package hu.perit.spvitamin.spring.security.auth;

import hu.perit.spvitamin.spring.config.AdminProperties;
import hu.perit.spvitamin.spring.config.SecurityProperties;
import hu.perit.spvitamin.spring.config.SpringContext;
import hu.perit.spvitamin.spring.config.SysConfig;
import hu.perit.spvitamin.spring.security.Constants;
import hu.perit.spvitamin.spring.security.auth.filter.jwt.JwtAuthenticationFilter;
import hu.perit.spvitamin.spring.security.auth.filter.securitycontextremover.SecurityContextRemoverFilter;
import java.util.Iterator;
import java.util.List;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.access.AccessDeniedHandler;
import org.springframework.security.web.context.SecurityContextPersistenceFilter;
import org.springframework.security.web.header.writers.StaticHeadersWriter;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.CorsConfigurationSource;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;

/* loaded from: input_file:hu/perit/spvitamin/spring/security/auth/SimpleHttpSecurityBuilder.class */
public class SimpleHttpSecurityBuilder {
    private final HttpSecurity http;

    /* loaded from: input_file:hu/perit/spvitamin/spring/security/auth/SimpleHttpSecurityBuilder$AfterAuthorizationBuilder.class */
    public static class AfterAuthorizationBuilder {
        private final HttpSecurity http;

        private AfterAuthorizationBuilder(HttpSecurity httpSecurity) {
            this.http = httpSecurity;
        }

        public void basicAuth() throws Exception {
            this.http.httpBasic().authenticationEntryPoint((CustomAuthenticationEntryPoint) SpringContext.getBean(CustomAuthenticationEntryPoint.class));
        }

        public void jwtAuth() {
            this.http.addFilterAfter(new JwtAuthenticationFilter(), SecurityContextPersistenceFilter.class);
        }
    }

    public static SimpleHttpSecurityBuilder newInstance(HttpSecurity httpSecurity) {
        return new SimpleHttpSecurityBuilder(httpSecurity);
    }

    public static AfterAuthorizationBuilder afterAuthorization(HttpSecurity httpSecurity) {
        return new AfterAuthorizationBuilder(httpSecurity);
    }

    private SimpleHttpSecurityBuilder(HttpSecurity httpSecurity) {
        this.http = httpSecurity;
    }

    public SimpleHttpSecurityBuilder defaultCors() throws Exception {
        this.http.cors().configurationSource(corsConfigurationSource());
        return this;
    }

    public SimpleHttpSecurityBuilder defaultCsrf() throws Exception {
        this.http.csrf().disable();
        return this;
    }

    public SimpleHttpSecurityBuilder exceptionHandler(AuthenticationEntryPoint authenticationEntryPoint, AccessDeniedHandler accessDeniedHandler) throws Exception {
        this.http.exceptionHandling().authenticationEntryPoint(authenticationEntryPoint).accessDeniedHandler(accessDeniedHandler);
        return this;
    }

    public SimpleHttpSecurityBuilder defaults() throws Exception {
        return defaultCors().defaultCsrf().allowAdditionalSecurityHeaders();
    }

    public SimpleHttpSecurityBuilder scope(String... strArr) {
        this.http.requestMatchers().antMatchers(strArr);
        return this;
    }

    public SimpleHttpSecurityBuilder allowAdditionalSecurityHeaders() throws Exception {
        SecurityProperties securityProperties = SysConfig.getSecurityProperties();
        if (securityProperties.getAdditionalSecurityHeaders() != null) {
            Iterator it = securityProperties.getAdditionalSecurityHeaders().values().iterator();
            while (it.hasNext()) {
                String[] split = ((String) it.next()).split("=");
                this.http.headers().addHeaderWriter(new StaticHeadersWriter(split[0], new String[]{split[1]}));
            }
        }
        return this;
    }

