package it.fabioformosa.quartzmanager.api.security;

import com.fasterxml.jackson.databind.ObjectMapper;
import it.fabioformosa.quartzmanager.api.common.config.QuartzManagerPaths;
import it.fabioformosa.quartzmanager.api.security.helpers.LoginConfigurer;
import it.fabioformosa.quartzmanager.api.security.helpers.impl.AuthenticationFailureHandler;
import it.fabioformosa.quartzmanager.api.security.helpers.impl.AuthenticationSuccessHandler;
import it.fabioformosa.quartzmanager.api.security.helpers.impl.FormLoginConfig;
import it.fabioformosa.quartzmanager.api.security.helpers.impl.JwtAuthenticationSuccessHandler;
import it.fabioformosa.quartzmanager.api.security.helpers.impl.JwtAuthenticationSuccessHandlerImpl;
import it.fabioformosa.quartzmanager.api.security.helpers.impl.JwtTokenAuthenticationFilter;
import it.fabioformosa.quartzmanager.api.security.helpers.impl.JwtTokenHelper;
import it.fabioformosa.quartzmanager.api.security.helpers.impl.JwtUsernamePasswordFiterLoginConfig;
import it.fabioformosa.quartzmanager.api.security.helpers.impl.LogoutSuccess;
import it.fabioformosa.quartzmanager.api.security.helpers.impl.QuartzManagerHttpSecurity;
import it.fabioformosa.quartzmanager.api.security.properties.InMemoryAccountProperties;
import it.fabioformosa.quartzmanager.api.security.properties.JwtSecurityProperties;
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import java.util.stream.Collectors;
import javax.servlet.Filter;
import org.apache.commons.lang3.BooleanUtils;
import org.springdoc.core.Constants;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.http.HttpMethod;
import org.springframework.http.HttpStatus;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.HttpStatusEntryPoint;
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;

@Configuration
@EnableWebSecurity
@ComponentScan(basePackages = {"it.fabioformosa.quartzmanager.api.security"})
@EnableGlobalMethodSecurity(prePostEnabled = true)
/* loaded from: input_file:WEB-INF/lib/quartz-manager-starter-security-4.0.5.jar:it/fabioformosa/quartzmanager/api/security/QuartzManagerSecurityConfig.class */
public class QuartzManagerSecurityConfig {
    private static final String[] PATTERNS_SWAGGER_UI = {"/swagger-ui/**", Constants.DEFAULT_SWAGGER_UI_PATH, "/v3/api-docs/**", "/swagger-resources/**", "/webjars/**"};
    public static final String QUARTZ_MANAGER_API_ANT_MATCHER = "/quartz-manager/**";
    public static final String QUARTZ_MANAGER_UI_ANT_MATCHER = "/quartz-manager-ui/**";

    @Value("${server.servlet.context-path:/}")
    private String contextPath;

    @Value("${app.name:quartz-manager}")
    private String appName;

    @Value("${quartz-manager.security.login-model.form-login-enabled:true}")
    private Boolean formLoginEnabled;

    @Value("${quartz-manager.security.login-model.userpwd-filter-enabled:false}")
    private Boolean userpwdFilterEnabled;

    @Autowired
    private JwtSecurityProperties jwtSecurityProps;

    @Autowired
    private ObjectMapper objectMapper;

    @Bean
    public AuthenticationManager authenticationManager(AuthenticationConfiguration authenticationConfiguration) throws Exception {
        return authenticationConfiguration.getAuthenticationManager();
    }

    @Bean
    public PasswordEncoder quartzManagerPasswordEncoder() {
        return new BCryptPasswordEncoder();
    }

