package com.c4_soft.springaddons.security.oidc.starter.reactive.client;

import com.c4_soft.springaddons.security.oidc.starter.LogoutRequestUriBuilder;
import com.c4_soft.springaddons.security.oidc.starter.SpringAddonsOAuth2LogoutRequestUriBuilder;
import com.c4_soft.springaddons.security.oidc.starter.properties.SpringAddonsOidcProperties;
import com.c4_soft.springaddons.security.oidc.starter.properties.condition.bean.CookieCsrfCondition;
import com.c4_soft.springaddons.security.oidc.starter.properties.condition.bean.DefaultAuthenticationEntryPointCondition;
import com.c4_soft.springaddons.security.oidc.starter.properties.condition.bean.DefaultAuthenticationFailureHandlerCondition;
import com.c4_soft.springaddons.security.oidc.starter.properties.condition.bean.DefaultAuthenticationSuccessHandlerCondition;
import com.c4_soft.springaddons.security.oidc.starter.properties.condition.bean.DefaultCorsWebFilterCondition;
import com.c4_soft.springaddons.security.oidc.starter.properties.condition.bean.DefaultOidcBackChannelLogoutHandlerCondition;
import com.c4_soft.springaddons.security.oidc.starter.properties.condition.bean.DefaultOidcSessionRegistryCondition;
import com.c4_soft.springaddons.security.oidc.starter.properties.condition.configuration.IsClientWithLoginCondition;
import com.c4_soft.springaddons.security.oidc.starter.properties.condition.configuration.IsNotServlet;
import com.c4_soft.springaddons.security.oidc.starter.reactive.ReactiveConfigurationSupport;
import com.c4_soft.springaddons.security.oidc.starter.reactive.ReactiveSpringAddonsOidcBeans;
import java.util.ArrayList;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.stream.Stream;
import lombok.Generated;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.boot.autoconfigure.AutoConfiguration;
import org.springframework.boot.autoconfigure.ImportAutoConfiguration;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2ClientProperties;
import org.springframework.boot.autoconfigure.web.ServerProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Conditional;
import org.springframework.core.annotation.Order;
import org.springframework.http.HttpStatus;
import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
import org.springframework.security.config.web.server.OidcBackChannelServerLogoutHandler;
import org.springframework.security.config.web.server.ServerHttpSecurity;
import org.springframework.security.oauth2.client.oidc.server.session.InMemoryReactiveOidcSessionRegistry;
import org.springframework.security.oauth2.client.oidc.server.session.ReactiveOidcSessionRegistry;
import org.springframework.security.oauth2.client.registration.ReactiveClientRegistrationRepository;
import org.springframework.security.oauth2.client.web.server.ServerOAuth2AuthorizationRequestResolver;
import org.springframework.security.web.server.SecurityWebFilterChain;
import org.springframework.security.web.server.ServerAuthenticationEntryPoint;
import org.springframework.security.web.server.ServerRedirectStrategy;
import org.springframework.security.web.server.authentication.ServerAuthenticationFailureHandler;
import org.springframework.security.web.server.authentication.ServerAuthenticationSuccessHandler;
import org.springframework.security.web.server.authentication.logout.ServerLogoutHandler;
import org.springframework.security.web.server.authentication.logout.ServerLogoutSuccessHandler;
import org.springframework.security.web.server.csrf.CsrfToken;
import org.springframework.security.web.server.util.matcher.OrServerWebExchangeMatcher;
import org.springframework.security.web.server.util.matcher.PathPatternParserServerWebExchangeMatcher;
import org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher;
import org.springframework.web.cors.reactive.CorsWebFilter;
import org.springframework.web.server.WebFilter;
import reactor.core.publisher.Mono;

@EnableWebFluxSecurity
@AutoConfiguration
@ImportAutoConfiguration({ReactiveSpringAddonsOidcBeans.class})
@Conditional({IsClientWithLoginCondition.class, IsNotServlet.class})
/* loaded from: input_file:com/c4_soft/springaddons/security/oidc/starter/reactive/client/ReactiveSpringAddonsOidcClientWithLoginBeans.class */
public class ReactiveSpringAddonsOidcClientWithLoginBeans {

    @Generated
    private static final Logger log = LoggerFactory.getLogger(ReactiveSpringAddonsOidcClientWithLoginBeans.class);

    /* loaded from: input_file:com/c4_soft/springaddons/security/oidc/starter/reactive/client/ReactiveSpringAddonsOidcClientWithLoginBeans$PreAuthorizationCodeServerRedirectStrategy.class */
    public interface PreAuthorizationCodeServerRedirectStrategy extends ServerRedirectStrategy {
    }

