package org.apache.streampipes.service.core;

import jakarta.servlet.Filter;
import org.apache.streampipes.rest.filter.TokenAuthenticationFilter;
import org.apache.streampipes.service.base.security.UnauthorizedRequestEntryPoint;
import org.apache.streampipes.user.management.service.SpUserDetailsService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.BeanIds;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.security.web.util.matcher.RequestMatcher;

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true, jsr250Enabled = true)
/* loaded from: input_file:BOOT-INF/classes/org/apache/streampipes/service/core/WebSecurityConfig.class */
public class WebSecurityConfig {
    private final UserDetailsService userDetailsService = new SpUserDetailsService();
    private final StreamPipesPasswordEncoder passwordEncoder;

    public WebSecurityConfig(StreamPipesPasswordEncoder streamPipesPasswordEncoder) {
        this.passwordEncoder = streamPipesPasswordEncoder;
    }

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception {
        authenticationManagerBuilder.userDetailsService(this.userDetailsService).passwordEncoder(this.passwordEncoder.passwordEncoder());
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Bean
    public SecurityFilterChain filterChain(HttpSecurity httpSecurity) throws Exception {
        ((HttpSecurity) ((HttpSecurity) ((HttpSecurity) ((HttpSecurity) ((HttpSecurity) httpSecurity.cors().and()).sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()).csrf().disable()).formLogin().disable()).httpBasic().disable().exceptionHandling().authenticationEntryPoint(new UnauthorizedRequestEntryPoint()).and()).authorizeHttpRequests(authorizationManagerRequestMatcherRegistry -> {
            ((HttpSecurity) authorizationManagerRequestMatcherRegistry.requestMatchers((RequestMatcher[]) UnauthenticatedInterfaces.get().stream().map(AntPathRequestMatcher::new).toList().toArray(new AntPathRequestMatcher[0])).permitAll().anyRequest().authenticated().and()).addFilterBefore((Filter) tokenAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class);
        });
        return httpSecurity.build();
    }

    public TokenAuthenticationFilter tokenAuthenticationFilter() {
        return new TokenAuthenticationFilter();
    }

    @Bean({BeanIds.USER_DETAILS_SERVICE})
    public UserDetailsService userDetailsService() {
        return this.userDetailsService;
    }

    @Bean
    public AuthenticationManager authenticationManager(AuthenticationConfiguration authenticationConfiguration) throws Exception {
        return authenticationConfiguration.getAuthenticationManager();
    }
}
