package de.muenchen.oss.digiwf.shared.configuration;

import org.springdoc.core.Constants;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.web.client.RestTemplateBuilder;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Profile;
import org.springframework.core.convert.converter.Converter;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AbstractAuthenticationToken;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.oauth2.jwt.Jwt;
import org.springframework.security.web.SecurityFilterChain;

@Configuration
@EnableWebSecurity
@Profile({"!no-security"})
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true, jsr250Enabled = true)
/* loaded from: input_file:BOOT-INF/classes/de/muenchen/oss/digiwf/shared/configuration/SecurityConfiguration.class */
public class SecurityConfiguration {
    private static final String[] PERMITTED_URLS = {"/error", "/actuator/info", "/actuator/health", "/actuator/metrics", Constants.SWAGGER_UI_URL, "/swagger-ui*/*swagger-initializer.js", "/swagger-ui*/**", "/v3/api-docs/*", Constants.DEFAULT_API_DOCS_URL, "/camunda/**"};
    private final RestTemplateBuilder restTemplateBuilder;

    @Value("${spring.security.oauth2.client.provider.keycloak.user-info-uri}")
    private String userInfoUri;

    /* JADX WARN: Multi-variable type inference failed */
    @Bean
    public SecurityFilterChain configure(HttpSecurity httpSecurity) throws Exception {
        ((HttpSecurity) ((HttpSecurity) httpSecurity.csrf().ignoringAntMatchers(PERMITTED_URLS).disable()).authorizeRequests().antMatchers(HttpMethod.OPTIONS).permitAll().antMatchers(PERMITTED_URLS).permitAll().anyRequest().authenticated().and()).oauth2ResourceServer().jwt().jwtAuthenticationConverter(customCachingUserServiceConverter()).and();
        return httpSecurity.build();
    }

    private Converter<Jwt, AbstractAuthenticationToken> customCachingUserServiceConverter() {
        return new JwtUserInfoAuthenticationConverter(new UserInfoAuthoritiesService(this.userInfoUri, this.restTemplateBuilder));
    }

    public SecurityConfiguration(RestTemplateBuilder restTemplateBuilder) {
        this.restTemplateBuilder = restTemplateBuilder;
    }
}
