package br.eti.arthurgregorio.shiroee.config;

import br.eti.arthurgregorio.shiroee.auth.events.AuthenticationEventSupport;
import br.eti.arthurgregorio.shiroee.config.ldap.DefaultLdapUserProvider;
import br.eti.arthurgregorio.shiroee.config.ldap.LdapUserProvider;
import br.eti.arthurgregorio.shiroee.config.messages.Messages;
import br.eti.arthurgregorio.shiroee.realm.LdapSecurityRealm;
import com.google.common.base.Preconditions;
import com.google.common.collect.Lists;
import java.util.Map;
import java.util.Set;
import java.util.stream.Stream;
import javax.enterprise.context.ApplicationScoped;
import javax.enterprise.inject.Instance;
import javax.enterprise.inject.Produces;
import javax.inject.Inject;
import org.apache.commons.configuration2.PropertiesConfiguration;
import org.apache.commons.lang3.StringUtils;
import org.apache.shiro.authc.AuthenticationListener;
import org.apache.shiro.authc.pam.ModularRealmAuthenticator;
import org.apache.shiro.codec.Hex;
import org.apache.shiro.config.ConfigurationException;
import org.apache.shiro.crypto.AesCipherService;
import org.apache.shiro.realm.Realm;
import org.apache.shiro.realm.ldap.JndiLdapContextFactory;
import org.apache.shiro.realm.ldap.LdapContextFactory;
import org.apache.shiro.web.filter.authc.AnonymousFilter;
import org.apache.shiro.web.filter.authc.FormAuthenticationFilter;
import org.apache.shiro.web.filter.authc.LogoutFilter;
import org.apache.shiro.web.filter.authz.PermissionsAuthorizationFilter;
import org.apache.shiro.web.filter.authz.RolesAuthorizationFilter;
import org.apache.shiro.web.filter.mgt.DefaultFilterChainManager;
import org.apache.shiro.web.filter.mgt.FilterChainResolver;
import org.apache.shiro.web.filter.mgt.PathMatchingFilterChainResolver;
import org.apache.shiro.web.mgt.CookieRememberMeManager;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;

@ApplicationScoped
/* loaded from: input_file:br/eti/arthurgregorio/shiroee/config/DefaultSecurityConfiguration.class */
public class DefaultSecurityConfiguration implements SecurityConfiguration {
    private PropertiesConfiguration configuration = ConfigurationFactory.get();
    private LdapUserProvider ldapUserProvider;
    private LdapContextFactory ldapContextFactory;

    @Inject
    private AuthenticationEventSupport authenticationEventSupport;

    @Inject
    private Instance<RealmConfiguration> realmConfigurationInstance;

    @Inject
    private Instance<HttpSecurityConfiguration> httpSecurityConfigurationInstance;

    public DefaultSecurityConfiguration() {
        if (this.configuration.getBoolean("ldap.enabled", false)) {
            this.ldapContextFactory = configureLdapContextFactory();
            this.ldapUserProvider = configureLdapUserProvider();
        }
    }

    @Override // br.eti.arthurgregorio.shiroee.config.SecurityConfiguration
    public FilterChainResolver configurteFilterChainResolver() {
        DefaultFilterChainManager defaultFilterChainManager = new DefaultFilterChainManager();
        defaultFilterChainManager.addFilter(this.configuration.getString("operator.authenticated", Constants.AUTHENTICATED_OP), configureFormAuthentication());
        defaultFilterChainManager.addFilter(this.configuration.getString("operator.logout", Constants.LOGOUT_OP), new LogoutFilter());
        defaultFilterChainManager.addFilter(this.configuration.getString("operator.anonymous", Constants.ANONYMOUS_OP), new AnonymousFilter());
        defaultFilterChainManager.addFilter(this.configuration.getString("operator.required_role", Constants.REQUIRED_ROLE_OP), new RolesAuthorizationFilter());
        PermissionsAuthorizationFilter permissionsAuthorizationFilter = new PermissionsAuthorizationFilter();
        String string = this.configuration.getString("url.unauthorized");
        if (StringUtils.isNotBlank(string)) {
            permissionsAuthorizationFilter.setUnauthorizedUrl(string);
        }
        defaultFilterChainManager.addFilter(this.configuration.getString("operator.required_permission", Constants.REQUIRED_PERMISSION_OP), permissionsAuthorizationFilter);
        HttpSecurityConfiguration validateHttpConfig = validateHttpConfig();
        Map<String, String> build = validateHttpConfig.configureHttpSecurity().build();
        build.keySet().stream().forEach(str -> {
            defaultFilterChainManager.createChain(str, (String) build.get(str));
        });
        destroy(validateHttpConfig);
        defaultFilterChainManager.createChain(this.configuration.getString("url.root_secured_path", Constants.URL_ROOT_SECURED_PATH), this.configuration.getString("operator.authenticated", Constants.AUTHENTICATED_OP));
        defaultFilterChainManager.createChain(this.configuration.getString("url.logout_path", Constants.URL_LOGOUT_PATH), this.configuration.getString("operator.logout", Constants.LOGOUT_OP));
        PathMatchingFilterChainResolver pathMatchingFilterChainResolver = new PathMatchingFilterChainResolver();
        pathMatchingFilterChainResolver.setFilterChainManager(defaultFilterChainManager);
        return pathMatchingFilterChainResolver;
    }

