package org.entur.jwt.spring;

import org.entur.jwt.spring.auth0.properties.SecurityProperties;
import org.entur.jwt.spring.config.AuthorizationWebSecurityConfig;
import org.entur.jwt.spring.config.JwtFilterWebSecurityConfig;
import org.entur.jwt.spring.filter.JwtServerAuthenticationConverter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.AutoConfigureAfter;
import org.springframework.boot.autoconfigure.condition.ConditionalOnBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
import org.springframework.boot.autoconfigure.condition.ConditionalOnExpression;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.ReactiveAuthenticationManager;
import org.springframework.security.config.annotation.method.configuration.EnableReactiveMethodSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
import org.springframework.security.config.web.server.ServerHttpSecurity;
import org.springframework.security.web.server.SecurityWebFilterChain;
import org.springframework.security.web.server.ServerAuthenticationEntryPoint;
import org.springframework.security.web.server.authentication.ServerAuthenticationFailureHandler;

@EnableConfigurationProperties({SecurityProperties.class})
@Configuration
@ConditionalOnClass({WebSecurityConfigurerAdapter.class})
@AutoConfigureAfter({JwtWebFluxAutoConfiguration.class})
@ConditionalOnExpression("${entur.authorization.enabled:true} || ${entur.jwt.enabled:true}")
/* loaded from: input_file:org/entur/jwt/spring/JwtWebSecurityAutoConfiguration.class */
public class JwtWebSecurityAutoConfiguration {
    private static final Logger log = LoggerFactory.getLogger(JwtWebSecurityAutoConfiguration.class);

    @Configuration
    @ConditionalOnBean(name = {"springSecurityFilterChain"})
    @ConditionalOnProperty(name = {"entur.authorization.enabled"}, havingValue = "true", matchIfMissing = true)
    /* loaded from: input_file:org/entur/jwt/spring/JwtWebSecurityAutoConfiguration$AuthorizationConfigurationGuard.class */
    public static class AuthorizationConfigurationGuard {
        public AuthorizationConfigurationGuard() {
            throw new IllegalStateException("Authorization does not work for custom spring filter chain. Add 'entur.authorization.enabled=false' or disable this starter using @SpringBootApplication(exclude = {JwtWebSecurityAutoConfiguration.class}).");
        }
    }

    @Configuration
    @EnableWebFluxSecurity
    @ConditionalOnMissingBean(name = {"springSecurityFilterChain"})
    @EnableReactiveMethodSecurity
    @ConditionalOnExpression("${entur.authorization.enabled:true} && ${entur.jwt.enabled:true}")
    /* loaded from: input_file:org/entur/jwt/spring/JwtWebSecurityAutoConfiguration$CompositeWebSecurityConfiguration.class */
    public static class CompositeWebSecurityConfiguration {
        private final AuthorizationWebSecurityConfig authorizationWebSecurityConfig;
        private final JwtFilterWebSecurityConfig jwtFilterWebSecurityConfig;

        @Autowired
        public CompositeWebSecurityConfiguration(SecurityProperties securityProperties, ReactiveAuthenticationManager reactiveAuthenticationManager, JwtServerAuthenticationConverter<?> jwtServerAuthenticationConverter, @Autowired(required = false) ServerAuthenticationEntryPoint serverAuthenticationEntryPoint, ServerAuthenticationFailureHandler serverAuthenticationFailureHandler) {
            JwtWebSecurityAutoConfiguration.log.info("Configure JWT authentication filter + authorization");
            this.authorizationWebSecurityConfig = new AuthorizationWebSecurityConfig(securityProperties.getAuthorization()) { // from class: org.entur.jwt.spring.JwtWebSecurityAutoConfiguration.CompositeWebSecurityConfiguration.1
            };
            this.jwtFilterWebSecurityConfig = new JwtFilterWebSecurityConfig(reactiveAuthenticationManager, jwtServerAuthenticationConverter, serverAuthenticationEntryPoint, serverAuthenticationFailureHandler) { // from class: org.entur.jwt.spring.JwtWebSecurityAutoConfiguration.CompositeWebSecurityConfiguration.2
            };
        }