    /* loaded from: input_file:com/c4_soft/springaddons/security/oidc/starter/reactive/client/ReactiveSpringAddonsOidcClientWithLoginBeans$SpringAddonsPreAuthorizationCodeServerRedirectStrategy.class */
    public static class SpringAddonsPreAuthorizationCodeServerRedirectStrategy extends SpringAddonsOauth2ServerRedirectStrategy implements PreAuthorizationCodeServerRedirectStrategy {
        public SpringAddonsPreAuthorizationCodeServerRedirectStrategy(HttpStatus httpStatus) {
            super(httpStatus);
        }
    }

    @Order(2147483646)
    @Bean
    SecurityWebFilterChain clientFilterChain(ServerHttpSecurity serverHttpSecurity, ServerProperties serverProperties, SpringAddonsOidcProperties springAddonsOidcProperties, ServerOAuth2AuthorizationRequestResolver serverOAuth2AuthorizationRequestResolver, PreAuthorizationCodeServerRedirectStrategy preAuthorizationCodeServerRedirectStrategy, ServerAuthenticationEntryPoint serverAuthenticationEntryPoint, ServerAuthenticationSuccessHandler serverAuthenticationSuccessHandler, ServerAuthenticationFailureHandler serverAuthenticationFailureHandler, ServerLogoutSuccessHandler serverLogoutSuccessHandler, ClientAuthorizeExchangeSpecPostProcessor clientAuthorizeExchangeSpecPostProcessor, ClientReactiveHttpSecurityPostProcessor clientReactiveHttpSecurityPostProcessor, Optional<ServerLogoutHandler> optional, Optional<OidcBackChannelServerLogoutHandler> optional2) throws Exception {
        Stream<R> map = springAddonsOidcProperties.getClient().getSecurityMatchers().stream().map(PathPatternParserServerWebExchangeMatcher::new);
        Class<ServerWebExchangeMatcher> cls = ServerWebExchangeMatcher.class;
        Objects.requireNonNull(ServerWebExchangeMatcher.class);
        List list = map.map((v1) -> {
            return r1.cast(v1);
        }).toList();
        log.info("Applying client OAuth2 configuration for: {}", springAddonsOidcProperties.getClient().getSecurityMatchers());
        serverHttpSecurity.securityMatcher(new OrServerWebExchangeMatcher(list));
        serverHttpSecurity.exceptionHandling(exceptionHandlingSpec -> {
            exceptionHandlingSpec.authenticationEntryPoint(serverAuthenticationEntryPoint);
        });
        serverHttpSecurity.oauth2Login(oAuth2LoginSpec -> {
            oAuth2LoginSpec.authorizationRequestResolver(serverOAuth2AuthorizationRequestResolver);
            oAuth2LoginSpec.authorizationRedirectStrategy(preAuthorizationCodeServerRedirectStrategy);
            oAuth2LoginSpec.authenticationSuccessHandler(serverAuthenticationSuccessHandler);
            oAuth2LoginSpec.authenticationFailureHandler(serverAuthenticationFailureHandler);
        });
        serverHttpSecurity.logout(logoutSpec -> {
            optional.ifPresent(serverLogoutHandler -> {
                if (serverLogoutHandler instanceof OidcBackChannelServerLogoutHandler) {
                    return;
                }
                logoutSpec.logoutHandler(serverLogoutHandler);
            });
            logoutSpec.logoutSuccessHandler(serverLogoutSuccessHandler);
        });
        if (optional2.isPresent()) {
            serverHttpSecurity.oidcLogout(oidcLogoutSpec -> {
                oidcLogoutSpec.backChannel(backChannelLogoutConfigurer -> {
                    backChannelLogoutConfigurer.logoutHandler((ServerLogoutHandler) optional2.get());
                });
            });
        }
        ReactiveConfigurationSupport.configureClient(serverHttpSecurity, serverProperties, springAddonsOidcProperties, clientAuthorizeExchangeSpecPostProcessor, clientReactiveHttpSecurityPostProcessor);
        return serverHttpSecurity.build();
    }

    @ConditionalOnMissingBean
    @Bean
    LogoutRequestUriBuilder logoutRequestUriBuilder(SpringAddonsOidcProperties springAddonsOidcProperties) {
        return new SpringAddonsOAuth2LogoutRequestUriBuilder(springAddonsOidcProperties.getClient());
    }

    @ConditionalOnMissingBean
    @Bean
    ServerLogoutSuccessHandler logoutSuccessHandler(LogoutRequestUriBuilder logoutRequestUriBuilder, ReactiveClientRegistrationRepository reactiveClientRegistrationRepository, SpringAddonsOidcProperties springAddonsOidcProperties) {
        return new SpringAddonsServerLogoutSuccessHandler(logoutRequestUriBuilder, reactiveClientRegistrationRepository, springAddonsOidcProperties);
    }

