package at.letto.basespringboot.security;

import at.letto.basespringboot.config.BaseMicroServiceConfiguration;
import at.letto.login.restclient.RestLoginService;
import at.letto.restclient.endpoint.EndpointInterface;
import at.letto.security.LettoToken;
import at.letto.security.SecurityConstants;
import jakarta.servlet.Filter;
import jakarta.servlet.http.HttpServletRequest;
import java.util.Base64;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.ApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.authorization.AuthorizationDecision;
import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.context.HttpSessionSecurityContextRepository;
import org.springframework.security.web.server.ServerHttpBasicAuthenticationConverter;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;

@Configuration
@EnableWebSecurity
/* loaded from: input_file:BOOT-INF/lib/basespringboot-1.2.jar:at/letto/basespringboot/security/WebSecurityConfig.class */
public class WebSecurityConfig {

    @Autowired
    private JwtAuthenticationEntryPoint unauthorizedHandler;

    @Autowired
    private JwtAuthenticationProvider jwtAuthenticationProvider;

    @Autowired
    private JwtAuthenticationTokenFilter jwtAuthenticationFilter;

    @Autowired
    private BaseLettoUserDetailsService userInfoService;

    @Autowired
    private MessageService messageService;
    private EndpointInterface endpoint;

    @Autowired
    private ApplicationContext appContext;
    private static Base64.Decoder decoder = Base64.getUrlDecoder();

    @Autowired
    public void configureAuthentication(AuthenticationManagerBuilder authenticationManagerBuilder) {
        authenticationManagerBuilder.authenticationProvider((AuthenticationProvider) this.jwtAuthenticationProvider);
    }

    public void init(BaseMicroServiceConfiguration baseMicroServiceConfiguration, EndpointInterface endpointInterface) {
        baseMicroServiceConfiguration.webSecurityConfig = this;
        setJwtSecret(baseMicroServiceConfiguration.getJwtSecret(), baseMicroServiceConfiguration.getJwtExpiration(), baseMicroServiceConfiguration);
        this.endpoint = endpointInterface;
        this.messageService.init(baseMicroServiceConfiguration);
        this.userInfoService.loadUserList();
    }

    public void setJwtSecret(String str, long j, BaseMicroServiceConfiguration baseMicroServiceConfiguration) {
        this.jwtAuthenticationProvider.init(str, j, new RestLoginService(baseMicroServiceConfiguration.getLoginServiceUri()));
    }

    public void setUseLoginService(boolean z) {
        this.jwtAuthenticationProvider.getJwtService().setUseLoginService(z);
    }

    public void setUseRedis(boolean z) {
        this.jwtAuthenticationProvider.getJwtService().setUseRedis(z);
    }

    public void setUseSecret(boolean z) {
        this.jwtAuthenticationProvider.getJwtService().setUseSecret(z);
    }

    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }

    @Bean
    public AuthenticationProvider daoAuthenticationProvider() {
        DaoAuthenticationProvider daoAuthenticationProvider = new DaoAuthenticationProvider();
        daoAuthenticationProvider.setPasswordEncoder(passwordEncoder());
        daoAuthenticationProvider.setUserDetailsService(this.userInfoService);
        return daoAuthenticationProvider;
    }

    @Bean
    public SecurityFilterChain filterChain1(HttpSecurity httpSecurity) throws Exception {
        httpSecurity.cors(Customizer.withDefaults()).csrf(csrfConfigurer -> {
            csrfConfigurer.disable();
        }).exceptionHandling(exceptionHandlingConfigurer -> {
            exceptionHandlingConfigurer.authenticationEntryPoint(this.unauthorizedHandler);
        }).sessionManagement(sessionManagementConfigurer -> {
            sessionManagementConfigurer.sessionCreationPolicy(SessionCreationPolicy.STATELESS);
        }).securityMatcher("/*").authorizeHttpRequests(authorizationManagerRequestMatcherRegistry -> {
            authorizationManagerRequestMatcherRegistry.anyRequest().permitAll();
        });
        return httpSecurity.build();
    }

    @Bean
    public SecurityFilterChain filterChain2(HttpSecurity httpSecurity) throws Exception {
        httpSecurity.cors(Customizer.withDefaults()).csrf(csrfConfigurer -> {
            csrfConfigurer.disable();
        }).headers(headersConfigurer -> {
            headersConfigurer.frameOptions(frameOptionsConfig -> {
                frameOptionsConfig.disable();
            });
        }).exceptionHandling(exceptionHandlingConfigurer -> {
            exceptionHandlingConfigurer.authenticationEntryPoint(this.unauthorizedHandler);
        }).sessionManagement(sessionManagementConfigurer -> {
            sessionManagementConfigurer.sessionCreationPolicy(SessionCreationPolicy.STATELESS);
        }).securityMatcher(this.endpoint.servicepath() + "/*").authorizeHttpRequests(authorizationManagerRequestMatcherRegistry -> {
            authorizationManagerRequestMatcherRegistry.anyRequest().permitAll();
        });
        return httpSecurity.build();
    }

