package com.c4_soft.springaddons.security.oidc.starter.synchronised.client;

import com.c4_soft.springaddons.security.oidc.starter.LogoutRequestUriBuilder;
import com.c4_soft.springaddons.security.oidc.starter.SpringAddonsOAuth2LogoutRequestUriBuilder;
import com.c4_soft.springaddons.security.oidc.starter.properties.SpringAddonsOidcProperties;
import com.c4_soft.springaddons.security.oidc.starter.properties.condition.bean.DefaultAuthenticationEntryPointCondition;
import com.c4_soft.springaddons.security.oidc.starter.properties.condition.bean.DefaultAuthenticationFailureHandlerCondition;
import com.c4_soft.springaddons.security.oidc.starter.properties.condition.bean.DefaultAuthenticationSuccessHandlerCondition;
import com.c4_soft.springaddons.security.oidc.starter.properties.condition.bean.DefaultCorsFilterCondition;
import com.c4_soft.springaddons.security.oidc.starter.properties.condition.bean.DefaultOidcBackChannelLogoutHandlerCondition;
import com.c4_soft.springaddons.security.oidc.starter.properties.condition.bean.DefaultOidcSessionRegistryCondition;
import com.c4_soft.springaddons.security.oidc.starter.properties.condition.configuration.IsClientWithLoginCondition;
import com.c4_soft.springaddons.security.oidc.starter.synchronised.ServletConfigurationSupport;
import com.c4_soft.springaddons.security.oidc.starter.synchronised.SpringAddonsOidcBeans;
import java.util.ArrayList;
import java.util.Objects;
import java.util.Optional;
import lombok.Generated;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.boot.autoconfigure.AutoConfiguration;
import org.springframework.boot.autoconfigure.ImportAutoConfiguration;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication;
import org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2ClientProperties;
import org.springframework.boot.autoconfigure.web.ServerProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Conditional;
import org.springframework.core.annotation.Order;
import org.springframework.http.HttpStatus;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer;
import org.springframework.security.config.annotation.web.configurers.oauth2.client.OidcBackChannelLogoutHandler;
import org.springframework.security.oauth2.client.oidc.session.InMemoryOidcSessionRegistry;
import org.springframework.security.oauth2.client.oidc.session.OidcSessionRegistry;
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
import org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestResolver;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.security.web.authentication.logout.LogoutHandler;
import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
import org.springframework.security.web.session.InvalidSessionStrategy;
import org.springframework.security.web.session.SimpleRedirectInvalidSessionStrategy;
import org.springframework.web.filter.CorsFilter;
import org.springframework.web.util.UriComponentsBuilder;

@EnableWebSecurity
@AutoConfiguration
@ImportAutoConfiguration({SpringAddonsOidcBeans.class})
@Conditional({IsClientWithLoginCondition.class})
@ConditionalOnWebApplication(type = ConditionalOnWebApplication.Type.SERVLET)
/* loaded from: input_file:com/c4_soft/springaddons/security/oidc/starter/synchronised/client/SpringAddonsOidcClientWithLoginBeans.class */
public class SpringAddonsOidcClientWithLoginBeans {

    @Generated
    private static final Logger log = LoggerFactory.getLogger(SpringAddonsOidcClientWithLoginBeans.class);

    /* loaded from: input_file:com/c4_soft/springaddons/security/oidc/starter/synchronised/client/SpringAddonsOidcClientWithLoginBeans$SpringAddonsPreAuthorizationCodeRedirectStrategy.class */
    public static class SpringAddonsPreAuthorizationCodeRedirectStrategy extends SpringAddonsOauth2RedirectStrategy implements PreAuthorizationCodeRedirectStrategy {
        public SpringAddonsPreAuthorizationCodeRedirectStrategy(HttpStatus httpStatus) {
            super(httpStatus);
        }
    }

