package hu.perit.spvitamin.spring.security.auth;

import hu.perit.spvitamin.core.reflection.ReflectionUtils;
import hu.perit.spvitamin.spring.config.SecurityProperties;
import hu.perit.spvitamin.spring.config.SpringContext;
import hu.perit.spvitamin.spring.config.SysConfig;
import hu.perit.spvitamin.spring.security.auth.filter.Role2PermissionMapperFilter;
import hu.perit.spvitamin.spring.security.auth.filter.jwt.JwtAuthenticationFilter;
import hu.perit.spvitamin.spring.security.auth.filter.securitycontextremover.SecurityContextRemoverFilter;
import java.lang.reflect.Field;
import java.util.Iterator;
import java.util.List;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.access.AccessDeniedHandler;
import org.springframework.security.web.context.SecurityContextPersistenceFilter;
import org.springframework.security.web.header.writers.StaticHeadersWriter;
import org.springframework.security.web.session.SessionManagementFilter;
import org.springframework.security.web.util.matcher.RequestMatcher;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.CorsConfigurationSource;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;

/* loaded from: input_file:hu/perit/spvitamin/spring/security/auth/SimpleHttpSecurityBuilder.class */
public class SimpleHttpSecurityBuilder {
    private static final Logger log = LoggerFactory.getLogger(SimpleHttpSecurityBuilder.class);
    private final HttpSecurity http;

    public static SimpleHttpSecurityBuilder newInstance(HttpSecurity httpSecurity) {
        return new SimpleHttpSecurityBuilder(httpSecurity);
    }

    private SimpleHttpSecurityBuilder(HttpSecurity httpSecurity) {
        this.http = httpSecurity;
    }

    public SimpleHttpSecurityBuilder defaultCors() throws Exception {
        this.http.cors().configurationSource(corsConfigurationSource());
        return this;
    }

    public SimpleHttpSecurityBuilder defaultCsrf() throws Exception {
        this.http.csrf().disable();
        return this;
    }

    public SimpleHttpSecurityBuilder exceptionHandler(AuthenticationEntryPoint authenticationEntryPoint, AccessDeniedHandler accessDeniedHandler) throws Exception {
        this.http.exceptionHandling().authenticationEntryPoint(authenticationEntryPoint).accessDeniedHandler(accessDeniedHandler);
        return this;
    }

    public SimpleHttpSecurityBuilder defaults() throws Exception {
        return defaultCors().defaultCsrf().allowAdditionalSecurityHeaders().exceptionHandler((CustomAuthenticationEntryPoint) SpringContext.getBean(CustomAuthenticationEntryPoint.class), (CustomAccessDeniedHandler) SpringContext.getBean(CustomAccessDeniedHandler.class));
    }

    public SimpleHttpSecurityBuilder scope(String... strArr) throws Exception {
        defaults();
        this.http.securityMatcher(strArr);
        return this;
    }

    public SimpleHttpSecurityBuilder scope(RequestMatcher requestMatcher) throws Exception {
        defaults();
        this.http.securityMatcher(requestMatcher);
        return this;
    }

    public SimpleHttpSecurityBuilder allowAdditionalSecurityHeaders() throws Exception {
        SecurityProperties securityProperties = SysConfig.getSecurityProperties();
        if (securityProperties.getAdditionalSecurityHeaders() != null) {
            Iterator it = securityProperties.getAdditionalSecurityHeaders().values().iterator();
            while (it.hasNext()) {
                String[] split = ((String) it.next()).split("=");
                this.http.headers().addHeaderWriter(new StaticHeadersWriter(split[0], new String[]{split[1]}));
            }
        }
        return this;
    }

    public SimpleHttpSecurityBuilder createSession() throws Exception {
        this.http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.ALWAYS);
        return this;
    }

    public SimpleHttpSecurityBuilder basicAuth() throws Exception {
        this.http.httpBasic().authenticationEntryPoint((CustomAuthenticationEntryPoint) SpringContext.getBean(CustomAuthenticationEntryPoint.class));
        if (!isFilterAlreadyExists(Role2PermissionMapperFilter.class)) {
            this.http.addFilterAfter(new Role2PermissionMapperFilter(), SessionManagementFilter.class);
        }
        return this;
    }

    public SimpleHttpSecurityBuilder jwtAuth() throws Exception {
        if (!isFilterAlreadyExists(JwtAuthenticationFilter.class)) {
            this.http.addFilterAfter(new JwtAuthenticationFilter(), SecurityContextPersistenceFilter.class);
        }
        if (!isFilterAlreadyExists(Role2PermissionMapperFilter.class)) {
            this.http.addFilterAfter(new Role2PermissionMapperFilter(), SessionManagementFilter.class);
        }
        return this;
    }

    public SimpleHttpSecurityBuilder authorizeRequests(Customizer<AuthorizeHttpRequestsConfigurer<HttpSecurity>.AuthorizationManagerRequestMatcherRegistry> customizer) throws Exception {
        this.http.authorizeHttpRequests(customizer);
        return this;
    }

    public HttpSecurity and() {
        return this.http;
    }

    public SimpleHttpSecurityBuilder logout() throws Exception {
        this.http.logout().invalidateHttpSession(true).deleteCookies(new String[]{"JSESSIONID"}).clearAuthentication(true);
        return this;
    }

    public SimpleHttpSecurityBuilder allowFrames() throws Exception {
        this.http.headers().frameOptions().sameOrigin();
        return this;
    }

    public SimpleHttpSecurityBuilder ignorePersistedSecurity() {
        if (isFilterAlreadyExists(SecurityContextRemoverFilter.class)) {
            log.warn("{} has already been applied!", SecurityContextRemoverFilter.class.getName());
        } else {
            this.http.addFilterAfter(new SecurityContextRemoverFilter(), SecurityContextPersistenceFilter.class);
        }
        return this;
    }

    private boolean isFilterAlreadyExists(Class<?> cls) {
        Field field = (Field) ReflectionUtils.propertiesOf(HttpSecurity.class, true).stream().filter(field2 -> {
            return field2.getName().equalsIgnoreCase("filters");
        }).findAny().orElse(null);
        if (field == null) {
            return false;
        }
        field.setAccessible(true);
        try {
            return ((List) field.get(this.http)).stream().anyMatch(obj -> {
                return obj.toString().contains(cls.getName());
            });
        } catch (IllegalAccessException e) {
            return false;
        }
    }

    public static CorsConfigurationSource corsConfigurationSource() {
        SecurityProperties securityProperties = SysConfig.getSecurityProperties();
        CorsConfiguration corsConfiguration = new CorsConfiguration();
        corsConfiguration.setAllowedOrigins(getListFromArray(securityProperties.getAllowedOrigins()));
        corsConfiguration.setAllowedHeaders(getListFromArray(securityProperties.getAllowedHeaders()));
        corsConfiguration.setAllowedMethods(getListFromArray(securityProperties.getAllowedMethods()));
        UrlBasedCorsConfigurationSource urlBasedCorsConfigurationSource = new UrlBasedCorsConfigurationSource();
        urlBasedCorsConfigurationSource.registerCorsConfiguration("/**", corsConfiguration);
        return urlBasedCorsConfigurationSource;
    }

    private static List<String> getListFromArray(String[] strArr) {
        return (strArr == null || strArr.length == 0) ? List.of("*") : List.of((Object[]) strArr);
    }
}
