package io.igia.config.fhir;

import ca.uhn.fhir.context.FhirContext;
import ca.uhn.fhir.rest.server.exceptions.InternalErrorException;
import ca.uhn.fhir.rest.server.exceptions.InvalidRequestException;
import ca.uhn.fhir.rest.server.interceptor.CorsInterceptor;
import ca.uhn.fhir.rest.server.interceptor.IServerInterceptor;
import ca.uhn.fhir.rest.server.interceptor.LoggingInterceptor;
import ca.uhn.fhir.rest.server.interceptor.ResponseHighlighterInterceptor;
import io.igia.config.fhir.interceptor.IgiaExceptionHandlingInterceptor;
import io.igia.config.fhir.interceptor.ScopeBasedAuthorizationInterceptor;
import io.igia.config.fhir.rest.IgiaFhirController;
import io.igia.config.fhir.server.FhirRestfulServerCustomizer;
import java.util.Arrays;
import java.util.Map;
import java.util.Optional;
import javax.annotation.PostConstruct;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.boot.autoconfigure.AutoConfigureAfter;
import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
import org.springframework.boot.autoconfigure.condition.ConditionalOnExpression;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration;
import org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration;
import org.springframework.boot.autoconfigure.security.oauth2.resource.ResourceServerProperties;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.http.HttpEntity;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.oauth2.client.OAuth2RestTemplate;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;
import org.springframework.security.oauth2.provider.token.store.JwtTokenStore;
import org.springframework.web.client.RestTemplate;
import org.springframework.web.cors.CorsConfiguration;

@EnableConfigurationProperties({FhirProperties.class})
@Configuration
@ConditionalOnClass({IgiaFhirController.class})
@AutoConfigureAfter({DataSourceAutoConfiguration.class, HibernateJpaAutoConfiguration.class})
/* loaded from: input_file:io/igia/config/fhir/IgiaFhirAutoConfiguration.class */
public class IgiaFhirAutoConfiguration {
    private final Logger log = LoggerFactory.getLogger(IgiaFhirAutoConfiguration.class);
    private final FhirProperties properties;
    private final ResourceServerProperties resourceServerProperties;

    @Configuration
    @Order(1)
    /* loaded from: input_file:io/igia/config/fhir/IgiaFhirAutoConfiguration$ResourceServerConfiguration.class */
    protected static class ResourceServerConfiguration extends ResourceServerConfigurerAdapter {
        protected ResourceServerConfiguration() {
        }

        public void configure(HttpSecurity httpSecurity) throws Exception {
            ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.authorizeRequests().antMatchers(new String[]{"/api/metadata"})).permitAll();
        }
    }

    public IgiaFhirAutoConfiguration(FhirProperties fhirProperties, ResourceServerProperties resourceServerProperties) {
        this.log.info("Starting FHIR auto configuration");
        this.properties = fhirProperties;
        this.resourceServerProperties = resourceServerProperties;
    }

    @PostConstruct
    public void init() {
        this.log.debug("creating FHIR auto configuration done");
    }

    @ConditionalOnMissingBean
    @Bean
    public FhirContext fhirContext() {
        return new FhirContext(this.properties.getVersion());
    }

    @ConditionalOnMissingBean(name = {"fhirRestfulServerCustomizer"})
    @Bean
    public FhirRestfulServerCustomizer fhirRestfulServerCustomizer() {
        return new IgiaRestfulServerCustomizer(this.properties);
    }

    @ConditionalOnMissingBean
    @Bean
    public CorsInterceptor corsInterceptor() {
        CorsConfiguration corsConfiguration = new CorsConfiguration();
        CorsInterceptor corsInterceptor = new CorsInterceptor(corsConfiguration);
        corsConfiguration.addAllowedHeader("Accept");
        corsConfiguration.addAllowedHeader("Content-Type");
        corsConfiguration.addAllowedOrigin("*");
        corsConfiguration.addExposedHeader("Location");
        corsConfiguration.addExposedHeader("Content-Location");
        corsConfiguration.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "DELETE", "OPTIONS"));
        return corsInterceptor;
    }