    @Override // br.eti.arthurgregorio.shiroee.config.SecurityConfiguration
    public DefaultWebSecurityManager configureSecurityManager() {
        validateRealmConfig();
        DefaultWebSecurityManager defaultWebSecurityManager = new DefaultWebSecurityManager();
        CookieRememberMeManager cookieRememberMeManager = new CookieRememberMeManager();
        cookieRememberMeManager.setCipherKey(createCypherKey());
        RealmConfiguration validateRealmConfig = validateRealmConfig();
        Set<Realm> configureRealms = validateRealmConfig.configureRealms();
        if (configureRealms == null || configureRealms.isEmpty()) {
            throw new ConfigurationException(Messages.NO_REALM_ERROR.format(new Object[0]));
        }
        destroy(validateRealmConfig);
        defaultWebSecurityManager.setRememberMeManager(cookieRememberMeManager);
        ModularRealmAuthenticator modularRealmAuthenticator = new ModularRealmAuthenticator();
        modularRealmAuthenticator.setAuthenticationListeners(Lists.newArrayList(new AuthenticationListener[]{this.authenticationEventSupport}));
        defaultWebSecurityManager.setAuthenticator(modularRealmAuthenticator);
        Stream<Realm> stream = configureRealms.stream();
        Class<LdapSecurityRealm> cls = LdapSecurityRealm.class;
        LdapSecurityRealm.class.getClass();
        Stream<Realm> filter = stream.filter((v1) -> {
            return r1.isInstance(v1);
        });
        Class<LdapSecurityRealm> cls2 = LdapSecurityRealm.class;
        LdapSecurityRealm.class.getClass();
        filter.map((v1) -> {
            return r1.cast(v1);
        }).forEach(ldapSecurityRealm -> {
            ldapSecurityRealm.setContextFactory(this.ldapContextFactory);
        });
        defaultWebSecurityManager.setRealms(configureRealms);
        return defaultWebSecurityManager;
    }

    @ApplicationScoped
    @Produces
    public LdapUserProvider produceLdapUserProvider() {
        if (this.ldapUserProvider == null) {
            configureLdapUserProvider();
        }
        return this.ldapUserProvider;
    }

    private LdapUserProvider configureLdapUserProvider() {
        return new DefaultLdapUserProvider(this.configuration.getString("ldap.baseDn", Constants.LDAP_BASE_DN), this.configuration.getString("ldap.searchFilter", Constants.LDAP_SEARCH_FILTER), this.ldapContextFactory);
    }

    private LdapContextFactory configureLdapContextFactory() {
        JndiLdapContextFactory jndiLdapContextFactory = new JndiLdapContextFactory();
        String str = (String) Preconditions.checkNotNull(this.configuration.getString("ldap.url"));
        String str2 = (String) Preconditions.checkNotNull(this.configuration.getString("ldap.user"));
        String str3 = (String) Preconditions.checkNotNull(this.configuration.getString("ldap.password"));
        jndiLdapContextFactory.setUrl(str);
        jndiLdapContextFactory.setSystemUsername(str2);
        jndiLdapContextFactory.setSystemPassword(str3);
        jndiLdapContextFactory.setPoolingEnabled(true);
        return jndiLdapContextFactory;
    }

    private FormAuthenticationFilter configureFormAuthentication() {
        FormAuthenticationFilter formAuthenticationFilter = new FormAuthenticationFilter();
        formAuthenticationFilter.setLoginUrl(this.configuration.getString("url.login", Constants.URL_LOGIN));
        formAuthenticationFilter.setSuccessUrl(this.configuration.getString("url.login_success", Constants.URL_LOGIN_SUCCESS));
        return formAuthenticationFilter;
    }

    private byte[] createCypherKey() {
        return String.format("0x%s", Hex.encodeToString(new AesCipherService().generateNewKey().getEncoded())).getBytes();
    }

    private HttpSecurityConfiguration validateHttpConfig() {
        if (this.httpSecurityConfigurationInstance.isUnsatisfied() || this.httpSecurityConfigurationInstance.isAmbiguous()) {
            throw new ConfigurationException(Messages.INSTANCE_IS_INVALID.format("HttpSecurityConfigurationInstance"));
        }
        return (HttpSecurityConfiguration) this.httpSecurityConfigurationInstance.get();
    }

    private RealmConfiguration validateRealmConfig() {
        if (this.realmConfigurationInstance.isUnsatisfied() || this.realmConfigurationInstance.isAmbiguous()) {
            throw new ConfigurationException(Messages.INSTANCE_IS_INVALID.format("RealmConfiguration"));
        }
        return (RealmConfiguration) this.realmConfigurationInstance.get();
    }

    private void destroy(RealmConfiguration realmConfiguration) {
        this.realmConfigurationInstance.destroy(realmConfiguration);
    }

    private void destroy(HttpSecurityConfiguration httpSecurityConfiguration) {
        this.httpSecurityConfigurationInstance.destroy(httpSecurityConfiguration);
    }
}
