package cat.gencat.ctti.canigo.arch.security.saml.authentication.config;

import cat.gencat.ctti.canigo.arch.core.config.PropertiesConfiguration;
import cat.gencat.ctti.canigo.arch.security.rest.authentication.jwt.JwtAuthenticationFilter;
import cat.gencat.ctti.canigo.arch.security.rest.authentication.jwt.JwtTokenHandler;
import cat.gencat.ctti.canigo.arch.security.rest.authentication.service.AuthenticationService;
import cat.gencat.ctti.canigo.arch.security.rest.authentication.service.impl.JwtGicarWithMemberAuthenticationService;
import cat.gencat.ctti.canigo.arch.security.saml.authentication.claims.enforce.impl.SAMLJwtTokenClaimsEnforcerMail;
import cat.gencat.ctti.canigo.arch.security.saml.authentication.claims.select.impl.SAMLJwtTokenClaimsSelectorMailNomCognoms;
import cat.gencat.ctti.canigo.arch.security.saml.authentication.jwt.SAMLJwtTokenHandler;
import cat.gencat.ctti.canigo.arch.security.saml.authentication.service.SAMLValidationService;
import cat.gencat.ctti.canigo.arch.security.saml.authentication.service.impl.SAMLAuthenticationService;
import cat.gencat.ctti.canigo.arch.security.saml.authentication.service.impl.SAMLValidationServiceOpenSAML;
import javax.inject.Named;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Lazy;
import org.springframework.context.annotation.PropertySource;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.access.AccessDeniedHandler;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter;

@Configuration
@EnableWebSecurity
@PropertySource({"classpath:/config/props/security.properties"})
/* loaded from: input_file:cat/gencat/ctti/canigo/arch/security/saml/authentication/config/WebSecurityConfig.class */
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    @Lazy
    private AuthenticationEntryPoint restAuthenticationEntryPoint;

    @Autowired
    private PropertiesConfiguration propertiesConfiguration;

    @Autowired
    @Lazy
    private AuthenticationManager authenticationManager;

    @Autowired
    @Lazy
    private AuthenticationSuccessHandler restAuthenticationSuccessHandler;

    @Autowired
    @Lazy
    private AuthenticationFailureHandler restAuthenticationFailureHandler;

    @Autowired
    @Lazy
    private AccessDeniedHandler restAccessDeniedHandler;

    protected void configure(HttpSecurity httpSecurity) throws Exception {
        ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.authorizeRequests().antMatchers(new String[]{"/api/saml"})).permitAll().antMatchers(new String[]{"/api/auth"})).permitAll();
        httpSecurity.exceptionHandling().authenticationEntryPoint(this.restAuthenticationEntryPoint);
        httpSecurity.exceptionHandling().accessDeniedHandler(this.restAccessDeniedHandler);
        httpSecurity.csrf().disable();
        httpSecurity.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
        httpSecurity.addFilterBefore(jwtAuthenticationFilter(), AbstractPreAuthenticatedProcessingFilter.class);
    }

    @Bean
    @Named("jwtAuthenticationService")
    public AuthenticationService jwtAuthenticationService() {
        JwtGicarWithMemberAuthenticationService jwtGicarWithMemberAuthenticationService = new JwtGicarWithMemberAuthenticationService();
        jwtGicarWithMemberAuthenticationService.setSiteminderAuthentication(isSiteminderAuthentication());
        jwtGicarWithMemberAuthenticationService.setTokenResponseHeaderName(getTokenResponseHeaderName());
        jwtGicarWithMemberAuthenticationService.setHeaderAuthName(getHeaderAuthName());
        return jwtGicarWithMemberAuthenticationService;
    }

    @Bean
    @Named("jwtAuthenticationFilter")
    public JwtAuthenticationFilter jwtAuthenticationFilter() {
        JwtAuthenticationFilter jwtAuthenticationFilter = new JwtAuthenticationFilter();
        jwtAuthenticationFilter.setHeaderAuthName(getHeaderAuthName());
        jwtAuthenticationFilter.setStartToken(getStartToken());
        jwtAuthenticationFilter.setTokenResponseHeaderName(getTokenResponseHeaderName());
        return jwtAuthenticationFilter;
    }

    @Bean
    @Named("jwtTokenHandler")
    public JwtTokenHandler jwtTokenHandler() {
        JwtTokenHandler jwtTokenHandler = new JwtTokenHandler();
        jwtTokenHandler.setExpiration(getExpiration());
        jwtTokenHandler.setSecret(getSecret());
        return jwtTokenHandler;
    }

    private String getSecret() {
        return this.propertiesConfiguration.getProperty("jwt.secret");
    }

    private Long getExpiration() {
        return new Long(this.propertiesConfiguration.getProperty("jwt.expiration"));
    }

    private String getStartToken() {
        return this.propertiesConfiguration.getProperty("jwt.header.startToken");
    }

    private String getHeaderAuthName() {
        return this.propertiesConfiguration.getProperty("jwt.header");
    }

    private String getTokenResponseHeaderName() {
        return this.propertiesConfiguration.getProperty("jwt.tokenResponseHeaderName");
    }

    private boolean isSiteminderAuthentication() {
        return new Boolean(this.propertiesConfiguration.getProperty("jwt.siteminderAuthentication")).booleanValue();
    }

    @Bean
    @Named("samlAuthenticationService")
    public AuthenticationService samlAuthenticationService() {
        SAMLAuthenticationService sAMLAuthenticationService = new SAMLAuthenticationService();
        sAMLAuthenticationService.setTokenResponseHeaderName(getTokenResponseHeaderName());
        return sAMLAuthenticationService;
    }

    @Bean
    public SAMLValidationService samlValidationService() {
        SAMLValidationServiceOpenSAML sAMLValidationServiceOpenSAML = new SAMLValidationServiceOpenSAML();
        sAMLValidationServiceOpenSAML.config(this.propertiesConfiguration);
        return sAMLValidationServiceOpenSAML;
    }

    @Bean
    @Named("samlJwtTokenHandler")
    public SAMLJwtTokenHandler samlJwtTokenHandler() {
        SAMLJwtTokenHandler sAMLJwtTokenHandler = new SAMLJwtTokenHandler();
        sAMLJwtTokenHandler.setExpiration(getExpiration());
        sAMLJwtTokenHandler.setSecret(getSecret());
        sAMLJwtTokenHandler.setEnforcer(new SAMLJwtTokenClaimsEnforcerMail());
        sAMLJwtTokenHandler.setSelector(new SAMLJwtTokenClaimsSelectorMailNomCognoms());
        return sAMLJwtTokenHandler;
    }
}
