package com.appdirect.sdk.web.oauth;

import com.appdirect.sdk.appmarket.BasicAuthCredentialsSupplier;
import com.appdirect.sdk.web.oauth.model.SessionRequestMatcher;
import jakarta.servlet.Filter;
import java.util.Arrays;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.http.HttpStatus;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.ProviderManager;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.HttpStatusEntryPoint;
import org.springframework.security.web.header.HeaderWriterFilter;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.security.web.util.matcher.RequestMatcher;

@Configuration
@EnableWebSecurity
@ConditionalOnProperty(value = {"sdk.basic.auth.enabled"}, havingValue = "true", matchIfMissing = true)
@Order(50)
/* loaded from: input_file:com/appdirect/sdk/web/oauth/BasicAuthSecurityConfiguration.class */
public class BasicAuthSecurityConfiguration {

    @Autowired
    private BasicAuthSupplier basicAuthSupplier;

    @Autowired
    private BasicAuthCredentialsSupplier basicAuthCredentialsSupplier;

    @Bean
    public SessionRequestMatcher sessionRequestMatcher() {
        return new SessionRequestMatcher();
    }

    @Bean
    public BasicAuthService basicAuthService() {
        return new BasicAuthServiceImpl(this.basicAuthSupplier);
    }

    @Bean
    public Filter basicAuthenticationFilter() {
        return basicAuthService().getBasicFilter();
    }

    @Bean
    public UserDetailsService userDetailsService() {
        return new BasicAuthCredentialsUserDetailsService(this.basicAuthCredentialsSupplier);
    }

    @Bean
    public BCryptPasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }

    @Bean
    public DaoAuthenticationProvider authenticationProvider() {
        DaoAuthenticationProvider daoAuthenticationProvider = new DaoAuthenticationProvider();
        daoAuthenticationProvider.setUserDetailsService(userDetailsService());
        daoAuthenticationProvider.setPasswordEncoder(passwordEncoder());
        return daoAuthenticationProvider;
    }

    @Bean
    public AuthenticationManager authenticationManager() {
        return new ProviderManager(Arrays.asList(authenticationProvider()));
    }

    @Bean
    @Order(50)
    public SecurityFilterChain basicFilterChain(HttpSecurity httpSecurity) throws Exception {
        return (SecurityFilterChain) httpSecurity.securityMatcher(sessionRequestMatcher()).authorizeHttpRequests(authorizationManagerRequestMatcherRegistry -> {
            ((AuthorizeHttpRequestsConfigurer.AuthorizedUrl) ((AuthorizeHttpRequestsConfigurer.AuthorizedUrl) authorizationManagerRequestMatcherRegistry.requestMatchers(new RequestMatcher[]{new AntPathRequestMatcher("/unsecured/**")})).permitAll().anyRequest()).authenticated();
        }).httpBasic(Customizer.withDefaults()).sessionManagement(sessionManagementConfigurer -> {
            sessionManagementConfigurer.sessionCreationPolicy(SessionCreationPolicy.STATELESS);
        }).addFilterAfter(basicAuthenticationFilter(), HeaderWriterFilter.class).exceptionHandling(exceptionHandlingConfigurer -> {
            exceptionHandlingConfigurer.authenticationEntryPoint(new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED));
        }).build();
    }
}
