package org.appng.core.controller.filter;

import java.io.IOException;
import java.security.Principal;
import java.util.ArrayList;
import java.util.List;
import java.util.stream.Collectors;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import org.appng.api.Platform;
import org.appng.api.Scope;
import org.appng.api.model.Properties;
import org.appng.api.support.environment.DefaultEnvironment;
import org.appng.core.service.CoreService;
import org.keycloak.KeycloakPrincipal;
import org.keycloak.representations.AccessToken;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.context.ApplicationContext;

/* loaded from: input_file:WEB-INF/lib/appng-core-1.24.5-SNAPSHOT.jar:org/appng/core/controller/filter/KeycloakLoginFilter.class */
public class KeycloakLoginFilter implements Filter {
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) KeycloakLoginFilter.class);
    private String groupPrefix;
    private String claimName;
    private String securityRole;
    private ApplicationContext appngContext;

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        DefaultEnvironment defaultEnvironment = DefaultEnvironment.get(((HttpServletRequest) servletRequest).getSession());
        Principal userPrincipal = ((HttpServletRequest) servletRequest).getUserPrincipal();
        if (!defaultEnvironment.isSubjectAuthenticated() && null != userPrincipal && KeycloakPrincipal.class.isAssignableFrom(userPrincipal.getClass())) {
            AccessToken token = ((KeycloakPrincipal) KeycloakPrincipal.class.cast(userPrincipal)).getKeycloakSecurityContext().getToken();
            List<String> extractGroupNames = extractGroupNames(token);
            String preferredUsername = token.getPreferredUsername();
            if (extractGroupNames.isEmpty()) {
                getCoreService().loginByUserName(defaultEnvironment, preferredUsername);
                LOGGER.info("Logging in {}", preferredUsername);
            } else {
                boolean loginUserWithGroups = getCoreService().loginUserWithGroups(defaultEnvironment, preferredUsername, token.getEmail(), token.getGivenName() + " " + token.getFamilyName(), extractGroupNames);
                Logger logger = LOGGER;
                Object[] objArr = new Object[3];
                objArr[0] = preferredUsername;
                objArr[1] = extractGroupNames;
                objArr[2] = loginUserWithGroups ? "succeeded" : "failed";
                logger.info("Logging in {} with groups {} {}.", objArr);
            }
        }
        filterChain.doFilter(servletRequest, servletResponse);
    }

    private CoreService getCoreService() {
        return (CoreService) this.appngContext.getBean(CoreService.class);
    }

    private List<String> extractGroupNames(AccessToken accessToken) {
        List list = (List) accessToken.getOtherClaims().get(this.claimName);
        return null != list ? (List) list.stream().filter(str -> {
            return !str.equals(this.securityRole);
        }).map(str2 -> {
            return str2.replace(this.groupPrefix, "");
        }).collect(Collectors.toList()) : new ArrayList();
    }

    public void init(FilterConfig filterConfig) throws ServletException {
        DefaultEnvironment defaultEnvironment = DefaultEnvironment.get(filterConfig.getServletContext());
        Properties properties = (Properties) defaultEnvironment.getAttribute(Scope.PLATFORM, Platform.Environment.PLATFORM_CONFIG);
        this.claimName = properties.getString(Platform.Property.KEYCLOAK_GROUP_CLAIM_NAME, "appNG Groups");
        this.groupPrefix = properties.getString(Platform.Property.KEYCLOAK_GROUP_PREFIX, "appng_");
        this.securityRole = properties.getString(Platform.Property.KEYCLOAK_SECURITY_ROLE, "appNG Keycloak User");
        this.appngContext = (ApplicationContext) defaultEnvironment.getAttribute(Scope.PLATFORM, Platform.Environment.CORE_PLATFORM_CONTEXT);
    }

    public void destroy() {
    }
}