    @Bean
    public SecurityFilterChain filterChain3(HttpSecurity httpSecurity) throws Exception {
        httpSecurity.cors(Customizer.withDefaults()).csrf(csrfConfigurer -> {
            csrfConfigurer.disable();
        }).headers(headersConfigurer -> {
            headersConfigurer.frameOptions(frameOptionsConfig -> {
                frameOptionsConfig.disable();
            });
        }).exceptionHandling(exceptionHandlingConfigurer -> {
            exceptionHandlingConfigurer.authenticationEntryPoint(this.unauthorizedHandler);
        }).sessionManagement(sessionManagementConfigurer -> {
            sessionManagementConfigurer.sessionCreationPolicy(SessionCreationPolicy.STATELESS);
        }).securityMatcher(this.endpoint.OPEN() + "/**", "/open/**").authorizeHttpRequests(authorizationManagerRequestMatcherRegistry -> {
            authorizationManagerRequestMatcherRegistry.anyRequest().permitAll();
        });
        return httpSecurity.build();
    }

    @Bean
    public SecurityFilterChain filterChain4(HttpSecurity httpSecurity) throws Exception {
        httpSecurity.cors(Customizer.withDefaults()).csrf(csrfConfigurer -> {
            csrfConfigurer.disable();
        }).exceptionHandling(exceptionHandlingConfigurer -> {
            exceptionHandlingConfigurer.authenticationEntryPoint(this.unauthorizedHandler);
        }).sessionManagement(sessionManagementConfigurer -> {
            sessionManagementConfigurer.sessionCreationPolicy(SessionCreationPolicy.STATELESS);
        }).securityMatcher(this.endpoint.API() + "/**", "/api/**").authorizeHttpRequests(authorizationManagerRequestMatcherRegistry -> {
            authorizationManagerRequestMatcherRegistry.requestMatchers(new AntPathRequestMatcher(this.endpoint.API() + "/"), new AntPathRequestMatcher(this.endpoint.OPENAPI()), new AntPathRequestMatcher(this.endpoint.OPENAPI() + "/"), new AntPathRequestMatcher(this.endpoint.OPENAPI() + "/**")).permitAll().requestMatchers(new AntPathRequestMatcher(this.endpoint.STUDENT() + "/**")).hasAnyAuthority(LettoToken.ROLE_STUDENT, LettoToken.ROLE_TEACHER, "admin").requestMatchers(new AntPathRequestMatcher(this.endpoint.TEACHER() + "/**")).hasAnyAuthority(LettoToken.ROLE_TEACHER, "admin").requestMatchers(new AntPathRequestMatcher(this.endpoint.ADMIN() + "/**")).hasAnyAuthority("admin").requestMatchers(new AntPathRequestMatcher(this.endpoint.GLOBAL() + "/**")).hasAnyAuthority("global").requestMatchers(new AntPathRequestMatcher("/api/"), new AntPathRequestMatcher("/api/open"), new AntPathRequestMatcher("/api/open/"), new AntPathRequestMatcher("/api/open/**")).permitAll().requestMatchers(new AntPathRequestMatcher("/api/student/**")).hasAnyAuthority(LettoToken.ROLE_STUDENT, LettoToken.ROLE_TEACHER, "admin").requestMatchers(new AntPathRequestMatcher("/api/teacher/**")).hasAnyAuthority(LettoToken.ROLE_TEACHER, "admin").requestMatchers(new AntPathRequestMatcher("/api/admin/**")).hasAnyAuthority("admin").requestMatchers(new AntPathRequestMatcher("/api/global/**")).hasAnyAuthority("global").anyRequest().authenticated();
        });
        httpSecurity.addFilterBefore((Filter) this.jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);
        return httpSecurity.build();
    }

