package com.trigyn.jws.usermanagement.security.config;

import com.trigyn.jws.usermanagement.repository.JwsUserRepository;
import com.trigyn.jws.usermanagement.repository.JwsUserRoleAssociationRepository;
import com.trigyn.jws.usermanagement.security.config.oauth.CustomOAuth2UserService;
import com.trigyn.jws.usermanagement.security.config.oauth.CustomOidcUserService;
import com.trigyn.jws.usermanagement.security.config.oauth.OAuth2HelperService;
import com.trigyn.jws.usermanagement.service.UserConfigService;
import com.trigyn.jws.usermanagement.utils.Constants;
import com.trigyn.jws.usermanagement.vo.JwsAuthenticationType;
import com.trigyn.jws.usermanagement.vo.MultiAuthSecurityDetailsVO;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.sql.DataSource;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Lazy;
import org.springframework.core.annotation.Order;
import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.security.web.authentication.logout.LogoutHandler;
import org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl;
import org.springframework.security.web.authentication.rememberme.PersistentTokenRepository;

@EnableWebSecurity
/* loaded from: input_file:com/trigyn/jws/usermanagement/security/config/MultiHttpSecurityConfig.class */
public class MultiHttpSecurityConfig {

    @Autowired
    @Lazy
    private UserDetailsService userDetailsService = null;

    @Autowired
    private LogoutHandler customLogoutSuccessHandler = null;

    @Autowired
    private ApplicationSecurityDetails applicationSecurityDetails = null;

    @Autowired
    private PasswordEncoder passwordEncoder = null;

    @Autowired
    private DataSource dataSource = null;

    @Autowired
    private OAuth2HelperService oAuth2HelperService = null;

    @Autowired
    private CustomOidcUserService customOidcUserService = null;

    @Autowired
    private CustomOAuth2UserService customOAuth2UserService = null;

    @Configuration
    @Order(1)
    /* loaded from: input_file:com/trigyn/jws/usermanagement/security/config/MultiHttpSecurityConfig$WebSecurityConfig.class */
    public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
        public WebSecurityConfig() {
        }

        protected void configure(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception {
            List list;
            Map<String, Object> authenticationDetails = MultiHttpSecurityConfig.this.applicationSecurityDetails.getAuthenticationDetails();
            if (authenticationDetails == null || (list = (List) authenticationDetails.get("authenticationDetails")) == null || list.isEmpty()) {
                return;
            }
            Iterator it = list.iterator();
            while (it.hasNext()) {
                Integer id = ((MultiAuthSecurityDetailsVO) it.next()).getAuthenticationTypeVO().getId();
                if (authenticationDetails != null) {
                    if (id == null || Constants.AuthType.INMEMORY.getAuthType() == id) {
                        authenticationManagerBuilder.inMemoryAuthentication().withUser("root@trigyn.com").password(MultiHttpSecurityConfig.this.passwordEncoder.encode("root")).roles(new String[]{"ADMIN"});
                    } else if (Constants.AuthType.DAO.getAuthType() == id || Constants.AuthType.LDAP.getAuthType() == id) {
                        authenticationManagerBuilder.authenticationProvider(MultiHttpSecurityConfig.this.customAuthenticationProvider());
                    }
                }
            }
        }

