFilter(servletRequest, servletResponse);
    }

    @Override // org.eclipse.hawkbit.im.authentication.UserAuthenticationFilter, javax.servlet.Filter
    public void init(FilterConfig filterConfig) {
    }

    @Override // org.eclipse.hawkbit.im.authentication.UserAuthenticationFilter, javax.servlet.Filter
    public void destroy() {
    }
}
