package com.blossomproject.autoconfigure.ui.api;

import com.blossomproject.autoconfigure.ui.WebSecurityAutoConfiguration;
import com.blossomproject.core.common.dto.AbstractDTO;
import com.blossomproject.core.common.search.SearchEngine;
import com.blossomproject.ui.api.OmnisearchApiController;
import com.blossomproject.ui.api.StatusApiController;
import com.blossomproject.ui.api.administration.UsersApiController;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Set;
import java.util.stream.Collectors;
import javax.servlet.http.HttpServletRequest;
import org.elasticsearch.client.Client;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.actuate.health.HealthEndpoint;
import org.springframework.boot.autoconfigure.AutoConfigureAfter;
import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Primary;
import org.springframework.plugin.core.PluginRegistry;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.ProviderManager;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerEndpointsConfiguration;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.ClientDetailsService;
import org.springframework.security.oauth2.provider.CompositeTokenGranter;
import org.springframework.security.oauth2.provider.OAuth2RequestFactory;
import org.springframework.security.oauth2.provider.TokenGranter;
import org.springframework.security.oauth2.provider.endpoint.FrameworkEndpointHandlerMapping;
import org.springframework.security.oauth2.provider.password.ResourceOwnerPasswordTokenGranter;
import org.springframework.security.oauth2.provider.refresh.RefreshTokenGranter;
import org.springframework.security.oauth2.provider.request.DefaultOAuth2RequestFactory;
import org.springframework.security.oauth2.provider.token.AuthorizationServerTokenServices;
import org.springframework.security.oauth2.provider.token.DefaultTokenServices;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.security.oauth2.provider.token.store.InMemoryTokenStore;
import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider;
import org.springframework.security.web.util.matcher.AndRequestMatcher;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.security.web.util.matcher.RequestMatcher;

@Configuration
@ConditionalOnClass({UsersApiController.class})
@ConditionalOnWebApplication
/* loaded from: input_file:com/blossomproject/autoconfigure/ui/api/ApiInterfaceAutoConfiguration.class */
public class ApiInterfaceAutoConfiguration {

    @Configuration
    @EnableAuthorizationServer
    @AutoConfigureAfter({WebSecurityAutoConfiguration.class})
    /* loaded from: input_file:com/blossomproject/autoconfigure/ui/api/ApiInterfaceAutoConfiguration$AuthorizationServerConfiguration.class */
    public static class AuthorizationServerConfiguration extends AuthorizationServerConfigurerAdapter {

        @Autowired
        private AuthenticationManager authenticationManager;

        @Autowired
        private ClientDetailsService clientDetailsService;

        @Autowired
        private UserDetailsService userDetailsService;

        @Autowired
        private PasswordEncoder passwordEncoder;

        public void configure(AuthorizationServerEndpointsConfigurer authorizationServerEndpointsConfigurer) throws Exception {
            authorizationServerEndpointsConfigurer.pathMapping("/oauth/authorize", "/blossom/api/oauth/authorize").pathMapping("/oauth/check_token", "/blossom/api/oauth/token").pathMapping("/oauth/confirm_access", "/blossom/api/oauth/confirm_access").pathMapping("/oauth/error", "/blossom/api/oauth/error").pathMapping("/oauth/token", "/blossom/api/oauth/token").tokenStore(tokenStore()).tokenServices(tokenServices()).tokenGranter(tokenGranter()).authenticationManager(this.authenticationManager);
        }

        public void configure(ClientDetailsServiceConfigurer clientDetailsServiceConfigurer) throws Exception {
            clientDetailsServiceConfigurer.inMemory().withClient("blossom-client").authorizedGrantTypes(new String[]{"password", "refresh_token", "action_token"}).scopes(new String[]{"read", "write"}).accessTokenValiditySeconds(300).refreshTokenValiditySeconds(600).resourceIds(new String[]{"blossom-api"});
        }

        public void configure(AuthorizationServerSecurityConfigurer authorizationServerSecurityConfigurer) throws Exception {
            authorizationServerSecurityConfigurer.passwordEncoder(this.passwordEncoder).checkTokenAccess("isAuthenticated()");
        }

