package org.springframework.security.boot;

import java.util.List;
import java.util.stream.Collectors;
import org.pac4j.core.config.Config;
import org.pac4j.core.ext.http.callback.QueryParameterCallbackUrlExtResolver;
import org.pac4j.core.http.ajax.AjaxRequestResolver;
import org.pac4j.spring.boot.Pac4jAutoConfiguration;
import org.pac4j.spring.boot.Pac4jLogoutProperties;
import org.pac4j.spring.boot.Pac4jProperties;
import org.pac4j.spring.boot.utils.Pac4jUrlUtils;
import org.springframework.beans.factory.ObjectProvider;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.AutoConfigureAfter;
import org.springframework.boot.autoconfigure.AutoConfigureBefore;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.boot.autoconfigure.security.servlet.SecurityFilterAutoConfiguration;
import org.springframework.boot.autoconfigure.web.ServerProperties;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.boot.biz.userdetails.JwtPayloadRepository;
import org.springframework.security.boot.biz.userdetails.UserDetailsServiceAdapter;
import org.springframework.security.boot.pac4j.DefaultPac4jCallbackUrlParser;
import org.springframework.security.boot.pac4j.DefaultPac4jRedirectionUrlParser;
import org.springframework.security.boot.pac4j.Pac4jCallbackUrlParser;
import org.springframework.security.boot.pac4j.Pac4jProxyReceptor;
import org.springframework.security.boot.pac4j.Pac4jRedirectionActionBuilder;
import org.springframework.security.boot.pac4j.Pac4jRedirectionUrlParser;
import org.springframework.security.boot.pac4j.authentication.Pac4jPreAuthenticatedSecurityFilter;
import org.springframework.security.boot.pac4j.authentication.Pac4jPreAuthenticationCallbackFilter;
import org.springframework.security.boot.pac4j.authentication.logout.Pac4jLogoutHandler;
import org.springframework.security.boot.pac4j.authorizer.Pac4jEntryPoint;
import org.springframework.security.boot.pac4j.http.ajax.Pac4jAjaxRequestResolver;
import org.springframework.security.boot.utils.StringUtils2;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.web.authentication.logout.LogoutHandler;
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
import org.springframework.security.web.savedrequest.RequestCache;

@AutoConfigureBefore({SecurityFilterAutoConfiguration.class})
@EnableConfigurationProperties({SecurityPac4jProperties.class, SecurityPac4jAuthcProperties.class, SecurityPac4jCallbackProperties.class, Pac4jLogoutProperties.class, ServerProperties.class})
@Configuration
@AutoConfigureAfter({Pac4jAutoConfiguration.class})
@ConditionalOnProperty(prefix = SecurityPac4jProperties.PREFIX, value = {"enabled"}, havingValue = "true")
/* loaded from: input_file:org/springframework/security/boot/SecurityPac4jFilterAutoConfiguration.class */
public class SecurityPac4jFilterAutoConfiguration {

    @EnableConfigurationProperties({SecurityPac4jProperties.class, SecurityPac4jAuthcProperties.class, SecurityPac4jCallbackProperties.class, Pac4jLogoutProperties.class, Pac4jProperties.class, ServerProperties.class})
    @Configuration
    @ConditionalOnProperty(prefix = SecurityPac4jProperties.PREFIX, value = {"enabled"}, havingValue = "true")
    @Order(-80)
    /* loaded from: input_file:org/springframework/security/boot/SecurityPac4jFilterAutoConfiguration$Pac4jWebSecurityConfigurationAdapter.class */
    static class Pac4jWebSecurityConfigurationAdapter extends WebSecurityBizConfigurerAdapter {
        private final Pac4jProperties pac4jProperties;
        private final Pac4jLogoutProperties pac4jLogoutProperties;
        private final SecurityPac4jAuthcProperties authcProperties;
        private final SecurityPac4jCallbackProperties callbackProperties;
        private final Config pac4jConfig;
        private final LogoutHandler logoutHandler;
        private final Pac4jEntryPoint authenticationEntryPoint;
        private final RequestCache requestCache;
        private final Pac4jProxyReceptor pac4jProxyReceptor;
        private final Pac4jCallbackUrlParser callbackUrlParser;
        private final Pac4jRedirectionUrlParser redirectionUrlParser;

