package com.erudika.para.security;

import com.erudika.para.Para;
import com.erudika.para.rest.Signer;
import com.erudika.para.utils.Config;
import com.typesafe.config.ConfigList;
import com.typesafe.config.ConfigObject;
import com.typesafe.config.ConfigValue;
import java.util.Collections;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.regex.Pattern;
import javax.annotation.security.DeclareRoles;
import javax.servlet.http.HttpServletRequest;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.RememberMeAuthenticationProvider;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.openid.OpenID4JavaConsumer;
import org.springframework.security.openid.OpenIDAuthenticationProvider;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.security.web.authentication.RememberMeServices;
import org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter;
import org.springframework.security.web.authentication.session.NullAuthenticatedSessionStrategy;
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
import org.springframework.security.web.util.matcher.RequestMatcher;

@DeclareRoles({"ROLE_USER", "ROLE_MOD", "ROLE_ADMIN", "ROLE_APP"})
@Configuration
@EnableWebSecurity
/* loaded from: input_file:com/erudika/para/security/SecurityConfig.class */
public class SecurityConfig extends WebSecurityConfigurerAdapter {
    private static final Logger logger = LoggerFactory.getLogger(SecurityConfig.class);

    protected void configure(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception {
        OpenIDAuthenticationProvider openIDAuthenticationProvider = new OpenIDAuthenticationProvider();
        openIDAuthenticationProvider.setAuthenticationUserDetailsService(new SimpleUserService());
        authenticationManagerBuilder.authenticationProvider(openIDAuthenticationProvider);
        authenticationManagerBuilder.authenticationProvider(new RememberMeAuthenticationProvider(Config.APP_SECRET_KEY));
    }

    public void configure(WebSecurity webSecurity) throws Exception {
        webSecurity.ignoring().requestMatchers(new RequestMatcher[]{IgnoredRequestMatcher.INSTANCE});
    }

    protected void configure(HttpSecurity httpSecurity) throws Exception {
        String[] strArr = {"USER", "MOD", "ADMIN"};
        String[] strArr2 = {"APP"};
        String[] strArr3 = {"APP", "ADMIN"};
        Map configMap = Config.getConfigMap();
        ConfigObject object = Config.getConfig().getObject("security.protected");
        ConfigValue value = Config.getConfig().getValue("security.api_security");
        boolean z = value != null && Boolean.TRUE.equals(value.unwrapped());
        if (z) {
            ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.authorizeRequests().requestMatchers(new RequestMatcher[]{RestRequestMatcher.INSTANCE})).hasAnyRole(Config.IN_PRODUCTION ? strArr2 : strArr3);
        }
        Iterator it = object.keySet().iterator();
        while (it.hasNext()) {
            ConfigList<ConfigList> configList = object.get((String) it.next());
            LinkedList linkedList = new LinkedList();
            LinkedList linkedList2 = new LinkedList();
            for (ConfigList configList2 : configList) {
                if (configList2 instanceof List) {
                    Iterator it2 = configList2.iterator();
                    while (it2.hasNext()) {
                        linkedList2.add(((String) ((ConfigValue) it2.next()).unwrapped()).toUpperCase());
                    }
                } else {
                    linkedList.add((String) configList2.unwrapped());
                }
            }
            ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.authorizeRequests().antMatchers((String[]) linkedList.toArray(new String[0]))).hasAnyRole(linkedList2.isEmpty() ? strArr : (String[]) linkedList2.toArray(new String[0]));
        }
        if (((Boolean) Config.getConfigParamUnwrapped("security.csrf_protection", true)).booleanValue()) {
            CachedCsrfTokenRepository cachedCsrfTokenRepository = new CachedCsrfTokenRepository();
            Para.injectInto(cachedCsrfTokenRepository);
            httpSecurity.csrf().requireCsrfProtectionMatcher(new RequestMatcher() { // from class: com.erudika.para.security.SecurityConfig.1
                private final Pattern allowedMethods = Pattern.compile("^(GET|HEAD|TRACE|OPTIONS)$");
                private final Pattern authEndpoints = Pattern.compile("^/\\w+_auth$");

