package com.auth0.spring.security.mvc;

import com.auth0.Auth0AuthorityStrategy;
import com.auth0.jwt.Algorithm;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.boot.web.filter.OrderedRequestContextFilter;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.context.SecurityContextPersistenceFilter;

@Configuration
@EnableWebSecurity
@ConditionalOnProperty(prefix = "auth0", name = {"defaultAuth0WebSecurityEnabled"})
/* loaded from: input_file:com/auth0/spring/security/mvc/Auth0Config.class */
public class Auth0Config extends WebSecurityConfigurerAdapter {

    @Value("${auth0.domain}")
    protected String domain;

    @Value("${auth0.issuer}")
    protected String issuer;

    @Value("${auth0.clientId}")
    protected String clientId;

    @Value("${auth0.clientSecret}")
    protected String clientSecret;

    @Value("${auth0.onLogoutRedirectTo}")
    protected String onLogoutRedirectTo;

    @Value("${auth0.loginRedirectOnSuccess}")
    protected String loginRedirectOnSuccess;

    @Value("${auth0.loginRedirectOnFail}")
    protected String loginRedirectOnFail;

    @Value("${auth0.loginCallback}")
    protected String loginCallback;

    @Value("${auth0.securedRoute}")
    protected String securedRoute;

    @Value("${auth0.authorityStrategy}")
    protected String authorityStrategy;

    @Value("${auth0.base64EncodedSecret}")
    protected boolean base64EncodedSecret;

    @Value("${auth0.signingAlgorithm:HS256}")
    protected String signingAlgorithm;

    @Value("${auth0.publicKeyPath:}")
    protected String publicKeyPath;

    @Autowired
    @Bean(name = {"auth0AuthenticationManager"})
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }

    @Bean
    public Auth0CORSFilter simpleCORSFilter() {
        return new Auth0CORSFilter();
    }

    @Bean(name = {"auth0AuthenticationProvider"})
    public Auth0AuthenticationProvider auth0AuthenticationProvider() {
        if (!Auth0AuthorityStrategy.contains(this.authorityStrategy)) {
            throw new IllegalStateException("Configuration error, illegal authority strategy");
        }
        Auth0AuthorityStrategy valueOf = Auth0AuthorityStrategy.valueOf(this.authorityStrategy);
        if (Auth0AuthorityStrategy.SCOPE.equals(valueOf)) {
            throw new IllegalStateException("SCOPE authority strategy currently not supported for MVC apps");
        }
        Auth0AuthenticationProvider auth0AuthenticationProvider = new Auth0AuthenticationProvider();
        auth0AuthenticationProvider.setDomain(this.domain);
        auth0AuthenticationProvider.setIssuer(this.issuer);
        auth0AuthenticationProvider.setClientId(this.clientId);
        auth0AuthenticationProvider.setClientSecret(this.clientSecret);
        auth0AuthenticationProvider.setSecuredRoute(this.securedRoute);
        auth0AuthenticationProvider.setAuthorityStrategy(valueOf);
        auth0AuthenticationProvider.setBase64EncodedSecret(this.base64EncodedSecret);
        auth0AuthenticationProvider.setSigningAlgorithm(Algorithm.valueOf(this.signingAlgorithm));
        auth0AuthenticationProvider.setPublicKeyPath(this.publicKeyPath);
        return auth0AuthenticationProvider;
    }

    @Bean(name = {"auth0EntryPoint"})
    public Auth0AuthenticationEntryPoint auth0AuthenticationEntryPoint() {
        return new Auth0AuthenticationEntryPoint();
    }

    @Bean(name = {"auth0Filter"})
    public Auth0AuthenticationFilter auth0AuthenticationFilter(Auth0AuthenticationEntryPoint auth0AuthenticationEntryPoint) {
        Auth0AuthenticationFilter auth0AuthenticationFilter = new Auth0AuthenticationFilter();
        auth0AuthenticationFilter.setEntryPoint(auth0AuthenticationEntryPoint);
        return auth0AuthenticationFilter;
    }

    @Bean(name = {"auth0AuthenticationFilterRegistration"})
    public FilterRegistrationBean auth0AuthenticationFilterRegistration(Auth0AuthenticationFilter auth0AuthenticationFilter) {
        FilterRegistrationBean filterRegistrationBean = new FilterRegistrationBean();
        filterRegistrationBean.setFilter(auth0AuthenticationFilter);
        filterRegistrationBean.setEnabled(false);
        return filterRegistrationBean;
    }

    @Bean
    public OrderedRequestContextFilter requestContextFilter() {
        return new OrderedRequestContextFilter();
    }

    protected void configure(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception {
        authenticationManagerBuilder.authenticationProvider(auth0AuthenticationProvider());
    }

    public void configure(WebSecurity webSecurity) throws Exception {
        webSecurity.ignoring().antMatchers(HttpMethod.OPTIONS, new String[]{"/**"});
    }

    protected void configure(HttpSecurity httpSecurity) throws Exception {
        httpSecurity.csrf().disable();
        httpSecurity.addFilterAfter(auth0AuthenticationFilter(auth0AuthenticationEntryPoint()), SecurityContextPersistenceFilter.class).addFilterBefore(simpleCORSFilter(), Auth0AuthenticationFilter.class);
        authorizeRequests(httpSecurity);
        httpSecurity.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.NEVER);
    }

    protected void authorizeRequests(HttpSecurity httpSecurity) throws Exception {
        ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.authorizeRequests().antMatchers(new String[]{this.securedRoute})).authenticated().antMatchers(new String[]{"/**"})).permitAll();
    }

    public String getDomain() {
        return this.domain;
    }

    public String getIssuer() {
        return this.issuer;
    }

    public String getClientId() {
        return this.clientId;
    }

    public String getClientSecret() {
        return this.clientSecret;
    }

    public String getLoginRedirectOnSuccess() {
        return this.loginRedirectOnSuccess;
    }

    public String getLoginRedirectOnFail() {
        return this.loginRedirectOnFail;
    }

    public String getOnLogoutRedirectTo() {
        return this.onLogoutRedirectTo;
    }

    public String getLoginCallback() {
        return this.loginCallback;
    }

    public String getSecuredRoute() {
        return this.securedRoute;
    }

    public String getAuthorityStrategy() {
        return this.authorityStrategy;
    }

    public boolean isBase64EncodedSecret() {
        return this.base64EncodedSecret;
    }

    public String getSigningAlgorithm() {
        return this.signingAlgorithm;
    }

    public String getPublicKeyPath() {
        return this.publicKeyPath;
    }
}
