package io.dialob.session.boot;

import com.nimbusds.jwt.proc.JWTProcessor;
import edu.umd.cs.findbugs.annotations.NonNull;
import io.dialob.questionnaire.service.api.session.QuestionnaireSessionService;
import io.dialob.questionnaire.service.sockjs.ExtractURIParametersToAttributesInterceptor;
import io.dialob.security.aws.elb.ElbAuthenticationStrategy;
import io.dialob.security.aws.elb.ElbPreAuthenticatedGrantedAuthoritiesUserDetailsService;
import io.dialob.security.aws.elb.PreAuthenticatedCurrentUserProvider;
import io.dialob.security.spring.ApiKeyCurrentUserProvider;
import io.dialob.security.spring.AuthenticationStrategy;
import io.dialob.security.user.CurrentUserProvider;
import io.dialob.security.user.DelegateCurrentUserProvider;
import io.dialob.session.rest.OnlyOwnerCanAccessSessionPermissionEvaluator;
import io.dialob.session.rest.SessionPermissionEvaluator;
import io.dialob.settings.DialobSettings;
import io.dialob.settings.SessionSettings;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import lombok.Generated;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.scheduling.TaskScheduler;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.ProviderManager;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer;
import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider;
import org.springframework.security.web.util.matcher.AnyRequestMatcher;
import org.springframework.web.cors.CorsConfigurationSource;
import org.springframework.web.socket.WebSocketHandler;
import org.springframework.web.socket.config.annotation.EnableWebSocket;
import org.springframework.web.socket.config.annotation.WebSocketConfigurer;
import org.springframework.web.socket.config.annotation.WebSocketHandlerRegistry;
import org.springframework.web.socket.server.HandshakeInterceptor;
import org.springframework.web.socket.server.standard.ServletServerContainerFactoryBean;

@Configuration(proxyBeanMethods = false)
/* loaded from: input_file:io/dialob/session/boot/ApplicationAutoConfiguration.class */
public class ApplicationAutoConfiguration {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(ApplicationAutoConfiguration.class);

    @Configuration(proxyBeanMethods = false)
    @ConditionalOnProperty(prefix = "dialob.session.security", name = {"enabled"}, havingValue = "true")
    /* loaded from: input_file:io/dialob/session/boot/ApplicationAutoConfiguration$AwsSecurityConfiguration.class */
    public static class AwsSecurityConfiguration {
        @Bean
        public AuthenticationStrategy authenticationStrategy(DialobSettings dialobSettings, GrantedAuthoritiesMapper grantedAuthoritiesMapper, JWTProcessor jWTProcessor, AuthenticationManager authenticationManager) {
            ElbAuthenticationStrategy elbAuthenticationStrategy = new ElbAuthenticationStrategy(grantedAuthoritiesMapper, jWTProcessor, authenticationManager);
            Optional principalRequestHeader = dialobSettings.getAws().getElb().getPrincipalRequestHeader();
            Objects.requireNonNull(elbAuthenticationStrategy);
            principalRequestHeader.ifPresent(elbAuthenticationStrategy::setPrincipalRequestHeader);
            Optional credentialsRequestHeader = dialobSettings.getAws().getElb().getCredentialsRequestHeader();
            Objects.requireNonNull(elbAuthenticationStrategy);
            credentialsRequestHeader.ifPresent(elbAuthenticationStrategy::setCredentialsRequestHeader);
            return elbAuthenticationStrategy;
        }

        @Bean
        public AuthenticationProvider authenticationProvider() {
            PreAuthenticatedAuthenticationProvider preAuthenticatedAuthenticationProvider = new PreAuthenticatedAuthenticationProvider();
            preAuthenticatedAuthenticationProvider.setThrowExceptionWhenTokenRejected(true);
            preAuthenticatedAuthenticationProvider.setPreAuthenticatedUserDetailsService(new ElbPreAuthenticatedGrantedAuthoritiesUserDetailsService());
            return preAuthenticatedAuthenticationProvider;
        }

        @Bean
        public CurrentUserProvider currentUserProvider() {
            return new DelegateCurrentUserProvider(new CurrentUserProvider[]{new PreAuthenticatedCurrentUserProvider(), new ApiKeyCurrentUserProvider()});
        }

        @Bean
        public SessionPermissionEvaluator onlyOwnerCanAccessSessionPermissionEvaluator(QuestionnaireSessionService questionnaireSessionService) {
            return new OnlyOwnerCanAccessSessionPermissionEvaluator(questionnaireSessionService);
        }
    }

