package org.tbk.spring.lnurl.security;

import java.util.Objects;
import java.util.Optional;
import javax.servlet.Filter;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy;
import org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.util.Assert;
import org.springframework.web.util.UriComponentsBuilder;
import org.tbk.lnurl.auth.K1Manager;
import org.tbk.lnurl.auth.LnurlAuthFactory;
import org.tbk.lnurl.auth.LnurlAuthPairingService;
import org.tbk.spring.lnurl.security.session.LnurlAuthSessionAuthenticationFilter;
import org.tbk.spring.lnurl.security.session.LnurlAuthSessionAuthenticationProvider;
import org.tbk.spring.lnurl.security.ui.LnurlAuthLoginPageGeneratingFilter;
import org.tbk.spring.lnurl.security.wallet.LnurlAuthWalletAuthenticationFilter;
import org.tbk.spring.lnurl.security.wallet.LnurlAuthWalletAuthenticationProvider;

/* loaded from: input_file:org/tbk/spring/lnurl/security/LnurlAuthConfigurer.class */
public class LnurlAuthConfigurer extends AbstractHttpConfigurer<LnurlAuthConfigurer, HttpSecurity> {
    private static final String DEFAULT_LOGIN_PAGE_URL = "/lnurl-auth/login";
    private static final String DEFAULT_WALLET_LOGIN_URL = "/lnurl-auth/wallet/login";
    private static final String DEFAULT_SESSION_LOGIN_URL = "/lnurl-auth/session/migrate";
    private static final String DEFAULT_SESSION_K1_KEY = "LNURL_AUTH_K1";
    private final SessionEndpointConfig sessionEndpointConfig = new SessionEndpointConfig();
    private final WalletEndpointConfig walletEndpointConfig = new WalletEndpointConfig();
    private final LoginPageEndpointConfig loginPageEndpointConfig = new LoginPageEndpointConfig();
    private K1Manager k1Manager;
    private LnurlAuthPairingService pairingService;
    private LnurlAuthFactory lnurlAuthFactory;
    private UserDetailsService authenticationUserDetailsService;

    /* loaded from: input_file:org/tbk/spring/lnurl/security/LnurlAuthConfigurer$LoginPageEndpointConfig.class */
    public final class LoginPageEndpointConfig {
        private String authorizationRequestBaseUri = LnurlAuthConfigurer.defaultLoginPageUrl();
        private boolean enabled = false;

        public LoginPageEndpointConfig() {
        }

        public LoginPageEndpointConfig baseUri(String str) {
            Assert.hasText(str, "authorizationRequestBaseUri cannot be empty");
            this.authorizationRequestBaseUri = str;
            return this;
        }

        public LoginPageEndpointConfig disable() {
            return enable(false);
        }

        public LoginPageEndpointConfig enable() {
            return enable(true);
        }

        public LoginPageEndpointConfig enable(boolean z) {
            this.enabled = z;
            return this;
        }

        public LnurlAuthConfigurer and() {
            return LnurlAuthConfigurer.this;
        }
    }

    /* loaded from: input_file:org/tbk/spring/lnurl/security/LnurlAuthConfigurer$SessionEndpointConfig.class */
    public final class SessionEndpointConfig {
        private String authorizationRequestBaseUri = LnurlAuthConfigurer.defaultSessionLoginUrl();
        private String sessionK1Key = LnurlAuthConfigurer.defaultSessionK1Key();
        private LnurlAuthSessionAuthenticationFilter.SuccessHandlerCustomizer successHandlerCustomizer = lnurlAuthSessionAuthenticationSuccessHandler -> {
        };

        public SessionEndpointConfig() {
        }

        public SessionEndpointConfig baseUri(String str) {
            Assert.hasText(str, "authorizationRequestBaseUri cannot be empty");
            this.authorizationRequestBaseUri = str;
            return this;
        }

        public SessionEndpointConfig sessionK1Key(String str) {
            Assert.hasText(str, "sessionK1Key cannot be empty");
            this.sessionK1Key = str;
            return this;
        }

        public SessionEndpointConfig successHandlerCustomizer(LnurlAuthSessionAuthenticationFilter.SuccessHandlerCustomizer successHandlerCustomizer) {
            Assert.notNull(successHandlerCustomizer, "successHandlerCustomizer cannot be null");
            this.successHandlerCustomizer = successHandlerCustomizer;
            return this;
        }

        public LnurlAuthConfigurer and() {
            return LnurlAuthConfigurer.this;
        }

        private AntPathRequestMatcher getRequestMatcher() {
            return new AntPathRequestMatcher(UriComponentsBuilder.fromUriString(this.authorizationRequestBaseUri).replaceQuery("").fragment((String) null).build().toUriString(), HttpMethod.GET.name());
        }
    }

