package org.apache.atlas.web.security;

import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.apache.atlas.ApplicationProperties;
import org.apache.commons.configuration.Configuration;
import org.keycloak.adapters.springsecurity.authentication.KeycloakAuthenticationProvider;
import org.keycloak.adapters.springsecurity.token.KeycloakAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:org/apache/atlas/web/security/AtlasKeycloakAuthenticationProvider.class */
public class AtlasKeycloakAuthenticationProvider extends AtlasAbstractAuthenticationProvider {
    private final boolean groupsFromUGI;
    private final String groupsClaim;
    private final KeycloakAuthenticationProvider keycloakAuthenticationProvider = new KeycloakAuthenticationProvider();

    public AtlasKeycloakAuthenticationProvider() throws Exception {
        Configuration configuration = ApplicationProperties.get();
        this.groupsFromUGI = configuration.getBoolean("atlas.authentication.method.keycloak.ugi-groups", true);
        this.groupsClaim = configuration.getString("atlas.authentication.method.keycloak.groups_claim");
    }

    public Authentication authenticate(Authentication authentication) {
        Authentication authenticate = this.keycloakAuthenticationProvider.authenticate(authentication);
        if (this.groupsFromUGI) {
            KeycloakAuthenticationToken keycloakAuthenticationToken = (KeycloakAuthenticationToken) authenticate;
            authenticate = new KeycloakAuthenticationToken(keycloakAuthenticationToken.getAccount(), keycloakAuthenticationToken.isInteractive(), getAuthoritiesFromUGI(authenticate.getName()));
        } else if (this.groupsClaim != null) {
            KeycloakAuthenticationToken keycloakAuthenticationToken2 = (KeycloakAuthenticationToken) authenticate;
            Map otherClaims = keycloakAuthenticationToken2.getAccount().getKeycloakSecurityContext().getToken().getOtherClaims();
            if (otherClaims.containsKey(this.groupsClaim)) {
                List list = (List) otherClaims.get(this.groupsClaim);
                ArrayList arrayList = new ArrayList();
                Iterator it = list.iterator();
                while (it.hasNext()) {
                    arrayList.add(new SimpleGrantedAuthority((String) it.next()));
                }
                authenticate = new KeycloakAuthenticationToken(keycloakAuthenticationToken2.getAccount(), keycloakAuthenticationToken2.isInteractive(), arrayList);
            }
        }
        return authenticate;
    }

    @Override // org.apache.atlas.web.security.AtlasAbstractAuthenticationProvider
    public boolean supports(Class<?> cls) {
        return this.keycloakAuthenticationProvider.supports(cls);
    }
}
