package com.blossomproject.autoconfigure.ui;

import com.blossomproject.autoconfigure.ui.common.privileges.ResponsabilityPrivilegesConfiguration;
import com.blossomproject.autoconfigure.ui.common.privileges.RolePrivilegesConfiguration;
import com.blossomproject.autoconfigure.ui.web.BlossomWebBackOfficeProperties;
import com.blossomproject.core.association_user_role.AssociationUserRoleDao;
import com.blossomproject.core.association_user_role.AssociationUserRoleService;
import com.blossomproject.core.common.utils.privilege.Privilege;
import com.blossomproject.core.user.UserService;
import com.blossomproject.ui.BlossomAuthenticationSuccessHandlerImpl;
import com.blossomproject.ui.security.AuthenticationFailureListener;
import com.blossomproject.ui.security.AuthenticationSuccessListener;
import com.blossomproject.ui.security.CompositeUserDetailsServiceImpl;
import com.blossomproject.ui.security.CurrentUserDetailsServiceImpl;
import com.blossomproject.ui.security.LimitLoginAuthenticationProvider;
import com.blossomproject.ui.security.LoginAttemptServiceImpl;
import com.blossomproject.ui.security.LoginAttemptsService;
import com.blossomproject.ui.security.SystemUserDetailsServiceImpl;
import java.util.Arrays;
import java.util.List;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Primary;
import org.springframework.context.annotation.PropertySource;
import org.springframework.core.annotation.Order;
import org.springframework.plugin.core.PluginRegistry;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.crypto.password.PasswordEncoder;

@EnableConfigurationProperties({DefaultAccountProperties.class, BlossomWebBackOfficeProperties.class})
@Configuration
@ConditionalOnWebApplication
@Order(-100)
@PropertySource({"classpath:/security.properties"})
@EnableGlobalMethodSecurity(securedEnabled = true, prePostEnabled = true)
/* loaded from: input_file:com/blossomproject/autoconfigure/ui/WebSecurityAutoConfiguration.class */
public class WebSecurityAutoConfiguration {
    private static final Logger logger = LoggerFactory.getLogger(WebSecurityAutoConfiguration.class);
    public static final String BLOSSOM_REMEMBER_ME_COOKIE_NAME = "blossom";

    @Configuration
    @Order(Integer.MIN_VALUE)
    /* loaded from: input_file:com/blossomproject/autoconfigure/ui/WebSecurityAutoConfiguration$PublicWebSecurityConfigurerAdapter.class */
    public static class PublicWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
        protected void configure(HttpSecurity httpSecurity) throws Exception {
            ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.antMatcher("/public/**").csrf().disable().authorizeRequests().anyRequest()).permitAll();
            ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.antMatcher("/blossom/public/**").authorizeRequests().anyRequest()).permitAll();
        }

        @Bean
        public AuthenticationManager authenticationManagerBean() throws Exception {
            return super.authenticationManagerBean();
        }
    }

    @Bean
    public LoginAttemptsService loginAttemptsService() {
        return new LoginAttemptServiceImpl(10);
    }

    @Bean
    public AuthenticationFailureListener authenticationFailureListener(LoginAttemptsService loginAttemptsService) {
        return new AuthenticationFailureListener(loginAttemptsService);
    }

    @Bean
    public AuthenticationSuccessListener authenticationSuccessListener(LoginAttemptsService loginAttemptsService) {
        return new AuthenticationSuccessListener(loginAttemptsService);
    }

    @Bean
    public UserDetailsService dbUserDetailsService(UserService userService, AssociationUserRoleService associationUserRoleService) {
        return new CurrentUserDetailsServiceImpl(userService, associationUserRoleService);
    }

    @Bean
    public UserDetailsService systemUserDetailsService(@Qualifier("privilegesPlugin") PluginRegistry<Privilege, String> pluginRegistry, DefaultAccountProperties defaultAccountProperties, PasswordEncoder passwordEncoder, AssociationUserRoleDao associationUserRoleDao, RolePrivilegesConfiguration rolePrivilegesConfiguration, ResponsabilityPrivilegesConfiguration responsabilityPrivilegesConfiguration) {
        if ((defaultAccountProperties.isEnabled() == null || !defaultAccountProperties.isEnabled().booleanValue()) && (defaultAccountProperties.isEnabled() != null || associationUserRoleDao.getUserExistsByPrivilege(Arrays.asList(rolePrivilegesConfiguration.rolesReadPrivilegePlugin(), rolePrivilegesConfiguration.rolesWritePrivilegePlugin(), responsabilityPrivilegesConfiguration.responsabilitiesReadPrivilegePlugin(), responsabilityPrivilegesConfiguration.responsabilitiesChangePrivilegePlugin())))) {
            return str -> {
                throw new UsernameNotFoundException(String.format("User with identifier=%s was not found", str));
            };
        }
        logger.warn("Enabling blossom '{}' account with password '{}'", defaultAccountProperties.getIdentifier(), defaultAccountProperties.getPassword());
        return new SystemUserDetailsServiceImpl(pluginRegistry, defaultAccountProperties.getIdentifier(), passwordEncoder.encode(defaultAccountProperties.getPassword()));
    }

    @Bean
    @Primary
    public UserDetailsService compositeUserDetailsService(List<UserDetailsService> list) {
        return new CompositeUserDetailsServiceImpl((UserDetailsService[]) list.toArray(new UserDetailsService[list.size()]));
    }

    @Bean
    public BlossomAuthenticationSuccessHandlerImpl blossomAuthenticationSuccessHandler(UserService userService, BlossomWebBackOfficeProperties blossomWebBackOfficeProperties) {
        return new BlossomAuthenticationSuccessHandlerImpl(userService, Integer.valueOf(blossomWebBackOfficeProperties.getMaxInactiveIntervalSeconds()));
    }

    @Bean
    public LimitLoginAuthenticationProvider limitLoginAuthenticationProvider(@Qualifier("compositeUserDetailsService") UserDetailsService userDetailsService, PasswordEncoder passwordEncoder, LoginAttemptsService loginAttemptsService) {
        LimitLoginAuthenticationProvider limitLoginAuthenticationProvider = new LimitLoginAuthenticationProvider(userDetailsService, loginAttemptsService);
        limitLoginAuthenticationProvider.setPasswordEncoder(passwordEncoder);
        return limitLoginAuthenticationProvider;
    }
}
