package digital.nedra.commons.starter.security.oauth2.bearer.configuration;

import digital.nedra.commons.starter.common.config.properties.SecurityProperties;
import digital.nedra.commons.starter.security.service.OidcConfigurationResolver;
import java.util.Objects;
import java.util.Set;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.security.oauth2.resource.OAuth2ResourceServerProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configurers.ExceptionHandlingConfigurer;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.oauth2.jose.jws.SignatureAlgorithm;
import org.springframework.security.oauth2.jwt.JwtDecoder;
import org.springframework.security.oauth2.jwt.NimbusJwtDecoder;

@Configuration
/* loaded from: input_file:digital/nedra/commons/starter/security/oauth2/bearer/configuration/SecurityConfig.class */
class SecurityConfig extends WebSecurityConfigurerAdapter {
    private final OAuth2ResourceServerProperties resourceServerProperties;
    private final Customizer<ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry> authorizeRequestsCustomizer;
    private final OidcConfigurationResolver oidcConfigurationResolver;
    private final SecurityProperties securityProperties;
    private final Set<String> defaultIgnoredList = Set.of("/swagger-ui/**", "/api/uaa/json", "/index.html", "/", "/favicon.ico", "/static/**", "/locales/**", "/assets/**", "/service-worker.js");

    @Autowired(required = false)
    private Customizer<ExceptionHandlingConfigurer<HttpSecurity>> exceptionHandlingConfigurerCustomizer;

    @Autowired(required = false)
    private Customizer<AuthenticationManagerBuilder> authenticationManagerBuilderCustomizer;

    protected void configure(HttpSecurity httpSecurity) throws Exception {
        HttpSecurity and = httpSecurity.cors().and().csrf().disable().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and();
        and.authorizeRequests(this.authorizeRequestsCustomizer);
        if (this.exceptionHandlingConfigurerCustomizer != null) {
            and.exceptionHandling(this.exceptionHandlingConfigurerCustomizer);
        }
        and.oauth2ResourceServer().jwt();
        if (this.authenticationManagerBuilderCustomizer != null) {
            and.httpBasic();
        }
    }

    public void configure(WebSecurity webSecurity) {
        WebSecurity.IgnoredRequestConfigurer ignoring = webSecurity.ignoring();
        Set<String> set = this.defaultIgnoredList;
        Objects.requireNonNull(ignoring);
        set.forEach(str -> {
        });
        Set ignoredUrls = this.securityProperties.getIgnoredUrls();
        Objects.requireNonNull(ignoring);
        ignoredUrls.forEach(str2 -> {
        });
    }

    protected void configure(AuthenticationManagerBuilder authenticationManagerBuilder) {
        if (this.authenticationManagerBuilderCustomizer != null) {
            this.authenticationManagerBuilderCustomizer.customize(authenticationManagerBuilder);
        }
    }

    @Bean
    public JwtDecoder jwtDecoder() {
        return NimbusJwtDecoder.withJwkSetUri(resolveJwksSetUri()).jwsAlgorithm(SignatureAlgorithm.from(this.resourceServerProperties.getJwt().getJwsAlgorithm())).build();
    }

    private String resolveJwksSetUri() {
        return (String) this.oidcConfigurationResolver.getOidcConfiguration().map((v0) -> {
            return v0.getJwksUri();
        }).orElse(this.resourceServerProperties.getJwt().getJwkSetUri());
    }

    public SecurityConfig(OAuth2ResourceServerProperties oAuth2ResourceServerProperties, Customizer<ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry> customizer, OidcConfigurationResolver oidcConfigurationResolver, SecurityProperties securityProperties) {
        this.resourceServerProperties = oAuth2ResourceServerProperties;
        this.authorizeRequestsCustomizer = customizer;
        this.oidcConfigurationResolver = oidcConfigurationResolver;
        this.securityProperties = securityProperties;
    }
}
