package pl.sparkbit.security.config;

import com.fasterxml.jackson.databind.ObjectMapper;
import java.beans.ConstructorProperties;
import org.springframework.beans.factory.ObjectProvider;
import org.springframework.boot.actuate.autoconfigure.security.servlet.EndpointRequest;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.core.convert.ConversionService;
import org.springframework.core.convert.support.DefaultConversionService;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
import org.springframework.security.web.util.matcher.RequestMatcher;
import pl.sparkbit.security.hooks.LoginHook;
import pl.sparkbit.security.login.LoginAuthenticationFilter;
import pl.sparkbit.security.login.LoginPrincipalFactory;
import pl.sparkbit.security.login.SessionExpirationHeaderFilter;
import pl.sparkbit.security.login.social.FacebookAuthenticationProvider;
import pl.sparkbit.security.login.social.GoogleAuthenticationProvider;
import pl.sparkbit.security.login.social.TwitterAuthenticationProvider;
import pl.sparkbit.security.login.social.resolver.FacebookResolver;
import pl.sparkbit.security.login.social.resolver.GoogleResolver;
import pl.sparkbit.security.login.social.resolver.TwitterResolver;
import pl.sparkbit.security.restauthn.AuthenticationTokenHelper;
import pl.sparkbit.security.restauthn.RestAuthenticationFilter;
import pl.sparkbit.security.restauthn.user.UserAuthenticationProvider;
import pl.sparkbit.security.service.SessionService;
import pl.sparkbit.security.service.UserDetailsService;

@EnableWebSecurity
/* loaded from: input_file:pl/sparkbit/security/config/SparkbitSecurityWebConfigurer.class */
public class SparkbitSecurityWebConfigurer {

    @Configuration
    @Order(20)
    /* loaded from: input_file:pl/sparkbit/security/config/SparkbitSecurityWebConfigurer$ActuatorHealthConfigurationAdapter.class */
    public static class ActuatorHealthConfigurationAdapter extends WebSecurityConfigurerAdapter {
        private final RestConfigurationAdapter restConfiguration;

        protected void configure(HttpSecurity httpSecurity) throws Exception {
            this.restConfiguration.allowPublicAccess(httpSecurity, EndpointRequest.to(new String[]{"health"}));
        }

        protected void configure(AuthenticationManagerBuilder authenticationManagerBuilder) {
            this.restConfiguration.enableAuthenticationSupport(authenticationManagerBuilder);
        }

        @ConstructorProperties({"restConfiguration"})
        public ActuatorHealthConfigurationAdapter(RestConfigurationAdapter restConfigurationAdapter) {
            this.restConfiguration = restConfigurationAdapter;
        }
    }

    @Configuration
    @Order(3)
    /* loaded from: input_file:pl/sparkbit/security/config/SparkbitSecurityWebConfigurer$ErrorConfigurationAdapter.class */
    public static class ErrorConfigurationAdapter extends WebSecurityConfigurerAdapter {
        private static final String ERROR_PATTERN = "/error/**";

        protected void configure(HttpSecurity httpSecurity) throws Exception {
            httpSecurity.cors().and().antMatcher(ERROR_PATTERN).sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and().anonymous().disable().logout().disable().rememberMe().disable().csrf().disable();
        }
    }

    @Configuration
    @Order(1)
    /* loaded from: input_file:pl/sparkbit/security/config/SparkbitSecurityWebConfigurer$LoginConfigurationAdapter.class */
    public static class LoginConfigurationAdapter extends WebSecurityConfigurerAdapter {
        private final AuthenticationEntryPoint authenticationEntryPoint;
        private final UserDetailsService userDetailsService;
        private final ObjectMapper objectMapper;
        private final LoginPrincipalFactory loginPrincipalFactory;
        private final ObjectProvider<FacebookResolver> facebookResolver;
        private final ObjectProvider<GoogleResolver> googleResolver;
        private final ObjectProvider<TwitterResolver> twitterResolver;
        private final ObjectProvider<LoginHook> loginHook;
        private final SecurityProperties configuration;
        private final DaoAuthenticationProvider daoAuthenticationProvider;

