package de.tschuehly.htmx.spring.supabase.auth.security;

import com.auth0.jwt.JWTVerifier;
import de.tschuehly.htmx.spring.supabase.auth.config.SupabaseProperties;
import java.util.Arrays;
import java.util.Locale;
import java.util.Map;
import kotlin.Metadata;
import kotlin.Unit;
import kotlin.jvm.functions.Function1;
import kotlin.jvm.internal.Intrinsics;
import kotlin.jvm.internal.SourceDebugExtension;
import org.jetbrains.annotations.NotNull;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.authentication.configurers.provisioning.UserDetailsManagerConfigurer;
import org.springframework.security.config.annotation.web.AuthorizeHttpRequestsDsl;
import org.springframework.security.config.annotation.web.CsrfDsl;
import org.springframework.security.config.annotation.web.ExceptionHandlingDsl;
import org.springframework.security.config.annotation.web.HeadersDsl;
import org.springframework.security.config.annotation.web.HttpBasicDsl;
import org.springframework.security.config.annotation.web.HttpSecurityDsl;
import org.springframework.security.config.annotation.web.HttpSecurityDslKt;
import org.springframework.security.config.annotation.web.SessionManagementDsl;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.headers.FrameOptionsDsl;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.access.AccessDeniedHandler;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

/* compiled from: SupabaseSecurityConfig.kt */
@Configuration
@EnableWebSecurity(debug = false)
@Metadata(mv = {1, 9, 0}, k = 1, xi = 48, d1 = {"��N\n\u0002\u0018\u0002\n\u0002\u0010��\n��\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0005\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0003\b\u0017\u0018��2\u00020\u0001B\r\u0012\u0006\u0010\u0002\u001a\u00020\u0003¢\u0006\u0002\u0010\u0004J \u0010\u000b\u001a\u00020\f2\u0006\u0010\r\u001a\u00020\u000e2\u0006\u0010\u000f\u001a\u00020\u00102\u0006\u0010\u0002\u001a\u00020\u0003H\u0017J \u0010\u0011\u001a\u00020\u00122\u0006\u0010\r\u001a\u00020\u000e2\u0006\u0010\u0013\u001a\u00020\u00142\u0006\u0010\u0015\u001a\u00020\fH\u0017J\b\u0010\u0016\u001a\u00020\u0017H\u0017J\b\u0010\u0018\u001a\u00020\u0019H\u0017J\u0010\u0010\u000f\u001a\u00020\u00102\u0006\u0010\u001a\u001a\u00020\u001bH\u0017J(\u0010\u0013\u001a\u00020\u00142\u0006\u0010\u001c\u001a\u00020\f2\u0006\u0010\u0002\u001a\u00020\u00032\u0006\u0010\u001a\u001a\u00020\u001b2\u0006\u0010\u001d\u001a\u00020\u0019H\u0017R\u0014\u0010\u0005\u001a\u00020\u0006X\u0096\u0004¢\u0006\b\n��\u001a\u0004\b\u0007\u0010\bR\u0014\u0010\u0002\u001a\u00020\u0003X\u0096\u0004¢\u0006\b\n��\u001a\u0004\b\t\u0010\n¨\u0006\u001e"}, d2 = {"Lde/tschuehly/htmx/spring/supabase/auth/security/SupabaseSecurityConfig;", "", "supabaseProperties", "Lde/tschuehly/htmx/spring/supabase/auth/config/SupabaseProperties;", "(Lde/tschuehly/htmx/spring/supabase/auth/config/SupabaseProperties;)V", "logger", "Lorg/slf4j/Logger;", "getLogger", "()Lorg/slf4j/Logger;", "getSupabaseProperties", "()Lde/tschuehly/htmx/spring/supabase/auth/config/SupabaseProperties;", "authManager", "Lorg/springframework/security/authentication/AuthenticationManager;", "http", "Lorg/springframework/security/config/annotation/web/builders/HttpSecurity;", "supabaseAuthenticationProvider", "Lde/tschuehly/htmx/spring/supabase/auth/security/SupabaseAuthenticationProvider;", "filterChain", "Lorg/springframework/security/web/SecurityFilterChain;", "supabaseJwtFilter", "Lde/tschuehly/htmx/spring/supabase/auth/security/SupabaseJwtFilter;", "supabaseAuthenticationManager", "supabaseAccessDeniedHandler", "Lorg/springframework/security/web/access/AccessDeniedHandler;", "supabaseAuthenticationEntryPoint", "Lorg/springframework/security/web/AuthenticationEntryPoint;", "jwtVerifier", "Lcom/auth0/jwt/JWTVerifier;", "authenticationManager", "authenticationEntryPoint", "htmx-supabase-spring-boot-starter"})
@SourceDebugExtension({"SMAP\nSupabaseSecurityConfig.kt\nKotlin\n*S Kotlin\n*F\n+ 1 SupabaseSecurityConfig.kt\nde/tschuehly/htmx/spring/supabase/auth/security/SupabaseSecurityConfig\n+ 2 _Maps.kt\nkotlin/collections/MapsKt___MapsKt\n+ 3 ArraysJVM.kt\nkotlin/collections/ArraysKt__ArraysJVMKt\n*L\n1#1,148:1\n215#2,2:149\n37#3,2:151\n*S KotlinDebug\n*F\n+ 1 SupabaseSecurityConfig.kt\nde/tschuehly/htmx/spring/supabase/auth/security/SupabaseSecurityConfig\n*L\n37#1:149,2\n142#1:151,2\n*E\n"})
/* loaded from: input_file:de/tschuehly/htmx/spring/supabase/auth/security/SupabaseSecurityConfig.class */
public class SupabaseSecurityConfig {

