package org.springframework.cloud.common.security;

import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import javax.servlet.Filter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.security.SecurityProperties;
import org.springframework.boot.autoconfigure.security.oauth2.resource.ResourceServerProperties;
import org.springframework.boot.autoconfigure.security.oauth2.resource.UserInfoTokenServices;
import org.springframework.cloud.common.security.support.DefaultAuthoritiesExtractor;
import org.springframework.cloud.common.security.support.OnSecurityEnabledAndOAuth2Enabled;
import org.springframework.cloud.common.security.support.SecurityConfigUtils;
import org.springframework.cloud.common.security.support.SecurityStateBean;
import org.springframework.context.ApplicationEventPublisher;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Conditional;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.event.EventListener;
import org.springframework.http.MediaType;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.ProviderManager;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.oauth2.client.OAuth2ClientContext;
import org.springframework.security.oauth2.client.OAuth2RestTemplate;
import org.springframework.security.oauth2.client.filter.OAuth2AuthenticationFailureEvent;
import org.springframework.security.oauth2.client.filter.OAuth2ClientAuthenticationProcessingFilter;
import org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeResourceDetails;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableOAuth2Client;
import org.springframework.security.oauth2.provider.authentication.OAuth2AuthenticationManager;
import org.springframework.security.oauth2.provider.authentication.OAuth2AuthenticationProcessingFilter;
import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint;
import org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint;
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
import org.springframework.security.web.util.matcher.AnyRequestMatcher;
import org.springframework.security.web.util.matcher.MediaTypeRequestMatcher;
import org.springframework.web.HttpMediaTypeNotAcceptableException;
import org.springframework.web.accept.HeaderContentNegotiationStrategy;
import org.springframework.web.context.request.NativeWebRequest;

@EnableOAuth2Client
@EnableWebSecurity
@Configuration
@Conditional({OnSecurityEnabledAndOAuth2Enabled.class})
/* loaded from: input_file:org/springframework/cloud/common/security/OAuthSecurityConfiguration.class */
public class OAuthSecurityConfiguration extends WebSecurityConfigurerAdapter {
    private static final Logger logger = LoggerFactory.getLogger(OAuthSecurityConfiguration.class);

    @Autowired
    private SecurityStateBean securityStateBean;

    @Autowired
    private SecurityProperties securityProperties;

    @Autowired
    private OAuth2ClientContext oauth2ClientContext;

    @Autowired
    private AuthorizationCodeResourceDetails authorizationCodeResourceDetails;

    @Autowired
    private ResourceServerProperties resourceServerProperties;

    @Autowired
    private ApplicationEventPublisher applicationEventPublisher;

    @Autowired
    private AuthorizationProperties authorizationProperties;

    /* loaded from: input_file:org/springframework/cloud/common/security/OAuthSecurityConfiguration$BrowserDetectingContentNegotiationStrategy.class */
    private static class BrowserDetectingContentNegotiationStrategy extends HeaderContentNegotiationStrategy {
        private BrowserDetectingContentNegotiationStrategy() {
        }

        public List<MediaType> resolveMediaTypes(NativeWebRequest nativeWebRequest) throws HttpMediaTypeNotAcceptableException {
            List resolveMediaTypes = super.resolveMediaTypes(nativeWebRequest);
            String header = nativeWebRequest.getHeader("User-Agent");
            return (header == null || !header.contains("Mozilla/5.0") || resolveMediaTypes.contains(MediaType.APPLICATION_JSON)) ? Collections.singletonList(MediaType.APPLICATION_JSON) : Collections.singletonList(MediaType.TEXT_HTML);
        }
    }

