package org.openlmis.stockmanagement.security;

import java.io.IOException;
import java.util.Arrays;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Import;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.authentication.BearerTokenExtractor;
import org.springframework.security.oauth2.provider.authentication.TokenExtractor;
import org.springframework.security.oauth2.provider.token.AccessTokenConverter;
import org.springframework.security.oauth2.provider.token.DefaultAccessTokenConverter;
import org.springframework.security.oauth2.provider.token.RemoteTokenServices;
import org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.CorsConfigurationSource;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
import org.springframework.web.filter.OncePerRequestFilter;

@Configuration
@EnableWebSecurity
@EnableResourceServer
@Import({MethodSecurityConfiguration.class})
/* loaded from: input_file:org/openlmis/stockmanagement/security/ResourceServerSecurityConfiguration.class */
public class ResourceServerSecurityConfiguration implements ResourceServerConfigurer {
    private TokenExtractor tokenExtractor = new BearerTokenExtractor();

    @Value("${auth.resourceId}")
    private String resourceId;

    @Value("${cors.allowedOrigins}")
    private String[] allowedOrigins;

    @Value("${cors.allowedMethods}")
    private String[] allowedMethods;

    public void configure(ResourceServerSecurityConfigurer resourceServerSecurityConfigurer) throws Exception {
        resourceServerSecurityConfigurer.resourceId(this.resourceId);
    }

    public void configure(HttpSecurity httpSecurity) throws Exception {
        httpSecurity.addFilterAfter(new OncePerRequestFilter() { // from class: org.openlmis.stockmanagement.security.ResourceServerSecurityConfiguration.1
            protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
                if (ResourceServerSecurityConfiguration.this.tokenExtractor.extract(httpServletRequest) == null) {
                    SecurityContextHolder.clearContext();
                }
                filterChain.doFilter(httpServletRequest, httpServletResponse);
            }
        }, AbstractPreAuthenticatedProcessingFilter.class);
        httpSecurity.csrf().disable();
        ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.authorizeRequests().antMatchers(new String[]{"/stockmanagement", "/webjars/**", "/stockmanagement/webjars/**", "/stockmanagement/docs/**"})).permitAll().antMatchers(new String[]{"/**"})).fullyAuthenticated();
    }

    @Bean
    public AccessTokenConverter accessTokenConverter() {
        DefaultAccessTokenConverter defaultAccessTokenConverter = new DefaultAccessTokenConverter();
        defaultAccessTokenConverter.setUserTokenConverter(new CustomUserAuthenticationConverter());
        return defaultAccessTokenConverter;
    }

    @Autowired
    @Bean
    public RemoteTokenServices remoteTokenServices(@Value("${auth.server.url}") String str, @Value("${auth.server.clientId}") String str2, @Value("${auth.server.clientSecret}") String str3, @Value("${auth.server.invalidToken.retryLimit}") int i) {
        CustomTokenServices customTokenServices = new CustomTokenServices(i);
        customTokenServices.setCheckTokenEndpointUrl(str);
        customTokenServices.setClientId(str2);
        customTokenServices.setClientSecret(str3);
        customTokenServices.setAccessTokenConverter(accessTokenConverter());
        return customTokenServices;
    }

    @Bean
    public CorsConfigurationSource corsConfigurationSource() {
        UrlBasedCorsConfigurationSource urlBasedCorsConfigurationSource = new UrlBasedCorsConfigurationSource();
        if (this.allowedOrigins.length > 0) {
            CorsConfiguration corsConfiguration = new CorsConfiguration();
            corsConfiguration.setAllowedOrigins(Arrays.asList(this.allowedOrigins));
            corsConfiguration.setAllowedMethods(Arrays.asList(this.allowedMethods));
            urlBasedCorsConfigurationSource.registerCorsConfiguration("/**", corsConfiguration);
        }
        return urlBasedCorsConfigurationSource;
    }
}