        @Bean
        public TokenGranter tokenGranter() {
            ArrayList arrayList = new ArrayList();
            arrayList.add(new RefreshTokenGranter(tokenServices(), this.clientDetailsService, oauth2RequestFactory()));
            arrayList.add(new ResourceOwnerPasswordTokenGranter(this.authenticationManager, tokenServices(), this.clientDetailsService, oauth2RequestFactory()));
            return new CompositeTokenGranter(arrayList);
        }

        @Bean
        public OAuth2RequestFactory oauth2RequestFactory() {
            return new DefaultOAuth2RequestFactory(this.clientDetailsService);
        }

        @Bean
        public TokenStore tokenStore() {
            return new InMemoryTokenStore();
        }

        @Bean
        @Primary
        public AuthorizationServerTokenServices tokenServices() {
            DefaultTokenServices defaultTokenServices = new DefaultTokenServices();
            defaultTokenServices.setSupportRefreshToken(true);
            defaultTokenServices.setReuseRefreshToken(true);
            defaultTokenServices.setAuthenticationManager(this.authenticationManager);
            defaultTokenServices.setClientDetailsService(this.clientDetailsService);
            defaultTokenServices.setTokenStore(tokenStore());
            AuthenticationProvider preAuthenticatedAuthenticationProvider = new PreAuthenticatedAuthenticationProvider();
            preAuthenticatedAuthenticationProvider.setPreAuthenticatedUserDetailsService(new UserDetailsByNameServiceWrapper(this.userDetailsService));
            defaultTokenServices.setAuthenticationManager(new ProviderManager(Arrays.asList(preAuthenticatedAuthenticationProvider)));
            return defaultTokenServices;
        }
    }

    /* loaded from: input_file:com/blossomproject/autoconfigure/ui/api/ApiInterfaceAutoConfiguration$NotOAuthRequestMatcher.class */
    private static class NotOAuthRequestMatcher implements RequestMatcher {
        private Set<String> mappings;

        public NotOAuthRequestMatcher(FrameworkEndpointHandlerMapping frameworkEndpointHandlerMapping) {
            this.mappings = (Set) frameworkEndpointHandlerMapping.getHandlerMethods().keySet().stream().flatMap(requestMappingInfo -> {
                return requestMappingInfo.getPatternsCondition().getPatterns().stream();
            }).collect(Collectors.toSet());
        }

        public boolean matches(HttpServletRequest httpServletRequest) {
            String requestPath = getRequestPath(httpServletRequest);
            return this.mappings.stream().noneMatch(str -> {
                return requestPath.startsWith(str);
            });
        }

        private String getRequestPath(HttpServletRequest httpServletRequest) {
            String servletPath = httpServletRequest.getServletPath();
            if (httpServletRequest.getPathInfo() != null) {
                servletPath = servletPath + httpServletRequest.getPathInfo();
            }
            return servletPath;
        }
    }

    @EnableResourceServer
    @Configuration
    @AutoConfigureAfter({WebSecurityAutoConfiguration.class})
    /* loaded from: input_file:com/blossomproject/autoconfigure/ui/api/ApiInterfaceAutoConfiguration$ResourceServerConfiguration.class */
    public static class ResourceServerConfiguration extends ResourceServerConfigurerAdapter {

        @Autowired(required = false)
        private AuthorizationServerEndpointsConfiguration endpoints;

        public void configure(ResourceServerSecurityConfigurer resourceServerSecurityConfigurer) {
            resourceServerSecurityConfigurer.resourceId("blossom-api").stateless(true);
        }

        public void configure(HttpSecurity httpSecurity) throws Exception {
            ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.authorizeRequests().anyRequest()).fullyAuthenticated();
            HttpSecurity.RequestMatcherConfigurer requestMatchers = httpSecurity.requestMatchers();
            if (this.endpoints != null) {
                requestMatchers.requestMatchers(new RequestMatcher[]{new AndRequestMatcher(new RequestMatcher[]{new NotOAuthRequestMatcher(this.endpoints.oauth2EndpointHandlerMapping()), new AntPathRequestMatcher("/blossom/api/**")})});
            }
        }
    }

    @Bean
    public OmnisearchApiController omnisearchApiController(Client client, @Qualifier("searchEnginePlugin") PluginRegistry<SearchEngine, Class<? extends AbstractDTO>> pluginRegistry) {
        return new OmnisearchApiController(client, pluginRegistry);
    }

    @Bean
    public StatusApiController statusApiController(HealthEndpoint healthEndpoint) {
        return new StatusApiController(healthEndpoint);
    }
}