        @Bean
        public SecurityWebFilterChain configure(ServerHttpSecurity serverHttpSecurity) throws Exception {
            this.authorizationWebSecurityConfig.configure(serverHttpSecurity);
            return this.jwtFilterWebSecurityConfig.configure(serverHttpSecurity).build();
        }
    }

    @Configuration
    @EnableWebFluxSecurity
    @ConditionalOnMissingBean(name = {"springSecurityFilterChain"})
    @EnableReactiveMethodSecurity
    @ConditionalOnExpression("${entur.authorization.enabled:true} && !${entur.jwt.enabled:true}")
    /* loaded from: input_file:org/entur/jwt/spring/JwtWebSecurityAutoConfiguration$EnturAuthorizationWebSecurityConfigConfigurerAdapter.class */
    public static class EnturAuthorizationWebSecurityConfigConfigurerAdapter {
        private final AuthorizationWebSecurityConfig authorizationWebSecurityConfig;

        @Autowired
        public EnturAuthorizationWebSecurityConfigConfigurerAdapter(SecurityProperties securityProperties) {
            this.authorizationWebSecurityConfig = new AuthorizationWebSecurityConfig(securityProperties.getAuthorization()) { // from class: org.entur.jwt.spring.JwtWebSecurityAutoConfiguration.EnturAuthorizationWebSecurityConfigConfigurerAdapter.1
            };
        }

        @Bean
        public SecurityWebFilterChain configure(ServerHttpSecurity serverHttpSecurity) throws Exception {
            JwtWebSecurityAutoConfiguration.log.info("Configure authorization");
            return this.authorizationWebSecurityConfig.configure(serverHttpSecurity).build();
        }
    }

    @Configuration
    @EnableWebFluxSecurity
    @ConditionalOnMissingBean(name = {"springSecurityFilterChain"})
    @EnableReactiveMethodSecurity
    @ConditionalOnExpression("!${entur.authorization.enabled:true} && ${entur.jwt.enabled:true}")
    /* loaded from: input_file:org/entur/jwt/spring/JwtWebSecurityAutoConfiguration$EnturJwtFilterWebSecurityConfig.class */
    public static class EnturJwtFilterWebSecurityConfig {
        private final JwtFilterWebSecurityConfig jwtFilterWebSecurityConfig;

        @Autowired
        public EnturJwtFilterWebSecurityConfig(ReactiveAuthenticationManager reactiveAuthenticationManager, JwtServerAuthenticationConverter<?> jwtServerAuthenticationConverter, @Autowired(required = false) ServerAuthenticationEntryPoint serverAuthenticationEntryPoint, ServerAuthenticationFailureHandler serverAuthenticationFailureHandler) {
            this.jwtFilterWebSecurityConfig = new JwtFilterWebSecurityConfig(reactiveAuthenticationManager, jwtServerAuthenticationConverter, serverAuthenticationEntryPoint, serverAuthenticationFailureHandler) { // from class: org.entur.jwt.spring.JwtWebSecurityAutoConfiguration.EnturJwtFilterWebSecurityConfig.1
            };
        }

        @Bean
        public SecurityWebFilterChain configure(ServerHttpSecurity serverHttpSecurity) {
            JwtWebSecurityAutoConfiguration.log.info("Configure JWT authentication filter");
            return this.jwtFilterWebSecurityConfig.configure(serverHttpSecurity).build();
        }
    }

    @Configuration
    @ConditionalOnBean(name = {"springSecurityFilterChain"})
    @ConditionalOnProperty(name = {"entur.jwt.enabled"}, havingValue = "true", matchIfMissing = true)
    /* loaded from: input_file:org/entur/jwt/spring/JwtWebSecurityAutoConfiguration$JwtConfigurationGuard.class */
    public static class JwtConfigurationGuard {
        public JwtConfigurationGuard() {
            throw new IllegalStateException("JWT filter does not work for custom spring filter chain. Add 'entur.jwt.enabled=false' or disable this starter using @SpringBootApplication(exclude = {JwtWebSecurityAutoConfiguration.class}).");
        }
    }
}