    @Bean(name = {"quartzManagerInMemoryAuthentication"})
    public InMemoryUserDetailsManager configureInMemoryAuthentication(InMemoryAccountProperties inMemoryAccountProperties, PasswordEncoder passwordEncoder) throws Exception {
        Collection arrayList = new ArrayList();
        if (inMemoryAccountProperties.isEnabled() && inMemoryAccountProperties.getUsers() != null && !inMemoryAccountProperties.getUsers().isEmpty()) {
            arrayList = (List) inMemoryAccountProperties.getUsers().stream().map(user -> {
                return User.withUsername(user.getUsername()).password(passwordEncoder.encode(user.getPassword())).roles((String[]) user.getRoles().toArray(new String[0])).build();
            }).collect(Collectors.toList());
        }
        return new InMemoryUserDetailsManager((Collection<UserDetails>) arrayList);
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Order(Integer.MIN_VALUE)
    @Bean(name = {"quartzManagerFilterChain"})
    public SecurityFilterChain filterChain(HttpSecurity httpSecurity, @Qualifier("quartzManagerInMemoryAuthentication") InMemoryUserDetailsManager inMemoryUserDetailsManager, AuthenticationManager authenticationManager) throws Exception {
        ((HttpSecurity) ((HttpSecurity) ((HttpSecurity) httpSecurity.antMatcher(QUARTZ_MANAGER_API_ANT_MATCHER).csrf().disable()).sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()).exceptionHandling().authenticationEntryPoint(restAuthEntryPoint()).and()).addFilterBefore((Filter) jwtAuthenticationTokenFilter(inMemoryUserDetailsManager), BasicAuthenticationFilter.class).authorizeRequests();
        QuartzManagerHttpSecurity.from(httpSecurity).withLoginConfigurer(loginConfigurer(), logoutConfigurer()).login(QuartzManagerPaths.QUARTZ_MANAGER_LOGIN_PATH, authenticationManager).logout(QuartzManagerPaths.QUARTZ_MANAGER_LOGOUT_PATH);
        httpSecurity.authorizeRequests().antMatchers(QUARTZ_MANAGER_API_ANT_MATCHER).authenticated();
        return httpSecurity.build();
    }

    @Bean(name = {"quartzManagerWebSecurityCustomizer"})
    public WebSecurityCustomizer webSecurityCustomizer(@Value("${quartz-manager.oas.enabled:false}") Boolean bool) {
        return webSecurity -> {
            webSecurity.ignoring().antMatchers(HttpMethod.GET, QUARTZ_MANAGER_UI_ANT_MATCHER);
            if (BooleanUtils.isNotFalse(bool)) {
                webSecurity.ignoring().antMatchers(HttpMethod.GET, PATTERNS_SWAGGER_UI);
            }
        };
    }

    public LoginConfigurer formLoginConfigurer() {
        return new FormLoginConfig(new AuthenticationSuccessHandler(jwtAuthenticationSuccessHandler()), new AuthenticationFailureHandler());
    }

    @Bean(name = {"quartzManagerJwtAuthenticationSuccessHandler"})
    public JwtAuthenticationSuccessHandler jwtAuthenticationSuccessHandler() {
        return new JwtAuthenticationSuccessHandlerImpl(this.contextPath, this.jwtSecurityProps, jwtTokenHelper(), this.objectMapper);
    }

    public JwtTokenAuthenticationFilter jwtAuthenticationTokenFilter(UserDetailsService userDetailsService) {
        return new JwtTokenAuthenticationFilter(jwtTokenHelper(), userDetailsService);
    }

    @Bean(name = {"quartzManagerJwtTokenHelper"})
    public JwtTokenHelper jwtTokenHelper() {
        return new JwtTokenHelper(this.appName, this.jwtSecurityProps);
    }

    public LoginConfigurer loginConfigurer() {
        if (BooleanUtils.isTrue(this.userpwdFilterEnabled)) {
            return userpwdFilterLoginConfigurer();
        }
        if (BooleanUtils.isNotFalse(this.formLoginEnabled)) {
            return formLoginConfigurer();
        }
        throw new IllegalStateException("No login configurer enabled!");
    }

    public LogoutSuccess logoutConfigurer() {
        return new LogoutSuccess(this.objectMapper);
    }

    @Bean(name = {"quartzManagerRestAuthEntryPoint"})
    public AuthenticationEntryPoint restAuthEntryPoint() {
        return new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED);
    }

    public LoginConfigurer userpwdFilterLoginConfigurer() {
        return new JwtUsernamePasswordFiterLoginConfig(jwtAuthenticationSuccessHandler());
    }
}
