package org.eclipse.vorto.repository.web.config;

import java.util.Arrays;
import javax.servlet.Filter;
import org.eclipse.vorto.repository.sso.AuthorizationTokenFilter;
import org.eclipse.vorto.repository.sso.InterceptedUserInfoTokenServices;
import org.eclipse.vorto.repository.sso.boschid.EidpOAuth2RestTemplate;
import org.eclipse.vorto.repository.sso.boschid.EidpResourceDetails;
import org.eclipse.vorto.repository.sso.boschid.JwtTokenUserInfoServices;
import org.eclipse.vorto.repository.web.AngularCsrfHeaderFilter;
import org.eclipse.vorto.repository.web.listeners.AuthenticationEntryPoint;
import org.eclipse.vorto.repository.web.listeners.AuthenticationSuccessHandler;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.security.SecurityProperties;
import org.springframework.boot.autoconfigure.security.oauth2.resource.UserInfoTokenServices;
import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.oauth2.client.OAuth2ClientContext;
import org.springframework.security.oauth2.client.OAuth2RestTemplate;
import org.springframework.security.oauth2.client.filter.OAuth2ClientAuthenticationProcessingFilter;
import org.springframework.security.oauth2.client.filter.OAuth2ClientContextFilter;
import org.springframework.security.oauth2.client.token.AccessTokenProvider;
import org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeResourceDetails;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableOAuth2Client;
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
import org.springframework.security.web.context.SecurityContextPersistenceFilter;
import org.springframework.security.web.csrf.CsrfFilter;
import org.springframework.security.web.csrf.CsrfTokenRepository;
import org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository;
import org.springframework.web.filter.CompositeFilter;

@Configuration
@EnableWebSecurity
@EnableOAuth2Client
@Order(SecurityProperties.ACCESS_OVERRIDE_ORDER)
/* loaded from: input_file:BOOT-INF/classes/org/eclipse/vorto/repository/web/config/SecurityConfiguration.class */
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

    @Autowired
    private UserDetailsService userDetailsService;

    @Autowired
    private AuthenticationEntryPoint authenticationEntryPoint;

    @Autowired
    private AuthenticationSuccessHandler successHandler;

    @Autowired
    private PasswordEncoder passwordEncoder;

    @Autowired
    private OAuth2ClientContext oauth2ClientContext;

    @Autowired
    private EidpResourceDetails eidp;

    @Autowired
    private AuthorizationCodeResourceDetails github;

    @Autowired
    private AccessTokenProvider accessTokenProvider;

    @Autowired
    private InterceptedUserInfoTokenServices interceptedUserInfoTokenServices;

    /* JADX WARN: Multi-variable type inference failed */
    @Override // org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
    protected void configure(HttpSecurity httpSecurity) throws Exception {
        ((HttpSecurity) ((HttpSecurity) ((HttpSecurity) ((HttpSecurity) ((HttpSecurity) httpSecurity.httpBasic().and()).authorizeRequests().antMatchers(HttpMethod.GET, "/rest/**").permitAll().antMatchers("/user/**").permitAll().antMatchers(HttpMethod.PUT, "/rest/**").permitAll().antMatchers(HttpMethod.POST, "/rest/secure/**").authenticated().antMatchers(HttpMethod.DELETE, "/rest/**").authenticated().and()).addFilterAfter((Filter) new AngularCsrfHeaderFilter(), CsrfFilter.class).addFilterBefore(ssoFilter(), BasicAuthenticationFilter.class).addFilterAfter(bearerTokenFilter(), SecurityContextPersistenceFilter.class).csrf().csrfTokenRepository(csrfTokenRepository()).and()).csrf().disable()).logout().logoutUrl("/logout").logoutSuccessUrl("/").and()).headers().frameOptions().sameOrigin().httpStrictTransportSecurity().disable();
        httpSecurity.exceptionHandling().authenticationEntryPoint(this.authenticationEntryPoint);
    }

    @Bean
    public static PasswordEncoder encoder() {
        return new BCryptPasswordEncoder(11);
    }

    private CsrfTokenRepository csrfTokenRepository() {
        HttpSessionCsrfTokenRepository httpSessionCsrfTokenRepository = new HttpSessionCsrfTokenRepository();
        httpSessionCsrfTokenRepository.setHeaderName("X-XSRF-TOKEN");
        return httpSessionCsrfTokenRepository;
    }

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception {
        authenticationManagerBuilder.userDetailsService(this.userDetailsService).passwordEncoder(this.passwordEncoder);
    }

    @Bean
    public FilterRegistrationBean oauth2ClientFilterRegistration(OAuth2ClientContextFilter oAuth2ClientContextFilter) {
        FilterRegistrationBean filterRegistrationBean = new FilterRegistrationBean();
        filterRegistrationBean.setFilter(oAuth2ClientContextFilter);
        filterRegistrationBean.setOrder(-100);
        return filterRegistrationBean;
    }

    private Filter bearerTokenFilter() {
        return new AuthorizationTokenFilter(this.interceptedUserInfoTokenServices);
    }

    private Filter ssoFilter() {
        CompositeFilter compositeFilter = new CompositeFilter();
        compositeFilter.setFilters(Arrays.asList(githubFilter(), eidpFilter()));
        return compositeFilter;
    }

    private Filter githubFilter() {
        return newSsoFilter("/github/login", this.interceptedUserInfoTokenServices, this.accessTokenProvider, new OAuth2RestTemplate(this.github, this.oauth2ClientContext));
    }

    private Filter eidpFilter() {
        return newSsoFilter("/eidp/login", new JwtTokenUserInfoServices(null, this.eidp.getClientId()), this.accessTokenProvider, new EidpOAuth2RestTemplate(this.eidp, this.oauth2ClientContext));
    }

    private Filter newSsoFilter(String str, UserInfoTokenServices userInfoTokenServices, AccessTokenProvider accessTokenProvider, OAuth2RestTemplate oAuth2RestTemplate) {
        oAuth2RestTemplate.setAccessTokenProvider(accessTokenProvider);
        OAuth2ClientAuthenticationProcessingFilter oAuth2ClientAuthenticationProcessingFilter = new OAuth2ClientAuthenticationProcessingFilter(str);
        oAuth2ClientAuthenticationProcessingFilter.setAuthenticationSuccessHandler(this.successHandler);
        userInfoTokenServices.setRestTemplate(oAuth2RestTemplate);
        oAuth2ClientAuthenticationProcessingFilter.setRestTemplate(oAuth2RestTemplate);
        oAuth2ClientAuthenticationProcessingFilter.setTokenServices(userInfoTokenServices);
        return oAuth2ClientAuthenticationProcessingFilter;
    }

    @ConfigurationProperties("eidp.oauth2.client")
    @Bean
    public EidpResourceDetails eidp() {
        return new EidpResourceDetails();
    }

    @ConfigurationProperties("github.oauth2.client")
    @Bean
    public AuthorizationCodeResourceDetails github() {
        return new AuthorizationCodeResourceDetails();
    }
}
