package com.epam.ta.reportportal.core.configs;

import com.epam.ta.reportportal.auth.UserRoleHierarchy;
import com.epam.ta.reportportal.auth.permissions.PermissionEvaluatorFactoryBean;
import com.epam.ta.reportportal.auth.permissions.ProjectAuthority;
import com.google.common.collect.Lists;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.stream.Collectors;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.security.oauth2.resource.AuthoritiesExtractor;
import org.springframework.boot.autoconfigure.security.oauth2.resource.FixedAuthoritiesExtractor;
import org.springframework.cloud.netflix.zuul.filters.discovery.DiscoveryClientRouteLocator;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.access.AccessDecisionManager;
import org.springframework.security.access.PermissionEvaluator;
import org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler;
import org.springframework.security.access.expression.method.MethodSecurityExpressionHandler;
import org.springframework.security.access.hierarchicalroles.RoleHierarchy;
import org.springframework.security.access.vote.AffirmativeBased;
import org.springframework.security.access.vote.AuthenticatedVoter;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.oauth2.provider.expression.OAuth2WebSecurityExpressionHandler;
import org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler;
import org.springframework.security.web.access.expression.WebExpressionVoter;

@Configuration
/* loaded from: input_file:BOOT-INF/classes/com/epam/ta/reportportal/core/configs/SecurityConfiguration.class */
class SecurityConfiguration {

    @Configuration
    @EnableGlobalMethodSecurity(proxyTargetClass = true, prePostEnabled = true)
    /* loaded from: input_file:BOOT-INF/classes/com/epam/ta/reportportal/core/configs/SecurityConfiguration$MethodSecurityConfig.class */
    public static class MethodSecurityConfig extends GlobalMethodSecurityConfiguration {

        @Autowired
        private RoleHierarchy roleHierarchy;

        @Autowired
        private PermissionEvaluator permissionEvaluator;

        @Override // org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration
        protected MethodSecurityExpressionHandler createExpressionHandler() {
            DefaultMethodSecurityExpressionHandler defaultMethodSecurityExpressionHandler = new DefaultMethodSecurityExpressionHandler();
            defaultMethodSecurityExpressionHandler.setRoleHierarchy(this.roleHierarchy);
            defaultMethodSecurityExpressionHandler.setPermissionEvaluator(this.permissionEvaluator);
            return defaultMethodSecurityExpressionHandler;
        }
    }

    /* loaded from: input_file:BOOT-INF/classes/com/epam/ta/reportportal/core/configs/SecurityConfiguration$ReportPortalAuthorityExtractor.class */
    static class ReportPortalAuthorityExtractor extends FixedAuthoritiesExtractor {
        ReportPortalAuthorityExtractor() {
        }

        @Override // org.springframework.boot.autoconfigure.security.oauth2.resource.FixedAuthoritiesExtractor, org.springframework.boot.autoconfigure.security.oauth2.resource.AuthoritiesExtractor
        public List<GrantedAuthority> extractAuthorities(Map<String, Object> map) {
            List<GrantedAuthority> extractAuthorities = super.extractAuthorities(map);
            Optional map2 = Optional.ofNullable(map.get("projects")).map(obj -> {
                return (List) ((Map) obj).entrySet().stream().map(entry -> {
                    return new ProjectAuthority((String) entry.getKey(), (String) entry.getValue());
                }).collect(Collectors.toList());
            });
            extractAuthorities.getClass();
            map2.ifPresent((v1) -> {
                r1.addAll(v1);
            });
            return extractAuthorities;
        }
    }

    @EnableResourceServer
    @Configuration
    /* loaded from: input_file:BOOT-INF/classes/com/epam/ta/reportportal/core/configs/SecurityConfiguration$SecurityServerConfiguration.class */
    public static class SecurityServerConfiguration extends ResourceServerConfigurerAdapter {

        @Autowired
        private PermissionEvaluator permissionEvaluator;

        @Bean
        public static PermissionEvaluatorFactoryBean permissionEvaluatorFactoryBean() {
            return new PermissionEvaluatorFactoryBean();
        }

        @Bean
        public static RoleHierarchy userRoleHierarchy() {
            return new UserRoleHierarchy();
        }

        @Bean
        public static AuthoritiesExtractor rpAuthoritiesExtractor() {
            return new ReportPortalAuthorityExtractor();
        }

        private DefaultWebSecurityExpressionHandler webSecurityExpressionHandler() {
            OAuth2WebSecurityExpressionHandler oAuth2WebSecurityExpressionHandler = new OAuth2WebSecurityExpressionHandler();
            oAuth2WebSecurityExpressionHandler.setRoleHierarchy(userRoleHierarchy());
            oAuth2WebSecurityExpressionHandler.setPermissionEvaluator(this.permissionEvaluator);
            return oAuth2WebSecurityExpressionHandler;
        }

        private AccessDecisionManager webAccessDecisionManager() {
            ArrayList newArrayList = Lists.newArrayList();
            newArrayList.add(new AuthenticatedVoter());
            WebExpressionVoter webExpressionVoter = new WebExpressionVoter();
            webExpressionVoter.setExpressionHandler(webSecurityExpressionHandler());
            newArrayList.add(webExpressionVoter);
            return new AffirmativeBased(newArrayList);
        }

        /* JADX WARN: Multi-variable type inference failed */
        @Override // org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter, org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurer
        public void configure(HttpSecurity httpSecurity) throws Exception {
            ((HttpSecurity) httpSecurity.authorizeRequests().accessDecisionManager(webAccessDecisionManager()).antMatchers("/**/user/registration/info*", "/**/user/registration**", "/**/user/password/reset/*", "/**/user/password/reset**", "/**/user/password/restore**", "/documentation.html").permitAll().antMatchers("/api-internal/**").hasRole("COMPONENT").antMatchers("/v2/**", "/swagger-resources", "/certificate/**", "/api/**", DiscoveryClientRouteLocator.DEFAULT_ROUTE).hasRole("USER").anyRequest().authenticated().and()).csrf().disable();
        }
    }

    SecurityConfiguration() {
    }

    @Bean
    public PermissionEvaluatorFactoryBean permissionEvaluator() {
        return new PermissionEvaluatorFactoryBean();
    }
}