        protected void configure(HttpSecurity httpSecurity) throws Exception {
            httpSecurity.cors().and().addFilterBefore(new LoginAuthenticationFilter(authenticationManager(), this.authenticationEntryPoint, this.loginPrincipalFactory, (LoginHook) this.loginHook.getIfAvailable(() -> {
                return new LoginHook() { // from class: pl.sparkbit.security.config.SparkbitSecurityWebConfigurer.LoginConfigurationAdapter.1
                };
            })), BasicAuthenticationFilter.class).antMatcher(this.configuration.getPaths().getLogin()).sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and().anonymous().disable().logout().disable().rememberMe().disable().csrf().disable();
        }

        protected void configure(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception {
            authenticationManagerBuilder.authenticationProvider(this.daoAuthenticationProvider);
            if (this.googleResolver.getIfAvailable() != null) {
                authenticationManagerBuilder.authenticationProvider(new GoogleAuthenticationProvider((GoogleResolver) this.googleResolver.getIfAvailable(), this.userDetailsService));
            }
            this.twitterResolver.ifAvailable(twitterResolver -> {
                authenticationManagerBuilder.authenticationProvider(new TwitterAuthenticationProvider(twitterResolver, this.userDetailsService, this.objectMapper));
            });
            this.facebookResolver.ifAvailable(facebookResolver -> {
                authenticationManagerBuilder.authenticationProvider(new FacebookAuthenticationProvider(facebookResolver, this.userDetailsService, this.objectMapper));
            });
        }

        @ConstructorProperties({"authenticationEntryPoint", "userDetailsService", "objectMapper", "loginPrincipalFactory", "facebookResolver", "googleResolver", "twitterResolver", "loginHook", "configuration", "daoAuthenticationProvider"})
        public LoginConfigurationAdapter(AuthenticationEntryPoint authenticationEntryPoint, UserDetailsService userDetailsService, ObjectMapper objectMapper, LoginPrincipalFactory loginPrincipalFactory, ObjectProvider<FacebookResolver> objectProvider, ObjectProvider<GoogleResolver> objectProvider2, ObjectProvider<TwitterResolver> objectProvider3, ObjectProvider<LoginHook> objectProvider4, SecurityProperties securityProperties, DaoAuthenticationProvider daoAuthenticationProvider) {
            this.authenticationEntryPoint = authenticationEntryPoint;
            this.userDetailsService = userDetailsService;
            this.objectMapper = objectMapper;
            this.loginPrincipalFactory = loginPrincipalFactory;
            this.facebookResolver = objectProvider;
            this.googleResolver = objectProvider2;
            this.twitterResolver = objectProvider3;
            this.loginHook = objectProvider4;
            this.configuration = securityProperties;
            this.daoAuthenticationProvider = daoAuthenticationProvider;
        }
    }

    @Configuration
    @Order(2)
    /* loaded from: input_file:pl/sparkbit/security/config/SparkbitSecurityWebConfigurer$PublicRestConfigurationAdapter.class */
    public static class PublicRestConfigurationAdapter extends WebSecurityConfigurerAdapter {
        private final SecurityProperties configuration;

        protected void configure(HttpSecurity httpSecurity) throws Exception {
            httpSecurity.cors().and().antMatcher(this.configuration.getPaths().getPublicPrefix() + "/**").sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and().anonymous().disable().logout().disable().rememberMe().disable().csrf().disable();
        }

        @ConstructorProperties({"configuration"})
        public PublicRestConfigurationAdapter(SecurityProperties securityProperties) {
            this.configuration = securityProperties;
        }
    }

    @Configuration
    @Order(100)
    /* loaded from: input_file:pl/sparkbit/security/config/SparkbitSecurityWebConfigurer$RestConfigurationAdapter.class */
    public static class RestConfigurationAdapter extends WebSecurityConfigurerAdapter {
        private final UserDetailsService userDetailsService;
        private final AuthenticationEntryPoint authenticationEntryPoint;
        private final AuthenticationTokenHelper authenticationTokenHelper;
        private final SessionService sessionService;
        private final SecurityProperties configuration;

