package com.chutneytesting.security;

import com.chutneytesting.security.infra.handlers.Http401FailureHandler;
import com.chutneytesting.security.infra.handlers.HttpEmptyLogoutSuccessHandler;
import com.chutneytesting.security.infra.handlers.HttpStatusInvalidSessionStrategy;
import com.chutneytesting.security.infra.memory.InMemoryConfiguration;
import com.chutneytesting.security.infra.memory.InMemoryUsersProperties;
import java.util.HashMap;
import java.util.Objects;
import java.util.Set;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Profile;
import org.springframework.http.HttpStatus;
import org.springframework.ldap.core.support.LdapContextSource;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configurers.ChannelSecurityConfigurer;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.ldap.authentication.NullLdapAuthoritiesPopulator;
import org.springframework.security.ldap.userdetails.UserDetailsContextMapper;
import org.springframework.security.web.authentication.HttpStatusEntryPoint;

@Configuration
@EnableWebSecurity
/* loaded from: input_file:com/chutneytesting/security/ChutneySecurityConfig.class */
public class ChutneySecurityConfig extends WebSecurityConfigurerAdapter {

    @Value("${server.servlet.session.cookie.http-only:true}")
    private boolean sessionCookieHttpOnly;

    @Value("${server.servlet.session.cookie.secure:true}")
    private boolean sessionCookieSecure;

    @Profile({"ldap-auth", "ldap-auth-tls1-1"})
    @Configuration
    /* loaded from: input_file:com/chutneytesting/security/ChutneySecurityConfig$SecSecurityLDAPConfig.class */
    public static class SecSecurityLDAPConfig {
        @Autowired
        protected void configure(AuthenticationManagerBuilder authenticationManagerBuilder, LdapContextSource ldapContextSource, UserDetailsContextMapper userDetailsContextMapper) throws Exception {
            authenticationManagerBuilder.ldapAuthentication().userSearchFilter("(uid={0})").ldapAuthoritiesPopulator(new NullLdapAuthoritiesPopulator()).userDetailsContextMapper(userDetailsContextMapper).contextSource(ldapContextSource);
        }
    }

    @Profile({"mem-auth"})
    @Configuration
    /* loaded from: input_file:com/chutneytesting/security/ChutneySecurityConfig$SecSecurityMemoryConfig.class */
    public static class SecSecurityMemoryConfig {

        @Autowired
        InMemoryConfiguration inMemoryConfiguration;

        @Autowired
        protected void configure(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception {
            InMemoryUsersProperties users = this.inMemoryConfiguration.users();
            PasswordEncoder passwordEncoder = this.inMemoryConfiguration.passwordEncoder();
            users.getUsers().forEach(user -> {
                user.setPassword(passwordEncoder.encode(user.getPassword()));
                Set<String> profiles = user.getProfiles();
                Objects.requireNonNull(user);
                profiles.forEach(user::grantAuthority);
            });
            authenticationManagerBuilder.userDetailsService(this.inMemoryConfiguration.inMemoryUserDetailsService()).passwordEncoder(passwordEncoder);
        }
    }

    protected void configure(HttpSecurity httpSecurity) throws Exception {
        configureBaseHttpSecurity(httpSecurity);
        ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.authorizeRequests().antMatchers(new String[]{"/api/v1/user/login"})).permitAll().antMatchers(new String[]{"/api/v1/user/logout"})).permitAll().antMatchers(new String[]{"/api/**"})).authenticated().anyRequest()).permitAll().and().httpBasic();
    }

    protected void configureBaseHttpSecurity(HttpSecurity httpSecurity) throws Exception {
        HashMap hashMap = new HashMap();
        hashMap.put("Access-Control-Allow-Origin", "*");
        ((ChannelSecurityConfigurer.RequiresChannelUrl) httpSecurity.sessionManagement().invalidSessionStrategy(new HttpStatusInvalidSessionStrategy(HttpStatus.UNAUTHORIZED, hashMap, this.sessionCookieHttpOnly, this.sessionCookieSecure)).and().csrf().disable().exceptionHandling().authenticationEntryPoint(new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED)).and().requiresChannel().anyRequest()).requiresSecure().and().formLogin().loginProcessingUrl("/api/v1/user/login").successForwardUrl("/api/v1/user").failureHandler(new Http401FailureHandler()).and().logout().logoutUrl("/api/v1/user/logout").logoutSuccessHandler(new HttpEmptyLogoutSuccessHandler());
    }
}
