package nl._42.restsecure.autoconfigure;

import java.util.ArrayList;
import java.util.List;
import javax.servlet.Filter;
import nl._42.restsecure.autoconfigure.authentication.AbstractUserDetailsService;
import nl._42.restsecure.autoconfigure.authentication.AuthenticationController;
import nl._42.restsecure.autoconfigure.authentication.AuthenticationResultProvider;
import nl._42.restsecure.autoconfigure.authentication.CurrentUserArgumentResolver;
import nl._42.restsecure.autoconfigure.authentication.DefaultAuthenticationResultProvider;
import nl._42.restsecure.autoconfigure.authentication.DefaultUserProvider;
import nl._42.restsecure.autoconfigure.authentication.UserProvider;
import nl._42.restsecure.autoconfigure.authentication.UserResolver;
import nl._42.restsecure.autoconfigure.errorhandling.GenericErrorHandler;
import nl._42.restsecure.autoconfigure.errorhandling.RestAccessDeniedHandler;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.AutoConfigureAfter;
import org.springframework.boot.autoconfigure.condition.ConditionalOnBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.autoconfigure.web.servlet.WebMvcAutoConfiguration;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Lazy;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.authentication.AnonymousAuthenticationFilter;
import org.springframework.security.web.authentication.RememberMeServices;
import org.springframework.security.web.authentication.logout.HttpStatusReturningLogoutSuccessHandler;
import org.springframework.security.web.csrf.CookieCsrfTokenRepository;
import org.springframework.security.web.csrf.CsrfTokenRepository;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.web.method.support.HandlerMethodArgumentResolver;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;

@Configuration
@EnableWebSecurity
@AutoConfigureAfter({WebMvcAutoConfiguration.class})
@ComponentScan(basePackageClasses = {AuthenticationController.class, GenericErrorHandler.class})
@EnableGlobalMethodSecurity(prePostEnabled = true)
/* loaded from: input_file:nl/_42/restsecure/autoconfigure/WebSecurityAutoConfig.class */
public class WebSecurityAutoConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private RestAccessDeniedHandler accessDeniedHandler;

    @Autowired
    private GenericErrorHandler errorHandler;

    @Autowired(required = false)
    private AbstractUserDetailsService userDetailsService;

    @Autowired(required = false)
    private RequestAuthorizationCustomizer authCustomizer;

    @Autowired(required = false)
    private HttpSecurityCustomizer httpCustomizer;

    @Autowired(required = false)
    private WebSecurityCustomizer webSecurityCustomizer;

    @Autowired(required = false)
    private RememberMeServices rememberMeServices;
    private final Logger log = LoggerFactory.getLogger(WebSecurityAutoConfig.class);

    @Autowired(required = false)
    private List<AuthenticationProvider> authProviders = new ArrayList();

    @Configuration
    /* loaded from: input_file:nl/_42/restsecure/autoconfigure/WebSecurityAutoConfig$WebSecurityMvcAutoConfig.class */
    public static class WebSecurityMvcAutoConfig implements WebMvcConfigurer {

        @Autowired
        @Lazy
        private UserResolver userResolver;

        public void addArgumentResolvers(List<HandlerMethodArgumentResolver> list) {
            list.add(new CurrentUserArgumentResolver(this.userResolver));
        }
    }

    @ConditionalOnMissingBean({PasswordEncoder.class})
    @ConditionalOnBean({AbstractUserDetailsService.class})
    @Bean
    public PasswordEncoder passwordEncoder() {
        this.log.info("Adding default BCryptPasswordEncoder to ApplicationContext.");
        return new BCryptPasswordEncoder();
    }

    @ConditionalOnMissingBean({UserProvider.class})
    @Bean
    public UserProvider userProvider() {
        return new DefaultUserProvider();
    }

    @ConditionalOnMissingBean({AuthenticationResultProvider.class})
    @Bean
    public AuthenticationResultProvider authenticationResultProvider() {
        return new DefaultAuthenticationResultProvider();
    }

    @Bean
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }

    protected void configure(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception {
        if (this.userDetailsService != null) {
            this.log.info("Found UserDetailService in ApplicationContext.");
            authenticationManagerBuilder.userDetailsService(this.userDetailsService).passwordEncoder(passwordEncoder());
        } else {
            if (this.authProviders.isEmpty()) {
                throw new IllegalStateException("Cannot configure security; either a UserDetailsService or AuthenticationProvider bean must be present.");
            }
            this.log.info("Found AuthenticationProvider(s) in ApplicationContext.");
            this.authProviders.forEach(authenticationProvider -> {
                this.log.info("\t Registering '{}' as authentication provider.", authenticationProvider.getClass().getSimpleName());
                authenticationManagerBuilder.authenticationProvider(authenticationProvider);
            });
        }
    }

    public void configure(WebSecurity webSecurity) throws Exception {
        if (this.webSecurityCustomizer == null) {
            this.log.info("No WebSecurityCustomizer bean found in ApplicationContext, no custom configuring of WebSecurity object.");
        } else {
            this.log.info("Found WebSecurityCustomizer bean in ApplicationContext, custom configuring of WebSecurity object started.");
            this.webSecurityCustomizer.configure(webSecurity);
        }
    }

    protected void configure(HttpSecurity httpSecurity) throws Exception {
        ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) customize(((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.addFilterBefore(authenticationFilter(), AnonymousAuthenticationFilter.class).authorizeRequests().antMatchers(new String[]{"/authentication"})).permitAll().antMatchers(new String[]{"/authentication/handshake"})).permitAll()).anyRequest()).fullyAuthenticated().and().exceptionHandling().accessDeniedHandler(this.accessDeniedHandler).authenticationEntryPoint(this.accessDeniedHandler).and().logout().logoutRequestMatcher(new AntPathRequestMatcher("/authentication", HttpMethod.DELETE.name())).logoutSuccessHandler(new HttpStatusReturningLogoutSuccessHandler()).and().csrf().csrfTokenRepository(csrfTokenRepository());
        customize(httpSecurity);
    }

    private Filter authenticationFilter() throws Exception {
        return new RestAuthenticationFilter(this.errorHandler, authenticationManagerBean(), this.rememberMeServices);
    }

    private ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry customize(ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry expressionInterceptUrlRegistry) {
        if (this.authCustomizer != null) {
            this.log.info("Found RequestAuthorization bean in ApplicationContext, custom configuring of urlRegistry object started.");
            return this.authCustomizer.customize(expressionInterceptUrlRegistry);
        }
        this.log.info("No RequestAuthorization bean found in ApplicationContext, no custom configuring of urlRegistry object.");
        return expressionInterceptUrlRegistry;
    }

    private HttpSecurity customize(HttpSecurity httpSecurity) throws Exception {
        if (this.httpCustomizer != null) {
            this.log.info("Found HttpSecurityCustomizer bean in ApplicationContext, custom configuring of HttpSecurity object started.");
            return this.httpCustomizer.customize(httpSecurity);
        }
        this.log.info("No HttpSecurityCustomizer bean found in ApplicationContext, no custom configuring of HttpSecurity object.");
        return httpSecurity;
    }

    private CsrfTokenRepository csrfTokenRepository() {
        CookieCsrfTokenRepository withHttpOnlyFalse = CookieCsrfTokenRepository.withHttpOnlyFalse();
        withHttpOnlyFalse.setCookiePath("/");
        return withHttpOnlyFalse;
    }

    static {
        SecurityContextHolder.setStrategyName("MODE_INHERITABLETHREADLOCAL");
    }
}
