package de.adorsys.ledgers.oba.rest.server.config.security;

import de.adorsys.ledgers.keycloak.client.api.KeycloakTokenService;
import de.adorsys.ledgers.middleware.api.domain.um.AccessTokenTO;
import de.adorsys.ledgers.middleware.client.rest.AuthRequestInterceptor;
import de.adorsys.ledgers.oba.rest.server.auth.JWTAuthenticationFilter;
import de.adorsys.ledgers.oba.rest.server.auth.ObaMiddlewareAuthentication;
import de.adorsys.ledgers.oba.rest.server.auth.oba.LoginAuthenticationFilter;
import de.adorsys.ledgers.oba.rest.server.auth.oba.TokenAuthenticationFilter;
import de.adorsys.ledgers.oba.service.api.service.TokenAuthenticationService;
import java.security.Principal;
import java.util.Optional;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
import org.springframework.web.context.annotation.RequestScope;

@Configuration
@EnableWebSecurity
/* loaded from: input_file:de/adorsys/ledgers/oba/rest/server/config/security/WebSecurityConfig.class */
public class WebSecurityConfig {

    @Configuration
    @Order(2)
    /* loaded from: input_file:de/adorsys/ledgers/oba/rest/server/config/security/WebSecurityConfig$ObaScaSecurityConfig.class */
    public static class ObaScaSecurityConfig extends WebSecurityConfigurerAdapter {
        private final TokenAuthenticationService tokenAuthenticationService;
        private final AuthRequestInterceptor authInterceptor;

        protected void configure(HttpSecurity httpSecurity) throws Exception {
            ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.authorizeRequests().antMatchers(PermittedResources.APP_INDEX_WHITELIST)).permitAll().and().authorizeRequests().antMatchers(PermittedResources.APP_SCA_WHITELIST)).permitAll().and().authorizeRequests().antMatchers(PermittedResources.APP_WHITELIST)).permitAll().and().authorizeRequests().antMatchers(PermittedResources.SWAGGER_WHITELIST)).permitAll().and().authorizeRequests().antMatchers(PermittedResources.ACTUATOR_WHITELIST)).permitAll().and().cors().and().authorizeRequests().anyRequest()).authenticated();
            httpSecurity.csrf().disable().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
            httpSecurity.headers().frameOptions().disable();
            httpSecurity.addFilterBefore(new JWTAuthenticationFilter(this.tokenAuthenticationService, this.authInterceptor), BasicAuthenticationFilter.class);
        }

        public ObaScaSecurityConfig(TokenAuthenticationService tokenAuthenticationService, AuthRequestInterceptor authRequestInterceptor) {
            this.tokenAuthenticationService = tokenAuthenticationService;
            this.authInterceptor = authRequestInterceptor;
        }
    }

    @Configuration
    @Order(1)
    /* loaded from: input_file:de/adorsys/ledgers/oba/rest/server/config/security/WebSecurityConfig$ObaSecurityConfig.class */
    public static class ObaSecurityConfig extends WebSecurityConfigurerAdapter {
        private final AuthRequestInterceptor authInterceptor;
        private final KeycloakTokenService tokenService;

        protected void configure(HttpSecurity httpSecurity) throws Exception {
            ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.antMatcher("/api/v1/**").authorizeRequests().antMatchers(PermittedResources.APP_WHITELIST)).permitAll().and().authorizeRequests().anyRequest()).authenticated().and().httpBasic().disable();
            httpSecurity.csrf().disable().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
            httpSecurity.headers().frameOptions().disable();
            httpSecurity.addFilterBefore(new LoginAuthenticationFilter(this.tokenService), BasicAuthenticationFilter.class);
            httpSecurity.addFilterBefore(new TokenAuthenticationFilter(this.authInterceptor, this.tokenService), BasicAuthenticationFilter.class);
        }

        public ObaSecurityConfig(AuthRequestInterceptor authRequestInterceptor, KeycloakTokenService keycloakTokenService) {
            this.authInterceptor = authRequestInterceptor;
            this.tokenService = keycloakTokenService;
        }
    }

    @RequestScope
    @Bean
    public Principal getPrincipal() {
        return (Principal) auth().orElse(null);
    }

    @RequestScope
    @Bean
    public ObaMiddlewareAuthentication getMiddlewareAuthentication() {
        return auth().orElse(null);
    }

    @RequestScope
    @Bean
    public AccessTokenTO getAccessToken() {
        return (AccessTokenTO) auth().map(this::extractToken).orElse(null);
    }

    private static Optional<ObaMiddlewareAuthentication> auth() {
        return (SecurityContextHolder.getContext() == null || !(SecurityContextHolder.getContext().getAuthentication() instanceof ObaMiddlewareAuthentication)) ? Optional.empty() : Optional.of(SecurityContextHolder.getContext().getAuthentication());
    }

    private AccessTokenTO extractToken(ObaMiddlewareAuthentication obaMiddlewareAuthentication) {
        return obaMiddlewareAuthentication.getBearerToken().getAccessTokenObject();
    }
}
