package cronapp.framework.authentication.saml;

import cronapi.Var;
import cronapp.framework.api.ApiManager;
import cronapp.framework.api.EventsManager;
import cronapp.framework.authentication.AuthenticationUtil;
import cronapp.framework.authentication.security.CronappAnonymousAuthenticationFilter;
import cronapp.framework.authentication.security.CronappAuthenticationSuccessHandler;
import cronapp.framework.authentication.security.Permission;
import cronapp.framework.authentication.token.AuthenticationTokenFilter;
import java.util.ArrayList;
import java.util.List;
import javax.servlet.Filter;
import org.springframework.context.ApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.lang.Nullable;
import org.springframework.security.access.AccessDecisionVoter;
import org.springframework.security.access.vote.UnanimousBased;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.saml.SAMLDiscovery;
import org.springframework.security.saml.SAMLEntryPoint;
import org.springframework.security.saml.SAMLLogoutFilter;
import org.springframework.security.saml.SAMLLogoutProcessingFilter;
import org.springframework.security.saml.SAMLProcessingFilter;
import org.springframework.security.saml.SAMLWebSSOHoKProcessingFilter;
import org.springframework.security.saml.metadata.MetadataDisplayFilter;
import org.springframework.security.saml.metadata.MetadataGenerator;
import org.springframework.security.saml.metadata.MetadataGeneratorFilter;
import org.springframework.security.saml.websso.WebSSOProfileOptions;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.DefaultSecurityFilterChain;
import org.springframework.security.web.FilterChainProxy;
import org.springframework.security.web.access.channel.ChannelProcessingFilter;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
import org.springframework.security.web.authentication.logout.LogoutHandler;
import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
import org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler;
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;

@Configuration
@EnableWebSecurity
/* loaded from: input_file:cronapp/framework/authentication/saml/SamlAuthorizationConfigurer.class */
public class SamlAuthorizationConfigurer extends WebSecurityConfigurerAdapter {
    private final Permission permission;
    private final List<AccessDecisionVoter<? extends Object>> decisionVoters;
    private final ApplicationContext applicationContext;

    public SamlAuthorizationConfigurer(@Nullable Permission permission, List<AccessDecisionVoter<? extends Object>> list, ApplicationContext applicationContext) {
        this.permission = permission;
        this.decisionVoters = list;
        this.applicationContext = applicationContext;
    }

    @Bean
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }

    protected void configure(HttpSecurity httpSecurity) throws Exception {
        httpSecurity.csrf().disable();
        httpSecurity.httpBasic().authenticationEntryPoint((AuthenticationEntryPoint) this.applicationContext.getBean(SAMLEntryPoint.class));
        httpSecurity.addFilterBefore((Filter) this.applicationContext.getBean(MetadataGeneratorFilter.class), ChannelProcessingFilter.class).addFilterAfter((Filter) this.applicationContext.getBean(FilterChainProxy.class), BasicAuthenticationFilter.class).addFilterAfter((Filter) this.applicationContext.getBean(AuthenticationTokenFilter.class), BasicAuthenticationFilter.class);
        if (this.permission == null) {
            httpSecurity.anonymous().authenticationFilter(new CronappAnonymousAuthenticationFilter("anonymousAuthenticationFilterKey", "anonymousUser", ApiManager.getPublicAuthorities()));
            ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.authorizeRequests().anyRequest()).denyAll().accessDecisionManager(new UnanimousBased(this.decisionVoters));
        } else {
            this.permission.loadSecurityPermission(httpSecurity);
            AuthenticationUtil.loadStaticSecurity(httpSecurity);
        }
        httpSecurity.headers().cacheControl().disable().frameOptions().disable().httpStrictTransportSecurity().disable();
        httpSecurity.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Bean
    public FilterChainProxy samlFilter(SAMLLogoutFilter sAMLLogoutFilter, MetadataDisplayFilter metadataDisplayFilter, SAMLLogoutProcessingFilter sAMLLogoutProcessingFilter, SAMLProcessingFilter sAMLProcessingFilter, SAMLWebSSOHoKProcessingFilter sAMLWebSSOHoKProcessingFilter, SAMLDiscovery sAMLDiscovery, SAMLEntryPoint sAMLEntryPoint) {
        ArrayList arrayList = new ArrayList();
        arrayList.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/login/**"), new Filter[]{sAMLEntryPoint}));
        arrayList.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/logout/**"), new Filter[]{sAMLLogoutFilter}));
        arrayList.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/metadata/**"), new Filter[]{metadataDisplayFilter}));
        arrayList.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/SSO/**"), new Filter[]{sAMLProcessingFilter}));
        arrayList.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/SSOHoK/**"), new Filter[]{sAMLWebSSOHoKProcessingFilter}));
        arrayList.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/SingleLogout/**"), new Filter[]{sAMLLogoutProcessingFilter}));
        arrayList.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/discovery/**"), new Filter[]{sAMLDiscovery}));
        return new FilterChainProxy(arrayList);
    }

    @Bean
    public SAMLDiscovery samlIDPDiscovery() {
        return new SAMLDiscovery();
    }

