package org.apache.camel.component.spring.security;

import io.undertow.server.HttpServerExchange;
import io.undertow.servlet.handlers.ServletRequestContext;
import io.undertow.util.AttachmentKey;
import java.util.Iterator;
import java.util.List;
import java.util.function.BiConsumer;
import javax.servlet.Filter;
import org.apache.camel.component.undertow.spi.UndertowSecurityProvider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken;

/* loaded from: input_file:org/apache/camel/component/spring/security/SpringSecurityProvider.class */
public class SpringSecurityProvider implements UndertowSecurityProvider {
    public static final String PRINCIPAL_NAME_HEADER = SpringSecurityProvider.class.getName() + "_principal";
    private static final Logger LOG = LoggerFactory.getLogger(SpringSecurityProvider.class);
    private static final AttachmentKey<String> PRINCIPAL_NAME_KEY = AttachmentKey.create(String.class);
    private Filter securityFilter;

    @Override // org.apache.camel.component.undertow.spi.UndertowSecurityProvider
    public void addHeader(BiConsumer<String, Object> biConsumer, HttpServerExchange httpServerExchange) throws Exception {
        biConsumer.accept(PRINCIPAL_NAME_HEADER, (String) httpServerExchange.getAttachment(PRINCIPAL_NAME_KEY));
    }

    @Override // org.apache.camel.component.undertow.spi.UndertowSecurityProvider
    public int authenticate(HttpServerExchange httpServerExchange, List<String> list) throws Exception {
        ServletRequestContext servletRequestContext = (ServletRequestContext) httpServerExchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY);
        this.securityFilter.doFilter(servletRequestContext.getServletRequest(), servletRequestContext.getServletResponse(), (servletRequest, servletResponse) -> {
            Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
            if (authentication instanceof JwtAuthenticationToken) {
                LOG.debug("Authentication token is present.");
                boolean z = false;
                Iterator<GrantedAuthority> it = ((JwtAuthenticationToken) authentication).getAuthorities().iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    if (list.contains(it.next().getAuthority())) {
                        LOG.debug("Authenticated principal {} has authority to access resource.", ((JwtAuthenticationToken) authentication).getName());
                        z = true;
                        break;
                    }
                }
                if (z) {
                    httpServerExchange.putAttachment(PRINCIPAL_NAME_KEY, ((JwtAuthenticationToken) authentication).getName());
                    httpServerExchange.setStatusCode(200);
                    return;
                }
                LOG.debug("Authenticated principal {} doesn't have authority to access resource.", ((JwtAuthenticationToken) authentication).getName());
            } else {
                LOG.warn("Authentication token is not present. Access is FORBIDDEN.");
            }
            httpServerExchange.setStatusCode(403);
        });
        return httpServerExchange.getStatusCode();
    }

    @Override // org.apache.camel.component.undertow.spi.UndertowSecurityProvider
    public boolean acceptConfiguration(Object obj, String str) throws Exception {
        if (!(obj instanceof SpringSecurityConfiguration)) {
            return false;
        }
        this.securityFilter = ((SpringSecurityConfiguration) obj).getSecurityFilter();
        return true;
    }

    @Override // org.apache.camel.component.undertow.spi.UndertowSecurityProvider
    public boolean requireServletContext() {
        return true;
    }
}