    @NotNull
    private final SupabaseProperties supabaseProperties;

    @NotNull
    private final Logger logger;

    public SupabaseSecurityConfig(@NotNull SupabaseProperties supabaseProperties) {
        Intrinsics.checkNotNullParameter(supabaseProperties, "supabaseProperties");
        this.supabaseProperties = supabaseProperties;
        Logger logger = LoggerFactory.getLogger(SupabaseSecurityConfig.class);
        Intrinsics.checkNotNullExpressionValue(logger, "getLogger(...)");
        this.logger = logger;
    }

    @NotNull
    public SupabaseProperties getSupabaseProperties() {
        return this.supabaseProperties;
    }

    @NotNull
    public Logger getLogger() {
        return this.logger;
    }

    @ConditionalOnMissingBean
    @Bean
    @NotNull
    public SecurityFilterChain filterChain(@NotNull HttpSecurity httpSecurity, @NotNull final SupabaseJwtFilter supabaseJwtFilter, @NotNull final AuthenticationManager authenticationManager) {
        Intrinsics.checkNotNullParameter(httpSecurity, "http");
        Intrinsics.checkNotNullParameter(supabaseJwtFilter, "supabaseJwtFilter");
        Intrinsics.checkNotNullParameter(authenticationManager, "supabaseAuthenticationManager");
        for (Map.Entry<String, SupabaseProperties.Role> entry : getSupabaseProperties().getRoles().entrySet()) {
            final String key = entry.getKey();
            final SupabaseProperties.Role value = entry.getValue();
            HttpSecurityDslKt.invoke(httpSecurity, new Function1<HttpSecurityDsl, Unit>() { // from class: de.tschuehly.htmx.spring.supabase.auth.security.SupabaseSecurityConfig$filterChain$1$1
                /* JADX INFO: Access modifiers changed from: package-private */
                /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
                {
                    super(1);
                }

                public final void invoke(@NotNull HttpSecurityDsl httpSecurityDsl) {
                    Intrinsics.checkNotNullParameter(httpSecurityDsl, "$this$invoke");
                    final SupabaseProperties.Role role = SupabaseProperties.Role.this;
                    final SupabaseSecurityConfig supabaseSecurityConfig = this;
                    final String str = key;
                    httpSecurityDsl.authorizeHttpRequests(new Function1<AuthorizeHttpRequestsDsl, Unit>() { // from class: de.tschuehly.htmx.spring.supabase.auth.security.SupabaseSecurityConfig$filterChain$1$1.1
                        /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
                        {
                            super(1);
                        }