    /* loaded from: input_file:org/tbk/spring/lnurl/security/LnurlAuthConfigurer$WalletEndpointConfig.class */
    public final class WalletEndpointConfig {
        private String authorizationRequestBaseUri = LnurlAuthConfigurer.defaultWalletLoginUrl();

        public WalletEndpointConfig() {
        }

        public WalletEndpointConfig baseUri(String str) {
            Assert.hasText(str, "authorizationRequestBaseUri cannot be empty");
            this.authorizationRequestBaseUri = str;
            return this;
        }

        public LnurlAuthConfigurer and() {
            return LnurlAuthConfigurer.this;
        }
    }

    public static String defaultLoginPageUrl() {
        return DEFAULT_LOGIN_PAGE_URL;
    }

    public static String defaultWalletLoginUrl() {
        return DEFAULT_WALLET_LOGIN_URL;
    }

    public static String defaultSessionLoginUrl() {
        return DEFAULT_SESSION_LOGIN_URL;
    }

    public static String defaultSessionK1Key() {
        return DEFAULT_SESSION_K1_KEY;
    }

    public static LnurlAuthConfigurer create(K1Manager k1Manager, LnurlAuthPairingService lnurlAuthPairingService) {
        return new LnurlAuthConfigurer().k1Manager(k1Manager).pairingService(lnurlAuthPairingService).loginPageEndpoint((v0) -> {
            v0.disable();
        });
    }

    public static LnurlAuthConfigurer createWithDefaultLoginPage(K1Manager k1Manager, LnurlAuthPairingService lnurlAuthPairingService, LnurlAuthFactory lnurlAuthFactory) {
        return create(k1Manager, lnurlAuthPairingService).lnurlAuthFactory(lnurlAuthFactory).loginPageEndpoint((v0) -> {
            v0.enable();
        });
    }

    public LnurlAuthConfigurer k1Manager(K1Manager k1Manager) {
        this.k1Manager = (K1Manager) Objects.requireNonNull(k1Manager);
        return this;
    }

    public LnurlAuthConfigurer pairingService(LnurlAuthPairingService lnurlAuthPairingService) {
        this.pairingService = (LnurlAuthPairingService) Objects.requireNonNull(lnurlAuthPairingService);
        return this;
    }

    public LnurlAuthConfigurer authenticationUserDetailsService(UserDetailsService userDetailsService) {
        this.authenticationUserDetailsService = (UserDetailsService) Objects.requireNonNull(userDetailsService);
        return this;
    }

    public LnurlAuthConfigurer lnurlAuthFactory(LnurlAuthFactory lnurlAuthFactory) {
        this.lnurlAuthFactory = lnurlAuthFactory;
        if (lnurlAuthFactory == null) {
            this.loginPageEndpointConfig.disable();
        }
        return this;
    }

    public void init(HttpSecurity httpSecurity) {
        if (this.k1Manager == null) {
            throw new IllegalStateException("Cannot create lnurl-auth authentication handling when 'k1Manager' is null. Please add the necessary bean or disable lnurl-auth authentication.");
        }
        if (this.pairingService == null) {
            throw new IllegalStateException("Cannot create lnurl-auth authentication handling when 'pairingService' is null. Please add the necessary bean or disable lnurl-auth authentication.");
        }
        if (this.loginPageEndpointConfig.enabled && this.lnurlAuthFactory == null) {
            throw new IllegalStateException("Cannot create default lnurl-auth login page when 'lnurlAuthFactory' is null. Consider adding the necessary bean or disable default login page generation.");
        }
    }