    @ConditionalOnMissingBean
    @Bean
    public ResponseHighlighterInterceptor responseHighlighterInterceptor() {
        return new ResponseHighlighterInterceptor();
    }

    @ConditionalOnMissingBean(name = {"loggingInterceptor"})
    @ConditionalOnProperty(value = {"hapi.fhir.rest.logging.access"}, havingValue = "true", matchIfMissing = false)
    @Bean
    public IServerInterceptor loggingInterceptor() {
        LoggingInterceptor loggingInterceptor = new LoggingInterceptor();
        loggingInterceptor.setLoggerName("igia_fhir.access");
        loggingInterceptor.setMessageFormat("Path[${servletPath}] Source[${requestHeader.x-forwarded-for}] Operation[${operationType} ${operationName} ${idOrResourceName}] UA[${requestHeader.user-agent}] Params[${requestParameters}] ResponseEncoding[${responseEncodingNoDefault}]");
        loggingInterceptor.setLogExceptions(true);
        loggingInterceptor.setErrorMessageFormat("ERROR - ${requestVerb} ${requestUrl}");
        return loggingInterceptor;
    }

    @ConditionalOnMissingBean(name = {"stacktraceExceptionHandlingInterceptor"})
    @ConditionalOnProperty(value = {"hapi.fhir.rest.exception.stacktrace"}, havingValue = "true", matchIfMissing = false)
    @Bean
    public IServerInterceptor stacktraceExceptionHandlingInterceptor() {
        IgiaExceptionHandlingInterceptor igiaExceptionHandlingInterceptor = new IgiaExceptionHandlingInterceptor();
        igiaExceptionHandlingInterceptor.setReturnStackTracesForExceptionTypes(new Class[]{InternalErrorException.class, InvalidRequestException.class});
        return igiaExceptionHandlingInterceptor;
    }

    @ConditionalOnMissingBean(name = {"exceptionHandlingInterceptor"})
    @ConditionalOnProperty(value = {"hapi.fhir.rest.exception.stacktrace"}, havingValue = "false", matchIfMissing = true)
    @Bean
    public IServerInterceptor exceptionHandlingInterceptor() {
        return new IgiaExceptionHandlingInterceptor();
    }

    @ConditionalOnMissingBean(name = {"scopeBasedAuthorizationInterceptor"})
    @Bean
    @ConditionalOnExpression("'${hspc.platform.api.security.mode}'=='secured' || '${hspc.platform.api.security.mode}'=='mock'")
    public ScopeBasedAuthorizationInterceptor scopeBasedAuthorizationInterceptor(TokenStore tokenStore, OAuth2RestTemplate oAuth2RestTemplate) {
        return new ScopeBasedAuthorizationInterceptor(tokenStore, oAuth2RestTemplate);
    }

    @ConditionalOnMissingBean
    @ConditionalOnProperty({"security.oauth2.resource.jwt.key-uri"})
    @Bean
    public TokenStore tokenStore(JwtAccessTokenConverter jwtAccessTokenConverter) {
        return new JwtTokenStore(jwtAccessTokenConverter);
    }

    @ConditionalOnMissingBean
    @ConditionalOnProperty({"security.oauth2.resource.jwt.key-uri"})
    @Bean
    public JwtAccessTokenConverter jwtAccessTokenConverter() {
        JwtAccessTokenConverter jwtAccessTokenConverter = new JwtAccessTokenConverter();
        jwtAccessTokenConverter.setVerifierKey(getKeyFromAuthorizationServer());
        return jwtAccessTokenConverter;
    }

    private String getKeyFromAuthorizationServer() {
        return (String) Optional.ofNullable(((Map) new RestTemplate().exchange(this.resourceServerProperties.getJwt().getKeyUri(), HttpMethod.GET, new HttpEntity(new HttpHeaders()), Map.class, new Object[0]).getBody()).get("public_key")).map(obj -> {
            return String.format("-----BEGIN PUBLIC KEY-----\n%s\n-----END PUBLIC KEY-----", obj);
        }).orElse(this.resourceServerProperties.getJwt().getKeyValue());
    }
}
