package cronapp.framework.authentication.normal;

import com.google.gson.Gson;
import com.google.gson.JsonObject;
import cronapi.Var;
import cronapp.framework.api.ApiManager;
import cronapp.framework.api.EventsManager;
import cronapp.framework.authentication.AuthenticationUtil;
import cronapp.framework.authentication.security.CronappAnonymousAuthenticationFilter;
import cronapp.framework.authentication.security.CronappLogoutSuccessHandler;
import cronapp.framework.authentication.security.Permission;
import cronapp.framework.i18n.Messages;
import java.nio.charset.StandardCharsets;
import java.util.List;
import java.util.StringJoiner;
import javax.servlet.http.HttpSession;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpStatus;
import org.springframework.security.access.AccessDecisionVoter;
import org.springframework.security.access.vote.UnanimousBased;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.security.web.authentication.Http403ForbiddenEntryPoint;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;

@Configuration
@EnableWebSecurity
/* loaded from: input_file:cronapp/framework/authentication/normal/AuthorizationConfigurer.class */
public class AuthorizationConfigurer extends WebSecurityConfigurerAdapter {
    private static final Logger LOGGER = LoggerFactory.getLogger(AuthorizationConfigurer.class);

    @Autowired
    private AuthenticationConfigurer authenticationProvider;

    @Autowired(required = false)
    private Permission permission;

    @Autowired
    private List<AccessDecisionVoter<? extends Object>> decisionVoters;

    @Autowired
    private CronappLogoutSuccessHandler logoutSuccessHandler;

    protected void configure(AuthenticationManagerBuilder authenticationManagerBuilder) {
        authenticationManagerBuilder.authenticationProvider(this.authenticationProvider);
    }

    protected void configure(HttpSecurity httpSecurity) throws Exception {
        httpSecurity.csrf().disable();
        httpSecurity.exceptionHandling().authenticationEntryPoint(new Http403ForbiddenEntryPoint()).and().sessionManagement().maximumSessions(100).maxSessionsPreventsLogin(false).and().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED);
        if (this.permission != null) {
            AuthenticationUtil.loadStaticSecurity(httpSecurity);
            this.permission.loadSecurityPermission(httpSecurity);
        } else {
            httpSecurity.anonymous().authenticationFilter(new CronappAnonymousAuthenticationFilter("anonymousAuthenticationFilterKey", "anonymousUser", ApiManager.getPublicAuthorities()));
            ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.authorizeRequests().anyRequest()).denyAll().accessDecisionManager(new UnanimousBased(this.decisionVoters));
        }
        httpSecurity.formLogin().loginProcessingUrl("/auth").successHandler(successHandler()).failureHandler(failureHandler()).and().logout().logoutRequestMatcher(new AntPathRequestMatcher("/logout")).logoutSuccessHandler(this.logoutSuccessHandler).invalidateHttpSession(true);
        httpSecurity.headers().cacheControl().disable().frameOptions().disable().httpStrictTransportSecurity().disable();
    }

    private AuthenticationSuccessHandler successHandler() {
        return (httpServletRequest, httpServletResponse, authentication) -> {
            HttpSession session = httpServletRequest.getSession();
            User user = (User) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
            session.setAttribute("username", user.getUsername());
            session.setAttribute("authorities", authentication.getAuthorities());
            httpServletResponse.setStatus(200);
            StringJoiner stringJoiner = new StringJoiner(",");
            stringJoiner.add("Public");
            stringJoiner.add("Authenticated");
            boolean z = false;
            for (GrantedAuthority grantedAuthority : user.getAuthorities()) {
                stringJoiner.add(grantedAuthority.getAuthority());
                if (grantedAuthority.getAuthority().equalsIgnoreCase(Permission.ROOT_ROLE)) {
                    z = true;
                }
            }
            try {
                cronapp.framework.api.User user2 = (cronapp.framework.api.User) httpServletRequest.getAttribute("userDetails");
                Gson gson = new Gson();
                JsonObject jsonObject = new JsonObject();
                jsonObject.add("user", gson.toJsonTree(user2.resetPassword()));
                jsonObject.add("picture", gson.toJsonTree(user2.getPicture()));
                jsonObject.addProperty("roles", stringJoiner.toString());
                jsonObject.addProperty("theme", session.getAttribute("theme"));
                jsonObject.addProperty("root", Boolean.valueOf(z));
                httpServletResponse.getOutputStream().write(jsonObject.toString().getBytes(StandardCharsets.UTF_8));
                httpServletResponse.setHeader("Content-Type", "application/json;charset=UTF-8");
                if (EventsManager.hasEvent("onLogin")) {
                    EventsManager.executeEventOnTransaction("onLogin", Var.valueOf("username", authentication.getName()));
                }
            } catch (Exception e) {
                LOGGER.error(Messages.getString("AuthError", e.getMessage()), e);
                throw new AuthenticationServiceException(Messages.getString("AuthError", e.getMessage()));
            }
        };
    }

    private AuthenticationFailureHandler failureHandler() {
        return (httpServletRequest, httpServletResponse, authenticationException) -> {
            AuthenticationException authenticationException = authenticationException;
            for (int i = 0; authenticationException != null && i < 3; i++) {
                LOGGER.error("Falha obter token OAUTH", authenticationException.getMessage(), authenticationException);
                authenticationException = authenticationException.getCause();
            }
            httpServletResponse.setStatus(HttpStatus.UNAUTHORIZED.value());
        };
    }
}