        protected void configure(HttpSecurity httpSecurity) throws Exception {
            CustomAuthSuccessHandler.addLoginListener(new LoginSuccessEventListenerRestImpl());
            Map<String, Object> authenticationDetails = MultiHttpSecurityConfig.this.applicationSecurityDetails.getAuthenticationDetails();
            if (authenticationDetails == null) {
                ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.cors(Customizer.withDefaults()).authorizeRequests().antMatchers(new String[]{"/cf/createPassword", "/cf/sendResetPasswordMail", "/cf/resetPasswordPage", "/cf/sendResetPasswordMail", "/cf/resetPassword", "/cf/login"})).denyAll().antMatchers(new String[]{"/cf/register", "/cf/confirm-account", "/cf/changePassword", "/cf/updatePassword", "/cf/configureTOTP", "/cf/sendConfigureTOTPMail"})).denyAll().antMatchers(new String[]{"/cf/**", "/view/**", "/"})).permitAll().and().csrf().disable();
                return;
            }
            List<MultiAuthSecurityDetailsVO> list = (List) authenticationDetails.get("authenticationDetails");
            if (list.isEmpty() || !MultiHttpSecurityConfig.this.applicationSecurityDetails.getIsAuthenticationEnabled().booleanValue()) {
                ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.cors(Customizer.withDefaults()).authorizeRequests().antMatchers(new String[]{"/cf/createPassword", "/cf/sendResetPasswordMail", "/cf/resetPasswordPage", "/cf/sendResetPasswordMail", "/cf/resetPassword", "/cf/login"})).denyAll().antMatchers(new String[]{"/cf/register", "/cf/confirm-account", "/cf/changePassword", "/cf/updatePassword", "/cf/configureTOTP", "/cf/sendConfigureTOTPMail"})).denyAll().antMatchers(new String[]{"/cf/**", "/view/**", "/"})).permitAll().and().csrf().disable();
                return;
            }
            for (MultiAuthSecurityDetailsVO multiAuthSecurityDetailsVO : list) {
                if (multiAuthSecurityDetailsVO != null) {
                    Integer id = multiAuthSecurityDetailsVO.getAuthenticationTypeVO().getId();
                    JwsAuthenticationType authenticationType = multiAuthSecurityDetailsVO.getConnectionDetailsVO().getAuthenticationType();
                    if (authenticationType != null && authenticationType.getValue() != null && Boolean.valueOf(Boolean.parseBoolean(authenticationType.getValue())).booleanValue()) {
                        if (Constants.AuthType.INMEMORY.getAuthType() == id) {
                        }
                        if (Constants.AuthType.DAO.getAuthType() == id) {
                            ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.cors(Customizer.withDefaults()).authorizeRequests().antMatchers(new String[]{"/webjars/**"})).permitAll().antMatchers(new String[]{"/"})).permitAll().antMatchers(new String[]{"/cf/createPassword", "/cf/sendResetPasswordMail", "/cf/resetPasswordPage", "/cf/sendResetPasswordMail", "/cf/resetPassword", "/cf/authenticate", "/cf/saveOtpAndSendMail", "/cf/getResourceBundleData"})).permitAll().antMatchers(new String[]{"/cf/register", "/cf/confirm-account", "/cf/captcha/**", "/cf/changePassword", "/cf/updatePassword", "/cf/configureTOTP", "/cf/sendConfigureTOTPMail", "/japi/**"})).permitAll().antMatchers(new String[]{"/login/**", "/logout/**"})).permitAll().antMatchers(new String[]{"/cf/files/**", "/view/**", "/cf/gl", "/cf/psdf"})).permitAll().and().csrf().disable().formLogin().loginPage("/cf/login").usernameParameter("email").permitAll().failureHandler(MultiHttpSecurityConfig.this.loginFailureHandler()).successHandler(MultiHttpSecurityConfig.this.customAuthSuccessHandler()).and().rememberMe().rememberMeParameter("remember-me").tokenRepository(MultiHttpSecurityConfig.this.tokenRepository()).and().logout().addLogoutHandler(MultiHttpSecurityConfig.this.customLogoutSuccessHandler).deleteCookies(new String[]{"JSESSIONID"});
                        }
                        if (Constants.AuthType.LDAP.getAuthType() == id) {
