package com.erigir.wrench.shiro.spring;

import com.erigir.wrench.shiro.DefaultOauthCustomPrincipalBuilder;
import com.erigir.wrench.shiro.DynamicOauthLoginFilter;
import com.erigir.wrench.shiro.OauthCustomPrincipalBuilder;
import com.erigir.wrench.shiro.OauthFilter;
import com.erigir.wrench.shiro.OauthRealm;
import com.erigir.wrench.shiro.OauthSimpleOutputFilter;
import com.erigir.wrench.shiro.OauthSubjectFactory;
import com.erigir.wrench.shiro.provider.FacebookProvider;
import com.erigir.wrench.shiro.provider.GoogleProvider;
import com.erigir.wrench.shiro.provider.OauthProvider;
import com.erigir.wrench.shiro.provider.ProviderRegistry;
import com.fasterxml.jackson.databind.ObjectMapper;
import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.TreeMap;
import java.util.TreeSet;
import javax.servlet.Filter;
import org.apache.shiro.cache.MemoryConstrainedCacheManager;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.spring.LifecycleBeanPostProcessor;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.filter.authc.AnonymousFilter;
import org.apache.shiro.web.filter.authc.LogoutFilter;
import org.apache.shiro.web.filter.authc.PassThruAuthenticationFilter;
import org.apache.shiro.web.filter.authz.PermissionsAuthorizationFilter;
import org.apache.shiro.web.filter.authz.RolesAuthorizationFilter;
import org.apache.shiro.web.filter.authz.SslFilter;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

@Configuration
/* loaded from: input_file:com/erigir/wrench/shiro/spring/OauthShiroContext.class */
public class OauthShiroContext {
    private static final Logger LOG = LoggerFactory.getLogger(OauthShiroContext.class);
    private static final String NO_SSL_FLAG = "NO_SSL";

    @Bean
    public boolean useProxyHeaders() {
        return true;
    }

    @Bean
    public List<String> bypassUrlList() {
        return Arrays.asList("/favicon.ico", "/static/**", "/health-check", providerSelectorUrl());
    }

    @Bean
    public Map<String, String> extraShiroUrlMappings() {
        return new TreeMap();
    }

    @Bean
    public String oauthServiceEndpoint() {
        return "shiro-oauth";
    }

    @Bean
    public String failureUrl() {
        return "/oauth-failure";
    }

    @Bean
    public String loginSuccessUrl() {
        return "/index.html";
    }

    @Bean
    public String unauthorizedUrl() {
        return "/unauthorized";
    }

    @Bean
    public String logoutUrl() {
        return "/logout";
    }

    @Bean
    public String loginUrl() {
        return "/login";
    }

    @Bean
    public String providerSelectorUrl() {
        return "/oauth-provider-selector";
    }

    @Bean
    public String afterLogoutUrl() {
        return "/logged-out";
    }

    @Bean
    public String sslPort() {
        String property = System.getProperty("shiro.https.port");
        String str = property == null ? "443" : property;
        if (NO_SSL_FLAG.equalsIgnoreCase(str)) {
            LOG.warn("WARNING : SHIRO IS CONFIGURED TO NOT USE SSL!");
        } else {
            LOG.info("Shiro will use HTTPS redirect to port {}", str);
        }
        return str;
    }

    @Bean
    public String sslConfigEntry() {
        return "ssl[" + sslPort() + "]";
    }

    private String addSSL(String str) {
        String str2 = str;
        if (str != null && !NO_SSL_FLAG.equalsIgnoreCase(sslPort())) {
            str2 = str + ", " + sslConfigEntry();
        }
        return str2;
    }

    @Bean
    public Map<String, String> filterChainDefinitionMap() {
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        linkedHashMap.put("/" + oauthServiceEndpoint(), addSSL("oauth"));
        linkedHashMap.put(failureUrl(), "oauthFailure");
        linkedHashMap.put(logoutUrl(), "logout");
        linkedHashMap.put(loginUrl(), "login");
        linkedHashMap.put(afterLogoutUrl(), "afterLogout");
        linkedHashMap.put("/unauthorized", "unauthorized");
        Iterator<String> it = bypassUrlList().iterator();
        while (it.hasNext()) {
            linkedHashMap.put(it.next(), "anon");
        }
        for (Map.Entry<String, String> entry : extraShiroUrlMappings().entrySet()) {
            linkedHashMap.put(entry.getKey(), addSSL(entry.getValue()));
        }
        linkedHashMap.put("/**", addSSL("auth"));
        LOG.debug("The final shiro URL mapping set is : {}", linkedHashMap);
        return linkedHashMap;
    }