    @ConditionalOnMissingBean
    @Bean
    ClientAuthorizeExchangeSpecPostProcessor clientAuthorizePostProcessor() {
        return authorizeExchangeSpec -> {
            return authorizeExchangeSpec.anyExchange().authenticated();
        };
    }

    @ConditionalOnMissingBean
    @Bean
    ClientReactiveHttpSecurityPostProcessor clientHttpPostProcessor() {
        return serverHttpSecurity -> {
            return serverHttpSecurity;
        };
    }

    @ConditionalOnMissingBean(name = {"csrfCookieWebFilter"})
    @Conditional({CookieCsrfCondition.class})
    @Bean
    WebFilter csrfCookieWebFilter() {
        return (serverWebExchange, webFilterChain) -> {
            ((Mono) serverWebExchange.getAttributeOrDefault(CsrfToken.class.getName(), Mono.empty())).subscribe();
            return webFilterChain.filter(serverWebExchange);
        };
    }

    @ConditionalOnMissingBean
    @Bean
    ServerOAuth2AuthorizationRequestResolver authorizationRequestResolver(OAuth2ClientProperties oAuth2ClientProperties, ReactiveClientRegistrationRepository reactiveClientRegistrationRepository, SpringAddonsOidcProperties springAddonsOidcProperties) {
        return new SpringAddonsServerOAuth2AuthorizationRequestResolver(oAuth2ClientProperties, reactiveClientRegistrationRepository, springAddonsOidcProperties.getClient());
    }

    @ConditionalOnMissingBean
    @Bean
    PreAuthorizationCodeServerRedirectStrategy preAuthorizationCodeRedirectStrategy(SpringAddonsOidcProperties springAddonsOidcProperties) {
        return new SpringAddonsPreAuthorizationCodeServerRedirectStrategy(springAddonsOidcProperties.getClient().getOauth2Redirections().getPreAuthorizationCode());
    }

    @Conditional({DefaultAuthenticationEntryPointCondition.class})
    @Bean
    ServerAuthenticationEntryPoint authenticationEntryPoint(SpringAddonsOidcProperties springAddonsOidcProperties) {
        return new SpringAddonsServerAuthenticationEntryPoint(springAddonsOidcProperties.getClient());
    }

    @Conditional({DefaultAuthenticationSuccessHandlerCondition.class})
    @Bean
    ServerAuthenticationSuccessHandler authenticationSuccessHandler(SpringAddonsOidcProperties springAddonsOidcProperties) {
        return new SpringAddonsOauth2ServerAuthenticationSuccessHandler(springAddonsOidcProperties);
    }

    @Conditional({DefaultAuthenticationFailureHandlerCondition.class})
    @Bean
    ServerAuthenticationFailureHandler authenticationFailureHandler(SpringAddonsOidcProperties springAddonsOidcProperties) {
        return new SpringAddonsOauth2ServerAuthenticationFailureHandler(springAddonsOidcProperties);
    }

    @Conditional({DefaultCorsWebFilterCondition.class})
    @Bean
    CorsWebFilter corsFilter(SpringAddonsOidcProperties springAddonsOidcProperties) {
        ArrayList arrayList = new ArrayList(springAddonsOidcProperties.getCors());
        arrayList.addAll(springAddonsOidcProperties.getClient().getCors());
        return ReactiveConfigurationSupport.getCorsFilterBean(arrayList);
    }

    @Conditional({DefaultOidcSessionRegistryCondition.class})
    @Bean
    ReactiveOidcSessionRegistry oidcSessionRegistry() {
        return new InMemoryReactiveOidcSessionRegistry();
    }

    @Conditional({DefaultOidcBackChannelLogoutHandlerCondition.class})
    @Bean
    OidcBackChannelServerLogoutHandler oidcBackChannelLogoutHandler(ReactiveOidcSessionRegistry reactiveOidcSessionRegistry, SpringAddonsOidcProperties springAddonsOidcProperties) {
        OidcBackChannelServerLogoutHandler oidcBackChannelServerLogoutHandler = new OidcBackChannelServerLogoutHandler(reactiveOidcSessionRegistry);
        Optional<String> internalLogoutUri = springAddonsOidcProperties.getClient().getBackChannelLogout().getInternalLogoutUri();
        Objects.requireNonNull(oidcBackChannelServerLogoutHandler);
        internalLogoutUri.ifPresent(oidcBackChannelServerLogoutHandler::setLogoutUri);
        Optional<String> cookieName = springAddonsOidcProperties.getClient().getBackChannelLogout().getCookieName();
        Objects.requireNonNull(oidcBackChannelServerLogoutHandler);
        cookieName.ifPresent(oidcBackChannelServerLogoutHandler::setSessionCookieName);
        return oidcBackChannelServerLogoutHandler;
    }
}
