package com.c4_soft.springaddons.security.oidc.starter.synchronised;

import com.c4_soft.springaddons.security.oidc.starter.properties.CorsProperties;
import com.c4_soft.springaddons.security.oidc.starter.properties.Csrf;
import com.c4_soft.springaddons.security.oidc.starter.properties.SpringAddonsOidcProperties;
import com.c4_soft.springaddons.security.oidc.starter.synchronised.client.ClientExpressionInterceptUrlRegistryPostProcessor;
import com.c4_soft.springaddons.security.oidc.starter.synchronised.client.ClientSynchronizedHttpSecurityPostProcessor;
import com.c4_soft.springaddons.security.oidc.starter.synchronised.resourceserver.ResourceServerExpressionInterceptUrlRegistryPostProcessor;
import com.c4_soft.springaddons.security.oidc.starter.synchronised.resourceserver.ResourceServerSynchronizedHttpSecurityPostProcessor;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.util.ArrayList;
import java.util.List;
import java.util.function.Supplier;
import java.util.stream.Collectors;
import org.springframework.boot.autoconfigure.web.ServerProperties;
import org.springframework.http.HttpStatus;
import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer;
import org.springframework.security.config.annotation.web.configurers.ChannelSecurityConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.csrf.CookieCsrfTokenRepository;
import org.springframework.security.web.csrf.CsrfToken;
import org.springframework.security.web.csrf.CsrfTokenRequestAttributeHandler;
import org.springframework.security.web.csrf.CsrfTokenRequestHandler;
import org.springframework.security.web.csrf.XorCsrfTokenRequestAttributeHandler;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.security.web.util.matcher.RequestMatcher;
import org.springframework.util.StringUtils;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
import org.springframework.web.filter.CorsFilter;

/* loaded from: input_file:com/c4_soft/springaddons/security/oidc/starter/synchronised/ServletConfigurationSupport.class */
public class ServletConfigurationSupport {

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/c4_soft/springaddons/security/oidc/starter/synchronised/ServletConfigurationSupport$SpaCsrfTokenRequestHandler.class */
    public static final class SpaCsrfTokenRequestHandler implements CsrfTokenRequestHandler {
        private final CsrfTokenRequestHandler plain = new CsrfTokenRequestAttributeHandler();
        private final CsrfTokenRequestHandler xor = new XorCsrfTokenRequestAttributeHandler();

        SpaCsrfTokenRequestHandler() {
        }

        public void handle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Supplier<CsrfToken> supplier) {
            this.xor.handle(httpServletRequest, httpServletResponse, supplier);
            supplier.get();
        }

        public String resolveCsrfTokenValue(HttpServletRequest httpServletRequest, CsrfToken csrfToken) {
            return (StringUtils.hasText(httpServletRequest.getHeader(csrfToken.getHeaderName())) ? this.plain : this.xor).resolveCsrfTokenValue(httpServletRequest, csrfToken);
        }
    }

    public static HttpSecurity configureResourceServer(HttpSecurity httpSecurity, ServerProperties serverProperties, SpringAddonsOidcProperties springAddonsOidcProperties, ResourceServerExpressionInterceptUrlRegistryPostProcessor resourceServerExpressionInterceptUrlRegistryPostProcessor, ResourceServerSynchronizedHttpSecurityPostProcessor resourceServerSynchronizedHttpSecurityPostProcessor) throws Exception {
        httpSecurity.exceptionHandling(exceptionHandlingConfigurer -> {
            String str = (String) springAddonsOidcProperties.getOps().stream().map((v0) -> {
                return v0.getIss();
            }).filter(uri -> {
                return uri != null;
            }).map((v0) -> {
                return v0.toString();
            }).collect(Collectors.joining(",", "\"", "\""));
            exceptionHandlingConfigurer.authenticationEntryPoint((httpServletRequest, httpServletResponse, authenticationException) -> {
                httpServletResponse.addHeader("WWW-Authenticate", "OAuth realm=%s".formatted(str));
                httpServletResponse.sendError(HttpStatus.UNAUTHORIZED.value(), HttpStatus.UNAUTHORIZED.getReasonPhrase());
            });
        });
        configureState(httpSecurity, springAddonsOidcProperties.getResourceserver().isStatlessSessions(), springAddonsOidcProperties.getResourceserver().getCsrf(), springAddonsOidcProperties.getResourceserver().getCsrfCookieName(), springAddonsOidcProperties.getResourceserver().getCsrfCookiePath());
        ArrayList arrayList = new ArrayList(springAddonsOidcProperties.getCors());
        List<CorsProperties> cors = springAddonsOidcProperties.getClient().getCors();
        List<CorsProperties> cors2 = springAddonsOidcProperties.getResourceserver().getCors();
        arrayList.addAll(cors);
        arrayList.addAll(cors2);
        configureAccess(httpSecurity, springAddonsOidcProperties.getResourceserver().getPermitAll(), arrayList, resourceServerExpressionInterceptUrlRegistryPostProcessor);
        if (serverProperties.getSsl() != null && serverProperties.getSsl().isEnabled()) {
            httpSecurity.requiresChannel(channelRequestMatcherRegistry -> {
                ((ChannelSecurityConfigurer.RequiresChannelUrl) channelRequestMatcherRegistry.anyRequest()).requiresSecure();
            });
        }
        return resourceServerSynchronizedHttpSecurityPostProcessor.process(httpSecurity);
    }