                        public final void invoke(@NotNull AuthorizeHttpRequestsDsl authorizeHttpRequestsDsl) {
                            Intrinsics.checkNotNullParameter(authorizeHttpRequestsDsl, "$this$authorizeHttpRequests");
                            String[] get = SupabaseProperties.Role.this.getGet();
                            SupabaseSecurityConfig supabaseSecurityConfig2 = supabaseSecurityConfig;
                            String str2 = str;
                            for (String str3 : get) {
                                supabaseSecurityConfig2.getLogger().info("Path: " + str3 + " with Method GET is secured with Expression: hasRole('" + str2 + "')");
                                String upperCase = str2.toUpperCase(Locale.ROOT);
                                Intrinsics.checkNotNullExpressionValue(upperCase, "toUpperCase(...)");
                                authorizeHttpRequestsDsl.authorize(str3, authorizeHttpRequestsDsl.hasRole(upperCase));
                            }
                            String[] post = SupabaseProperties.Role.this.getPost();
                            SupabaseSecurityConfig supabaseSecurityConfig3 = supabaseSecurityConfig;
                            String str4 = str;
                            for (String str5 : post) {
                                supabaseSecurityConfig3.getLogger().info("Path: " + str5 + " with Method POST is secured with Expression: hasRole('" + str4 + "')");
                                String upperCase2 = str4.toUpperCase(Locale.ROOT);
                                Intrinsics.checkNotNullExpressionValue(upperCase2, "toUpperCase(...)");
                                authorizeHttpRequestsDsl.authorize(str5, authorizeHttpRequestsDsl.hasRole(upperCase2));
                            }
                            String[] delete = SupabaseProperties.Role.this.getDelete();
                            SupabaseSecurityConfig supabaseSecurityConfig4 = supabaseSecurityConfig;
                            String str6 = str;
                            for (String str7 : delete) {
                                supabaseSecurityConfig4.getLogger().info("Path: " + str7 + " with Method DELETE is secured with Expression: hasRole('" + str6 + "')");
                                String upperCase3 = str6.toUpperCase(Locale.ROOT);
                                Intrinsics.checkNotNullExpressionValue(upperCase3, "toUpperCase(...)");
                                authorizeHttpRequestsDsl.authorize(str7, authorizeHttpRequestsDsl.hasRole(upperCase3));
                            }
                            String[] put = SupabaseProperties.Role.this.getPut();
                            SupabaseSecurityConfig supabaseSecurityConfig5 = supabaseSecurityConfig;
                            String str8 = str;
                            for (String str9 : put) {
                                supabaseSecurityConfig5.getLogger().info("Path: " + str9 + " with Method PUT is secured with Expression: hasRole('" + str8 + "')");
                                String upperCase4 = str8.toUpperCase(Locale.ROOT);
                                Intrinsics.checkNotNullExpressionValue(upperCase4, "toUpperCase(...)");
                                authorizeHttpRequestsDsl.authorize(str9, authorizeHttpRequestsDsl.hasRole(upperCase4));
                            }
                        }

