package de.qfm.erp.service.configuration;

import com.google.common.collect.ImmutableMap;
import de.qfm.erp.service.filter.JwtTokenFilter;
import de.qfm.erp.service.service.security.JwtTokenProvider;
import jakarta.servlet.Filter;
import org.apache.commons.codec.digest.MessageDigestAlgorithms;
import org.springdoc.core.utils.Constants;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.DelegatingPasswordEncoder;
import org.springframework.security.crypto.password.MessageDigestPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.firewall.HttpFirewall;
import org.springframework.security.web.firewall.StrictHttpFirewall;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.security.web.util.matcher.OrRequestMatcher;

@Configuration
@EnableWebSecurity
@Order(200)
/* loaded from: input_file:BOOT-INF/classes/de/qfm/erp/service/configuration/WebSecurityAdapter.class */
public class WebSecurityAdapter {
    private final JwtTokenProvider jwtTokenProvider;

    @Bean
    public AuthenticationProvider authenticationProvider(UserDetailsService userDetailsService, PasswordEncoder passwordEncoder) {
        DaoAuthenticationProvider daoAuthenticationProvider = new DaoAuthenticationProvider();
        daoAuthenticationProvider.setUserDetailsService(userDetailsService);
        daoAuthenticationProvider.setPasswordEncoder(passwordEncoder);
        return daoAuthenticationProvider;
    }

    @Bean
    public AuthenticationManager customAuthenticationManager(AuthenticationConfiguration authenticationConfiguration) throws Exception {
        return authenticationConfiguration.getAuthenticationManager();
    }

    @Bean
    public SecurityFilterChain securityFilterChain(HttpSecurity httpSecurity) throws Exception {
        httpSecurity.csrf((v0) -> {
            v0.disable();
        });
        httpSecurity.sessionManagement(sessionManagementConfigurer -> {
            sessionManagementConfigurer.sessionCreationPolicy(SessionCreationPolicy.STATELESS);
        });
        httpSecurity.authorizeHttpRequests(authorizationManagerRequestMatcherRegistry -> {
            authorizationManagerRequestMatcherRegistry.requestMatchers("/monitoring/health/").permitAll().requestMatchers("/api/v1/erp/errors/**").permitAll().requestMatchers("/api/v1/erp/auth/_signin/").permitAll().requestMatchers("/api/v1/erp/auth/_refresh/").permitAll().requestMatchers("/api/v1/erp/messages/**").permitAll().requestMatchers("/api/v1/erp-ws/**").permitAll().requestMatchers("/api/v1/erp/**").authenticated().requestMatchers("/api/v2/erp/**").authenticated();
        });
        httpSecurity.addFilterBefore((Filter) JwtTokenFilter.of(new OrRequestMatcher(new AntPathRequestMatcher("/api/v1/erp/**"), new AntPathRequestMatcher("/api/v2/erp/**")), this.jwtTokenProvider), UsernamePasswordAuthenticationFilter.class);
        return httpSecurity.build();
    }

    @Bean
    public HttpFirewall allowUrlEncodedPercentHttpFirewall() {
        StrictHttpFirewall strictHttpFirewall = new StrictHttpFirewall();
        strictHttpFirewall.setAllowUrlEncodedSlash(true);
        strictHttpFirewall.setAllowUrlEncodedPercent(true);
        strictHttpFirewall.setAllowUrlEncodedPeriod(true);
        return strictHttpFirewall;
    }

    @Bean
    public WebSecurityCustomizer webSecurityCustomizer() {
        return webSecurity -> {
            webSecurity.ignoring().requestMatchers("/v3/api-docs/**").requestMatchers("/swagger-resources/**").requestMatchers("/swagger-ui/**").requestMatchers(Constants.DEFAULT_SWAGGER_UI_PATH).requestMatchers("/configuration/**").requestMatchers("/webjars/**").requestMatchers("/public");
        };
    }

    @Bean
    public PasswordEncoder passwordEncoder() {
        return new DelegatingPasswordEncoder(Algorithms.BCRYPT_12, ImmutableMap.of(Algorithms.BCRYPT_12, (MessageDigestPasswordEncoder) new BCryptPasswordEncoder(12), Algorithms.SHA_256, new MessageDigestPasswordEncoder(MessageDigestAlgorithms.SHA_256)));
    }

    public WebSecurityAdapter(JwtTokenProvider jwtTokenProvider) {
        this.jwtTokenProvider = jwtTokenProvider;
    }
}