    public static HttpSecurity configureClient(HttpSecurity httpSecurity, ServerProperties serverProperties, SpringAddonsOidcProperties springAddonsOidcProperties, ClientExpressionInterceptUrlRegistryPostProcessor clientExpressionInterceptUrlRegistryPostProcessor, ClientSynchronizedHttpSecurityPostProcessor clientSynchronizedHttpSecurityPostProcessor) throws Exception {
        configureState(httpSecurity, false, springAddonsOidcProperties.getClient().getCsrf(), springAddonsOidcProperties.getClient().getCsrfCookieName(), springAddonsOidcProperties.getClient().getCsrfCookiePath());
        ArrayList arrayList = new ArrayList(springAddonsOidcProperties.getCors());
        List<CorsProperties> cors = springAddonsOidcProperties.getClient().getCors();
        List<CorsProperties> cors2 = springAddonsOidcProperties.getResourceserver().getCors();
        arrayList.addAll(cors);
        arrayList.addAll(cors2);
        configureAccess(httpSecurity, springAddonsOidcProperties.getClient().getPermitAll(), arrayList, clientExpressionInterceptUrlRegistryPostProcessor);
        if (serverProperties.getSsl() != null && serverProperties.getSsl().isEnabled()) {
            httpSecurity.requiresChannel(channelRequestMatcherRegistry -> {
                ((ChannelSecurityConfigurer.RequiresChannelUrl) channelRequestMatcherRegistry.anyRequest()).requiresSecure();
            });
        }
        return clientSynchronizedHttpSecurityPostProcessor.process(httpSecurity);
    }

    public static HttpSecurity configureAccess(HttpSecurity httpSecurity, List<String> list, List<CorsProperties> list2, ExpressionInterceptUrlRegistryPostProcessor expressionInterceptUrlRegistryPostProcessor) throws Exception {
        List list3 = list2.stream().filter(corsProperties -> {
            return (corsProperties.getAllowedMethods().contains("*") || corsProperties.getAllowedMethods().contains("OPTIONS")) && !corsProperties.isDisableAnonymousOptions();
        }).map((v0) -> {
            return v0.getPath();
        }).toList();
        if (list.size() > 0 || list3.size() > 0) {
            httpSecurity.anonymous(Customizer.withDefaults());
        }
        if (list.size() > 0) {
            httpSecurity.authorizeHttpRequests(authorizationManagerRequestMatcherRegistry -> {
                ((AuthorizeHttpRequestsConfigurer.AuthorizedUrl) authorizationManagerRequestMatcherRegistry.requestMatchers((RequestMatcher[]) list.stream().map(AntPathRequestMatcher::new).toArray(i -> {
                    return new AntPathRequestMatcher[i];
                }))).permitAll();
            });
        }
        if (list3.size() > 0) {
            httpSecurity.authorizeHttpRequests(authorizationManagerRequestMatcherRegistry2 -> {
                ((AuthorizeHttpRequestsConfigurer.AuthorizedUrl) authorizationManagerRequestMatcherRegistry2.requestMatchers((RequestMatcher[]) list3.stream().map(str -> {
                    return new AntPathRequestMatcher(str, "OPTIONS");
                }).toArray(i -> {
                    return new AntPathRequestMatcher[i];
                }))).permitAll();
            });
        }
        return httpSecurity.authorizeHttpRequests(authorizationManagerRequestMatcherRegistry3 -> {
            expressionInterceptUrlRegistryPostProcessor.authorizeHttpRequests(authorizationManagerRequestMatcherRegistry3);
        });
    }

    public static CorsFilter getCorsFilterBean(List<CorsProperties> list) {
        UrlBasedCorsConfigurationSource urlBasedCorsConfigurationSource = new UrlBasedCorsConfigurationSource();
        for (CorsProperties corsProperties : list) {
            CorsConfiguration corsConfiguration = new CorsConfiguration();
            corsConfiguration.setAllowCredentials(corsProperties.getAllowCredentials());
            corsConfiguration.setAllowedHeaders(corsProperties.getAllowedHeaders());
            corsConfiguration.setAllowedMethods(corsProperties.getAllowedMethods());
            corsConfiguration.setAllowedOriginPatterns(corsProperties.getAllowedOriginPatterns());
            corsConfiguration.setExposedHeaders(corsProperties.getExposedHeaders());
            corsConfiguration.setMaxAge(corsProperties.getMaxAge());
            urlBasedCorsConfigurationSource.registerCorsConfiguration(corsProperties.getPath(), corsConfiguration);
        }
        return new CorsFilter(urlBasedCorsConfigurationSource);
    }

    public static HttpSecurity configureState(HttpSecurity httpSecurity, boolean z, Csrf csrf, String str, String str2) throws Exception {
        if (z) {
            httpSecurity.sessionManagement(sessionManagementConfigurer -> {
                sessionManagementConfigurer.sessionCreationPolicy(SessionCreationPolicy.STATELESS);
            });
        }
        httpSecurity.csrf(csrfConfigurer -> {
            switch (csrf) {
                case DISABLE:
                    csrfConfigurer.disable();
                    return;
                case DEFAULT:
                    if (z) {
                        csrfConfigurer.disable();
                        return;
                    }
                    return;
                case SESSION:
                default:
                    return;
                case COOKIE_ACCESSIBLE_FROM_JS:
                    CookieCsrfTokenRepository withHttpOnlyFalse = CookieCsrfTokenRepository.withHttpOnlyFalse();
                    withHttpOnlyFalse.setCookiePath(str2);
                    withHttpOnlyFalse.setCookieName(str);
                    csrfConfigurer.csrfTokenRepository(withHttpOnlyFalse).csrfTokenRequestHandler(new SpaCsrfTokenRequestHandler());
                    return;
            }
        });
        return httpSecurity;
    }
}