    @Bean
    public Filter shiroFilter() {
        LOG.debug("Creating shiro filter");
        try {
            ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
            shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap());
            shiroFilterFactoryBean.setSuccessUrl(loginSuccessUrl());
            shiroFilterFactoryBean.setUnauthorizedUrl(unauthorizedUrl());
            shiroFilterFactoryBean.getFilters().put("oauth", oauthFilter());
            shiroFilterFactoryBean.getFilters().put("roles", roleFilter());
            shiroFilterFactoryBean.getFilters().put("perms", permissionsAuthorizationFilter());
            shiroFilterFactoryBean.getFilters().put("logout", logoutFilter());
            shiroFilterFactoryBean.getFilters().put("login", loginFilter());
            shiroFilterFactoryBean.getFilters().put("ssl", sslFilter());
            shiroFilterFactoryBean.getFilters().put("auth", passThruAuthenticationFilter());
            shiroFilterFactoryBean.getFilters().put("anon", new AnonymousFilter());
            shiroFilterFactoryBean.getFilters().put("oauthFailure", oauthFailureFilter());
            shiroFilterFactoryBean.getFilters().put("afterLogout", logoutSuccessfulFilter());
            shiroFilterFactoryBean.getFilters().put("unauthorized", unauthorizedFilter());
            LOG.debug("Shiro Filters are: {}", shiroFilterFactoryBean.getFilters());
            shiroFilterFactoryBean.setSecurityManager(securityManager());
            return (Filter) shiroFilterFactoryBean.getObject();
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    @Bean
    public PermissionsAuthorizationFilter permissionsAuthorizationFilter() {
        PermissionsAuthorizationFilter permissionsAuthorizationFilter = new PermissionsAuthorizationFilter();
        permissionsAuthorizationFilter.setLoginUrl(loginUrl());
        return permissionsAuthorizationFilter;
    }

    @Bean
    public PassThruAuthenticationFilter passThruAuthenticationFilter() {
        PassThruAuthenticationFilter passThruAuthenticationFilter = new PassThruAuthenticationFilter();
        String loginSuccessUrl = loginSuccessUrl();
        if (loginSuccessUrl != null) {
            passThruAuthenticationFilter.setSuccessUrl(loginSuccessUrl);
        }
        passThruAuthenticationFilter.setLoginUrl(loginUrl());
        return passThruAuthenticationFilter;
    }

    @Bean
    public SslFilter sslFilter() {
        return new SslFilter();
    }

    @Bean
    public LogoutFilter logoutFilter() {
        LogoutFilter logoutFilter = new LogoutFilter();
        if (afterLogoutUrl() != null) {
            logoutFilter.setRedirectUrl(afterLogoutUrl());
        }
        return logoutFilter;
    }

    @Bean
    public SecurityManager securityManager() {
        DefaultWebSecurityManager defaultWebSecurityManager = new DefaultWebSecurityManager();
        defaultWebSecurityManager.setSubjectFactory(oauthSubjectFactory());
        defaultWebSecurityManager.setRealm(oauthRealm());
        defaultWebSecurityManager.setCacheManager(new MemoryConstrainedCacheManager());
        return defaultWebSecurityManager;
    }

    @Bean
    public LifecycleBeanPostProcessor lifecycleBeanPostProcessor() {
        return new LifecycleBeanPostProcessor();
    }

    @Bean
    public OauthFilter oauthFilter() {
        OauthFilter oauthFilter = new OauthFilter();
        oauthFilter.setFailureUrl(failureUrl());
        oauthFilter.setProviderRegistry(providerRegistry());
        return oauthFilter;
    }

    @Bean
    public OauthRealm oauthRealm() {
        OauthRealm oauthRealm = new OauthRealm();
        oauthRealm.setProviderRegistry(providerRegistry());
        oauthRealm.setOauthCustomPrincipalBuilder(oauthCustomPrincipalBuilder());
        return oauthRealm;
    }

    @Bean
    public OauthSubjectFactory oauthSubjectFactory() {
        return new OauthSubjectFactory();
    }

    @Bean
    public RolesAuthorizationFilter roleFilter() {
        RolesAuthorizationFilter rolesAuthorizationFilter = new RolesAuthorizationFilter();
        rolesAuthorizationFilter.setLoginUrl(loginUrl());
        return rolesAuthorizationFilter;
    }

