package de.adorsys.mbs.service.example.config;

import com.fasterxml.jackson.databind.ObjectMapper;
import de.adorsys.multibanking.auth.SystemContext;
import de.adorsys.multibanking.auth.UserContext;
import de.adorsys.multibanking.service.base.StorageUserService;
import de.adorsys.multibanking.service.base.SystemObjectService;
import de.adorsys.multibanking.service.base.UserObjectService;
import de.adorsys.multibanking.service.crypto.SecretClaimDecryptionService;
import de.adorsys.sts.filter.JWTAuthenticationFilter;
import de.adorsys.sts.token.authentication.TokenAuthenticationService;
import de.adorsys.sts.tokenauth.BearerTokenValidator;
import java.util.Arrays;
import java.util.Collections;
import javax.servlet.Filter;
import javax.servlet.http.HttpServletRequest;
import org.adorsys.docusafe.business.types.UserID;
import org.adorsys.docusafe.business.types.complex.UserIDAuth;
import org.adorsys.encobject.domain.ReadKeyPassword;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Primary;
import org.springframework.context.annotation.Scope;
import org.springframework.context.annotation.ScopedProxyMode;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.CorsConfigurationSource;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
/* loaded from: input_file:BOOT-INF/classes/de/adorsys/mbs/service/example/config/WebSecurityConfig.class */
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) WebSecurityConfig.class);

    @Autowired
    private TokenAuthenticationService tokenAuthenticationService;

    @Autowired
    private SecretClaimDecryptionService secretClaimDecryptionService;

    @Autowired
    private StorageUserService storageUserService;

    @Autowired
    private ObjectMapper objectMapper;

    @Autowired
    private BearerTokenValidator bearerTokenValidator;

    /* JADX WARN: Multi-variable type inference failed */
    @Override // org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
    protected void configure(HttpSecurity httpSecurity) throws Exception {
        ((HttpSecurity) ((HttpSecurity) ((HttpSecurity) httpSecurity.csrf().disable()).sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()).authorizeRequests().antMatchers(HttpMethod.GET, "/actuator/health").permitAll().antMatchers(HttpMethod.GET, "/actuator/info").permitAll().antMatchers("/actuator/**").hasAuthority("admin").antMatchers("/").permitAll().antMatchers("/pop").permitAll().antMatchers("/swagger-ui.html**").permitAll().antMatchers("/webjars/**").permitAll().antMatchers("/swagger-resources/**").permitAll().antMatchers("/v2/api-docs/**").permitAll().antMatchers(HttpMethod.GET, "/api/v1/bank/**").permitAll().antMatchers("/api/v1/image/**").permitAll().antMatchers("/api/v1/**").authenticated().anyRequest().denyAll().and()).cors();
        httpSecurity.addFilterBefore((Filter) new JWTAuthenticationFilter(this.tokenAuthenticationService), BasicAuthenticationFilter.class);
    }

    @Scope(scopeName = "request", proxyMode = ScopedProxyMode.TARGET_CLASS)
    @Bean
    @Primary
    public UserContext getUserContext(HttpServletRequest httpServletRequest) {
        LOGGER.debug("************************************** Enter getUserContext");
        UserContext userContext = new UserContext();
        String name = SecurityContextHolder.getContext().getAuthentication().getName();
        String decryptSecretClaim = this.secretClaimDecryptionService.decryptSecretClaim();
        userContext.setAuth(new UserIDAuth(new UserID(name), new ReadKeyPassword(decryptSecretClaim)));
        userContext.setBearerToken(this.bearerTokenValidator.extract(httpServletRequest.getHeader("Authorization")));
        if (StringUtils.isNotBlank(decryptSecretClaim) && !this.storageUserService.userExists(userContext.getAuth().getUserID())) {
            this.storageUserService.createUser(userContext.getAuth());
        }
        LOGGER.debug("userContext ist " + userContext.getAuth().getUserID().getValue());
        LOGGER.debug("************************************** Exit getUserContext");
        return userContext;
    }

    @Scope(scopeName = "request", proxyMode = ScopedProxyMode.TARGET_CLASS)
    @Bean
    UserObjectService userObjectService(UserContext userContext) {
        return new UserObjectService(this.objectMapper, userContext);
    }

    @Bean
    SystemObjectService systemObjectService(SystemContext systemContext) {
        return new SystemObjectService(this.objectMapper, systemContext);
    }

    @Bean
    public CorsConfigurationSource corsConfigurationSource() {
        CorsConfiguration corsConfiguration = new CorsConfiguration();
        corsConfiguration.setAllowedOrigins(Collections.singletonList("*"));
        corsConfiguration.setAllowedMethods(Arrays.asList("HEAD", "GET", "POST", "PUT", "DELETE", "PATCH"));
        corsConfiguration.setAllowCredentials(true);
        corsConfiguration.setAllowedHeaders(Arrays.asList("Authorization", "Cache-Control", "Content-Type"));
        corsConfiguration.setExposedHeaders(Collections.singletonList("Location"));
        UrlBasedCorsConfigurationSource urlBasedCorsConfigurationSource = new UrlBasedCorsConfigurationSource();
        urlBasedCorsConfigurationSource.registerCorsConfiguration("/**", corsConfiguration);
        return urlBasedCorsConfigurationSource;
    }
}
