package com.chutneytesting.security;

import com.chutneytesting.security.api.UserController;
import com.chutneytesting.security.api.UserDto;
import com.chutneytesting.security.domain.AuthenticationService;
import com.chutneytesting.security.domain.Authorizations;
import com.chutneytesting.security.infra.handlers.Http401FailureHandler;
import com.chutneytesting.security.infra.handlers.HttpEmptyLogoutSuccessHandler;
import com.chutneytesting.server.core.domain.security.Authorization;
import com.chutneytesting.server.core.domain.security.User;
import java.util.ArrayList;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpStatus;
import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer;
import org.springframework.security.config.annotation.web.configurers.ChannelSecurityConfigurer;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.HttpStatusEntryPoint;
import org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher;
import org.springframework.security.web.util.matcher.RequestMatcher;
import org.springframework.web.servlet.handler.HandlerMappingIntrospector;

@Configuration
@EnableWebSecurity
@EnableMethodSecurity
/* loaded from: input_file:com/chutneytesting/security/ChutneyWebSecurityConfig.class */
public class ChutneyWebSecurityConfig {
    public static final String LOGIN_URL = "/api/v1/user/login";
    public static final String LOGOUT_URL = "/api/v1/user/logout";
    public static final String API_BASE_URL_PATTERN = "/api/**";

    @Value("${management.endpoints.web.base-path:'/actuator'}")
    String actuatorBaseUrl;

    @Bean
    public AuthenticationService authenticationService(Authorizations authorizations) {
        return new AuthenticationService(authorizations);
    }

    @Bean
    public SecurityFilterChain securityFilterChain(HttpSecurity httpSecurity) throws Exception {
        configureBaseHttpSecurity(httpSecurity);
        UserDto anonymous = anonymous();
        httpSecurity.anonymous(anonymousConfigurer -> {
            anonymousConfigurer.principal(anonymous).authorities(new ArrayList(anonymous.getAuthorities()));
        }).authorizeHttpRequests(authorizationManagerRequestMatcherRegistry -> {
            HandlerMappingIntrospector handlerMappingIntrospector = new HandlerMappingIntrospector();
            ((AuthorizeHttpRequestsConfigurer.AuthorizedUrl) ((AuthorizeHttpRequestsConfigurer.AuthorizedUrl) ((AuthorizeHttpRequestsConfigurer.AuthorizedUrl) ((AuthorizeHttpRequestsConfigurer.AuthorizedUrl) ((AuthorizeHttpRequestsConfigurer.AuthorizedUrl) ((AuthorizeHttpRequestsConfigurer.AuthorizedUrl) authorizationManagerRequestMatcherRegistry.requestMatchers(new RequestMatcher[]{new MvcRequestMatcher(handlerMappingIntrospector, LOGIN_URL)})).permitAll().requestMatchers(new RequestMatcher[]{new MvcRequestMatcher(handlerMappingIntrospector, LOGOUT_URL)})).permitAll().requestMatchers(new RequestMatcher[]{new MvcRequestMatcher(handlerMappingIntrospector, "/api/v1/info/**")})).permitAll().requestMatchers(new RequestMatcher[]{new MvcRequestMatcher(handlerMappingIntrospector, API_BASE_URL_PATTERN)})).authenticated().requestMatchers(new RequestMatcher[]{new MvcRequestMatcher(handlerMappingIntrospector, this.actuatorBaseUrl + "/**")})).hasAuthority(Authorization.ADMIN_ACCESS.name()).anyRequest()).permitAll();
        }).httpBasic(Customizer.withDefaults());
        return (SecurityFilterChain) httpSecurity.build();
    }

    protected void configureBaseHttpSecurity(HttpSecurity httpSecurity) throws Exception {
        httpSecurity.csrf((v0) -> {
            v0.disable();
        }).exceptionHandling(exceptionHandlingConfigurer -> {
            exceptionHandlingConfigurer.authenticationEntryPoint(new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED));
        }).requiresChannel(channelRequestMatcherRegistry -> {
            ((ChannelSecurityConfigurer.RequiresChannelUrl) channelRequestMatcherRegistry.anyRequest()).requiresSecure();
        }).formLogin(formLoginConfigurer -> {
            formLoginConfigurer.loginProcessingUrl(LOGIN_URL).successForwardUrl(UserController.BASE_URL).failureHandler(new Http401FailureHandler());
        }).logout(logoutConfigurer -> {
            logoutConfigurer.logoutUrl(LOGOUT_URL).logoutSuccessHandler(new HttpEmptyLogoutSuccessHandler());
        });
    }

    protected UserDto anonymous() {
        UserDto userDto = new UserDto();
        userDto.setId(User.ANONYMOUS.id);
        userDto.setName(User.ANONYMOUS.id);
        userDto.grantAuthority("ANONYMOUS");
        return userDto;
    }
}