    @Bean
    public OauthSimpleOutputFilter oauthFailureFilter() {
        OauthSimpleOutputFilter oauthSimpleOutputFilter = new OauthSimpleOutputFilter();
        oauthSimpleOutputFilter.setContent("There was a failure trying to log in.  <a href=\"{contextPath}" + logoutUrl() + "\">Try logging out and back in</a>");
        return oauthSimpleOutputFilter;
    }

    @Bean
    public OauthSimpleOutputFilter logoutSuccessfulFilter() {
        OauthSimpleOutputFilter oauthSimpleOutputFilter = new OauthSimpleOutputFilter();
        oauthSimpleOutputFilter.setContent("You have been logged out.  <a href=\"{contextPath}" + loginSuccessUrl() + "\">Log back in.</a>");
        return oauthSimpleOutputFilter;
    }

    @Bean
    public OauthSimpleOutputFilter unauthorizedFilter() {
        OauthSimpleOutputFilter oauthSimpleOutputFilter = new OauthSimpleOutputFilter();
        oauthSimpleOutputFilter.setContent("You are not authorized to see this page");
        return oauthSimpleOutputFilter;
    }

    @Bean
    public ObjectMapper shiroObjectMapper() {
        return new ObjectMapper();
    }

    @Bean
    public DynamicOauthLoginFilter loginFilter() {
        DynamicOauthLoginFilter dynamicOauthLoginFilter = new DynamicOauthLoginFilter();
        dynamicOauthLoginFilter.setProviderRegistry(providerRegistry());
        dynamicOauthLoginFilter.setProviderSelectorUrl(providerSelectorUrl());
        dynamicOauthLoginFilter.setOauthServiceEndpoint(oauthServiceEndpoint());
        dynamicOauthLoginFilter.setUseProxyHeaders(useProxyHeaders());
        return dynamicOauthLoginFilter;
    }

    @Bean
    public ProviderRegistry providerRegistry() {
        ProviderRegistry providerRegistry = new ProviderRegistry();
        String property = System.getProperty("shiro.facebook.client.id");
        String property2 = System.getProperty("shiro.facebook.client.secret");
        String property3 = System.getProperty("shiro.facebook.scope");
        if (property != null && property2 != null) {
            LOG.info("Auto-configuring a facebook implementation for oauth from properties");
            FacebookProvider facebookProvider = new FacebookProvider();
            facebookProvider.setObjectMapper(shiroObjectMapper());
            facebookProvider.setFacebookClientId(property);
            facebookProvider.setFacebookClientSecret(property2);
            if (property3 != null) {
                facebookProvider.setGrantedScopes(new TreeSet(Arrays.asList(property3.split(","))));
            }
            providerRegistry.addProvider(facebookProvider);
        }
        String property4 = System.getProperty("shiro.google.client.id");
        String property5 = System.getProperty("shiro.google.client.secret");
        String property6 = System.getProperty("shiro.google.scope");
        if (property4 != null && property5 != null) {
            LOG.info("Auto-configuring a google implementation for oauth from properties");
            GoogleProvider googleProvider = new GoogleProvider();
            googleProvider.setObjectMapper(shiroObjectMapper());
            googleProvider.setGoogleClientId(property4);
            googleProvider.setGoogleClientSecret(property5);
            if (property6 != null) {
                googleProvider.setGrantedScopes(new TreeSet(Arrays.asList(property6.split(","))));
            }
            providerRegistry.addProvider(googleProvider);
        }
        LOG.info("Adding {} providers from bean named 'shiroOauthProviders'", Integer.valueOf(shiroOauthProviders().size()));
        Iterator<OauthProvider> it = shiroOauthProviders().iterator();
        while (it.hasNext()) {
            providerRegistry.addProvider(it.next());
        }
        LOG.info("Total of {} oauth providers setup", Integer.valueOf(providerRegistry.getProviderMap().size()));
        if (providerRegistry.getProviderMap().size() == 0) {
            throw new IllegalStateException("Cannot continue - no providers are configured");
        }
        return providerRegistry;
    }

    @Bean
    public List<OauthProvider> shiroOauthProviders() {
        return Collections.emptyList();
    }

    @Bean
    public OauthCustomPrincipalBuilder oauthCustomPrincipalBuilder() {
        DefaultOauthCustomPrincipalBuilder defaultOauthCustomPrincipalBuilder = new DefaultOauthCustomPrincipalBuilder();
        defaultOauthCustomPrincipalBuilder.setDefaultPermissions(new TreeSet(Arrays.asList("oauth:*")));
        defaultOauthCustomPrincipalBuilder.setDefaultRoles(new TreeSet(Arrays.asList("oauth-user")));
        return defaultOauthCustomPrincipalBuilder;
    }
}