        public Pac4jWebSecurityConfigurationAdapter(SecurityBizProperties securityBizProperties, SecurityPac4jAuthcProperties securityPac4jAuthcProperties, SecurityPac4jCallbackProperties securityPac4jCallbackProperties, Pac4jProperties pac4jProperties, Pac4jLogoutProperties pac4jLogoutProperties, ObjectProvider<AuthenticationProvider> objectProvider, ObjectProvider<AuthenticationManager> objectProvider2, ObjectProvider<Pac4jProxyReceptor> objectProvider3, ObjectProvider<Config> objectProvider4, ObjectProvider<LogoutHandler> objectProvider5, ObjectProvider<Pac4jEntryPoint> objectProvider6, ObjectProvider<Pac4jCallbackUrlParser> objectProvider7, ObjectProvider<Pac4jRedirectionUrlParser> objectProvider8) {
            super(securityBizProperties, securityPac4jAuthcProperties, (List) objectProvider.stream().collect(Collectors.toList()), (AuthenticationManager) objectProvider2.getIfAvailable());
            this.pac4jProperties = pac4jProperties;
            this.authcProperties = securityPac4jAuthcProperties;
            this.callbackProperties = securityPac4jCallbackProperties;
            this.pac4jLogoutProperties = pac4jLogoutProperties;
            this.authenticationEntryPoint = (Pac4jEntryPoint) objectProvider6.getIfAvailable();
            this.pac4jProxyReceptor = (Pac4jProxyReceptor) objectProvider3.getIfAvailable();
            this.pac4jConfig = (Config) objectProvider4.getIfAvailable();
            this.callbackUrlParser = (Pac4jCallbackUrlParser) objectProvider7.getIfAvailable();
            this.redirectionUrlParser = (Pac4jRedirectionUrlParser) objectProvider8.getIfAvailable();
            this.logoutHandler = super.logoutHandler((List) objectProvider5.stream().collect(Collectors.toList()));
            this.requestCache = super.requestCache();
        }

        public Pac4jPreAuthenticatedSecurityFilter pac4jSecurityFilter() throws Exception {
            Pac4jPreAuthenticatedSecurityFilter pac4jPreAuthenticatedSecurityFilter = new Pac4jPreAuthenticatedSecurityFilter();
            pac4jPreAuthenticatedSecurityFilter.setAuthenticationManager(authenticationManagerBean());
            if (StringUtils2.hasText(this.authcProperties.getPathPattern())) {
                pac4jPreAuthenticatedSecurityFilter.setFilterProcessesUrl(this.authcProperties.getPathPattern());
            }
            if (this.authcProperties.isAuthzProxy() && this.pac4jProxyReceptor != null) {
                pac4jPreAuthenticatedSecurityFilter.setProxyReceptor(this.pac4jProxyReceptor);
            }
            pac4jPreAuthenticatedSecurityFilter.setAuthorizers(this.pac4jProperties.getAuthorizers());
            pac4jPreAuthenticatedSecurityFilter.setClients(this.pac4jProperties.getClients());
            pac4jPreAuthenticatedSecurityFilter.setConfig(this.pac4jConfig);
            pac4jPreAuthenticatedSecurityFilter.setErrorUrl(this.authcProperties.getErrorUrl());
            pac4jPreAuthenticatedSecurityFilter.setMatchers(this.pac4jProperties.getMatchers());
            pac4jPreAuthenticatedSecurityFilter.setMultiProfile(Boolean.valueOf(this.pac4jProperties.isMultiProfile()));
            pac4jPreAuthenticatedSecurityFilter.setRedirectionUrlParser(this.redirectionUrlParser);
            return pac4jPreAuthenticatedSecurityFilter;
        }

        public Pac4jPreAuthenticationCallbackFilter pac4jCallbackFilter() throws Exception {
            Pac4jPreAuthenticationCallbackFilter pac4jPreAuthenticationCallbackFilter = new Pac4jPreAuthenticationCallbackFilter();
            pac4jPreAuthenticationCallbackFilter.setAuthenticationManager(authenticationManager());
            if (StringUtils2.hasText(this.callbackProperties.getPathPattern())) {
                pac4jPreAuthenticationCallbackFilter.setFilterProcessesUrl(this.callbackProperties.getPathPattern());
            }
            pac4jPreAuthenticationCallbackFilter.setConfig(this.pac4jConfig);
            pac4jPreAuthenticationCallbackFilter.setCallbackUrlParser(this.callbackUrlParser);
            if (this.authcProperties.isAuthzProxy()) {
                pac4jPreAuthenticationCallbackFilter.setDefaultUrl(this.authcProperties.getAuthzProxyUrl());
            } else {
                pac4jPreAuthenticationCallbackFilter.setDefaultUrl(Pac4jUrlUtils.constructRedirectUrl(this.callbackProperties.getDefaultUrl(), this.pac4jProperties.getClientParameterName(), this.pac4jProperties.getDefaultClientName()));
            }
            pac4jPreAuthenticationCallbackFilter.setMultiProfile(Boolean.valueOf(this.pac4jProperties.isMultiProfile()));
            return pac4jPreAuthenticationCallbackFilter;
        }