    public void basicAuthWithSession() throws Exception {
        CustomAuthenticationEntryPoint customAuthenticationEntryPoint = (CustomAuthenticationEntryPoint) SpringContext.getBean(CustomAuthenticationEntryPoint.class);
        ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) defaults().exceptionHandler(customAuthenticationEntryPoint, (CustomAccessDeniedHandler) SpringContext.getBean(CustomAccessDeniedHandler.class)).and().authorizeRequests().anyRequest()).authenticated().and().httpBasic().authenticationEntryPoint(customAuthenticationEntryPoint);
    }

    public void basicAuth() throws Exception {
        CustomAuthenticationEntryPoint customAuthenticationEntryPoint = (CustomAuthenticationEntryPoint) SpringContext.getBean(CustomAuthenticationEntryPoint.class);
        ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) defaults().exceptionHandler(customAuthenticationEntryPoint, (CustomAccessDeniedHandler) SpringContext.getBean(CustomAccessDeniedHandler.class)).ignorePersistedSecurity().and().authorizeRequests().anyRequest()).authenticated().and().httpBasic().authenticationEntryPoint(customAuthenticationEntryPoint);
    }

    public void basicAuth(String str) throws Exception {
        CustomAuthenticationEntryPoint customAuthenticationEntryPoint = (CustomAuthenticationEntryPoint) SpringContext.getBean(CustomAuthenticationEntryPoint.class);
        ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) defaults().exceptionHandler(customAuthenticationEntryPoint, (CustomAccessDeniedHandler) SpringContext.getBean(CustomAccessDeniedHandler.class)).ignorePersistedSecurity().and().authorizeRequests().anyRequest()).hasRole(str).and().httpBasic().authenticationEntryPoint(customAuthenticationEntryPoint);
    }

    public void jwtAuth() throws Exception {
        ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) defaults().exceptionHandler((CustomAuthenticationEntryPoint) SpringContext.getBean(CustomAuthenticationEntryPoint.class), (CustomAccessDeniedHandler) SpringContext.getBean(CustomAccessDeniedHandler.class)).ignorePersistedSecurity().and().authorizeRequests().anyRequest()).authenticated();
        this.http.addFilterAfter(new JwtAuthenticationFilter(), SecurityContextPersistenceFilter.class);
    }

    public void permitAll() throws Exception {
        ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) defaults().exceptionHandler((CustomAuthenticationEntryPoint) SpringContext.getBean(CustomAuthenticationEntryPoint.class), (CustomAccessDeniedHandler) SpringContext.getBean(CustomAccessDeniedHandler.class)).ignorePersistedSecurity().and().authorizeRequests().anyRequest()).permitAll();
    }

    public ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry authorizeRequests() throws Exception {
        return defaults().exceptionHandler((CustomAuthenticationEntryPoint) SpringContext.getBean(CustomAuthenticationEntryPoint.class), (CustomAccessDeniedHandler) SpringContext.getBean(CustomAccessDeniedHandler.class)).ignorePersistedSecurity().and().authorizeRequests();
    }

    public HttpSecurity and() {
        return this.http;
    }

    public SimpleHttpSecurityBuilder authorizeAdminRestEndpoints() throws Exception {
        SecurityProperties securityProperties = SysConfig.getSecurityProperties();
        ExpressionUrlAuthorizationConfigurer.AuthorizedUrl authorizedUrl = (ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) this.http.authorizeRequests().antMatchers(new String[]{String.format("%s/version", Constants.BASE_URL_ADMIN), String.format("%s/csp_violations", Constants.BASE_URL_ADMIN)})).permitAll().antMatchers(new String[]{"/admin/**", "/keystore/**", "/truststore/**"});
        if ("*".equals(securityProperties.getAdminEndpointsAccess())) {
            authorizedUrl.permitAll();
        } else {
            authorizedUrl.hasRole(securityProperties.getAdminEndpointsAccess());
        }
        return this;
    }

