package io.nixer.example;

import ch.qos.logback.classic.ClassicConstants;
import io.nixer.nixerplugin.captcha.config.CaptchaConfigurer;
import io.nixer.nixerplugin.captcha.security.CaptchaChecker;
import io.nixer.nixerplugin.core.detection.filter.FilterConfiguration;
import io.nixer.nixerplugin.core.detection.filter.behavior.Behaviors;
import io.nixer.nixerplugin.core.detection.filter.behavior.Conditions;
import java.util.LinkedHashMap;
import javax.sql.DataSource;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.web.servlet.filter.OrderedRequestContextFilter;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.LockedException;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.authentication.configurers.provisioning.JdbcUserDetailsManagerConfigurer;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.factory.PasswordEncoderFactories;
import org.springframework.security.web.authentication.DelegatingAuthenticationFailureHandler;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
import org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter;
import org.springframework.web.filter.RequestContextFilter;

@Configuration
@EnableWebSecurity
/* loaded from: input_file:BOOT-INF/classes/io/nixer/example/WebSecurityConfig.class */
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private CaptchaChecker captchaChecker;

    @Autowired
    private DataSource dataSource;

    /* JADX WARN: Multi-variable type inference failed */
    @Override // org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
    protected void configure(HttpSecurity httpSecurity) throws Exception {
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        linkedHashMap.put(LockedException.class, new SimpleUrlAuthenticationFailureHandler("/login?error=LOCKED"));
        ((HttpSecurity) ((HttpSecurity) ((HttpSecurity) ((HttpSecurity) httpSecurity.anonymous().and()).authorizeRequests().antMatchers(DefaultLoginPageGeneratingFilter.DEFAULT_LOGIN_PAGE_URL).permitAll().antMatchers(HttpMethod.POST, "/subscribeUser").anonymous().antMatchers("/userSubscribe").permitAll().antMatchers("/actuator/**").permitAll().antMatchers("/assets/**").permitAll().anyRequest().authenticated().and()).formLogin().loginPage(DefaultLoginPageGeneratingFilter.DEFAULT_LOGIN_PAGE_URL).failureHandler(new DelegatingAuthenticationFailureHandler(linkedHashMap, new SimpleUrlAuthenticationFailureHandler("/login?error"))).and()).logout().logoutUrl("/logout").permitAll().and()).csrf().ignoringAntMatchers("/actuator/**", "/subscribeUser");
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
    protected void configure(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception {
        ((JdbcUserDetailsManagerConfigurer) authenticationManagerBuilder.jdbcAuthentication().dataSource(this.dataSource).withDefaultSchema().withUser(ClassicConstants.USER_MDC_KEY).password(PasswordEncoderFactories.createDelegatingPasswordEncoder().encode(ClassicConstants.USER_MDC_KEY)).roles("USER").and()).withObjectPostProcessor(new CaptchaConfigurer(this.captchaChecker));
    }

    @Bean
    public RequestContextFilter requestContextFilter() {
        OrderedRequestContextFilter orderedRequestContextFilter = new OrderedRequestContextFilter();
        orderedRequestContextFilter.setOrder(-100001);
        return orderedRequestContextFilter;
    }

    @Bean
    public FilterConfiguration.BehaviorProviderConfigurer behaviorConfigurer() {
        return behaviorProviderBuilder -> {
            return behaviorProviderBuilder.rule("blacklistedIp").when(Conditions::isBlacklistedIp).then(Behaviors.BLOCKED_ERROR).buildRule().rule("ipLoginOverThreshold").when(Conditions::isIpLoginOverThreshold).then(Behaviors.CAPTCHA).buildRule().rule("userAgentLoginOverThreshold").when(Conditions::isIpLoginOverThreshold).then(Behaviors.CAPTCHA).buildRule().rule("credentialStuffingActive").when(Conditions::isGlobalCredentialStuffing).then(Behaviors.CAPTCHA).buildRule();
        };
    }
}
