package cronapp.framework.authentication.token;

import cronapi.AppConfig;
import cronapi.RestClient;
import cronapi.Var;
import cronapi.database.DatabaseQueryManager;
import cronapi.database.HistoryListener;
import cronapi.database.TransactionManager;
import cronapp.framework.api.ApiManager;
import cronapp.framework.api.EventsManager;
import cronapp.framework.authentication.AuthenticationUtil;
import cronapp.framework.authentication.security.CronappAnonymousAuthenticationFilter;
import cronapp.framework.authentication.security.Permission;
import java.util.Date;
import java.util.LinkedHashMap;
import java.util.List;
import org.eclipse.rap.json.JsonArray;
import org.eclipse.rap.json.JsonObject;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.access.AccessDecisionVoter;
import org.springframework.security.access.vote.UnanimousBased;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
/* loaded from: input_file:cronapp/framework/authentication/token/WebSecurityConfiguration.class */
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {

    @Autowired(required = false)
    private Permission permission;

    @Autowired
    private EntryPointUnauthorizedHandler unauthorizedHandler;

    @Autowired
    private UserDetailsService userDetailsService;

    @Autowired
    private List<AccessDecisionVoter<? extends Object>> decisionVoters;

    @Autowired
    public void configureAuthentication(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception {
        authenticationManagerBuilder.userDetailsService(this.userDetailsService).passwordEncoder(passwordEncoder());
    }

    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }

    @Bean
    public AuthenticationTokenFilter authenticationTokenFilterBean() throws Exception {
        AuthenticationTokenFilter authenticationTokenFilter = new AuthenticationTokenFilter();
        authenticationTokenFilter.setAuthenticationManager(super.authenticationManagerBean());
        return authenticationTokenFilter;
    }

    protected void configure(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception {
        authenticationManagerBuilder.userDetailsService(this.userDetailsService).passwordEncoder(passwordEncoder());
    }

    private LogoutSuccessHandler logoutHandler() {
        return (httpServletRequest, httpServletResponse, authentication) -> {
            String header = httpServletRequest.getHeader(TokenUtils.AUTH_HEADER_NAME);
            String usernameFromToken = TokenUtils.getUsernameFromToken(header);
            if (usernameFromToken != null && SecurityContextHolder.getContext().getAuthentication() == null && TokenUtils.getScopeFromToken(header).isEmpty() && !TokenUtils.isTokenExpired(header)) {
                doLogAuthOperation(usernameFromToken);
                if (EventsManager.hasEvent("onLogout")) {
                    EventsManager.executeEventOnTransaction("onLogout", Var.valueOf("username", usernameFromToken));
                }
            }
            if (httpServletRequest.getHeader("Accept") == null || !httpServletRequest.getHeader("Accept").contains("json")) {
                httpServletResponse.setStatus(200);
                httpServletResponse.sendRedirect("/index.html");
            }
        };
    }

    private void doLogAuthOperation(String str) {
        try {
            DatabaseQueryManager auditLogManager = HistoryListener.getAuditLogManager();
            if (auditLogManager != null) {
                Class<?> cls = Class.forName(auditLogManager.getEntity());
                TransactionManager.begin(cls);
                JsonObject jsonObject = new JsonObject();
                jsonObject.add("parameters", new JsonArray());
                Var var = new Var(new LinkedHashMap());
                var.set(ApiManager.SECURABLE_ATTRIBUTE_TYPE, "app.authorization.Logout");
                var.set("command", "logout");
                var.set("category", "Authorization");
                var.set("date", new Date());
                var.set("objectData", jsonObject.toString());
                if (RestClient.getRestClient() != null) {
                    var.set("user", str);
                    var.set("host", RestClient.getRestClient().getHost());
                    var.set("agent", RestClient.getRestClient().getAgent());
                }
                var.set("server", HistoryListener.CURRENT_IP);
                var.set("affectedFields", (Object) null);
                var.set("application", AppConfig.guid());
                auditLogManager.insert(var, new Object[0]);
                TransactionManager.commit(cls);
            }
        } catch (Exception e) {
            System.out.print("Error on logging: " + e.getMessage());
        }
    }

    protected void configure(HttpSecurity httpSecurity) throws Exception {
        httpSecurity.csrf().disable().headers().cacheControl().disable().and().exceptionHandling().authenticationEntryPoint(this.unauthorizedHandler).and().logout().logoutSuccessHandler(logoutHandler()).and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
        if (this.permission != null) {
            AuthenticationUtil.loadStaticSecurity(httpSecurity);
            this.permission.loadSecurityPermission(httpSecurity);
        } else {
            httpSecurity.anonymous().authenticationFilter(new CronappAnonymousAuthenticationFilter("anonymousAuthenticationFilterKey", "anonymousUser", ApiManager.getPublicAuthorities()));
            ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.authorizeRequests().anyRequest()).denyAll().accessDecisionManager(new UnanimousBased(this.decisionVoters));
        }
        httpSecurity.headers().cacheControl().disable().xssProtection().block(false).and().contentTypeOptions().and().httpStrictTransportSecurity().disable();
        if (AppConfig.xFrameOptions().equals("SameOrigin")) {
            httpSecurity.headers().frameOptions().sameOrigin();
        } else if (AppConfig.xFrameOptions().equals("Deny")) {
            httpSecurity.headers().frameOptions().deny();
        } else {
            httpSecurity.headers().frameOptions().disable();
        }
        httpSecurity.addFilterBefore(authenticationTokenFilterBean(), UsernamePasswordAuthenticationFilter.class);
    }
}