    public SimpleHttpSecurityBuilder authorizeSwagger() throws Exception {
        SecurityProperties securityProperties = SysConfig.getSecurityProperties();
        ExpressionUrlAuthorizationConfigurer.AuthorizedUrl authorizedUrl = (ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) this.http.authorizeRequests().antMatchers(new String[]{"/swagger-ui.html", "/swagger-ui.html/**", "/swagger-resources/**", "/api-docs/**", "/v2/api-docs/**", "/webjars/springfox-swagger-ui/**", "/swagger-ui/**"});
        if ("*".equals(securityProperties.getSwaggerAccess())) {
            authorizedUrl.permitAll();
        } else {
            authorizedUrl.hasRole(securityProperties.getSwaggerAccess());
        }
        return this;
    }

    public SimpleHttpSecurityBuilder authorizeActuator() throws Exception {
        SecurityProperties securityProperties = SysConfig.getSecurityProperties();
        ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) this.http.authorizeRequests().antMatchers(new String[]{"/actuator/health", "/actuator/prometheus"})).permitAll();
        ExpressionUrlAuthorizationConfigurer.AuthorizedUrl authorizedUrl = (ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) this.http.authorizeRequests().antMatchers(new String[]{"/actuator/**"});
        if ("*".equals(securityProperties.getManagementEndpointsAccess())) {
            authorizedUrl.permitAll();
        } else {
            authorizedUrl.hasRole(securityProperties.getManagementEndpointsAccess());
        }
        return this;
    }

    public SimpleHttpSecurityBuilder authorizeAdminGui() throws Exception {
        SecurityProperties securityProperties = SysConfig.getSecurityProperties();
        AdminProperties adminProperties = SysConfig.getAdminProperties();
        ExpressionUrlAuthorizationConfigurer.AuthorizedUrl authorizedUrl = adminProperties.getAdminGuiUrl().isBlank() ? (ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) this.http.authorizeRequests().antMatchers(new String[]{"/", "/*.*", "/css/**", "/assets/**"}) : (ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) this.http.authorizeRequests().antMatchers(new String[]{"/", String.format("%s/**", adminProperties.getAdminGuiUrl())});
        if ("*".equals(securityProperties.getAdminGuiAccess())) {
            authorizedUrl.permitAll();
        } else {
            authorizedUrl.hasRole(securityProperties.getAdminGuiAccess());
        }
        return this;
    }

    public SimpleHttpSecurityBuilder logout() throws Exception {
        this.http.logout().invalidateHttpSession(true).deleteCookies(new String[]{"JSESSIONID"}).clearAuthentication(true).logoutSuccessUrl("/");
        return this;
    }

    public SimpleHttpSecurityBuilder allowFrames() throws Exception {
        this.http.headers().frameOptions().sameOrigin();
        return this;
    }

    public SimpleHttpSecurityBuilder ignorePersistedSecurity() {
        this.http.addFilterAfter(new SecurityContextRemoverFilter(), SecurityContextPersistenceFilter.class);
        return this;
    }

    public static CorsConfigurationSource corsConfigurationSource() {
        SecurityProperties securityProperties = SysConfig.getSecurityProperties();
        CorsConfiguration corsConfiguration = new CorsConfiguration();
        corsConfiguration.setAllowedOrigins(getListFromArray(securityProperties.getAllowedOrigins()));
        corsConfiguration.setAllowedHeaders(getListFromArray(securityProperties.getAllowedHeaders()));
        corsConfiguration.setAllowedMethods(getListFromArray(securityProperties.getAllowedMethods()));
        UrlBasedCorsConfigurationSource urlBasedCorsConfigurationSource = new UrlBasedCorsConfigurationSource();
        urlBasedCorsConfigurationSource.registerCorsConfiguration("/**", corsConfiguration);
        return urlBasedCorsConfigurationSource;
    }

    private static List<String> getListFromArray(String[] strArr) {
        return (strArr == null || strArr.length == 0) ? List.of("*") : List.of((Object[]) strArr);
    }
}
