package de.adorsys.datasafe.rest.impl.security;

import jakarta.servlet.Filter;
import java.util.HashMap;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Scope;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.DelegatingPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.firewall.HttpFirewall;
import org.springframework.security.web.firewall.StrictHttpFirewall;
import org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.CorsConfigurationSource;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
import org.springframework.web.servlet.handler.HandlerMappingIntrospector;

@Configuration
@EnableWebSecurity
@EnableMethodSecurity(securedEnabled = true)
/* loaded from: input_file:BOOT-INF/classes/de/adorsys/datasafe/rest/impl/security/SecurityConfig.class */
public class SecurityConfig {
    private final SecurityProperties securityProperties;

    SecurityConfig(SecurityProperties securityProperties) {
        this.securityProperties = securityProperties;
    }

    @Bean
    public SecurityFilterChain filterChain(HttpSecurity httpSecurity, MvcRequestMatcher.Builder builder, AuthenticationManager authenticationManager) throws Exception {
        MvcRequestMatcher[] mvcRequestMatcherArr = {builder.pattern("/v2/api-docs"), builder.pattern("/configuration/ui"), builder.pattern("/swagger-resources"), builder.pattern("/configuration/security"), builder.pattern("/swagger-ui.html"), builder.pattern("/webjars/**"), builder.pattern("/swagger-resources/configuration/ui"), builder.pattern("/swagger-ui.html")};
        httpSecurity.cors((v0) -> {
            v0.disable();
        }).csrf((v0) -> {
            v0.disable();
        }).authorizeHttpRequests(authorizationManagerRequestMatcherRegistry -> {
            authorizationManagerRequestMatcherRegistry.requestMatchers(mvcRequestMatcherArr).permitAll().requestMatchers(builder.pattern("/static/**")).permitAll().requestMatchers(builder.pattern(SecurityConstants.AUTH_LOGIN_URL)).permitAll().requestMatchers(builder.pattern(HttpMethod.OPTIONS, "/**")).permitAll().anyRequest().authenticated();
        }).addFilter((Filter) new JwtAuthorizationFilter(authenticationManager, this.securityProperties)).sessionManagement(sessionManagementConfigurer -> {
            sessionManagementConfigurer.sessionCreationPolicy(SessionCreationPolicy.STATELESS);
        });
        return httpSecurity.build();
    }

    @Scope("prototype")
    @Bean
    MvcRequestMatcher.Builder mvc(HandlerMappingIntrospector handlerMappingIntrospector) {
        return new MvcRequestMatcher.Builder(handlerMappingIntrospector);
    }

    @Bean
    public InMemoryUserDetailsManager userDetailsService(PasswordEncoder passwordEncoder) {
        return new InMemoryUserDetailsManager(User.withDefaultPasswordEncoder().username(this.securityProperties.getDefaultUser()).password(this.securityProperties.getDefaultPassword()).authorities("ROLE_USER").build());
    }

    @Bean
    public HttpFirewall allowUrlEncodedSlashHttpFirewall() {
        StrictHttpFirewall strictHttpFirewall = new StrictHttpFirewall();
        strictHttpFirewall.setAllowUrlEncodedSlash(true);
        return strictHttpFirewall;
    }

    @Bean
    public PasswordEncoder passwordEncoder() {
        HashMap hashMap = new HashMap();
        hashMap.put("bcrypt", new BCryptPasswordEncoder());
        return new DelegatingPasswordEncoder("bcrypt", hashMap);
    }

    @Bean
    public CorsConfigurationSource corsConfigurationSource() {
        UrlBasedCorsConfigurationSource urlBasedCorsConfigurationSource = new UrlBasedCorsConfigurationSource();
        CorsConfiguration applyPermitDefaultValues = new CorsConfiguration().applyPermitDefaultValues();
        applyPermitDefaultValues.addExposedHeader(SecurityConstants.TOKEN_HEADER);
        urlBasedCorsConfigurationSource.registerCorsConfiguration(SecurityConstants.AUTH_LOGIN_URL, applyPermitDefaultValues);
        CorsConfiguration applyPermitDefaultValues2 = new CorsConfiguration().applyPermitDefaultValues();
        applyPermitDefaultValues2.addAllowedMethod(HttpMethod.OPTIONS);
        applyPermitDefaultValues2.addAllowedMethod(HttpMethod.PUT);
        applyPermitDefaultValues2.addAllowedMethod(HttpMethod.DELETE);
        urlBasedCorsConfigurationSource.registerCorsConfiguration("/**", applyPermitDefaultValues2);
        return urlBasedCorsConfigurationSource;
    }

    @Bean
    public AuthenticationManager authenticationManager(AuthenticationConfiguration authenticationConfiguration) throws Exception {
        return authenticationConfiguration.getAuthenticationManager();
    }
}
