package digital.nedra.commons.starter.keycloak.session.config;

import digital.nedra.commons.starter.common.config.properties.SecurityProperties;
import digital.nedra.commons.starter.keycloak.session.config.support.KeycloakLogoutHandler;
import digital.nedra.commons.starter.keycloak.session.config.support.KeycloakOauth2UserService;
import digital.nedra.commons.starter.keycloak.session.config.support.XhrCookieRequestCache;
import digital.nedra.commons.starter.security.config.BasicMatchersConfiguration;
import digital.nedra.commons.starter.security.config.RequestMatcherUtil;
import digital.nedra.commons.starter.security.config.SessionMatchersConfiguration;
import java.util.ArrayList;
import java.util.List;
import java.util.Objects;
import java.util.Set;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.autoconfigure.condition.ConditionalOnBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
import org.springframework.security.config.annotation.web.configurers.ExceptionHandlingConfigurer;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.web.SecurityFilterChain;

@EnableWebSecurity
@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true)
/* loaded from: input_file:digital/nedra/commons/starter/keycloak/session/config/SecurityConfigurerAdapter.class */
public class SecurityConfigurerAdapter {
    private final KeycloakLogoutHandler logoutHandler;
    private final XhrCookieRequestCache requestCache;
    private final KeycloakOauth2UserService keycloakOidcUserService;
    private final Customizer<ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry> sessionAuthorizeRequestsCustomizer;
    private final Customizer<ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry> basicAuthorizeRequestsCustomizer;
    private final SecurityProperties securityProperties;

    @Value("${spring.security.oauth2.client.registration.sso.provider}")
    private String oauth2Provider;

    @Autowired(required = false)
    private Customizer<ExceptionHandlingConfigurer<HttpSecurity>> exceptionHandlingCustomizer;
    private final List<BasicMatchersConfiguration> basicMatchersConfigurations;
    private final List<SessionMatchersConfiguration> sessionMatchersConfigurations;

    @ConditionalOnBean({BasicMatchersConfiguration.class})
    @Bean
    @Order(10)
    public SecurityFilterChain basicFilterChain(HttpSecurity httpSecurity) throws Exception {
        if (Objects.nonNull(this.exceptionHandlingCustomizer)) {
            httpSecurity.exceptionHandling(this.exceptionHandlingCustomizer);
        }
        httpSecurity.csrf().disable().requestMatcher(RequestMatcherUtil.toRequestMatcher(this.basicMatchersConfigurations)).authorizeRequests(this.basicAuthorizeRequestsCustomizer).httpBasic();
        return (SecurityFilterChain) httpSecurity.build();
    }

    @ConditionalOnBean({SessionMatchersConfiguration.class})
    @Bean
    @Order(30)
    public SecurityFilterChain sessionFilterChain(HttpSecurity httpSecurity) throws Exception {
        if (Objects.nonNull(this.exceptionHandlingCustomizer)) {
            httpSecurity.exceptionHandling(this.exceptionHandlingCustomizer);
        }
        ArrayList arrayList = new ArrayList(this.sessionMatchersConfigurations);
        arrayList.add(new SessionMatchersConfiguration(List.of("/oauth2/**", "/login/**"), null));
        return (SecurityFilterChain) httpSecurity.requestMatcher(RequestMatcherUtil.toRequestMatcher(arrayList)).authorizeRequests(this.sessionAuthorizeRequestsCustomizer).oauth2Login(oAuth2LoginConfigurer -> {
            oAuth2LoginConfigurer.loginPage("/oauth2/authorization/" + this.oauth2Provider).userInfoEndpoint().oidcUserService(this.keycloakOidcUserService);
        }).oauth2Client().and().logout().addLogoutHandler(this.logoutHandler).and().csrf().disable().cors().and().requestCache(requestCacheConfigurer -> {
            requestCacheConfigurer.requestCache(this.requestCache);
        }).build();
    }

    @Bean
    public WebSecurityCustomizer webSecurityCustomizer() {
        return webSecurity -> {
            WebSecurity.IgnoredRequestConfigurer ignoring = webSecurity.ignoring();
            Set ignoredUrls = this.securityProperties.getIgnoredUrls();
            Objects.requireNonNull(ignoring);
            ignoredUrls.forEach(str -> {
            });
        };
    }

    public SecurityConfigurerAdapter(KeycloakLogoutHandler keycloakLogoutHandler, XhrCookieRequestCache xhrCookieRequestCache, KeycloakOauth2UserService keycloakOauth2UserService, Customizer<ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry> customizer, Customizer<ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry> customizer2, SecurityProperties securityProperties, List<BasicMatchersConfiguration> list, List<SessionMatchersConfiguration> list2) {
        this.logoutHandler = keycloakLogoutHandler;
        this.requestCache = xhrCookieRequestCache;
        this.keycloakOidcUserService = keycloakOauth2UserService;
        this.sessionAuthorizeRequestsCustomizer = customizer;
        this.basicAuthorizeRequestsCustomizer = customizer2;
        this.securityProperties = securityProperties;
        this.basicMatchersConfigurations = list;
        this.sessionMatchersConfigurations = list2;
    }
}