    @Order(2147483646)
    @Bean
    SecurityFilterChain springAddonsClientFilterChain(HttpSecurity httpSecurity, ServerProperties serverProperties, PreAuthorizationCodeRedirectStrategy preAuthorizationCodeRedirectStrategy, OAuth2AuthorizationRequestResolver oAuth2AuthorizationRequestResolver, AuthenticationEntryPoint authenticationEntryPoint, AuthenticationSuccessHandler authenticationSuccessHandler, AuthenticationFailureHandler authenticationFailureHandler, InvalidSessionStrategy invalidSessionStrategy, LogoutSuccessHandler logoutSuccessHandler, SpringAddonsOidcProperties springAddonsOidcProperties, ClientExpressionInterceptUrlRegistryPostProcessor clientExpressionInterceptUrlRegistryPostProcessor, ClientSynchronizedHttpSecurityPostProcessor clientSynchronizedHttpSecurityPostProcessor, Optional<OidcBackChannelLogoutHandler> optional) throws Exception {
        log.info("Applying client OAuth2 configuration for: {}", springAddonsOidcProperties.getClient().getSecurityMatchers());
        httpSecurity.securityMatcher((String[]) springAddonsOidcProperties.getClient().getSecurityMatchers().toArray(new String[0]));
        httpSecurity.sessionManagement(sessionManagementConfigurer -> {
            sessionManagementConfigurer.invalidSessionStrategy(invalidSessionStrategy);
        });
        httpSecurity.exceptionHandling(exceptionHandlingConfigurer -> {
            exceptionHandlingConfigurer.authenticationEntryPoint(authenticationEntryPoint);
        });
        httpSecurity.oauth2Login(oAuth2LoginConfigurer -> {
            oAuth2LoginConfigurer.authorizationEndpoint(authorizationEndpointConfig -> {
                authorizationEndpointConfig.authorizationRedirectStrategy(preAuthorizationCodeRedirectStrategy);
                authorizationEndpointConfig.authorizationRequestResolver(oAuth2AuthorizationRequestResolver);
            });
            oAuth2LoginConfigurer.successHandler(authenticationSuccessHandler);
            oAuth2LoginConfigurer.failureHandler(authenticationFailureHandler);
        });
        httpSecurity.logout(logoutConfigurer -> {
            logoutConfigurer.logoutSuccessHandler(logoutSuccessHandler);
        });
        if (optional.isPresent()) {
            httpSecurity.oidcLogout(oidcLogoutConfigurer -> {
                oidcLogoutConfigurer.backChannel(backChannelLogoutConfigurer -> {
                    backChannelLogoutConfigurer.logoutHandler((LogoutHandler) optional.get());
                });
            });
        }
        ServletConfigurationSupport.configureClient(httpSecurity, serverProperties, springAddonsOidcProperties, clientExpressionInterceptUrlRegistryPostProcessor, clientSynchronizedHttpSecurityPostProcessor);
        return (SecurityFilterChain) httpSecurity.build();
    }

    @ConditionalOnMissingBean
    @Bean
    OAuth2AuthorizationRequestResolver oAuth2AuthorizationRequestResolver(OAuth2ClientProperties oAuth2ClientProperties, ClientRegistrationRepository clientRegistrationRepository, SpringAddonsOidcProperties springAddonsOidcProperties) {
        return new SpringAddonsOAuth2AuthorizationRequestResolver(oAuth2ClientProperties, clientRegistrationRepository, springAddonsOidcProperties.getClient());
    }

    @ConditionalOnMissingBean
    @Bean
    LogoutRequestUriBuilder logoutRequestUriBuilder(SpringAddonsOidcProperties springAddonsOidcProperties) {
        return new SpringAddonsOAuth2LogoutRequestUriBuilder(springAddonsOidcProperties.getClient());
    }

    @ConditionalOnMissingBean
    @Bean
    LogoutSuccessHandler logoutSuccessHandler(LogoutRequestUriBuilder logoutRequestUriBuilder, ClientRegistrationRepository clientRegistrationRepository, SpringAddonsOidcProperties springAddonsOidcProperties) {
        return new SpringAddonsLogoutSuccessHandler(logoutRequestUriBuilder, clientRegistrationRepository, springAddonsOidcProperties);
    }

    @ConditionalOnMissingBean
    @Bean
    ClientExpressionInterceptUrlRegistryPostProcessor clientAuthorizePostProcessor() {
        return authorizationManagerRequestMatcherRegistry -> {
            return ((AuthorizeHttpRequestsConfigurer.AuthorizedUrl) authorizationManagerRequestMatcherRegistry.anyRequest()).authenticated();
        };
    }

    @ConditionalOnMissingBean
    @Bean
    ClientSynchronizedHttpSecurityPostProcessor clientHttpPostProcessor() {
        return httpSecurity -> {
            return httpSecurity;
        };
    }

    @ConditionalOnMissingBean
    @Bean
    PreAuthorizationCodeRedirectStrategy authorizationCodeRedirectStrategy(SpringAddonsOidcProperties springAddonsOidcProperties) {
        return new SpringAddonsPreAuthorizationCodeRedirectStrategy(springAddonsOidcProperties.getClient().getOauth2Redirections().getPreAuthorizationCode());
    }