        @Bean
        public UserAuthenticationProvider restAuthenticationProvider() {
            return new UserAuthenticationProvider(this.userDetailsService);
        }

        protected void configure(HttpSecurity httpSecurity) throws Exception {
            ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.cors().and().addFilterBefore(new RestAuthenticationFilter(authenticationManager(), this.authenticationEntryPoint, this.authenticationTokenHelper), BasicAuthenticationFilter.class).addFilterAfter(new SessionExpirationHeaderFilter(this.sessionService, this.configuration.getSessionExpiration().getTimestampHeaderName(), this.authenticationTokenHelper), RestAuthenticationFilter.class).authorizeRequests().antMatchers(new String[]{this.configuration.getPaths().getLogin()})).denyAll().antMatchers(new String[]{this.configuration.getPaths().getExtraAuthCheck()})).authenticated().requestMatchers(new RequestMatcher[]{EndpointRequest.toAnyEndpoint()})).access("hasRole('ACTUATOR') and !principal.isExtraAuthnCheckRequired()").antMatchers(new String[]{this.configuration.getPaths().getAdminPrefix() + "/**"})).access("hasRole('ADMIN') and !principal.isExtraAuthnCheckRequired()").anyRequest()).access("!principal.isExtraAuthnCheckRequired()").and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and().anonymous().disable().logout().disable().rememberMe().disable().csrf().disable();
        }

        protected void configure(AuthenticationManagerBuilder authenticationManagerBuilder) {
            authenticationManagerBuilder.authenticationProvider(restAuthenticationProvider());
        }

        public void requireRoleForPathPrefix(HttpSecurity httpSecurity, AuthenticationManager authenticationManager, String str, String str2) throws Exception {
            RestAuthenticationFilter restAuthenticationFilter = new RestAuthenticationFilter(authenticationManager, this.authenticationEntryPoint, this.authenticationTokenHelper);
            ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.antMatcher(str).addFilterBefore(restAuthenticationFilter, BasicAuthenticationFilter.class).addFilterAfter(new SessionExpirationHeaderFilter(this.sessionService, this.configuration.getSessionExpiration().getTimestampHeaderName(), this.authenticationTokenHelper), RestAuthenticationFilter.class).authorizeRequests().anyRequest()).hasRole(str2).and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and().anonymous().disable().logout().disable().rememberMe().disable().csrf().disable();
        }

        public void allowPublicAccess(HttpSecurity httpSecurity, RequestMatcher requestMatcher) throws Exception {
            RestAuthenticationFilter restAuthenticationFilter = new RestAuthenticationFilter(authenticationManager(), this.authenticationEntryPoint, this.authenticationTokenHelper);
            httpSecurity.requestMatcher(requestMatcher).addFilterBefore(restAuthenticationFilter, BasicAuthenticationFilter.class).addFilterAfter(new SessionExpirationHeaderFilter(this.sessionService, this.configuration.getSessionExpiration().getTimestampHeaderName(), this.authenticationTokenHelper), RestAuthenticationFilter.class).sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and().anonymous().disable().logout().disable().rememberMe().disable().csrf().disable();
        }

        public void enableAuthenticationSupport(AuthenticationManagerBuilder authenticationManagerBuilder) {
            authenticationManagerBuilder.authenticationProvider(restAuthenticationProvider());
        }

        @ConstructorProperties({"userDetailsService", "authenticationEntryPoint", "authenticationTokenHelper", "sessionService", "configuration"})
        public RestConfigurationAdapter(UserDetailsService userDetailsService, AuthenticationEntryPoint authenticationEntryPoint, AuthenticationTokenHelper authenticationTokenHelper, SessionService sessionService, SecurityProperties securityProperties) {
            this.userDetailsService = userDetailsService;
            this.authenticationEntryPoint = authenticationEntryPoint;
            this.authenticationTokenHelper = authenticationTokenHelper;
            this.sessionService = sessionService;
            this.configuration = securityProperties;
        }
    }

    @ConditionalOnMissingBean
    @Bean
    public ConversionService conversionService() {
        return new DefaultConversionService();
    }
}
