package de.digitalcollections.iiif.bookshelf.config;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.actuate.autoconfigure.security.servlet.EndpointRequest;
import org.springframework.boot.autoconfigure.security.servlet.PathRequest;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.crypto.password.NoOpPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.util.matcher.RequestMatcher;

@Configuration
@EnableWebSecurity
/* loaded from: input_file:de/digitalcollections/iiif/bookshelf/config/SpringConfigSecurity.class */
public class SpringConfigSecurity extends WebSecurityConfigurerAdapter {

    @Value("${custom.app.security.enabled}")
    private boolean authentication;

    @Value("${custom.app.security.username}")
    private String username;

    @Value("${custom.app.security.password}")
    private String password;

    @Value("${spring.security.user.name}")
    private String actuatorUsername;

    @Value("${spring.security.user.password}")
    private String actuatorPassword;

    @Configuration
    @Order(1)
    /* loaded from: input_file:de/digitalcollections/iiif/bookshelf/config/SpringConfigSecurity$ApiWebSecurityConfigurationAdapter.class */
    public static class ApiWebSecurityConfigurationAdapter extends WebSecurityConfigurerAdapter {

        @Value("${custom.app.security.enabled}")
        private boolean authentication;

        protected void configure(HttpSecurity httpSecurity) throws Exception {
            if (this.authentication) {
                ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.antMatcher("/api/add").authorizeRequests().antMatchers(new String[]{"/api/add"})).authenticated().and().httpBasic().and().csrf().disable();
            }
        }
    }

    @Configuration
    @Order(2)
    /* loaded from: input_file:de/digitalcollections/iiif/bookshelf/config/SpringConfigSecurity$FormLoginWebSecurityConfigurationAdapter.class */
    public static class FormLoginWebSecurityConfigurationAdapter extends WebSecurityConfigurerAdapter {

        @Value("${custom.app.security.enabled}")
        private boolean authentication;

        protected void configure(HttpSecurity httpSecurity) throws Exception {
            if (this.authentication) {
                ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.antMatcher("/add").authorizeRequests().antMatchers(new String[]{"/add"})).authenticated().and().formLogin().loginPage("/login").permitAll().and().httpBasic();
            }
        }
    }

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception {
        authenticationManagerBuilder.inMemoryAuthentication().withUser(this.actuatorUsername).password(this.actuatorPassword).roles(new String[]{"ACTUATOR"});
        if (this.authentication) {
            authenticationManagerBuilder.inMemoryAuthentication().withUser(this.username).password(this.password).roles(new String[]{"USER"});
        }
    }

    protected void configure(HttpSecurity httpSecurity) throws Exception {
        ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.authorizeRequests().requestMatchers(new RequestMatcher[]{EndpointRequest.to(new String[]{"health", "info", "version"})})).permitAll().requestMatchers(new RequestMatcher[]{EndpointRequest.toAnyEndpoint()})).hasRole("ACTUATOR").and().httpBasic();
        ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.authorizeRequests().requestMatchers(new RequestMatcher[]{PathRequest.toStaticResources().atCommonLocations()})).permitAll();
        ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.authorizeRequests().anyRequest()).permitAll().and().formLogin().loginPage("/login").and().httpBasic().and().headers().frameOptions().disable();
    }

    @Bean
    public PasswordEncoder passwordEncoderDummy() {
        return NoOpPasswordEncoder.getInstance();
    }
}