    protected void configure(HttpSecurity httpSecurity) throws Exception {
        MediaTypeRequestMatcher mediaTypeRequestMatcher = new MediaTypeRequestMatcher(new BrowserDetectingContentNegotiationStrategy(), new MediaType[]{MediaType.TEXT_HTML});
        BasicAuthenticationEntryPoint basicAuthenticationEntryPoint = new BasicAuthenticationEntryPoint();
        basicAuthenticationEntryPoint.setRealmName(this.securityProperties.getBasic().getRealm());
        basicAuthenticationEntryPoint.afterPropertiesSet();
        Filter oauthFilter = oauthFilter();
        BasicAuthenticationFilter basicAuthenticationFilter = new BasicAuthenticationFilter(providerManager(), basicAuthenticationEntryPoint);
        httpSecurity.addFilterAfter(oauthFilter, basicAuthenticationFilter.getClass());
        httpSecurity.addFilterBefore(basicAuthenticationFilter, oauthFilter.getClass());
        httpSecurity.addFilterBefore(oAuth2AuthenticationProcessingFilter(), basicAuthenticationFilter.getClass());
        this.authorizationProperties.getAuthenticatedPaths().add("/");
        this.authorizationProperties.getAuthenticatedPaths().add(dashboard("/**"));
        this.authorizationProperties.getAuthenticatedPaths().add(this.authorizationProperties.getDashboardUrl());
        this.authorizationProperties.getPermitAllPaths().add(this.authorizationProperties.getDashboardUrl());
        this.authorizationProperties.getPermitAllPaths().add(dashboard("/**"));
        ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry authenticated = ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.authorizeRequests().antMatchers((String[]) this.authorizationProperties.getPermitAllPaths().toArray(new String[0]))).permitAll().antMatchers((String[]) this.authorizationProperties.getAuthenticatedPaths().toArray(new String[0]))).authenticated();
        if (this.authorizationProperties.isEnabled()) {
            ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) SecurityConfigUtils.configureSimpleSecurity(authenticated, this.authorizationProperties).anyRequest()).denyAll();
            this.securityStateBean.setAuthorizationEnabled(true);
        } else {
            ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) authenticated.anyRequest()).authenticated();
            this.securityStateBean.setAuthorizationEnabled(false);
        }
        httpSecurity.httpBasic().and().logout().logoutSuccessUrl(dashboard("/logout-success-oauth.html")).and().csrf().disable().exceptionHandling().defaultAuthenticationEntryPointFor(new LoginUrlAuthenticationEntryPoint(this.authorizationProperties.getLoginProcessingUrl()), mediaTypeRequestMatcher).defaultAuthenticationEntryPointFor(basicAuthenticationEntryPoint, AnyRequestMatcher.INSTANCE);
        this.securityStateBean.setAuthenticationEnabled(true);
    }

    @Bean
    public UserInfoTokenServices tokenServices() {
        UserInfoTokenServices userInfoTokenServices = new UserInfoTokenServices(this.resourceServerProperties.getUserInfoUri(), this.authorizationCodeResourceDetails.getClientId());
        userInfoTokenServices.setRestTemplate(oAuth2RestTemplate());
        userInfoTokenServices.setAuthoritiesExtractor(new DefaultAuthoritiesExtractor());
        return userInfoTokenServices;
    }

    @Bean
    public OAuth2RestTemplate oAuth2RestTemplate() {
        return new OAuth2RestTemplate(this.authorizationCodeResourceDetails, this.oauth2ClientContext);
    }

    @Bean
    public AuthenticationProvider authenticationProvider() {
        return new ManualOAuthAuthenticationProvider();
    }

    @Bean
    public ProviderManager providerManager() {
        ArrayList arrayList = new ArrayList();
        arrayList.add(authenticationProvider());
        return new ProviderManager(arrayList);
    }

    private Filter oauthFilter() {
        OAuth2ClientAuthenticationProcessingFilter oAuth2ClientAuthenticationProcessingFilter = new OAuth2ClientAuthenticationProcessingFilter("/login");
        oAuth2ClientAuthenticationProcessingFilter.setRestTemplate(oAuth2RestTemplate());
        oAuth2ClientAuthenticationProcessingFilter.setTokenServices(tokenServices());
        oAuth2ClientAuthenticationProcessingFilter.setApplicationEventPublisher(this.applicationEventPublisher);
        return oAuth2ClientAuthenticationProcessingFilter;
    }

    private OAuth2AuthenticationProcessingFilter oAuth2AuthenticationProcessingFilter() {
        OAuth2AuthenticationProcessingFilter oAuth2AuthenticationProcessingFilter = new OAuth2AuthenticationProcessingFilter();
        oAuth2AuthenticationProcessingFilter.setAuthenticationManager(oauthAuthenticationManager());
        oAuth2AuthenticationProcessingFilter.setStateless(false);
        return oAuth2AuthenticationProcessingFilter;
    }

    @Bean
    public AuthenticationManager oauthAuthenticationManager() {
        OAuth2AuthenticationManager oAuth2AuthenticationManager = new OAuth2AuthenticationManager();
        oAuth2AuthenticationManager.setTokenServices(tokenServices());
        return oAuth2AuthenticationManager;
    }

    @EventListener
    public void handleOAuth2AuthenticationFailureEvent(OAuth2AuthenticationFailureEvent oAuth2AuthenticationFailureEvent) {
        logger.error("An error ocurred while accessing an authentication REST resource.", oAuth2AuthenticationFailureEvent.getException());
    }

    private String dashboard(String str) {
        return this.authorizationProperties.getDashboardUrl() + str;
    }
}
