package tech.prodigio.core.libcoresecurity.config;

import com.fasterxml.jackson.databind.ObjectMapper;
import java.util.List;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.firewall.HttpStatusRequestRejectedHandler;
import org.springframework.security.web.header.HeaderWriter;
import org.springframework.security.web.header.writers.CrossOriginEmbedderPolicyHeaderWriter;
import org.springframework.security.web.header.writers.CrossOriginOpenerPolicyHeaderWriter;
import org.springframework.security.web.header.writers.CrossOriginResourcePolicyHeaderWriter;
import org.springframework.security.web.header.writers.ReferrerPolicyHeaderWriter;
import org.springframework.security.web.header.writers.StaticHeadersWriter;
import org.springframework.security.web.header.writers.XXssProtectionHeaderWriter;
import org.springframework.web.cors.CorsConfiguration;
import tech.prodigio.core.libcoresecurity.handler.CustomHttpStatusRequestRejectedHandler;

@Configuration
/* loaded from: input_file:tech/prodigio/core/libcoresecurity/config/SecurityConfig.class */
public class SecurityConfig {

    @Value("${lib.core.security.custom.exposed.headers:}")
    private String customExposedHeaders;

    @Bean
    public SecurityFilterChain filterChain(HttpSecurity httpSecurity) throws Exception {
        httpSecurity.headers(headersConfigurer -> {
            headersConfigurer.xssProtection(xXssConfig -> {
                xXssConfig.headerValue(XXssProtectionHeaderWriter.HeaderValue.ENABLED_MODE_BLOCK);
            }).referrerPolicy(referrerPolicyConfig -> {
                referrerPolicyConfig.policy(ReferrerPolicyHeaderWriter.ReferrerPolicy.NO_REFERRER);
            }).crossOriginResourcePolicy(crossOriginResourcePolicyConfig -> {
                crossOriginResourcePolicyConfig.policy(CrossOriginResourcePolicyHeaderWriter.CrossOriginResourcePolicy.SAME_SITE);
            }).contentSecurityPolicy(contentSecurityPolicyConfig -> {
                contentSecurityPolicyConfig.policyDirectives("default-src 'self'; form-action 'self'; object-src 'none'; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content");
            }).crossOriginEmbedderPolicy(crossOriginEmbedderPolicyConfig -> {
                crossOriginEmbedderPolicyConfig.policy(CrossOriginEmbedderPolicyHeaderWriter.CrossOriginEmbedderPolicy.REQUIRE_CORP);
            }).crossOriginOpenerPolicy(crossOriginOpenerPolicyConfig -> {
                crossOriginOpenerPolicyConfig.policy(CrossOriginOpenerPolicyHeaderWriter.CrossOriginOpenerPolicy.SAME_ORIGIN);
            }).addHeaderWriter(getPermissionsPolicyHeaderWriter()).addHeaderWriter(getXPermittedCrossDomainPoliciesHeaderWriter()).addHeaderWriter(getXDownloadOptionsHeaderWriter()).addHeaderWriter(accessControlExposeHeaders()).addHeaderWriter(getClearSiteDataHeaderWriter());
        });
        httpSecurity.cors(corsConfigurer -> {
            corsConfigurer.configurationSource(httpServletRequest -> {
                return buildCorsConfiguration();
            });
        });
        httpSecurity.csrf((v0) -> {
            v0.disable();
        });
        return (SecurityFilterChain) httpSecurity.build();
    }

    @Bean
    public HttpStatusRequestRejectedHandler customHttpStatusRequestRejectedHandler(ObjectMapper objectMapper) {
        return new CustomHttpStatusRequestRejectedHandler(objectMapper);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static CorsConfiguration buildCorsConfiguration() {
        CorsConfiguration corsConfiguration = new CorsConfiguration();
        corsConfiguration.setAllowedOrigins(List.of("*"));
        corsConfiguration.setAllowedMethods(List.of("OPTIONS", "GET", "POST", "PUT"));
        corsConfiguration.setAllowedHeaders(List.of("Content-Type", "origin", "x-origin"));
        return corsConfiguration;
    }

    private HeaderWriter getPermissionsPolicyHeaderWriter() {
        return new StaticHeadersWriter("Permissions-Policy", new String[]{"geolocation=(), microphone=(), camera=(), fullscreen=(), payment=()"});
    }

    private HeaderWriter getXPermittedCrossDomainPoliciesHeaderWriter() {
        return new StaticHeadersWriter("X-Permitted-Cross-Domain-Policies", new String[]{"none"});
    }

    private HeaderWriter getXDownloadOptionsHeaderWriter() {
        return new StaticHeadersWriter("X-Download-Options", new String[]{"noopen"});
    }

    private HeaderWriter getClearSiteDataHeaderWriter() {
        return new StaticHeadersWriter("Clear-Site-Data", new String[]{String.join(", ", List.of("\"cache\"", "\"cookies\"", "\"storage\"", "\"executionContexts\""))});
    }

    private HeaderWriter accessControlExposeHeaders() {
        return new StaticHeadersWriter("Access-Control-Expose-Headers", new String[]{getExposedHeaders()});
    }

    private String getExposedHeaders() {
        return (String) Stream.concat(Stream.of((Object[]) new String[]{"count", "x-trace-id"}), Stream.of((Object[]) this.customExposedHeaders.split(","))).map(str -> {
            return str.replaceAll("\\s+", "");
        }).filter(str2 -> {
            return !str2.isBlank();
        }).collect(Collectors.joining(","));
    }

    @Bean
    public AuthenticationManager disableUserAuthentication() {
        return authentication -> {
            throw new AuthenticationServiceException("Authentication is disabled");
        };
    }
}