    @ConditionalOnMissingBean({InvalidSessionStrategy.class})
    @Bean
    InvalidSessionStrategy invalidSessionStrategy(SpringAddonsOidcProperties springAddonsOidcProperties) {
        String uri = springAddonsOidcProperties.getClient().getLoginUri().orElse(UriComponentsBuilder.fromUri(springAddonsOidcProperties.getClient().getClientUri()).pathSegment(new String[]{springAddonsOidcProperties.getClient().getClientUri().getPath(), "/login"}).build().toUri()).toString();
        log.debug("Invalid session. Returning %d and request authentication at %s".formatted(Integer.valueOf(springAddonsOidcProperties.getClient().getOauth2Redirections().getInvalidSessionStrategy().value()), uri));
        return springAddonsOidcProperties.getClient().getOauth2Redirections().getInvalidSessionStrategy() == HttpStatus.FOUND ? new SimpleRedirectInvalidSessionStrategy(uri) : (httpServletRequest, httpServletResponse) -> {
            httpServletResponse.setStatus(springAddonsOidcProperties.getClient().getOauth2Redirections().getInvalidSessionStrategy().value());
            httpServletResponse.setHeader("Location", uri);
            if (springAddonsOidcProperties.getClient().getOauth2Redirections().getInvalidSessionStrategy().is4xxClientError() || springAddonsOidcProperties.getClient().getOauth2Redirections().getInvalidSessionStrategy().is5xxServerError()) {
                httpServletResponse.getOutputStream().write("Invalid session. Please authenticate at %s".formatted(uri).getBytes());
            }
            httpServletResponse.flushBuffer();
        };
    }

    @Conditional({DefaultAuthenticationEntryPointCondition.class})
    @Bean
    AuthenticationEntryPoint authenticationEntryPoint(SpringAddonsOidcProperties springAddonsOidcProperties) {
        return new SpringAddonsAuthenticationEntryPoint(springAddonsOidcProperties.getClient());
    }

    @Conditional({DefaultAuthenticationSuccessHandlerCondition.class})
    @Bean
    AuthenticationSuccessHandler authenticationSuccessHandler(SpringAddonsOidcProperties springAddonsOidcProperties) {
        return new SpringAddonsOauth2AuthenticationSuccessHandler(springAddonsOidcProperties);
    }

    @Conditional({DefaultAuthenticationFailureHandlerCondition.class})
    @Bean
    AuthenticationFailureHandler authenticationFailureHandler(SpringAddonsOidcProperties springAddonsOidcProperties) {
        return new SpringAddonsOauth2AuthenticationFailureHandler(springAddonsOidcProperties);
    }

    @Conditional({DefaultCorsFilterCondition.class})
    @Bean
    CorsFilter corsFilter(SpringAddonsOidcProperties springAddonsOidcProperties) {
        ArrayList arrayList = new ArrayList(springAddonsOidcProperties.getCors());
        arrayList.addAll(springAddonsOidcProperties.getClient().getCors());
        return ServletConfigurationSupport.getCorsFilterBean(arrayList);
    }

    @Conditional({DefaultOidcSessionRegistryCondition.class})
    @Bean
    OidcSessionRegistry oidcSessionRegistry() {
        return new InMemoryOidcSessionRegistry();
    }

    @Conditional({DefaultOidcBackChannelLogoutHandlerCondition.class})
    @Bean
    OidcBackChannelLogoutHandler oidcBackChannelLogoutHandler(OidcSessionRegistry oidcSessionRegistry, SpringAddonsOidcProperties springAddonsOidcProperties) {
        OidcBackChannelLogoutHandler oidcBackChannelLogoutHandler = new OidcBackChannelLogoutHandler(oidcSessionRegistry);
        Optional<String> internalLogoutUri = springAddonsOidcProperties.getClient().getBackChannelLogout().getInternalLogoutUri();
        Objects.requireNonNull(oidcBackChannelLogoutHandler);
        internalLogoutUri.ifPresent(oidcBackChannelLogoutHandler::setLogoutUri);
        Optional<String> cookieName = springAddonsOidcProperties.getClient().getBackChannelLogout().getCookieName();
        Objects.requireNonNull(oidcBackChannelLogoutHandler);
        cookieName.ifPresent(oidcBackChannelLogoutHandler::setSessionCookieName);
        return oidcBackChannelLogoutHandler;
    }
}
