package com.capitalone.dashboard.config;

import com.capitalone.dashboard.auth.AuthProperties;
import com.capitalone.dashboard.auth.AuthenticationResultHandler;
import com.capitalone.dashboard.auth.apitoken.ApiTokenAuthenticationProvider;
import com.capitalone.dashboard.auth.apitoken.ApiTokenRequestFilter;
import com.capitalone.dashboard.auth.ldap.CustomUserDetailsContextMapper;
import com.capitalone.dashboard.auth.ldap.LdapLoginRequestFilter;
import com.capitalone.dashboard.auth.sso.SsoAuthenticationFilter;
import com.capitalone.dashboard.auth.standard.StandardLoginRequestFilter;
import com.capitalone.dashboard.auth.token.JwtAuthenticationFilter;
import com.capitalone.dashboard.model.AuthType;
import java.util.List;
import javax.servlet.Filter;
import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.security.Http401AuthenticationEntryPoint;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

@EnableConfigurationProperties
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
/* loaded from: input_file:com/capitalone/dashboard/config/WebSecurityConfig.class */
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private JwtAuthenticationFilter jwtAuthenticationFilter;

    @Autowired
    private AuthenticationResultHandler authenticationResultHandler;

    @Autowired
    private AuthenticationProvider standardAuthenticationProvider;

    @Autowired
    private ApiTokenAuthenticationProvider apiTokenAuthenticationProvider;

    @Autowired
    private AuthProperties authProperties;

    /* JADX WARN: Multi-variable type inference failed */
    @Override // org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
    protected void configure(HttpSecurity httpSecurity) throws Exception {
        httpSecurity.headers().cacheControl();
        ((HttpSecurity) ((HttpSecurity) httpSecurity.csrf().disable()).authorizeRequests().antMatchers("/appinfo").permitAll().antMatchers("/registerUser").permitAll().antMatchers("/findUser").permitAll().antMatchers("/login**").permitAll().antMatchers(HttpMethod.GET, "/**").permitAll().antMatchers(HttpMethod.POST, "/build").permitAll().antMatchers(HttpMethod.POST, "/deploy").permitAll().antMatchers(HttpMethod.POST, "/performance").permitAll().antMatchers(HttpMethod.POST, "/artifact").permitAll().antMatchers(HttpMethod.POST, "/quality/test").permitAll().antMatchers(HttpMethod.POST, "/quality/static-analysis").permitAll().antMatchers(HttpMethod.POST, "/generic-item").permitAll().antMatchers(HttpMethod.POST, "/commit/github/v3").permitAll().anyRequest().authenticated().and()).addFilterBefore((Filter) standardLoginRequestFilter(), UsernamePasswordAuthenticationFilter.class).addFilterBefore((Filter) ssoAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class).addFilterBefore((Filter) ldapLoginRequestFilter(), UsernamePasswordAuthenticationFilter.class).addFilterBefore((Filter) apiTokenRequestFilter(), UsernamePasswordAuthenticationFilter.class).addFilterBefore((Filter) this.jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class).exceptionHandling().authenticationEntryPoint(new Http401AuthenticationEntryPoint("Authorization"));
    }

    @Override // org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
    protected void configure(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception {
        List<AuthType> authenticationProviders = this.authProperties.getAuthenticationProviders();
        if (authenticationProviders.contains(AuthType.STANDARD)) {
            authenticationManagerBuilder.authenticationProvider(this.standardAuthenticationProvider);
        }
        if (authenticationProviders.contains(AuthType.LDAP)) {
            configureLdap(authenticationManagerBuilder);
            configureActiveDirectory(authenticationManagerBuilder);
        }
        authenticationManagerBuilder.authenticationProvider((AuthenticationProvider) this.apiTokenAuthenticationProvider);
    }

    private void configureActiveDirectory(AuthenticationManagerBuilder authenticationManagerBuilder) {
        ActiveDirectoryLdapAuthenticationProvider activeDirectoryLdapAuthenticationProvider = activeDirectoryLdapAuthenticationProvider();
        if (activeDirectoryLdapAuthenticationProvider != null) {
            authenticationManagerBuilder.authenticationProvider((AuthenticationProvider) activeDirectoryLdapAuthenticationProvider);
        }
    }

    private void configureLdap(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception {
        String ldapServerUrl = this.authProperties.getLdapServerUrl();
        String ldapUserDnPattern = this.authProperties.getLdapUserDnPattern();
        if (StringUtils.isNotBlank(ldapServerUrl) && StringUtils.isNotBlank(ldapUserDnPattern)) {
            authenticationManagerBuilder.ldapAuthentication().userDnPatterns(ldapUserDnPattern).contextSource().url(ldapServerUrl);
        }
    }

    @Bean
    protected StandardLoginRequestFilter standardLoginRequestFilter() throws Exception {
        return new StandardLoginRequestFilter("/login", authenticationManager(), this.authenticationResultHandler);
    }

    @Bean
    protected SsoAuthenticationFilter ssoAuthenticationFilter() throws Exception {
        return new SsoAuthenticationFilter("/findUser", authenticationManager(), this.authenticationResultHandler);
    }

    @Bean
    protected LdapLoginRequestFilter ldapLoginRequestFilter() throws Exception {
        return new LdapLoginRequestFilter("/login/ldap", authenticationManager(), this.authenticationResultHandler);
    }

    @Bean
    protected ApiTokenRequestFilter apiTokenRequestFilter() throws Exception {
        return new ApiTokenRequestFilter("/**", authenticationManager(), this.authenticationResultHandler);
    }

    @Bean
    protected ActiveDirectoryLdapAuthenticationProvider activeDirectoryLdapAuthenticationProvider() {
        if (StringUtils.isBlank(this.authProperties.getAdUrl())) {
            return null;
        }
        ActiveDirectoryLdapAuthenticationProvider activeDirectoryLdapAuthenticationProvider = new ActiveDirectoryLdapAuthenticationProvider(this.authProperties.getAdDomain(), this.authProperties.getAdUrl(), this.authProperties.getAdRootDn());
        activeDirectoryLdapAuthenticationProvider.setConvertSubErrorCodesToExceptions(true);
        activeDirectoryLdapAuthenticationProvider.setUseAuthenticationRequestCredentials(true);
        activeDirectoryLdapAuthenticationProvider.setUserDetailsContextMapper(new CustomUserDetailsContextMapper());
        return activeDirectoryLdapAuthenticationProvider;
    }
}