    @Configuration(proxyBeanMethods = false)
    @EnableWebSecurity
    @Order(50)
    /* loaded from: input_file:io/dialob/session/boot/ApplicationAutoConfiguration$RestApiSecurityConfigurer.class */
    public static class RestApiSecurityConfigurer {
        private final SessionSettings sessionSettings;
        private final QuestionnaireSessionService questionnaireSessionService;
        private final Optional<AuthenticationStrategy> authenticationStrategy;

        public RestApiSecurityConfigurer(@NonNull DialobSettings dialobSettings, @NonNull QuestionnaireSessionService questionnaireSessionService, Optional<AuthenticationStrategy> optional) {
            this.sessionSettings = dialobSettings.getSession();
            this.questionnaireSessionService = questionnaireSessionService;
            this.authenticationStrategy = optional;
        }

        @Bean
        SecurityFilterChain filterChain(HttpSecurity httpSecurity) throws Exception {
            HttpSecurity securityMatcher = httpSecurity.securityMatcher(AnyRequestMatcher.INSTANCE);
            if (this.authenticationStrategy.isPresent()) {
                this.authenticationStrategy.get().configureAuthentication(securityMatcher);
            }
            if (this.sessionSettings.getRest().isRequireAuthenticated()) {
                securityMatcher = securityMatcher.authorizeHttpRequests(authorizationManagerRequestMatcherRegistry -> {
                    ((AuthorizeHttpRequestsConfigurer.AuthorizedUrl) authorizationManagerRequestMatcherRegistry.anyRequest()).authenticated();
                });
            }
            return (SecurityFilterChain) securityMatcher.cors(corsConfigurer -> {
                corsConfigurer.configurationSource(corsConfigurationSource());
            }).csrf((v0) -> {
                v0.disable();
            }).build();
        }

        CorsConfigurationSource corsConfigurationSource() {
            SessionRestTenantFromRequestResolver sessionRestTenantFromRequestResolver = new SessionRestTenantFromRequestResolver(this.questionnaireSessionService);
            Map cors = this.sessionSettings.getRest().getCors();
            Objects.requireNonNull(cors);
            return new TenantBasedCorsConfigurationSource((v1) -> {
                return r2.get(v1);
            }, sessionRestTenantFromRequestResolver);
        }
    }

    @Configuration(proxyBeanMethods = false)
    @ConditionalOnProperty(prefix = "dialob.session.sockjs", name = {"webSocketEnabled"}, havingValue = "true")
    @EnableWebSocket
    /* loaded from: input_file:io/dialob/session/boot/ApplicationAutoConfiguration$SockJSWebSocketConfigurer.class */
    public static class SockJSWebSocketConfigurer implements WebSocketConfigurer {
        private final WebSocketHandler perConnectionWebSocketHandler;
        private final SessionSettings.SockJSSettings settings;
        private final TaskScheduler taskScheduler;

        public SockJSWebSocketConfigurer(DialobSettings dialobSettings, WebSocketHandler webSocketHandler, TaskScheduler taskScheduler) {
            this.perConnectionWebSocketHandler = webSocketHandler;
            this.settings = dialobSettings.getSession().getSockjs();
            this.taskScheduler = taskScheduler;
        }

        public void registerWebSocketHandlers(@NonNull WebSocketHandlerRegistry webSocketHandlerRegistry) {
            if (this.settings.isEnabled()) {
                webSocketHandlerRegistry.addHandler(this.perConnectionWebSocketHandler, new String[]{this.settings.getContextPath()}).setAllowedOrigins((String[]) this.settings.getAllowedOrigins().toArray(new String[0])).withSockJS().setClientLibraryUrl(this.settings.getLibraryUrl()).setWebSocketEnabled(this.settings.isWebSocketEnabled()).setInterceptors(new HandshakeInterceptor[]{new ExtractURIParametersToAttributesInterceptor(new String[]{Objects.toString(this.settings.getUrlAttributes().getSessionId(), "sessionId"), Objects.toString(this.settings.getUrlAttributes().getTenantId(), "tenantId")})}).setTaskScheduler(this.taskScheduler);
                if (this.settings.isWebSocketEnabled()) {
                    ApplicationAutoConfiguration.LOGGER.info("Configuring WebSocket endpoint {}", this.settings.getContextPath());
                }
            }
        }

        @Bean
        public ServletServerContainerFactoryBean createWebSocketContainer() {
            ServletServerContainerFactoryBean servletServerContainerFactoryBean = new ServletServerContainerFactoryBean();
            servletServerContainerFactoryBean.setMaxTextMessageBufferSize(Integer.valueOf(this.settings.getMaxTextMessageBufferSize()));
            servletServerContainerFactoryBean.setMaxBinaryMessageBufferSize(Integer.valueOf(this.settings.getMaxBinaryMessageBufferSize()));
            return servletServerContainerFactoryBean;
        }
    }

    @Bean
    public AuthenticationManager authenticationManager(List<AuthenticationProvider> list) {
        return list.isEmpty() ? authentication -> {
            return authentication;
        } : new ProviderManager(list);
    }
}
