package foundation.cmo.opensales.graphql.security;

import java.io.IOException;
import java.util.Enumeration;
import java.util.Objects;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.web.filter.OncePerRequestFilter;

@Configuration
/* loaded from: input_file:foundation/cmo/opensales/graphql/security/MGraphQLSecurity.class */
public class MGraphQLSecurity {
    private static final Logger log = LoggerFactory.getLogger(MGraphQLSecurity.class);
    private IMAuthUserProvider authUserProvider;

    @Value("${IS_DEV:true}")
    private boolean dev;
    private MGraphQLJwtService jwt;
    private final OncePerRequestFilter jwtAuthFilter = getJwtAuthFilter();
    private final OncePerRequestFilter basicAuthFilter = getBasicAuthFilter();
    private final OncePerRequestFilter bearerAuthFilter = getBearerAuthFilter();
    private final OncePerRequestFilter testFilter = getTestAuthFilter();
    private AuthenticationProvider getAuthenticationProvider = new AuthenticationProvider() { // from class: foundation.cmo.opensales.graphql.security.MGraphQLSecurity.5
        public boolean supports(Class<?> cls) {
            return true;
        }

        public Authentication authenticate(Authentication authentication) throws AuthenticationException {
            return null;
        }
    };

    public SecurityFilterChain getSecurityFilterChain(HttpSecurity httpSecurity, MGraphQLJwtService mGraphQLJwtService, IMAuthUserProvider iMAuthUserProvider) throws Exception {
        this.jwt = mGraphQLJwtService;
        this.authUserProvider = iMAuthUserProvider;
        return (SecurityFilterChain) httpSecurity.cors(corsConfigurer -> {
            corsConfigurer.disable();
        }).csrf(csrfConfigurer -> {
            csrfConfigurer.disable();
        }).sessionManagement(sessionManagementConfigurer -> {
            sessionManagementConfigurer.sessionCreationPolicy(SessionCreationPolicy.STATELESS);
        }).authenticationProvider(this.getAuthenticationProvider).addFilterBefore(this.testFilter, UsernamePasswordAuthenticationFilter.class).addFilterBefore(this.basicAuthFilter, UsernamePasswordAuthenticationFilter.class).addFilterBefore(this.bearerAuthFilter, UsernamePasswordAuthenticationFilter.class).authorizeHttpRequests(authorizationManagerRequestMatcherRegistry -> {
            ((AuthorizeHttpRequestsConfigurer.AuthorizedUrl) authorizationManagerRequestMatcherRegistry.regexMatchers(HttpMethod.GET, new String[]{"/gui", "/graphql"})).permitAll();
            ((AuthorizeHttpRequestsConfigurer.AuthorizedUrl) authorizationManagerRequestMatcherRegistry.regexMatchers(HttpMethod.POST, new String[]{"/graphql"})).authenticated();
            ((AuthorizeHttpRequestsConfigurer.AuthorizedUrl) authorizationManagerRequestMatcherRegistry.anyRequest()).denyAll();
        }).build();
    }

    private OncePerRequestFilter getTestAuthFilter() {
        return new OncePerRequestFilter() { // from class: foundation.cmo.opensales.graphql.security.MGraphQLSecurity.1
            final String AUTHORIZATION = "Authorization";
            final MEnumToken typeToken = MEnumToken.TEST;

            protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
                String header = httpServletRequest.getHeader("Authorization");
                String description = this.typeToken.getDescription();
                if (Objects.isNull(header) || !header.startsWith(description)) {
                    filterChain.doFilter(httpServletRequest, httpServletResponse);
                    return;
                }
                try {
                    SecurityContextHolder.getContext().setAuthentication(new MAuthToken(MGraphQLSecurity.this.authUserProvider.loadUser(MGraphQLSecurity.this.jwt, this.typeToken, header.replace(description, "").trim())));
                } catch (Exception e) {
                    SecurityContextHolder.getContext().setAuthentication((Authentication) null);
                }
                filterChain.doFilter(httpServletRequest, httpServletResponse);
            }
        };
    }

    private OncePerRequestFilter getBasicAuthFilter() {
        final MEnumToken mEnumToken = MEnumToken.BASIC;
        final String description = mEnumToken.getDescription();
        return new OncePerRequestFilter() { // from class: foundation.cmo.opensales.graphql.security.MGraphQLSecurity.2
            protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
                String header = httpServletRequest.getHeader("Authorization");
                if (Objects.isNull(header) || !header.startsWith(description)) {
                    filterChain.doFilter(httpServletRequest, httpServletResponse);
                    return;
                }
                try {
                    SecurityContextHolder.getContext().setAuthentication(new MAuthToken(MGraphQLSecurity.this.authUserProvider.loadUser(MGraphQLSecurity.this.jwt, mEnumToken, header.replace(description, "").trim())));
                } catch (Exception e) {
                    SecurityContextHolder.getContext().setAuthentication((Authentication) null);
                }
                filterChain.doFilter(httpServletRequest, httpServletResponse);
            }
        };
    }

    private OncePerRequestFilter getBearerAuthFilter() {
        final MEnumToken mEnumToken = MEnumToken.BEARER;
        final String description = mEnumToken.getDescription();
        return new OncePerRequestFilter() { // from class: foundation.cmo.opensales.graphql.security.MGraphQLSecurity.3
            protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
                String header = httpServletRequest.getHeader("Authorization");
                if (header == null || !header.startsWith(description)) {
                    filterChain.doFilter(httpServletRequest, httpServletResponse);
                    return;
                }
                try {
                    if (SecurityContextHolder.getContext().getAuthentication() == null) {
                        SecurityContextHolder.getContext().setAuthentication(new MAuthToken(MGraphQLSecurity.this.authUserProvider.loadUser(MGraphQLSecurity.this.jwt, mEnumToken, header.replace(description, "").trim())));
                    }
                } catch (Exception e) {
                    MGraphQLSecurity.log.error(e.getMessage());
                }
                filterChain.doFilter(httpServletRequest, httpServletResponse);
            }
        };
    }

    @Bean
    MGraphQLJwtService getMGraphQLJwtService() {
        return new MGraphQLJwtService();
    }

    private OncePerRequestFilter getJwtAuthFilter() {
        return new OncePerRequestFilter() { // from class: foundation.cmo.opensales.graphql.security.MGraphQLSecurity.4
            protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
                MEnumToken mEnumToken = MEnumToken.BEARER;
                String description = mEnumToken.getDescription();
                Enumeration headerNames = httpServletRequest.getHeaderNames();
                while (headerNames.hasMoreElements()) {
                    MGraphQLSecurity.log.info((String) headerNames.nextElement());
                }
                MGraphQLSecurity.log.info(">>> {}", httpServletRequest.getHeader("Authorization"));
                String header = httpServletRequest.getHeader("Authorization");
                if (header == null || !header.startsWith(description)) {
                    filterChain.doFilter(httpServletRequest, httpServletResponse);
                    return;
                }
                MGraphQLSecurity.log.info(header);
                try {
                    if (SecurityContextHolder.getContext().getAuthentication() == null) {
                        SecurityContextHolder.getContext().setAuthentication(new MAuthToken(MGraphQLSecurity.this.authUserProvider.loadUser(MGraphQLSecurity.this.jwt, mEnumToken, header.replace(description, "").trim())));
                    }
                } catch (Exception e) {
                    MGraphQLSecurity.log.error(e.getMessage());
                }
                filterChain.doFilter(httpServletRequest, httpServletResponse);
            }
        };
    }
}
