package yakworks.security.spring;

import com.fasterxml.jackson.databind.ObjectMapper;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.context.ApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Import;
import org.springframework.context.annotation.Lazy;
import org.springframework.context.annotation.Role;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.security.web.authentication.ForwardAuthenticationSuccessHandler;
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import yakworks.security.SecService;
import yakworks.security.services.PasswordValidator;
import yakworks.security.spring.token.CookieAuthSuccessHandler;
import yakworks.security.spring.token.CookieBearerTokenResolver;
import yakworks.security.spring.token.CookieUrlTokenSuccessHandler;
import yakworks.security.spring.token.generator.JwtTokenGenerator;
import yakworks.security.spring.token.generator.OpaqueTokenGenerator;
import yakworks.security.spring.token.generator.StoreTokenGenerator;
import yakworks.security.spring.token.store.OpaqueTokenStoreAuthProvider;
import yakworks.security.spring.token.store.TokenStore;
import yakworks.security.spring.user.AuthSuccessUserInfoListener;
import yakworks.security.user.CurrentUser;
import yakworks.security.user.CurrentUserHolder;

@Configuration
@Lazy
@Import({JwtConfiguration.class})
/* loaded from: input_file:yakworks/security/spring/DefaultSecurityConfiguration.class */
public class DefaultSecurityConfiguration {

    @Value("${app.security.frontendCallbackUrl:'/'}")
    String frontendCallbackUrl;

    public static void applyBasicDefaults(HttpSecurity httpSecurity) throws Exception {
        httpSecurity.authorizeHttpRequests(authorizationManagerRequestMatcherRegistry -> {
            ((AuthorizeHttpRequestsConfigurer.AuthorizedUrl) ((AuthorizeHttpRequestsConfigurer.AuthorizedUrl) authorizationManagerRequestMatcherRegistry.requestMatchers(new String[]{"/**"})).permitAll().anyRequest()).authenticated();
        }).httpBasic(Customizer.withDefaults()).formLogin(Customizer.withDefaults());
    }

    public static void applySamlSecurity(HttpSecurity httpSecurity, AuthenticationSuccessHandler authenticationSuccessHandler) throws Exception {
        httpSecurity.saml2Login(saml2LoginConfigurer -> {
            saml2LoginConfigurer.successHandler(authenticationSuccessHandler);
        }).saml2Logout(Customizer.withDefaults());
    }

    public static void addJsonAuthenticationFilter(HttpSecurity httpSecurity, TokenStore tokenStore) throws Exception {
        ApplicationContext applicationContext = (ApplicationContext) httpSecurity.getSharedObject(ApplicationContext.class);
        JsonUsernamePasswordLoginFilter jsonUsernamePasswordLoginFilter = new JsonUsernamePasswordLoginFilter((ObjectMapper) applicationContext.getBean(ObjectMapper.class));
        jsonUsernamePasswordLoginFilter.setRequiresAuthenticationRequestMatcher(new AntPathRequestMatcher("/login", "POST"));
        jsonUsernamePasswordLoginFilter.setAuthenticationSuccessHandler(new ForwardAuthenticationSuccessHandler("/tokenLegacy"));
        jsonUsernamePasswordLoginFilter.setAuthenticationManager((AuthenticationManager) applicationContext.getBean(AuthenticationManager.class));
        httpSecurity.addFilterAfter(jsonUsernamePasswordLoginFilter, BasicAuthenticationFilter.class);
        ((AuthenticationManagerBuilder) httpSecurity.getSharedObject(AuthenticationManagerBuilder.class)).authenticationProvider(new OpaqueTokenStoreAuthProvider(tokenStore));
    }

    public static void applyOauthJwt(HttpSecurity httpSecurity) throws Exception {
        httpSecurity.csrf().disable();
        httpSecurity.oauth2ResourceServer(oAuth2ResourceServerConfigurer -> {
            oAuth2ResourceServerConfigurer.jwt();
        });
    }

    @ConditionalOnMissingBean({SecurityFilterChain.class})
    @Bean
    public SecurityFilterChain securityFilterChain(HttpSecurity httpSecurity) throws Exception {
        applyBasicDefaults(httpSecurity);
        return (SecurityFilterChain) httpSecurity.build();
    }

    @Bean
    CookieAuthSuccessHandler cookieSuccessHandler(JwtTokenGenerator jwtTokenGenerator) {
        CookieAuthSuccessHandler cookieAuthSuccessHandler = new CookieAuthSuccessHandler();
        cookieAuthSuccessHandler.setTokenGenerator(jwtTokenGenerator);
        cookieAuthSuccessHandler.setDefaultTargetUrl("/");
        return cookieAuthSuccessHandler;
    }

    @Bean
    CookieUrlTokenSuccessHandler cookieUrlTokenSuccessHandler(JwtTokenGenerator jwtTokenGenerator) {
        CookieUrlTokenSuccessHandler cookieUrlTokenSuccessHandler = new CookieUrlTokenSuccessHandler();
        cookieUrlTokenSuccessHandler.setTokenGenerator(jwtTokenGenerator);
        cookieUrlTokenSuccessHandler.setDefaultTargetUrl(this.frontendCallbackUrl);
        return cookieUrlTokenSuccessHandler;
    }

    @Bean
    CookieBearerTokenResolver bearerTokenResolver() {
        return new CookieBearerTokenResolver();
    }

    @Bean
    public AuthenticationManager authenticationManager(AuthenticationConfiguration authenticationConfiguration) throws Exception {
        return authenticationConfiguration.getAuthenticationManager();
    }

    @Bean
    @Lazy(false)
    public AuthSuccessUserInfoListener authSuccessUserInfoListener() {
        return new AuthSuccessUserInfoListener();
    }

    @ConditionalOnMissingBean
    @Bean
    public SecService secService() {
        return new SpringSecService();
    }

    @Bean({"${CurrentUserHolder.name}"})
    @Lazy(false)
    @Role(2)
    public CurrentUserHolder CurrentUserHolder() {
        return new CurrentUserHolder();
    }

    @ConditionalOnMissingBean
    @Bean
    public CurrentUser currentUser() {
        return new CurrentSpringUser();
    }

    @ConditionalOnMissingBean
    @Bean
    public PasswordValidator passwordValidator() {
        return new PasswordValidator();
    }

    @ConditionalOnMissingBean
    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }

    @ConditionalOnMissingBean
    @Bean
    public OpaqueTokenGenerator opaqueTokenGenerator() {
        return new OpaqueTokenGenerator();
    }

    @ConditionalOnMissingBean
    @Bean
    public StoreTokenGenerator storeTokenGenerator() {
        return new StoreTokenGenerator();
    }
}