    @Bean
    public SecurityFilterChain filterChain5(HttpSecurity httpSecurity) throws Exception {
        httpSecurity.cors(Customizer.withDefaults()).csrf(csrfConfigurer -> {
            csrfConfigurer.disable();
        }).exceptionHandling(exceptionHandlingConfigurer -> {
            exceptionHandlingConfigurer.authenticationEntryPoint(this.unauthorizedHandler);
        }).sessionManagement(sessionManagementConfigurer -> {
            sessionManagementConfigurer.sessionCreationPolicy(SessionCreationPolicy.STATELESS);
        }).securityMatcher(this.endpoint.AUTH() + "/**", "/auth/**").authorizeHttpRequests(authorizationManagerRequestMatcherRegistry -> {
            authorizationManagerRequestMatcherRegistry.requestMatchers(new AntPathRequestMatcher(this.endpoint.AUTH_GAST() + "/**")).access((supplier, requestAuthorizationContext) -> {
                return new AuthorizationDecision(check(supplier, requestAuthorizationContext.getRequest(), "ROLE_gast"));
            }).requestMatchers(new AntPathRequestMatcher(this.endpoint.AUTH_USER() + "/**")).access((supplier2, requestAuthorizationContext2) -> {
                return new AuthorizationDecision(check(supplier2, requestAuthorizationContext2.getRequest(), "ROLE_user"));
            }).requestMatchers(new AntPathRequestMatcher(this.endpoint.AUTH_LETTO() + "/**")).access((supplier3, requestAuthorizationContext3) -> {
                return new AuthorizationDecision(check(supplier3, requestAuthorizationContext3.getRequest(), "ROLE_letto"));
            }).requestMatchers(new AntPathRequestMatcher(this.endpoint.AUTH_ADMIN() + "/**")).access((supplier4, requestAuthorizationContext4) -> {
                return new AuthorizationDecision(check(supplier4, requestAuthorizationContext4.getRequest(), "ROLE_admin"));
            }).requestMatchers(new AntPathRequestMatcher("/auth/gast/**")).access((supplier5, requestAuthorizationContext5) -> {
                return new AuthorizationDecision(check(supplier5, requestAuthorizationContext5.getRequest(), "ROLE_gast"));
            }).requestMatchers(new AntPathRequestMatcher("/auth/user/**")).access((supplier6, requestAuthorizationContext6) -> {
                return new AuthorizationDecision(check(supplier6, requestAuthorizationContext6.getRequest(), "ROLE_user"));
            }).requestMatchers(new AntPathRequestMatcher("/auth/letto/**")).access((supplier7, requestAuthorizationContext7) -> {
                return new AuthorizationDecision(check(supplier7, requestAuthorizationContext7.getRequest(), "ROLE_letto"));
            }).requestMatchers(new AntPathRequestMatcher("/auth/admin/**")).access((supplier8, requestAuthorizationContext8) -> {
                return new AuthorizationDecision(check(supplier8, requestAuthorizationContext8.getRequest(), "ROLE_admin"));
            }).anyRequest().authenticated();
        });
        return httpSecurity.build();
    }

    @Bean
    public SecurityFilterChain filterChain6(HttpSecurity httpSecurity) throws Exception {
        httpSecurity.cors(Customizer.withDefaults()).csrf(csrfConfigurer -> {
            csrfConfigurer.disable();
        }).httpBasic(Customizer.withDefaults()).securityContext(securityContextConfigurer -> {
            securityContextConfigurer.securityContextRepository(new HttpSessionSecurityContextRepository());
        }).securityMatcher(this.endpoint.SESSION() + "/**").authorizeHttpRequests(authorizationManagerRequestMatcherRegistry -> {
            authorizationManagerRequestMatcherRegistry.requestMatchers(new AntPathRequestMatcher(this.endpoint.SESSION() + "/"), new AntPathRequestMatcher(this.endpoint.SESSION() + "/*")).authenticated().requestMatchers(new AntPathRequestMatcher(this.endpoint.SESSION_STUDENT() + "/**")).hasAnyAuthority(LettoToken.ROLE_STUDENT, LettoToken.ROLE_TEACHER, "admin").requestMatchers(new AntPathRequestMatcher(this.endpoint.SESSION_TEACHER() + "/**")).hasAnyAuthority(LettoToken.ROLE_TEACHER, "admin").requestMatchers(new AntPathRequestMatcher(this.endpoint.SESSION_ADMIN() + "/**")).hasAnyAuthority("admin").requestMatchers(new AntPathRequestMatcher(this.endpoint.SESSION_GLOBAL() + "/**")).hasAnyAuthority("global").anyRequest().authenticated();
        }).formLogin(formLoginConfigurer -> {
            formLoginConfigurer.loginPage(this.endpoint.LOGIN()).permitAll();
        }).logout(logoutConfigurer -> {
            logoutConfigurer.deleteCookies("JSESSIONID").invalidateHttpSession(true).clearAuthentication(true);
        }).sessionManagement(sessionManagementConfigurer -> {
            sessionManagementConfigurer.sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED).sessionFixation().newSession();
        });
        return httpSecurity.build();
    }

    public boolean check(Object obj, HttpServletRequest httpServletRequest, String str) {
        try {
            String[] split = new String(decoder.decode(httpServletRequest.getHeader(SecurityConstants.TOKEN_HEADER).replaceAll(ServerHttpBasicAuthenticationConverter.BASIC, ""))).split(":");
            String str2 = split[0];
            String str3 = split[1];
            UserDetails loadUserByUsername = this.userInfoService.loadUserByUsername(str2);
            if (loadUserByUsername.getAuthorities().stream().noneMatch(grantedAuthority -> {
                return grantedAuthority.getAuthority().equals(str);
            }) || loadUserByUsername == null) {
                return false;
            }
            return passwordEncoder().matches(str3, loadUserByUsername.getPassword());
        } catch (Exception e) {
            return false;
        }
    }
}
