package pl.fhframework.app;

import java.util.ArrayList;
import java.util.HashSet;
import java.util.List;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.core.session.SessionRegistry;
import org.springframework.security.core.session.SessionRegistryImpl;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import pl.fhframework.accounts.SecurityFilter;
import pl.fhframework.accounts.SingleLoginLockManager;
import pl.fhframework.config.FhWebConfiguration;
import pl.fhframework.core.security.SecurityProviderInitializer;

@Configuration
@EnableWebSecurity
/* loaded from: input_file:pl/fhframework/app/WebSecurityConfig.class */
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Value("${fh.web.guests.allowed:false}")
    private boolean guestsAllowed;

    @Value("${fh.web.guests.authenticate.path:authenticateGuest}")
    private String authenticateGuestPath;

    @Value("${server.logout.path:logout}")
    private String logoutPath;
    private SecurityProviderInitializer securityProviderInitializer;

    @Autowired(required = false)
    private List<FhWebConfiguration> fhWebConfigurations = new ArrayList();

    @Autowired
    SingleLoginLockManager singleLoginManager;

    @Autowired
    public void setSecurityProviderInitializer(SecurityProviderInitializer securityProviderInitializer) {
        this.securityProviderInitializer = securityProviderInitializer;
    }

    protected void configure(HttpSecurity httpSecurity) throws Exception {
        httpSecurity.csrf().disable();
        httpSecurity.formLogin().loginPage("/login").failureUrl("/login?error").permitAll();
        httpSecurity.httpBasic();
        httpSecurity.cors();
        httpSecurity.sessionManagement().maximumSessions(this.singleLoginManager.isTrunedOn() ? 1 : -1).sessionRegistry(sessionRegistry()).expiredUrl("/login");
        httpSecurity.logout().logoutRequestMatcher(new AntPathRequestMatcher("/" + this.logoutPath)).logoutSuccessUrl("/login?logout").deleteCookies(new String[]{"JSESSIONID"}).invalidateHttpSession(true).permitAll();
        ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry authorizeRequests = httpSecurity.authorizeRequests();
        if (!this.guestsAllowed) {
            ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) authorizeRequests.antMatchers(new String[]{"/", "/index", "/socketForms"})).authenticated();
        }
        ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) authorizeRequests.antMatchers(new String[]{"/" + this.authenticateGuestPath})).authenticated();
        HashSet hashSet = new HashSet();
        hashSet.add("/" + this.logoutPath);
        this.fhWebConfigurations.forEach(fhWebConfiguration -> {
            hashSet.addAll(fhWebConfiguration.permitedToAllRequestUrls());
        });
        ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) authorizeRequests.antMatchers((String[]) hashSet.toArray(new String[0]))).permitAll();
        httpSecurity.addFilterBefore(customSecurityFilter(), UsernamePasswordAuthenticationFilter.class);
        this.fhWebConfigurations.forEach(fhWebConfiguration2 -> {
            fhWebConfiguration2.configure(httpSecurity);
        });
        if (this.guestsAllowed) {
            return;
        }
        ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) authorizeRequests.anyRequest()).authenticated();
    }

    public void configure(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception {
        HashSet hashSet = new HashSet();
        this.fhWebConfigurations.forEach(fhWebConfiguration -> {
            hashSet.addAll(fhWebConfiguration.getDefaultUsers());
        });
        this.securityProviderInitializer.configureAuthentication(authenticationManagerBuilder, new ArrayList(hashSet));
    }

    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder(8);
    }

    @Bean
    public SessionRegistry sessionRegistry() {
        return new SessionRegistryImpl();
    }

    @Bean
    public SecurityFilter customSecurityFilter() {
        SecurityFilter securityFilter = new SecurityFilter();
        securityFilter.setAuthenticationFailureHandler(new SimpleUrlAuthenticationFailureHandler("/login?error"));
        return securityFilter;
    }

    @Bean
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }
}
