package io.nerv.core.security;

import org.keycloak.adapters.KeycloakConfigResolver;
import org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver;
import org.keycloak.adapters.springsecurity.KeycloakConfiguration;
import org.keycloak.adapters.springsecurity.KeycloakSecurityComponents;
import org.keycloak.adapters.springsecurity.authentication.KeycloakAuthenticationProvider;
import org.keycloak.adapters.springsecurity.client.KeycloakClientRequestFactory;
import org.keycloak.adapters.springsecurity.client.KeycloakRestTemplate;
import org.keycloak.adapters.springsecurity.config.KeycloakWebSecurityConfigurerAdapter;
import org.keycloak.adapters.springsecurity.filter.KeycloakAuthenticatedActionsFilter;
import org.keycloak.adapters.springsecurity.filter.KeycloakAuthenticationProcessingFilter;
import org.keycloak.adapters.springsecurity.filter.KeycloakPreAuthActionsFilter;
import org.keycloak.adapters.springsecurity.filter.KeycloakSecurityContextRequestFilter;
import org.keycloak.adapters.springsecurity.management.HttpSessionManager;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.boot.web.servlet.ServletRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Scope;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;
import org.springframework.security.core.authority.mapping.SimpleAuthorityMapper;
import org.springframework.security.web.access.intercept.FilterSecurityInterceptor;
import org.springframework.security.web.authentication.session.NullAuthenticatedSessionStrategy;
import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy;

@KeycloakConfiguration
@EnableGlobalMethodSecurity(prePostEnabled = true)
@ComponentScan(basePackageClasses = {KeycloakSecurityComponents.class})
/* loaded from: input_file:io/nerv/core/security/SSOSecurityConfig.class */
public class SSOSecurityConfig extends KeycloakWebSecurityConfigurerAdapter {
    private final KeycloakClientRequestFactory keycloakClientRequestFactory;
    private final KeycloakAuthenticationProcessingFilter keycloakAuthenticationProcessingFilter;
    private final KeycloakPreAuthActionsFilter keycloakPreAuthActionsFilter;
    private String[] ignorePaths = new String[0];

    public SSOSecurityConfig(KeycloakClientRequestFactory keycloakClientRequestFactory, KeycloakAuthenticationProcessingFilter keycloakAuthenticationProcessingFilter, KeycloakPreAuthActionsFilter keycloakPreAuthActionsFilter) {
        this.keycloakClientRequestFactory = keycloakClientRequestFactory;
        this.keycloakAuthenticationProcessingFilter = keycloakAuthenticationProcessingFilter;
        this.keycloakPreAuthActionsFilter = keycloakPreAuthActionsFilter;
    }

    public void configure(WebSecurity webSecurity) {
        webSecurity.ignoring().antMatchers(this.ignorePaths);
    }

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder authenticationManagerBuilder) {
        authenticationManagerBuilder.authenticationProvider(keycloakAuthenticationProvider());
    }

    protected void configure(AuthenticationManagerBuilder authenticationManagerBuilder) {
        authenticationManagerBuilder.authenticationProvider(keycloakAuthenticationProvider());
    }

    protected KeycloakAuthenticationProvider keycloakAuthenticationProvider() {
        KeycloakAuthenticationProvider keycloakAuthenticationProvider = super.keycloakAuthenticationProvider();
        keycloakAuthenticationProvider.setGrantedAuthoritiesMapper(grantedAuthoritiesMapper());
        return keycloakAuthenticationProvider;
    }

    @Bean
    public GrantedAuthoritiesMapper grantedAuthoritiesMapper() {
        SimpleAuthorityMapper simpleAuthorityMapper = new SimpleAuthorityMapper();
        simpleAuthorityMapper.setConvertToUpperCase(true);
        return simpleAuthorityMapper;
    }

    @Scope("prototype")
    @Bean
    public KeycloakRestTemplate keycloakRestTemplate() {
        return new KeycloakRestTemplate(this.keycloakClientRequestFactory);
    }

    @Bean
    public KeycloakConfigResolver keycloakConfigResolver() {
        return new KeycloakSpringBootConfigResolver();
    }

    @Bean
    protected SessionAuthenticationStrategy sessionAuthenticationStrategy() {
        return new NullAuthenticatedSessionStrategy();
    }

    protected void configure(HttpSecurity httpSecurity) throws Exception {
        super.configure(httpSecurity);
        ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.csrf().disable().cors().and().sessionManagement().disable().authorizeRequests().anyRequest()).permitAll();
        httpSecurity.addFilterBefore(this.keycloakAuthenticationProcessingFilter, FilterSecurityInterceptor.class).addFilterBefore(this.keycloakPreAuthActionsFilter, KeycloakAuthenticationProcessingFilter.class);
    }

    @Bean
    public FilterRegistrationBean keycloakAuthenticationProcessingFilterRegistrationBean(KeycloakAuthenticationProcessingFilter keycloakAuthenticationProcessingFilter) {
        FilterRegistrationBean filterRegistrationBean = new FilterRegistrationBean(keycloakAuthenticationProcessingFilter, new ServletRegistrationBean[0]);
        filterRegistrationBean.setEnabled(false);
        return filterRegistrationBean;
    }

    @Bean
    public FilterRegistrationBean keycloakPreAuthActionsFilterRegistrationBean(KeycloakPreAuthActionsFilter keycloakPreAuthActionsFilter) {
        FilterRegistrationBean filterRegistrationBean = new FilterRegistrationBean(keycloakPreAuthActionsFilter, new ServletRegistrationBean[0]);
        filterRegistrationBean.setEnabled(false);
        return filterRegistrationBean;
    }

    @Bean
    public FilterRegistrationBean keycloakAuthenticatedActionsFilterBean(KeycloakAuthenticatedActionsFilter keycloakAuthenticatedActionsFilter) {
        FilterRegistrationBean filterRegistrationBean = new FilterRegistrationBean(keycloakAuthenticatedActionsFilter, new ServletRegistrationBean[0]);
        filterRegistrationBean.setEnabled(false);
        return filterRegistrationBean;
    }

    @Bean
    public FilterRegistrationBean keycloakSecurityContextRequestFilterBean(KeycloakSecurityContextRequestFilter keycloakSecurityContextRequestFilter) {
        FilterRegistrationBean filterRegistrationBean = new FilterRegistrationBean(keycloakSecurityContextRequestFilter, new ServletRegistrationBean[0]);
        filterRegistrationBean.setEnabled(false);
        return filterRegistrationBean;
    }

    @ConditionalOnMissingBean({HttpSessionManager.class})
    @Bean
    protected HttpSessionManager httpSessionManager() {
        return new HttpSessionManager();
    }
}