                        public /* bridge */ /* synthetic */ Object invoke(Object obj) {
                            invoke((AuthorizeHttpRequestsDsl) obj);
                            return Unit.INSTANCE;
                        }
                    });
                }

                public /* bridge */ /* synthetic */ Object invoke(Object obj) {
                    invoke((HttpSecurityDsl) obj);
                    return Unit.INSTANCE;
                }
            });
        }
        HttpSecurityDslKt.invoke(httpSecurity, new Function1<HttpSecurityDsl, Unit>() { // from class: de.tschuehly.htmx.spring.supabase.auth.security.SupabaseSecurityConfig$filterChain$2
            /* JADX INFO: Access modifiers changed from: package-private */
            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
            {
                super(1);
            }

            public final void invoke(@NotNull HttpSecurityDsl httpSecurityDsl) {
                Intrinsics.checkNotNullParameter(httpSecurityDsl, "$this$invoke");
                final SupabaseSecurityConfig supabaseSecurityConfig = this;
                httpSecurityDsl.authorizeHttpRequests(new Function1<AuthorizeHttpRequestsDsl, Unit>() { // from class: de.tschuehly.htmx.spring.supabase.auth.security.SupabaseSecurityConfig$filterChain$2.1
                    {
                        super(1);
                    }

                    public final void invoke(@NotNull AuthorizeHttpRequestsDsl authorizeHttpRequestsDsl) {
                        Intrinsics.checkNotNullParameter(authorizeHttpRequestsDsl, "$this$authorizeHttpRequests");
                        String[] get = SupabaseSecurityConfig.this.getSupabaseProperties().getPublic().getGet();
                        SupabaseSecurityConfig supabaseSecurityConfig2 = SupabaseSecurityConfig.this;
                        for (String str : get) {
                            supabaseSecurityConfig2.getLogger().info("Path: " + str + " with Method GET is public");
                            HttpMethod httpMethod = HttpMethod.GET;
                            Intrinsics.checkNotNullExpressionValue(httpMethod, "GET");
                            authorizeHttpRequestsDsl.authorize(httpMethod, str, authorizeHttpRequestsDsl.getPermitAll());
                        }
                        String[] post = SupabaseSecurityConfig.this.getSupabaseProperties().getPublic().getPost();
                        SupabaseSecurityConfig supabaseSecurityConfig3 = SupabaseSecurityConfig.this;
                        for (String str2 : post) {
                            supabaseSecurityConfig3.getLogger().info("Path: " + str2 + " with Method POST is public");
                            HttpMethod httpMethod2 = HttpMethod.POST;
                            Intrinsics.checkNotNullExpressionValue(httpMethod2, "POST");
                            authorizeHttpRequestsDsl.authorize(httpMethod2, str2, authorizeHttpRequestsDsl.getPermitAll());
                        }
                        String[] delete = SupabaseSecurityConfig.this.getSupabaseProperties().getPublic().getDelete();
                        SupabaseSecurityConfig supabaseSecurityConfig4 = SupabaseSecurityConfig.this;
                        for (String str3 : delete) {
                            supabaseSecurityConfig4.getLogger().info("Path: " + str3 + " with Method DELETE is public");
                            HttpMethod httpMethod3 = HttpMethod.DELETE;
                            Intrinsics.checkNotNullExpressionValue(httpMethod3, "DELETE");
                            authorizeHttpRequestsDsl.authorize(httpMethod3, str3, authorizeHttpRequestsDsl.getPermitAll());
                        }
                        String[] put = SupabaseSecurityConfig.this.getSupabaseProperties().getPublic().getPut();
                        SupabaseSecurityConfig supabaseSecurityConfig5 = SupabaseSecurityConfig.this;
                        for (String str4 : put) {
                            supabaseSecurityConfig5.getLogger().info("Path: " + str4 + " with Method PUT is public");
                            HttpMethod httpMethod4 = HttpMethod.PUT;
                            Intrinsics.checkNotNullExpressionValue(httpMethod4, "PUT");
                            authorizeHttpRequestsDsl.authorize(httpMethod4, str4, authorizeHttpRequestsDsl.getPermitAll());
                        }
                        authorizeHttpRequestsDsl.authorize(authorizeHttpRequestsDsl.getAnyRequest(), authorizeHttpRequestsDsl.getAuthenticated());
                    }

