package io.sdsolutions.particle.security.config.impl;

import io.sdsolutions.particle.security.config.CorsConfigurationProperties;
import io.sdsolutions.particle.security.constants.AntMatchers;
import io.sdsolutions.particle.security.services.SecurityService;
import io.sdsolutions.particle.security.services.impl.SecurityServiceImpl;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.core.env.Environment;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer;
import org.springframework.security.oauth2.core.DelegatingOAuth2TokenValidator;
import org.springframework.security.oauth2.core.OAuth2Error;
import org.springframework.security.oauth2.core.OAuth2TokenValidator;
import org.springframework.security.oauth2.core.OAuth2TokenValidatorResult;
import org.springframework.security.oauth2.jwt.Jwt;
import org.springframework.security.oauth2.jwt.JwtDecoder;
import org.springframework.security.oauth2.jwt.JwtDecoders;
import org.springframework.security.oauth2.jwt.JwtValidators;
import org.springframework.security.oauth2.jwt.NimbusJwtDecoder;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.CorsConfigurationSource;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;

/* loaded from: input_file:io/sdsolutions/particle/security/config/impl/Auth0SecurityConfiguration.class */
public class Auth0SecurityConfiguration {

    @Autowired
    private CorsConfigurationProperties corsConfigurationProperties;
    private final Environment environment;

    /* loaded from: input_file:io/sdsolutions/particle/security/config/impl/Auth0SecurityConfiguration$AudienceValidator.class */
    private static class AudienceValidator implements OAuth2TokenValidator<Jwt> {
        private final String audience;

        AudienceValidator(String str) {
            this.audience = str;
        }

        public OAuth2TokenValidatorResult validate(Jwt jwt) {
            return jwt.getAudience().contains(this.audience) ? OAuth2TokenValidatorResult.success() : OAuth2TokenValidatorResult.failure(new OAuth2Error[]{new OAuth2Error("invalid_token", "The required audience is missing", (String) null)});
        }
    }

    public Auth0SecurityConfiguration(Environment environment) {
        this.environment = environment;
    }

    @Bean
    public SecurityService securityService() {
        return new SecurityServiceImpl();
    }

    @Bean
    public JwtDecoder jwtDecoder() {
        NimbusJwtDecoder fromOidcIssuerLocation = JwtDecoders.fromOidcIssuerLocation(this.environment.getRequiredProperty("spring.security.oauth2.resourceserver.jwt.issuer-uri"));
        fromOidcIssuerLocation.setJwtValidator(new DelegatingOAuth2TokenValidator(new OAuth2TokenValidator[]{JwtValidators.createDefaultWithIssuer(this.environment.getRequiredProperty("spring.security.oauth2.resourceserver.jwt.issuer-uri")), new AudienceValidator(this.environment.getRequiredProperty("auth0.audience"))}));
        return fromOidcIssuerLocation;
    }

    @Bean
    public SecurityFilterChain filterChain(HttpSecurity httpSecurity) throws Exception {
        ((AuthorizeHttpRequestsConfigurer.AuthorizedUrl) ((AuthorizeHttpRequestsConfigurer.AuthorizedUrl) httpSecurity.authorizeHttpRequests().requestMatchers(AntMatchers.PERMITTED_URLS)).permitAll().requestMatchers(AntMatchers.AUTHENTICATED_URLS)).fullyAuthenticated().and().oauth2ResourceServer().jwt();
        httpSecurity.csrf().disable();
        httpSecurity.cors();
        return (SecurityFilterChain) httpSecurity.getOrBuild();
    }

    @Bean
    public CorsConfigurationSource corsConfigurationSource() {
        CorsConfiguration corsConfiguration = new CorsConfiguration();
        corsConfiguration.setAllowCredentials(true);
        corsConfiguration.setAllowedOrigins(this.corsConfigurationProperties.getOrigin());
        corsConfiguration.setAllowedMethods(this.corsConfigurationProperties.getMethods());
        corsConfiguration.setAllowedHeaders(this.corsConfigurationProperties.getAllowheaders());
        corsConfiguration.setExposedHeaders(this.corsConfigurationProperties.getExposeheaders());
        corsConfiguration.setMaxAge(this.corsConfigurationProperties.getMaxage());
        UrlBasedCorsConfigurationSource urlBasedCorsConfigurationSource = new UrlBasedCorsConfigurationSource();
        urlBasedCorsConfigurationSource.registerCorsConfiguration("/**", corsConfiguration);
        return urlBasedCorsConfigurationSource;
    }
}