    @Bean
    public SAMLLogoutProcessingFilter samlLogoutProcessingFilter(LogoutSuccessHandler logoutSuccessHandler, LogoutHandler logoutHandler) {
        return new SAMLLogoutProcessingFilter(logoutSuccessHandler, new LogoutHandler[]{logoutHandler});
    }

    @Bean
    public MetadataDisplayFilter metadataDisplayFilter() {
        return new MetadataDisplayFilter();
    }

    @Bean
    public SAMLProcessingFilter samlWebSSOProcessingFilter(AuthenticationManager authenticationManager, AuthenticationSuccessHandler authenticationSuccessHandler, AuthenticationFailureHandler authenticationFailureHandler) {
        SAMLProcessingFilter sAMLProcessingFilter = new SAMLProcessingFilter();
        sAMLProcessingFilter.setAuthenticationManager(authenticationManager);
        sAMLProcessingFilter.setAuthenticationSuccessHandler(authenticationSuccessHandler);
        sAMLProcessingFilter.setAuthenticationFailureHandler(authenticationFailureHandler);
        return sAMLProcessingFilter;
    }

    @Bean
    public AuthenticationSuccessHandler successHandler() {
        return new CronappAuthenticationSuccessHandler();
    }

    @Bean
    public SimpleUrlAuthenticationFailureHandler authenticationFailureHandler() {
        SimpleUrlAuthenticationFailureHandler simpleUrlAuthenticationFailureHandler = new SimpleUrlAuthenticationFailureHandler();
        simpleUrlAuthenticationFailureHandler.setUseForward(true);
        simpleUrlAuthenticationFailureHandler.setDefaultFailureUrl("/error");
        return simpleUrlAuthenticationFailureHandler;
    }

    @Bean
    public SAMLWebSSOHoKProcessingFilter samlWebSSOHoKProcessingFilter(AuthenticationManager authenticationManager, AuthenticationSuccessHandler authenticationSuccessHandler, AuthenticationFailureHandler authenticationFailureHandler) {
        SAMLWebSSOHoKProcessingFilter sAMLWebSSOHoKProcessingFilter = new SAMLWebSSOHoKProcessingFilter();
        sAMLWebSSOHoKProcessingFilter.setAuthenticationSuccessHandler(authenticationSuccessHandler);
        sAMLWebSSOHoKProcessingFilter.setAuthenticationManager(authenticationManager);
        sAMLWebSSOHoKProcessingFilter.setAuthenticationFailureHandler(authenticationFailureHandler);
        return sAMLWebSSOHoKProcessingFilter;
    }

    @Bean
    public SAMLLogoutFilter samlLogoutFilter(LogoutSuccessHandler logoutSuccessHandler, LogoutHandler logoutHandler) {
        return new SAMLLogoutFilter(logoutSuccessHandler, new LogoutHandler[]{logoutHandler}, new LogoutHandler[]{logoutHandler});
    }

    @Bean
    public LogoutSuccessHandler successLogoutHandler() {
        return (httpServletRequest, httpServletResponse, authentication) -> {
            if (EventsManager.hasEvent("onLogout") && authentication != null && authentication.getName() != null) {
                EventsManager.executeEventOnTransaction("onLogout", Var.valueOf("username", authentication.getName()));
            }
            if (httpServletRequest.getHeader("Accept") == null || !httpServletRequest.getHeader("Accept").contains("json")) {
                httpServletResponse.setStatus(200);
                httpServletResponse.sendRedirect("/index.html");
            }
        };
    }

    @Bean
    public SecurityContextLogoutHandler logoutHandler() {
        SecurityContextLogoutHandler securityContextLogoutHandler = new SecurityContextLogoutHandler();
        securityContextLogoutHandler.setInvalidateHttpSession(true);
        securityContextLogoutHandler.setClearAuthentication(true);
        return securityContextLogoutHandler;
    }

    @Bean
    public AuthenticationTokenFilter authenticationTokenFilter(AuthenticationManager authenticationManager) {
        AuthenticationTokenFilter authenticationTokenFilter = new AuthenticationTokenFilter();
        authenticationTokenFilter.setAuthenticationManager(authenticationManager);
        return authenticationTokenFilter;
    }

    @Bean
    public SAMLEntryPoint samlEntryPoint(WebSSOProfileOptions webSSOProfileOptions) {
        SAMLEntryPoint sAMLEntryPoint = new SAMLEntryPoint();
        sAMLEntryPoint.setDefaultProfileOptions(webSSOProfileOptions);
        return sAMLEntryPoint;
    }

    @Bean
    public WebSSOProfileOptions webSSOProfileOptions() {
        WebSSOProfileOptions webSSOProfileOptions = new WebSSOProfileOptions();
        webSSOProfileOptions.setIncludeScoping(false);
        return webSSOProfileOptions;
    }

    @Bean
    public MetadataGeneratorFilter metadataGeneratorFilter(MetadataGenerator metadataGenerator) {
        return new MetadataGeneratorFilter(metadataGenerator);
    }
}