                            ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.cors(Customizer.withDefaults()).authorizeRequests().antMatchers(new String[]{"/webjars/**"})).permitAll().antMatchers(new String[]{"/"})).permitAll().antMatchers(new String[]{"/cf/createPassword", "/cf/sendResetPasswordMail", "/cf/resetPasswordPage", "/cf/sendResetPasswordMail", "/cf/resetPassword", "/cf/authenticate", "/cf/saveOtpAndSendMail", "/cf/getResourceBundleData"})).permitAll().antMatchers(new String[]{"/cf/register", "/cf/confirm-account", "/cf/captcha/**", "/cf/changePassword", "/cf/updatePassword", "/cf/configureTOTP", "/cf/sendConfigureTOTPMail", "/japi/**"})).permitAll().antMatchers(new String[]{"/login/**", "/logout/**"})).permitAll().antMatchers(new String[]{"/cf/files/**", "/view/**", "/cf/gl", "/cf/psdf"})).permitAll().and().csrf().disable().formLogin().loginPage("/cf/login").usernameParameter("email").permitAll().failureHandler(MultiHttpSecurityConfig.this.loginFailureHandler()).successHandler(MultiHttpSecurityConfig.this.customAuthSuccessHandler()).and().rememberMe().rememberMeParameter("remember-me").tokenRepository(MultiHttpSecurityConfig.this.tokenRepository()).and().logout().addLogoutHandler(MultiHttpSecurityConfig.this.customLogoutSuccessHandler).deleteCookies(new String[]{"JSESSIONID"});
                        }
                        if (Constants.AuthType.OAUTH.getAuthType() == id) {
                            multiAuthSecurityDetailsVO.getConnectionDetailsVO().getAuthenticationDetails().getConfigurations();
                            ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.authorizeRequests().antMatchers(new String[]{"/cf/confirm-account"})).denyAll().antMatchers(new String[]{"/webjars/**"})).permitAll().antMatchers(new String[]{"/login/**", "/logout/**"})).permitAll().antMatchers(new String[]{"/cf/files/**", "/view/**", "/cf/gl", "/cf/psdf", "/cf/getResourceBundleData"})).permitAll().antMatchers(new String[]{"/cf/**"})).authenticated().and().oauth2Login(oAuth2LoginConfigurer -> {
                                oAuth2LoginConfigurer.clientRegistrationRepository(MultiHttpSecurityConfig.this.oAuth2HelperService.clientRegistrationRepository()).loginPage("/cf/login").permitAll().failureHandler(MultiHttpSecurityConfig.this.loginFailureHandler()).successHandler(MultiHttpSecurityConfig.this.customAuthSuccessHandler()).authorizationEndpoint().and().tokenEndpoint(tokenEndpointConfig -> {
                                    tokenEndpointConfig.accessTokenResponseClient(MultiHttpSecurityConfig.this.oAuth2HelperService.authorizationCodeTokenResponseClient());
                                }).userInfoEndpoint(userInfoEndpointConfig -> {
                                    userInfoEndpointConfig.userService(MultiHttpSecurityConfig.this.customOAuth2UserService).oidcUserService(MultiHttpSecurityConfig.this.customOidcUserService);
                                });
                            }).logout().addLogoutHandler(MultiHttpSecurityConfig.this.customLogoutSuccessHandler).and().csrf().disable();
                        }
                    }
                } else {
                    ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.cors(Customizer.withDefaults()).authorizeRequests().antMatchers(new String[]{"/cf/createPassword", "/cf/sendResetPasswordMail", "/cf/resetPasswordPage", "/cf/sendResetPasswordMail", "/cf/resetPassword", "/cf/login"})).denyAll().antMatchers(new String[]{"/cf/register", "/cf/confirm-account", "/cf/changePassword", "/cf/updatePassword", "/cf/configureTOTP", "/cf/sendConfigureTOTPMail"})).denyAll().antMatchers(new String[]{"/cf/**", "/view/**", "/"})).permitAll().and().csrf().disable();
                }
            }
        }
    }

    @ConditionalOnMissingBean
    @Bean
    CustomAuthenticationProvider customAuthenticationProvider() {
        return new CustomAuthenticationProvider();
    }

    @Bean
    UserDetailsService userDetailsService(JwsUserRepository jwsUserRepository, JwsUserRoleAssociationRepository jwsUserRoleAssociationRepository, UserConfigService userConfigService) {
        return new DefaultUserDetailsServiceImpl(jwsUserRepository, jwsUserRoleAssociationRepository, userConfigService);
    }

    @Bean
    AuthenticationSuccessHandler customAuthSuccessHandler() {
        return new CustomAuthSuccessHandler();
    }

    @Bean
    CustomLoginFailureHandler loginFailureHandler() {
        return new CustomLoginFailureHandler();
    }

    @Bean
    public LogoutHandler logoutHandler() {
        return new CustomLogoutSuccessHandler();
    }

    @Bean
    public PersistentTokenRepository tokenRepository() {
        JdbcTokenRepositoryImpl jdbcTokenRepositoryImpl = new JdbcTokenRepositoryImpl();
        jdbcTokenRepositoryImpl.setDataSource(this.dataSource);
        return jdbcTokenRepositoryImpl;
    }
}