    public void configure(HttpSecurity httpSecurity) {
        AuthenticationManager authenticationManager = (AuthenticationManager) httpSecurity.getSharedObject(AuthenticationManager.class);
        SessionAuthenticationStrategy sessionAuthenticationStrategy = (SessionAuthenticationStrategy) httpSecurity.getSharedObject(SessionAuthenticationStrategy.class);
        UserDetailsService userDetailsService = (UserDetailsService) Optional.ofNullable(this.authenticationUserDetailsService).or(() -> {
            return Optional.ofNullable((AuthenticationManagerBuilder) httpSecurity.getSharedObject(AuthenticationManagerBuilder.class)).map((v0) -> {
                return v0.getDefaultUserDetailsService();
            });
        }).or(() -> {
            return Optional.ofNullable((UserDetailsService) httpSecurity.getSharedObject(UserDetailsService.class));
        }).orElseThrow(() -> {
            return new IllegalStateException("'userDetailsService' must not be null.");
        });
        LnurlAuthWalletAuthenticationFilter lnurlAuthWalletAuthenticationFilter = new LnurlAuthWalletAuthenticationFilter(this.walletEndpointConfig.authorizationRequestBaseUri);
        lnurlAuthWalletAuthenticationFilter.setAuthenticationManager(authenticationManager);
        LnurlAuthSessionAuthenticationFilter lnurlAuthSessionAuthenticationFilter = new LnurlAuthSessionAuthenticationFilter(this.sessionEndpointConfig.getRequestMatcher(), this.sessionEndpointConfig.sessionK1Key, this.sessionEndpointConfig.successHandlerCustomizer);
        lnurlAuthSessionAuthenticationFilter.setAuthenticationManager(authenticationManager);
        lnurlAuthSessionAuthenticationFilter.setSessionAuthenticationStrategy(sessionAuthenticationStrategy);
        httpSecurity.authenticationProvider((AuthenticationProvider) postProcess(walletAuthenticationProvider(userDetailsService))).addFilterAfter((Filter) postProcess(lnurlAuthWalletAuthenticationFilter), SecurityContextHolderAwareRequestFilter.class);
        httpSecurity.authenticationProvider((AuthenticationProvider) postProcess(sessionAuthenticationProvider(userDetailsService))).addFilterAfter((Filter) postProcess(lnurlAuthSessionAuthenticationFilter), SecurityContextHolderAwareRequestFilter.class);
        if (this.loginPageEndpointConfig.enabled) {
            Objects.requireNonNull(this.lnurlAuthFactory, "Sanity check: 'lnurlAuthFactory' must not be null");
            httpSecurity.addFilterAfter((Filter) postProcess(new LnurlAuthLoginPageGeneratingFilter(this.lnurlAuthFactory, this.loginPageEndpointConfig.authorizationRequestBaseUri, this.sessionEndpointConfig.authorizationRequestBaseUri, this.sessionEndpointConfig.sessionK1Key)), SecurityContextHolderAwareRequestFilter.class);
        }
    }

    protected LnurlAuthWalletAuthenticationProvider walletAuthenticationProvider(UserDetailsService userDetailsService) {
        return new LnurlAuthWalletAuthenticationProvider(this.k1Manager, this.pairingService, userDetailsService);
    }

    protected LnurlAuthSessionAuthenticationProvider sessionAuthenticationProvider(UserDetailsService userDetailsService) {
        return new LnurlAuthSessionAuthenticationProvider(this.pairingService, userDetailsService);
    }

    public WalletEndpointConfig walletEndpoint() {
        return this.walletEndpointConfig;
    }

    public LnurlAuthConfigurer walletEndpoint(Customizer<WalletEndpointConfig> customizer) {
        customizer.customize(this.walletEndpointConfig);
        return this;
    }

    public SessionEndpointConfig sessionEndpoint() {
        return this.sessionEndpointConfig;
    }

    public LnurlAuthConfigurer sessionEndpoint(Customizer<SessionEndpointConfig> customizer) {
        customizer.customize(this.sessionEndpointConfig);
        return this;
    }

    public LoginPageEndpointConfig loginPageEndpoint() {
        return this.loginPageEndpointConfig;
    }

    public LnurlAuthConfigurer loginPageEndpoint(Customizer<LoginPageEndpointConfig> customizer) {
        customizer.customize(this.loginPageEndpointConfig);
        return this;
    }
}