        public void configure(HttpSecurity httpSecurity) throws Exception {
            ((HttpSecurity.RequestMatcherConfigurer) httpSecurity.requestCache().requestCache(this.requestCache).and().logout().logoutUrl(this.pac4jLogoutProperties.getPathPattern()).logoutSuccessUrl(this.pac4jLogoutProperties.getDefaultUrl()).addLogoutHandler(this.logoutHandler).clearAuthentication(true).invalidateHttpSession(true).and().exceptionHandling().authenticationEntryPoint(this.authenticationEntryPoint).and().httpBasic().authenticationEntryPoint(this.authenticationEntryPoint).and().requestMatchers().antMatchers(new String[]{this.authcProperties.getPathPattern(), this.callbackProperties.getPathPattern()})).and().addFilterBefore(pac4jSecurityFilter(), BasicAuthenticationFilter.class).addFilterBefore(pac4jCallbackFilter(), Pac4jPreAuthenticatedSecurityFilter.class);
            super.configure(httpSecurity, this.authcProperties.getCors());
            super.configure(httpSecurity, this.authcProperties.getCsrf());
            super.configure(httpSecurity, this.authcProperties.getHeaders());
            super.configure(httpSecurity);
        }

        public void configure(WebSecurity webSecurity) throws Exception {
            super.configure(webSecurity);
        }
    }

    @Bean
    public Pac4jLogoutHandler pac4jLogoutHandler(Config config, Pac4jProperties pac4jProperties, Pac4jLogoutProperties pac4jLogoutProperties, ServerProperties serverProperties) {
        Pac4jLogoutHandler pac4jLogoutHandler = new Pac4jLogoutHandler();
        pac4jLogoutHandler.setCentralLogout(pac4jLogoutProperties.isCentralLogout());
        pac4jLogoutHandler.setConfig(config);
        pac4jLogoutHandler.setDefaultUrl(pac4jLogoutProperties.getDefaultUrl());
        pac4jLogoutHandler.setDestroySession(pac4jLogoutProperties.isDestroySession());
        pac4jLogoutHandler.setLocalLogout(pac4jLogoutProperties.isLocalLogout());
        pac4jLogoutHandler.setLogoutUrlPattern(pac4jLogoutProperties.getPathPattern());
        return pac4jLogoutHandler;
    }

    @ConditionalOnMissingBean
    @Bean
    public Pac4jRedirectionUrlParser redirectionUrlParser(SecurityPac4jAuthcProperties securityPac4jAuthcProperties) {
        return new DefaultPac4jRedirectionUrlParser(securityPac4jAuthcProperties.getRedirects());
    }

    @ConditionalOnMissingBean
    @Bean
    public Pac4jCallbackUrlParser callbackUrlParser(SecurityPac4jCallbackProperties securityPac4jCallbackProperties) {
        return new DefaultPac4jCallbackUrlParser(securityPac4jCallbackProperties.getRedirects());
    }

    @Bean
    public Pac4jProxyReceptor pac4jProxyReceptor(SecurityPac4jAuthcProperties securityPac4jAuthcProperties, @Autowired(required = false) JwtPayloadRepository jwtPayloadRepository, Pac4jRedirectionUrlParser pac4jRedirectionUrlParser, UserDetailsServiceAdapter userDetailsServiceAdapter) {
        Pac4jRedirectionActionBuilder pac4jRedirectionActionBuilder = new Pac4jRedirectionActionBuilder();
        pac4jRedirectionActionBuilder.setCallbackUrl(securityPac4jAuthcProperties.getAuthzProxyUrl());
        pac4jRedirectionActionBuilder.setJwtPayloadRepository(jwtPayloadRepository);
        pac4jRedirectionActionBuilder.setRedirectionUrlParser(pac4jRedirectionUrlParser);
        pac4jRedirectionActionBuilder.setUserDetailsService(userDetailsServiceAdapter);
        AjaxRequestResolver pac4jAjaxRequestResolver = new Pac4jAjaxRequestResolver();
        pac4jAjaxRequestResolver.setJwtPayloadRepository(jwtPayloadRepository);
        pac4jAjaxRequestResolver.setUserDetailsService(userDetailsServiceAdapter);
        Pac4jProxyReceptor pac4jProxyReceptor = new Pac4jProxyReceptor();
        pac4jProxyReceptor.setCallbackUrl(securityPac4jAuthcProperties.getAuthzProxyUrl());
        pac4jProxyReceptor.setCallbackUrlResolver(new QueryParameterCallbackUrlExtResolver());
        pac4jProxyReceptor.setAjaxRequestResolver(pac4jAjaxRequestResolver);
        pac4jProxyReceptor.setRedirectionActionBuilder(pac4jRedirectionActionBuilder);
        return pac4jProxyReceptor;
    }
}
