package org.zowe.apiml.apicatalog.security;

import com.fasterxml.jackson.databind.ObjectMapper;
import lombok.Generated;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.zowe.apiml.apicatalog.swagger.api.OpenApiUtil;
import org.zowe.apiml.security.client.EnableApimlAuth;
import org.zowe.apiml.security.client.login.GatewayLoginProvider;
import org.zowe.apiml.security.client.token.GatewayTokenProvider;
import org.zowe.apiml.security.common.config.AuthConfigurationProperties;
import org.zowe.apiml.security.common.config.HandlerInitializer;
import org.zowe.apiml.security.common.content.BasicContentFilter;
import org.zowe.apiml.security.common.content.CookieContentFilter;
import org.zowe.apiml.security.common.login.LoginFilter;
import org.zowe.apiml.security.common.login.ShouldBeAlreadyAuthenticatedFilter;

@Configuration
@EnableWebSecurity
@EnableApimlAuth
/* loaded from: input_file:org/zowe/apiml/apicatalog/security/SecurityConfiguration.class */
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
    private final ObjectMapper securityObjectMapper;
    private final AuthConfigurationProperties authConfigurationProperties;
    private final HandlerInitializer handlerInitializer;
    private final GatewayLoginProvider gatewayLoginProvider;
    private final GatewayTokenProvider gatewayTokenProvider;

    protected void configure(AuthenticationManagerBuilder authenticationManagerBuilder) {
        authenticationManagerBuilder.authenticationProvider(this.gatewayLoginProvider);
        authenticationManagerBuilder.authenticationProvider(this.gatewayTokenProvider);
    }

    public void configure(WebSecurity webSecurity) {
        webSecurity.ignoring().antMatchers(new String[]{OpenApiUtil.SEPARATOR, "/static/**", "/favicon.ico", "/api-doc"});
    }

    protected void configure(HttpSecurity httpSecurity) throws Exception {
        ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.csrf().disable().headers().httpStrictTransportSecurity().disable().frameOptions().disable().and().exceptionHandling().defaultAuthenticationEntryPointFor(this.handlerInitializer.getBasicAuthUnauthorizedHandler(), new AntPathRequestMatcher("/application/**")).defaultAuthenticationEntryPointFor(this.handlerInitializer.getBasicAuthUnauthorizedHandler(), new AntPathRequestMatcher("/apidoc/**")).defaultAuthenticationEntryPointFor(this.handlerInitializer.getUnAuthorizedHandler(), new AntPathRequestMatcher("/**")).and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and().addFilterBefore(new ShouldBeAlreadyAuthenticatedFilter(this.authConfigurationProperties.getServiceLoginEndpoint(), this.handlerInitializer.getAuthenticationFailureHandler()), UsernamePasswordAuthenticationFilter.class).addFilterBefore(loginFilter(this.authConfigurationProperties.getServiceLoginEndpoint()), ShouldBeAlreadyAuthenticatedFilter.class).authorizeRequests().antMatchers(HttpMethod.POST, new String[]{this.authConfigurationProperties.getServiceLoginEndpoint()})).permitAll().and().logout().logoutUrl(this.authConfigurationProperties.getServiceLogoutEndpoint()).logoutSuccessHandler(logoutSuccessHandler()).and().addFilterBefore(basicFilter(), UsernamePasswordAuthenticationFilter.class).addFilterBefore(cookieFilter(), UsernamePasswordAuthenticationFilter.class).authorizeRequests().antMatchers(new String[]{"/static-api/**"})).authenticated().antMatchers(new String[]{"/containers/**"})).authenticated().antMatchers(new String[]{"/apidoc/**"})).authenticated().antMatchers(new String[]{"/application/health", "/application/info"})).permitAll().antMatchers(new String[]{"/application/**"})).authenticated();
    }

    private LoginFilter loginFilter(String str) throws Exception {
        return new LoginFilter(str, this.handlerInitializer.getSuccessfulLoginHandler(), this.handlerInitializer.getAuthenticationFailureHandler(), this.securityObjectMapper, authenticationManager(), this.handlerInitializer.getResourceAccessExceptionHandler());
    }

    private BasicContentFilter basicFilter() throws Exception {
        return new BasicContentFilter(authenticationManager(), this.handlerInitializer.getAuthenticationFailureHandler(), this.handlerInitializer.getResourceAccessExceptionHandler());
    }

    private CookieContentFilter cookieFilter() throws Exception {
        return new CookieContentFilter(authenticationManager(), this.handlerInitializer.getAuthenticationFailureHandler(), this.handlerInitializer.getResourceAccessExceptionHandler(), this.authConfigurationProperties);
    }

    @Bean
    public LogoutSuccessHandler logoutSuccessHandler() {
        return new ApiCatalogLogoutSuccessHandler(this.authConfigurationProperties);
    }

    @Generated
    public SecurityConfiguration(ObjectMapper objectMapper, AuthConfigurationProperties authConfigurationProperties, HandlerInitializer handlerInitializer, GatewayLoginProvider gatewayLoginProvider, GatewayTokenProvider gatewayTokenProvider) {
        this.securityObjectMapper = objectMapper;
        this.authConfigurationProperties = authConfigurationProperties;
        this.handlerInitializer = handlerInitializer;
        this.gatewayLoginProvider = gatewayLoginProvider;
        this.gatewayTokenProvider = gatewayTokenProvider;
    }
}
