package com.stormpath.spring.config;

import com.stormpath.sdk.authc.AuthenticationResult;
import com.stormpath.sdk.client.Client;
import com.stormpath.sdk.servlet.http.Saver;
import com.stormpath.spring.filter.SpringSecurityResolvedAccountFilter;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.beans.factory.config.AutowireCapableBeanFactory;
import org.springframework.context.ApplicationContext;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.SecurityConfigurerAdapter;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.web.DefaultSecurityFilterChain;
import org.springframework.security.web.authentication.AnonymousAuthenticationFilter;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.security.web.authentication.logout.LogoutHandler;

@EnableStormpathWebSecurity
@Configuration
/* loaded from: input_file:com/stormpath/spring/config/StormpathWebSecurityConfigurer.class */
public class StormpathWebSecurityConfigurer extends SecurityConfigurerAdapter<DefaultSecurityFilterChain, HttpSecurity> {

    @Autowired
    protected Client client;

    @Autowired
    @Qualifier("stormpathLogoutHandler")
    protected LogoutHandler logoutHandler;

    @Autowired
    @Qualifier("stormpathAuthenticationSuccessHandler")
    protected AuthenticationSuccessHandler successHandler;

    @Autowired
    @Qualifier("stormpathAuthenticationFailureHandler")
    protected AuthenticationFailureHandler failureHandler;

    @Autowired(required = false)
    @Qualifier("stormpathAuthenticationResultSaver")
    protected Saver<AuthenticationResult> authenticationResultSaver;

    @Value("#{ @environment['stormpath.spring.security.enabled'] ?: true }")
    protected boolean stormpathSecuritybEnabled;

    @Value("#{ @environment['stormpath.web.enabled'] ?: true }")
    protected boolean stormpathWebEnabled;

    @Value("#{ @environment['stormpath.web.login.enabled'] ?: true }")
    protected boolean loginEnabled;

    @Value("#{ @environment['stormpath.web.login.uri'] ?: '/login' }")
    protected String loginUri;

    @Value("#{ @environment['stormpath.web.logout.enabled'] ?: true }")
    protected boolean logoutEnabled;

    @Value("#{ @environment['stormpath.web.logout.uri'] ?: '/logout' }")
    protected String logoutUri;

    @Value("#{ @environment['stormpath.web.logout.nextUri'] ?: '/login?status=logout' }")
    protected String logoutNextUri;

    @Value("#{ @environment['stormpath.web.forgot.enabled'] ?: true }")
    protected boolean forgotEnabled;

    @Value("#{ @environment['stormpath.web.forgot.nextUri'] ?: '/forgot' }")
    protected String forgotUri;

    @Value("#{ @environment['stormpath.web.change.enabled'] ?: true }")
    protected boolean changeEnabled;

    @Value("#{ @environment['stormpath.web.change.nextUri'] ?: '/change' }")
    protected String changeUri;

    @Value("#{ @environment['stormpath.web.register.enabled'] ?: true }")
    protected boolean registerEnabled;

    @Value("#{ @environment['stormpath.web.register.nextUri'] ?: '/register' }")
    protected String registerUri;

    @Value("#{ @environment['stormpath.web.verify.enabled'] ?: true }")
    protected boolean verifyEnabled;

    @Value("#{ @environment['stormpath.web.verify.nextUri'] ?: '/verify' }")
    protected String verifyUri;

    @Value("#{ @environment['stormpath.spring.security.fullyAuthenticated.enabled'] ?: true }")
    protected boolean fullyAuthenticatedEnabled;

    @Value("#{ @environment['stormpath.web.idSite.enabled'] ?: false }")
    protected boolean idSiteEnabled;

    @Value("#{ @environment['stormpath.web.saml.enabled'] ?: false }")
    protected boolean samlEnabled;

    @Value("#{ @environment['stormpath.web.idSite.result.uri'] ?: '/idSiteResult' }")
    protected String idSiteResultUri;

    @Value("#{ @environment['stormpath.web.saml.result.uri'] ?: '/samlResult' }")
    protected String samlResultUri;

    public static StormpathWebSecurityConfigurer stormpath() {
        return new StormpathWebSecurityConfigurer();
    }

    public void init(HttpSecurity httpSecurity) throws Exception {
        AutowireCapableBeanFactory autowireCapableBeanFactory = ((ApplicationContext) httpSecurity.getSharedObject(ApplicationContext.class)).getAutowireCapableBeanFactory();
        autowireCapableBeanFactory.autowireBean(this);
        if (this.loginEnabled) {
            httpSecurity.addFilterBefore(new SpringSecurityResolvedAccountFilter((AuthenticationManager) autowireCapableBeanFactory.getBean(AuthenticationManager.class)), AnonymousAuthenticationFilter.class);
        }
        if ((this.idSiteEnabled || this.samlEnabled) && this.loginEnabled) {
            ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.formLogin().loginPage(this.loginUri).and().authorizeRequests().antMatchers(new String[]{this.loginUri})).permitAll();
            ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.authorizeRequests().antMatchers(new String[]{this.idSiteEnabled ? this.idSiteResultUri : this.samlResultUri})).permitAll();
        } else if (this.stormpathWebEnabled) {
            if (this.loginEnabled) {
                ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.formLogin().loginPage(this.loginUri).successHandler(this.successHandler).failureHandler(this.failureHandler).usernameParameter("login").passwordParameter("password").and().authorizeRequests().antMatchers(new String[]{this.loginUri.endsWith("*") ? this.loginUri : this.loginUri + "*"})).permitAll();
            }
            ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.authorizeRequests().antMatchers(new String[]{"/assets/css/stormpath.css"})).permitAll().antMatchers(new String[]{"/assets/css/custom.stormpath.css"})).permitAll();
        }
        if (this.idSiteEnabled || this.samlEnabled || this.stormpathWebEnabled) {
            if (this.logoutEnabled) {
                ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.logout().invalidateHttpSession(true).logoutUrl(this.logoutUri).logoutSuccessUrl(this.logoutNextUri).addLogoutHandler(this.logoutHandler).and().authorizeRequests().antMatchers(new String[]{this.logoutUri})).permitAll();
            }
            if (this.forgotEnabled) {
                ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.authorizeRequests().antMatchers(new String[]{this.forgotUri})).permitAll();
            }
            if (this.changeEnabled) {
                ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.authorizeRequests().antMatchers(new String[]{this.changeUri})).permitAll();
            }
            if (this.registerEnabled) {
                ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.authorizeRequests().antMatchers(new String[]{this.registerUri})).permitAll();
            }
            if (this.verifyEnabled) {
                ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.authorizeRequests().antMatchers(new String[]{this.verifyUri})).permitAll();
            }
            if (this.fullyAuthenticatedEnabled) {
                ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.authorizeRequests().anyRequest()).fullyAuthenticated();
            }
        }
    }

    @Deprecated
    protected void doConfigure(HttpSecurity httpSecurity) throws Exception {
    }

    @Deprecated
    protected void doConfigure(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception {
    }

    @Deprecated
    protected void doConfigure(WebSecurity webSecurity) throws Exception {
    }
}
