package com.sintia.ffl.core.api.security;

import com.sintia.ffl.core.api.filter.CustomAuthenticationFilter;
import com.sintia.ffl.core.api.filter.CustomAuthorizationFilter;
import java.util.List;
import javax.servlet.Filter;
import org.apache.commons.lang3.StringUtils;
import org.springdoc.core.Constants;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.actuate.autoconfigure.security.servlet.EndpointRequest;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Profile;
import org.springframework.jdbc.datasource.init.ScriptUtils;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.authentication.configurers.provisioning.InMemoryUserDetailsManagerConfigurer;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.util.Assert;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.CorsConfigurationSource;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;

@Profile({"!test"})
@Configuration
@EnableWebSecurity
/* loaded from: input_file:BOOT-INF/lib/ffl-core-api-1.0.22.jar:com/sintia/ffl/core/api/security/WebSecurityConfig.class */
public class WebSecurityConfig extends WebSecurityConfigurerAdapter implements InitializingBean {
    private final UserDetailsService userDetailsService;

    @Value("${com.sintia.ffl.jwtsecret}")
    private String jwtSecret;

    @Value("${com.sintia.ffl.authparam}")
    private String authParam;

    @Value("${com.sintia.ffl.jwttokenexpiration}")
    private Long jwtTokenExpiration;

    @Value("${com.sintia.ffl.actuator.username}")
    private String actuatorUsername;

    @Value("${com.sintia.ffl.actuator.password}")
    private String actuatorPassword;
    private static final String[] PUBLIC_RESOURCES = {"/assets/svg/*.svg", "/fa-*.ttf", "/fa-*.woff2", "/assets/font/*.woff2", "/favicon.ico", Constants.INDEX_PAGE, "/*.js", "/*.js.map", "/styles*.css", "/styles*.css.map"};
    private static final String[] PUBLIC_URLS = {"/", ScriptUtils.DEFAULT_BLOCK_COMMENT_START_DELIMITER, "/v3/api-docs/**", "/swagger-ui/**"};
    private final BCryptPasswordEncoder bCryptPasswordEncoder;

    /* JADX WARN: Multi-variable type inference failed */
    @Override // org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
    public void configure(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception {
        ((InMemoryUserDetailsManagerConfigurer) authenticationManagerBuilder.inMemoryAuthentication().passwordEncoder(actuatorPasswordEncoder())).withUser(this.actuatorUsername).password(this.actuatorPassword).roles("ACTUATOR");
        authenticationManagerBuilder.userDetailsService(this.userDetailsService).passwordEncoder(this.bCryptPasswordEncoder);
    }

    private PasswordEncoder actuatorPasswordEncoder() {
        return new PasswordEncoder() { // from class: com.sintia.ffl.core.api.security.WebSecurityConfig.1
            @Override // org.springframework.security.crypto.password.PasswordEncoder
            public String encode(CharSequence charSequence) {
                if (charSequence == null) {
                    return null;
                }
                return charSequence.toString();
            }

            @Override // org.springframework.security.crypto.password.PasswordEncoder
            public boolean matches(CharSequence charSequence, String str) {
                return StringUtils.equals(charSequence, str);
            }
        };
    }

    @Override // org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
    @Bean
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
    protected void configure(HttpSecurity httpSecurity) throws Exception {
        CustomAuthenticationFilter customAuthenticationFilter = new CustomAuthenticationFilter(this.jwtSecret, this.authParam, this.jwtTokenExpiration, authenticationManagerBean());
        customAuthenticationFilter.setFilterProcessesUrl("/sso");
        httpSecurity.cors(Customizer.withDefaults());
        httpSecurity.csrf().disable();
        httpSecurity.cors().disable();
        httpSecurity.headers().frameOptions().sameOrigin().disable();
        httpSecurity.headers().httpStrictTransportSecurity().includeSubDomains(true).maxAgeInSeconds(31536000L);
        httpSecurity.headers().contentSecurityPolicy("default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline';object-src 'self' blob:; img-src 'self' blob: data:;connect-src 'self' blob:");
        httpSecurity.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
        httpSecurity.authorizeRequests().requestMatchers(EndpointRequest.to("health")).permitAll();
        ((HttpSecurity) httpSecurity.authorizeRequests().requestMatchers(EndpointRequest.toAnyEndpoint()).hasRole("ACTUATOR").and()).httpBasic();
        httpSecurity.authorizeRequests().antMatchers(PUBLIC_RESOURCES).permitAll();
        httpSecurity.authorizeRequests().antMatchers(PUBLIC_URLS).permitAll();
        httpSecurity.authorizeRequests().antMatchers("/api/**").hasRole("PS");
        httpSecurity.authorizeRequests().antMatchers("/services/**").permitAll();
        httpSecurity.authorizeRequests().anyRequest().authenticated();
        httpSecurity.addFilter((Filter) customAuthenticationFilter);
        httpSecurity.addFilterBefore(new CustomAuthorizationFilter(this.jwtSecret), UsernamePasswordAuthenticationFilter.class);
    }

    @Profile({"local"})
    @Bean
    CorsConfigurationSource corsConfigurationSource() {
        CorsConfiguration corsConfiguration = new CorsConfiguration();
        corsConfiguration.setAllowedOrigins(List.of("*"));
        corsConfiguration.setAllowedMethods(List.of("*"));
        corsConfiguration.setAllowedHeaders(List.of("*"));
        corsConfiguration.setAllowCredentials(true);
        UrlBasedCorsConfigurationSource urlBasedCorsConfigurationSource = new UrlBasedCorsConfigurationSource();
        urlBasedCorsConfigurationSource.registerCorsConfiguration(Constants.ALL_PATTERN, corsConfiguration);
        return urlBasedCorsConfigurationSource;
    }

    @Override // org.springframework.beans.factory.InitializingBean
    public void afterPropertiesSet() {
        Assert.state(StringUtils.isNotBlank(this.actuatorUsername) && StringUtils.isNotBlank(this.actuatorPassword), "Un utilisateur et un mot de passe doivent être configurés pour sécuriser l'accès aux endpoints de management.");
    }

    public WebSecurityConfig(UserDetailsService userDetailsService, BCryptPasswordEncoder bCryptPasswordEncoder) {
        this.userDetailsService = userDetailsService;
        this.bCryptPasswordEncoder = bCryptPasswordEncoder;
    }
}
