package org.openhubframework.openhub.web.config;

import java.util.Collections;
import org.apache.camel.component.spring.security.SpringSecurityAccessPolicy;
import org.apache.camel.component.spring.security.SpringSecurityAuthorizationPolicy;
import org.openhubframework.openhub.core.config.CamelConfig;
import org.openhubframework.openhub.web.config.GlobalSecurityConfig;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.AutoConfigureBefore;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.autoconfigure.security.SecurityProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.access.AccessDecisionManager;
import org.springframework.security.access.vote.AffirmativeBased;
import org.springframework.security.access.vote.RoleVoter;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.util.Assert;

@AutoConfigureBefore({CamelConfig.class})
@EnableWebSecurity
@Order(2147483640)
/* loaded from: input_file:org/openhubframework/openhub/web/config/WebSecurityConfig.class */
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Configuration
    @Order(WsSecurityConfig.ORDER)
    /* loaded from: input_file:org/openhubframework/openhub/web/config/WebSecurityConfig$WsSecurityConfig.class */
    public static class WsSecurityConfig extends WebSecurityConfig {

        @Autowired
        private SecurityProperties securityProperties;
        public static final int ORDER = 1;
        static final String WWW_AUTHENTICATE_HEADER = "WWW-Authenticate";

        protected void configure(HttpSecurity httpSecurity) throws Exception {
            ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.csrf().disable().antMatcher("/ws/**").authorizeRequests().anyRequest()).hasAnyRole(new String[]{GlobalSecurityConfig.AuthRole.WS.name()}).and().exceptionHandling().authenticationEntryPoint(basicAuthenticationEntryPoint()).and().httpBasic();
        }

        private AuthenticationEntryPoint basicAuthenticationEntryPoint() {
            return (httpServletRequest, httpServletResponse, authenticationException) -> {
                if (authenticationException != null) {
                    httpServletResponse.setStatus(401);
                    Assert.notNull(this.securityProperties, "the securityProperties must be set");
                    Assert.notNull(this.securityProperties.getBasic(), "the security.basic must be set");
                    httpServletResponse.addHeader(WWW_AUTHENTICATE_HEADER, "Basic realm=\"" + this.securityProperties.getBasic().getRealm() + "\"");
                }
            };
        }
    }

    @ConditionalOnMissingBean
    @Bean
    public AffirmativeBased accessDecisionManager() {
        AffirmativeBased affirmativeBased = new AffirmativeBased(Collections.singletonList(new RoleVoter()));
        affirmativeBased.setAllowIfAllAbstainDecisions(true);
        return affirmativeBased;
    }

    @ConditionalOnMissingBean(name = {"roleWsAuthPolicy"})
    @Bean(name = {"roleWsAuthPolicy"})
    public SpringSecurityAuthorizationPolicy authorizationPolicy(AccessDecisionManager accessDecisionManager, AuthenticationManager authenticationManager) {
        SpringSecurityAuthorizationPolicy springSecurityAuthorizationPolicy = new SpringSecurityAuthorizationPolicy();
        springSecurityAuthorizationPolicy.setAccessDecisionManager(accessDecisionManager);
        springSecurityAuthorizationPolicy.setAuthenticationManager(authenticationManager);
        springSecurityAuthorizationPolicy.setUseThreadSecurityContext(true);
        springSecurityAuthorizationPolicy.setSpringSecurityAccessPolicy(new SpringSecurityAccessPolicy(GlobalSecurityConfig.AuthRole.WS.name()));
        return springSecurityAuthorizationPolicy;
    }
}