                public boolean matches(HttpServletRequest httpServletRequest) {
                    return (RestRequestMatcher.INSTANCE.matches(httpServletRequest) || IgnoredRequestMatcher.INSTANCE.matches(httpServletRequest) || this.authEndpoints.matcher(httpServletRequest.getRequestURI()).matches() || this.allowedMethods.matcher(httpServletRequest.getMethod()).matches()) ? false : true;
                }
            }).csrfTokenRepository(cachedCsrfTokenRepository);
        } else {
            httpSecurity.csrf().disable();
        }
        httpSecurity.sessionManagement().enableSessionUrlRewriting(false);
        httpSecurity.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.NEVER);
        httpSecurity.sessionManagement().sessionAuthenticationStrategy(new NullAuthenticatedSessionStrategy());
        httpSecurity.exceptionHandling().authenticationEntryPoint(new SimpleAuthenticationEntryPoint((String) configMap.get("security.signin")));
        httpSecurity.exceptionHandling().accessDeniedHandler(new SimpleAccessDeniedHandler((String) configMap.get("security.access_denied")));
        httpSecurity.requestCache().requestCache(new SimpleRequestCache());
        httpSecurity.logout().logoutUrl((String) configMap.get("security.signout")).logoutSuccessUrl((String) configMap.get("security.signout_success"));
        AuthenticationSuccessHandler simpleAuthenticationSuccessHandler = new SimpleAuthenticationSuccessHandler();
        simpleAuthenticationSuccessHandler.setDefaultTargetUrl((String) configMap.get("security.signin_success"));
        simpleAuthenticationSuccessHandler.setTargetUrlParameter((String) configMap.get("security.returnto"));
        simpleAuthenticationSuccessHandler.setUseReferer(true);
        AuthenticationFailureHandler simpleAuthenticationFailureHandler = new SimpleAuthenticationFailureHandler();
        simpleAuthenticationFailureHandler.setDefaultFailureUrl((String) configMap.get("security.signin_failure"));
        RememberMeServices simpleRememberMeServices = new SimpleRememberMeServices(Config.APP_SECRET_KEY, new SimpleUserService());
        simpleRememberMeServices.setAlwaysRemember(true);
        simpleRememberMeServices.setTokenValiditySeconds(Config.SESSION_TIMEOUT_SEC.intValue());
        simpleRememberMeServices.setCookieName(Config.AUTH_COOKIE);
        simpleRememberMeServices.setParameter(Config.AUTH_COOKIE.concat("-remember-me"));
        httpSecurity.rememberMe().rememberMeServices(simpleRememberMeServices);
        PasswordAuthFilter passwordAuthFilter = new PasswordAuthFilter("/password_auth");
        passwordAuthFilter.setAuthenticationManager(authenticationManager());
        passwordAuthFilter.setAuthenticationSuccessHandler(simpleAuthenticationSuccessHandler);
        passwordAuthFilter.setAuthenticationFailureHandler(simpleAuthenticationFailureHandler);
        passwordAuthFilter.setRememberMeServices(simpleRememberMeServices);
        OpenIDAuthFilter openIDAuthFilter = new OpenIDAuthFilter("/openid_auth");
        openIDAuthFilter.setAuthenticationManager(authenticationManager());
        openIDAuthFilter.setConsumer(new OpenID4JavaConsumer(new SimpleAxFetchListFactory()));
        openIDAuthFilter.setReturnToUrlParameters(Collections.singleton(configMap.get("security.returnto")));
        openIDAuthFilter.setAuthenticationSuccessHandler(simpleAuthenticationSuccessHandler);
        openIDAuthFilter.setAuthenticationFailureHandler(simpleAuthenticationFailureHandler);
        openIDAuthFilter.setRememberMeServices(simpleRememberMeServices);
        FacebookAuthFilter facebookAuthFilter = new FacebookAuthFilter("/facebook_auth");
        facebookAuthFilter.setAuthenticationManager(authenticationManager());
        facebookAuthFilter.setAuthenticationSuccessHandler(simpleAuthenticationSuccessHandler);
        facebookAuthFilter.setAuthenticationFailureHandler(simpleAuthenticationFailureHandler);
        facebookAuthFilter.setRememberMeServices(simpleRememberMeServices);
        GoogleAuthFilter googleAuthFilter = new GoogleAuthFilter("/google_auth");
        googleAuthFilter.setAuthenticationManager(authenticationManager());
        googleAuthFilter.setAuthenticationSuccessHandler(simpleAuthenticationSuccessHandler);
        googleAuthFilter.setAuthenticationFailureHandler(simpleAuthenticationFailureHandler);
        googleAuthFilter.setRememberMeServices(simpleRememberMeServices);
        LinkedInAuthFilter linkedInAuthFilter = new LinkedInAuthFilter("/linkedin_auth");
        linkedInAuthFilter.setAuthenticationManager(authenticationManager());
        linkedInAuthFilter.setAuthenticationSuccessHandler(simpleAuthenticationSuccessHandler);
        linkedInAuthFilter.setAuthenticationFailureHandler(simpleAuthenticationFailureHandler);
        linkedInAuthFilter.setRememberMeServices(simpleRememberMeServices);
        TwitterAuthFilter twitterAuthFilter = new TwitterAuthFilter("/twitter_auth");
        twitterAuthFilter.setAuthenticationManager(authenticationManager());
        twitterAuthFilter.setAuthenticationSuccessHandler(simpleAuthenticationSuccessHandler);
        twitterAuthFilter.setAuthenticationFailureHandler(simpleAuthenticationFailureHandler);
        twitterAuthFilter.setRememberMeServices(simpleRememberMeServices);
        GitHubAuthFilter gitHubAuthFilter = new GitHubAuthFilter("/github_auth");
        gitHubAuthFilter.setAuthenticationManager(authenticationManager());
        gitHubAuthFilter.setAuthenticationSuccessHandler(simpleAuthenticationSuccessHandler);
        gitHubAuthFilter.setAuthenticationFailureHandler(simpleAuthenticationFailureHandler);
        gitHubAuthFilter.setRememberMeServices(simpleRememberMeServices);
        httpSecurity.addFilterAfter(passwordAuthFilter, BasicAuthenticationFilter.class);
        httpSecurity.addFilterAfter(openIDAuthFilter, BasicAuthenticationFilter.class);
        httpSecurity.addFilterAfter(facebookAuthFilter, BasicAuthenticationFilter.class);
        httpSecurity.addFilterAfter(googleAuthFilter, BasicAuthenticationFilter.class);
        httpSecurity.addFilterAfter(linkedInAuthFilter, BasicAuthenticationFilter.class);
        httpSecurity.addFilterAfter(twitterAuthFilter, BasicAuthenticationFilter.class);
        httpSecurity.addFilterAfter(gitHubAuthFilter, BasicAuthenticationFilter.class);
        if (z) {
            httpSecurity.addFilterAfter(new RestAuthFilter(new Signer()), RememberMeAuthenticationFilter.class);
        }
    }
}
