package com.appdirect.sdk.web.oauth;

import com.appdirect.sdk.appmarket.DeveloperSpecificAppmarketCredentialsSupplier;
import com.appdirect.sdk.appmarket.OAuth2CredentialsSupplier;
import com.appdirect.sdk.web.oauth.model.OpenIdCustomUrlPattern;
import java.util.ArrayList;
import java.util.Arrays;
import javax.servlet.Filter;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.http.HttpStatus;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.oauth.provider.ConsumerDetailsService;
import org.springframework.security.oauth.provider.OAuthProcessingFilterEntryPoint;
import org.springframework.security.oauth.provider.OAuthProviderSupport;
import org.springframework.security.oauth.provider.filter.CoreOAuthProviderSupport;
import org.springframework.security.oauth.provider.filter.ProtectedResourceProcessingFilter;
import org.springframework.security.oauth.provider.token.InMemorySelfCleaningProviderTokenServices;
import org.springframework.security.oauth.provider.token.OAuthProviderTokenServices;
import org.springframework.security.web.authentication.HttpStatusEntryPoint;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.header.HeaderWriterFilter;
import org.springframework.util.CollectionUtils;

@Configuration
@EnableWebSecurity
@Order(100)
/* loaded from: input_file:com/appdirect/sdk/web/oauth/SecurityConfiguration.class */
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
    private static final Logger log = LoggerFactory.getLogger(SecurityConfiguration.class);

    @Autowired
    private DeveloperSpecificAppmarketCredentialsSupplier credentialsSupplier;

    @Autowired(required = false)
    private OAuth2AuthorizationSupplier oAuth2AuthorizationSupplier;

    @Autowired
    private OAuth2FeatureFlagSupplier oAuth2FeatureFlagSupplier;

    @Autowired
    private OAuth2CredentialsSupplier oAuth2CredentialsSupplier;

    @Value("${sdk.oauth2.enabled:}")
    private String sdkOAuth2Enabled;

    @Bean
    public OpenIdCustomUrlPattern openIdUrlPatterns() {
        return new OpenIdCustomUrlPattern();
    }

    @Bean
    public ConsumerDetailsService consumerDetailsService() {
        return new DeveloperSpecificAppmarketCredentialsConsumerDetailsService(this.credentialsSupplier);
    }

    @ConditionalOnProperty(havingValue = "true", name = {"sdk.oauth2.enabled"}, matchIfMissing = true)
    @Bean
    public OAuth2AuthorizationService oAuth2consumerDetailsService() {
        return new OAuth2AuthorizationServiceImpl(this.oAuth2AuthorizationSupplier);
    }

    @Bean
    public OAuth2ClientDetailsService oAuth2ClientDetailsService() {
        return new OAuth2ClientDetailsServiceImpl(this.oAuth2CredentialsSupplier);
    }

    @Bean
    public OAuth2FeatureFlagService OAuth2FeatureFlagService() {
        return new OAuth2FeatureFlagServiceImpl(this.oAuth2FeatureFlagSupplier);
    }

    @Bean
    public OAuthProviderTokenServices oauthProviderTokenServices() {
        return new InMemorySelfCleaningProviderTokenServices();
    }

    @Bean
    public BasicAuthUserExtractor basicAuthKeyExtractor() {
        return new BasicAuthUserExtractor(oauthProviderSupport());
    }

    @Bean
    public OAuthProcessingFilterEntryPoint oAuthProcessingFilterEntryPoint() {
        return new OAuthProcessingFilterEntryPoint();
    }

    @Bean
    public OAuthProviderSupport oauthProviderSupport() {
        return new CoreOAuthProviderSupport();
    }

    @Bean
    public OAuthKeyExtractor oauthKeyExtractor() {
        return new OAuthKeyExtractor(oauthProviderSupport());
    }

    @Bean
    public ProtectedResourceProcessingFilter oAuthSignatureCheckingFilter() {
        ProtectedResourceProcessingFilter protectedResourceProcessingFilter = new ProtectedResourceProcessingFilter();
        protectedResourceProcessingFilter.setConsumerDetailsService(consumerDetailsService());
        protectedResourceProcessingFilter.setTokenServices(oauthProviderTokenServices());
        protectedResourceProcessingFilter.setAuthenticationEntryPoint(oAuthProcessingFilterEntryPoint());
        return protectedResourceProcessingFilter;
    }

    @ConditionalOnProperty(havingValue = "true", name = {"sdk.oauth2.enabled"}, matchIfMissing = true)
    @Bean
    public Filter oAuth2SignatureCheckingFilter() {
        return oAuth2consumerDetailsService().getOAuth2Filter();
    }

    @Bean
    public RequestIdFilter requestIdFilter() {
        return new RequestIdFilter();
    }

    protected void configure(HttpSecurity httpSecurity) throws Exception {
        mainConfiguration(httpSecurity);
        if ("TRUE".equalsIgnoreCase(this.sdkOAuth2Enabled) || StringUtils.isBlank(this.sdkOAuth2Enabled)) {
            oAuth2ProtectionOnApi(httpSecurity);
        }
    }

    private void mainConfiguration(HttpSecurity httpSecurity) throws Exception {
        ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((HttpSecurity.RequestMatcherConfigurer) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.authorizeRequests().antMatchers(new String[]{"/unsecured/**"})).permitAll().and().requestMatchers().antMatchers(createSecuredUrlPatterns())).and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and().csrf().disable().authorizeRequests().anyRequest()).authenticated().and().addFilterBefore(oAuthSignatureCheckingFilter(), UsernamePasswordAuthenticationFilter.class).addFilterBefore(requestIdFilter(), ProtectedResourceProcessingFilter.class).exceptionHandling().authenticationEntryPoint(new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED));
    }

    private void oAuth2ProtectionOnApi(HttpSecurity httpSecurity) {
        ((HttpSecurity.RequestMatcherConfigurer) httpSecurity.requestMatchers().antMatchers(new String[]{"/api/v2/integration/**", "/api/v2/domainassociation/**", "/api/v2/migration/**", "/api/v2/restrictions/**"})).and().addFilterAfter(oAuth2SignatureCheckingFilter(), HeaderWriterFilter.class);
    }

    private String[] createSecuredUrlPatterns() {
        OpenIdCustomUrlPattern openIdUrlPatterns = openIdUrlPatterns();
        ArrayList arrayList = new ArrayList(Arrays.asList("/api/v1/integration/**", "/api/v1/domainassociation/**", "/api/v1/migration/**", "/api/v1/restrictions/**"));
        log.debug("Found custom secured paths: {}", openIdUrlPatterns.getPatterns());
        if (!CollectionUtils.isEmpty(openIdUrlPatterns.getPatterns())) {
            arrayList.addAll(openIdUrlPatterns.getPatterns());
        }
        log.debug("Configuring the following paths as secured: {}", arrayList);
        return (String[]) arrayList.toArray(new String[arrayList.size()]);
    }

    @Bean
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }
}