                    public /* bridge */ /* synthetic */ Object invoke(Object obj) {
                        invoke((AuthorizeHttpRequestsDsl) obj);
                        return Unit.INSTANCE;
                    }
                });
                httpSecurityDsl.sessionManagement(new Function1<SessionManagementDsl, Unit>() { // from class: de.tschuehly.htmx.spring.supabase.auth.security.SupabaseSecurityConfig$filterChain$2.2
                    public final void invoke(@NotNull SessionManagementDsl sessionManagementDsl) {
                        Intrinsics.checkNotNullParameter(sessionManagementDsl, "$this$sessionManagement");
                        sessionManagementDsl.setSessionCreationPolicy(SessionCreationPolicy.STATELESS);
                    }

                    public /* bridge */ /* synthetic */ Object invoke(Object obj) {
                        invoke((SessionManagementDsl) obj);
                        return Unit.INSTANCE;
                    }
                });
                httpSecurityDsl.setAuthenticationManager(authenticationManager);
                httpSecurityDsl.httpBasic(new Function1<HttpBasicDsl, Unit>() { // from class: de.tschuehly.htmx.spring.supabase.auth.security.SupabaseSecurityConfig$filterChain$2.3
                    public final void invoke(@NotNull HttpBasicDsl httpBasicDsl) {
                        Intrinsics.checkNotNullParameter(httpBasicDsl, "$this$httpBasic");
                    }

                    public /* bridge */ /* synthetic */ Object invoke(Object obj) {
                        invoke((HttpBasicDsl) obj);
                        return Unit.INSTANCE;
                    }
                });
                httpSecurityDsl.csrf(new Function1<CsrfDsl, Unit>() { // from class: de.tschuehly.htmx.spring.supabase.auth.security.SupabaseSecurityConfig$filterChain$2.4
                    public final void invoke(@NotNull CsrfDsl csrfDsl) {
                        Intrinsics.checkNotNullParameter(csrfDsl, "$this$csrf");
                        csrfDsl.disable();
                    }

                    public /* bridge */ /* synthetic */ Object invoke(Object obj) {
                        invoke((CsrfDsl) obj);
                        return Unit.INSTANCE;
                    }
                });
                httpSecurityDsl.headers(new Function1<HeadersDsl, Unit>() { // from class: de.tschuehly.htmx.spring.supabase.auth.security.SupabaseSecurityConfig$filterChain$2.5
                    public final void invoke(@NotNull HeadersDsl headersDsl) {
                        Intrinsics.checkNotNullParameter(headersDsl, "$this$headers");
                        headersDsl.frameOptions(new Function1<FrameOptionsDsl, Unit>() { // from class: de.tschuehly.htmx.spring.supabase.auth.security.SupabaseSecurityConfig.filterChain.2.5.1
                            public final void invoke(@NotNull FrameOptionsDsl frameOptionsDsl) {
                                Intrinsics.checkNotNullParameter(frameOptionsDsl, "$this$frameOptions");
                                frameOptionsDsl.getSameOrigin();
                            }

                            public /* bridge */ /* synthetic */ Object invoke(Object obj) {
                                invoke((FrameOptionsDsl) obj);
                                return Unit.INSTANCE;
                            }
                        });
                    }

                    public /* bridge */ /* synthetic */ Object invoke(Object obj) {
                        invoke((HeadersDsl) obj);
                        return Unit.INSTANCE;
                    }
                });
                httpSecurityDsl.addFilterBefore(supabaseJwtFilter, UsernamePasswordAuthenticationFilter.class);
                final SupabaseSecurityConfig supabaseSecurityConfig2 = this;
                httpSecurityDsl.exceptionHandling(new Function1<ExceptionHandlingDsl, Unit>() { // from class: de.tschuehly.htmx.spring.supabase.auth.security.SupabaseSecurityConfig$filterChain$2.6
                    {
                        super(1);
                    }

