package net.savantly.sprout.autoconfigure;

import java.util.ArrayList;
import javax.servlet.Filter;
import net.savantly.sprout.core.domain.emailAddress.repository.EmailAddressRepository;
import net.savantly.sprout.core.domain.user.repository.UserRepository;
import net.savantly.sprout.core.security.SproutAuditorAware;
import net.savantly.sprout.core.security.SproutPasswordEncoder;
import net.savantly.sprout.core.security.SproutUserDetailsService;
import net.savantly.sprout.core.security.SproutUserDetailsServiceImpl;
import net.savantly.sprout.oauth.ClientResources;
import net.savantly.sprout.oauth.GithubPrincipalExtractor;
import net.savantly.sprout.oauth.LinkedinPrincipalExtractor;
import net.savantly.sprout.starter.SproutWebSecurityConfiguration;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.autoconfigure.security.oauth2.resource.UserInfoTokenServices;
import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.oauth2.client.OAuth2ClientContext;
import org.springframework.security.oauth2.client.filter.OAuth2ClientAuthenticationProcessingFilter;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableOAuth2Client;
import org.springframework.web.filter.CompositeFilter;

@Configuration
@EnableOAuth2Client
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
/* loaded from: input_file:net/savantly/sprout/autoconfigure/SproutSecurityAutoConfiguration.class */
public class SproutSecurityAutoConfiguration {
    @Bean
    public SproutWebSecurityConfiguration sproutWebSecurityConfiguration(UserDetailsService userDetailsService, @Qualifier("oauth2ClientContextFilter") Filter filter, PasswordEncoder passwordEncoder, @Qualifier("githubClient") ClientResources clientResources, @Qualifier("linkedinClient") ClientResources clientResources2) {
        return new SproutWebSecurityConfiguration(userDetailsService, ssoFilter(clientResources, clientResources2), filter, passwordEncoder);
    }

    @Bean({"userDetailsService"})
    public SproutUserDetailsService sproutUserDetailsService(UserRepository userRepository, EmailAddressRepository emailAddressRepository) {
        return new SproutUserDetailsServiceImpl(userRepository, emailAddressRepository);
    }

    @Bean
    public SproutPasswordEncoder sproutPasswordEncoder() {
        return new SproutPasswordEncoder();
    }

    @Bean
    public SproutAuditorAware sproutAuditorAware() {
        return new SproutAuditorAware();
    }

    @ConfigurationProperties("github")
    @Bean(name = {"githubClient"})
    ClientResources github(OAuth2ClientContext oAuth2ClientContext, UserRepository userRepository) {
        ClientResources clientResources = new ClientResources(oAuth2ClientContext);
        clientResources.setPrincipalExtractor(new GithubPrincipalExtractor(userRepository, clientResources.getRestTemplate()));
        return clientResources;
    }

    @ConfigurationProperties("linkedin")
    @Bean(name = {"linkedinClient"})
    ClientResources linkedin(OAuth2ClientContext oAuth2ClientContext, UserRepository userRepository, SproutUserDetailsService sproutUserDetailsService) {
        ClientResources clientResources = new ClientResources(oAuth2ClientContext);
        clientResources.setPrincipalExtractor(new LinkedinPrincipalExtractor(userRepository, sproutUserDetailsService, clientResources.getRestTemplate()));
        return clientResources;
    }

    private Filter ssoFilter(@Qualifier("githubClient") ClientResources clientResources, @Qualifier("linkedinClient") ClientResources clientResources2) {
        CompositeFilter compositeFilter = new CompositeFilter();
        ArrayList arrayList = new ArrayList();
        arrayList.add(ssoFilter(clientResources, "/login/github"));
        arrayList.add(ssoFilter(clientResources2, "/login/linkedin"));
        compositeFilter.setFilters(arrayList);
        return compositeFilter;
    }

    private Filter ssoFilter(ClientResources clientResources, String str) {
        UserInfoTokenServices userInfoTokenServices = new UserInfoTokenServices(clientResources.getResource().getUserInfoUri(), clientResources.getClient().getClientId());
        userInfoTokenServices.setPrincipalExtractor(clientResources.getPrincipalExtractor());
        OAuth2ClientAuthenticationProcessingFilter oAuth2ClientAuthenticationProcessingFilter = new OAuth2ClientAuthenticationProcessingFilter(str);
        oAuth2ClientAuthenticationProcessingFilter.setRestTemplate(clientResources.getRestTemplate());
        oAuth2ClientAuthenticationProcessingFilter.setTokenServices(userInfoTokenServices);
        return oAuth2ClientAuthenticationProcessingFilter;
    }
}