                    public final void invoke(@NotNull ExceptionHandlingDsl exceptionHandlingDsl) {
                        Intrinsics.checkNotNullParameter(exceptionHandlingDsl, "$this$exceptionHandling");
                        exceptionHandlingDsl.setAuthenticationEntryPoint(SupabaseSecurityConfig.this.supabaseAuthenticationEntryPoint());
                        exceptionHandlingDsl.setAccessDeniedHandler(SupabaseSecurityConfig.this.supabaseAccessDeniedHandler());
                    }

                    public /* bridge */ /* synthetic */ Object invoke(Object obj) {
                        invoke((ExceptionHandlingDsl) obj);
                        return Unit.INSTANCE;
                    }
                });
            }

            public /* bridge */ /* synthetic */ Object invoke(Object obj) {
                invoke((HttpSecurityDsl) obj);
                return Unit.INSTANCE;
            }
        });
        Object build = httpSecurity.build();
        Intrinsics.checkNotNullExpressionValue(build, "build(...)");
        return (SecurityFilterChain) build;
    }

    @Bean
    @NotNull
    public AccessDeniedHandler supabaseAccessDeniedHandler() {
        return new SupabaseAccessDeniedHandler(getSupabaseProperties());
    }

    @Bean
    @NotNull
    public AuthenticationEntryPoint supabaseAuthenticationEntryPoint() {
        return new SupabaseAuthenticationEntryPoint(getSupabaseProperties());
    }

    @Bean
    @NotNull
    public SupabaseAuthenticationProvider supabaseAuthenticationProvider(@NotNull JWTVerifier jWTVerifier) {
        Intrinsics.checkNotNullParameter(jWTVerifier, "jwtVerifier");
        return new SupabaseAuthenticationProvider(jWTVerifier);
    }

    @Bean
    @NotNull
    public SupabaseJwtFilter supabaseJwtFilter(@NotNull AuthenticationManager authenticationManager, @NotNull SupabaseProperties supabaseProperties, @NotNull JWTVerifier jWTVerifier, @NotNull AuthenticationEntryPoint authenticationEntryPoint) {
        Intrinsics.checkNotNullParameter(authenticationManager, "authenticationManager");
        Intrinsics.checkNotNullParameter(supabaseProperties, "supabaseProperties");
        Intrinsics.checkNotNullParameter(jWTVerifier, "jwtVerifier");
        Intrinsics.checkNotNullParameter(authenticationEntryPoint, "authenticationEntryPoint");
        return new SupabaseJwtFilter(authenticationManager, supabaseProperties);
    }

    @Bean
    @NotNull
    public AuthenticationManager authManager(@NotNull HttpSecurity httpSecurity, @NotNull SupabaseAuthenticationProvider supabaseAuthenticationProvider, @NotNull SupabaseProperties supabaseProperties) {
        Intrinsics.checkNotNullParameter(httpSecurity, "http");
        Intrinsics.checkNotNullParameter(supabaseAuthenticationProvider, "supabaseAuthenticationProvider");
        Intrinsics.checkNotNullParameter(supabaseProperties, "supabaseProperties");
        AuthenticationManagerBuilder authenticationManagerBuilder = (AuthenticationManagerBuilder) httpSecurity.getSharedObject(AuthenticationManagerBuilder.class);
        authenticationManagerBuilder.authenticationProvider(supabaseAuthenticationProvider);
        if (supabaseProperties.getBasicAuth().getEnabled()) {
            UserDetailsManagerConfigurer.UserDetailsBuilder password = authenticationManagerBuilder.inMemoryAuthentication().withUser(supabaseProperties.getBasicAuth().getUsername()).password(supabaseProperties.getBasicAuth().getPassword());
            String[] strArr = (String[]) supabaseProperties.getBasicAuth().getRoles().toArray(new String[0]);
            password.roles((String[]) Arrays.copyOf(strArr, strArr.length));
        }
        Object build = authenticationManagerBuilder.build();
        Intrinsics.checkNotNullExpressionValue(build, "build(...)");
        return (AuthenticationManager) build;
    }
}
