package com.cumulocity.microservice.security.configuration;

import com.cumulocity.microservice.security.filter.PostAuthenticateServletFilter;
import com.cumulocity.microservice.security.filter.PreAuthenticateServletFilter;
import com.cumulocity.microservice.security.filter.PrePostFiltersConfiguration;
import com.cumulocity.microservice.security.token.CumulocityOAuthConfiguration;
import com.cumulocity.microservice.security.token.CumulocityOAuthMicroserviceFilter;
import org.springframework.beans.factory.ObjectProvider;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Import;
import org.springframework.core.annotation.Order;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer;
import org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.password.NoOpPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.AnonymousAuthenticationFilter;
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;

@Configuration(proxyBeanMethods = false)
@EnableWebSecurity
@Order(99)
@Import({CumulocityOAuthConfiguration.class, PrePostFiltersConfiguration.class})
/* loaded from: input_file:com/cumulocity/microservice/security/configuration/WebSecurityConfiguration.class */
public class WebSecurityConfiguration {

    @Autowired
    private UserDetailsService userDetailsService;

    @Value("${management.security.roles:TENANT_MANAGEMENT_ADMIN}")
    private String[] securityRolesLoggersActuator;

    @Autowired
    public void configureAuthenticationManager(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception {
        authenticationManagerBuilder.userDetailsService(this.userDetailsService);
    }

    @Bean
    public static PasswordEncoder passwordEncoder() {
        return NoOpPasswordEncoder.getInstance();
    }

    @Bean
    public SecurityFilterChain securityFilterChain(HttpSecurity httpSecurity, CumulocityOAuthMicroserviceFilter cumulocityOAuthMicroserviceFilter, PreAuthenticateServletFilter preAuthenticateServletFilter, PostAuthenticateServletFilter postAuthenticateServletFilter, ObjectProvider<Customizer<SessionManagementConfigurer<HttpSecurity>>> objectProvider) throws Exception {
        if (this.securityRolesLoggersActuator.length == 0) {
            this.securityRolesLoggersActuator = new String[]{"TENANT_MANAGEMENT_ADMIN"};
        }
        httpSecurity.authorizeHttpRequests(authorizationManagerRequestMatcherRegistry -> {
            ((AuthorizeHttpRequestsConfigurer.AuthorizedUrl) ((AuthorizeHttpRequestsConfigurer.AuthorizedUrl) ((AuthorizeHttpRequestsConfigurer.AuthorizedUrl) authorizationManagerRequestMatcherRegistry.requestMatchers(new String[]{"/metadata", "/health", "/prometheus", "/metrics", "/version", "/error"})).permitAll().requestMatchers(HttpMethod.POST, new String[]{"/loggers/*", "/loggers"})).hasAnyRole(this.securityRolesLoggersActuator).anyRequest()).fullyAuthenticated();
        }).httpBasic(Customizer.withDefaults()).csrf((v0) -> {
            v0.disable();
        }).securityContext((v0) -> {
            v0.disable();
        }).sessionManagement((Customizer) objectProvider.getIfAvailable(() -> {
            return (v0) -> {
                v0.disable();
            };
        })).requestCache((v0) -> {
            v0.disable();
        });
        httpSecurity.addFilterBefore(cumulocityOAuthMicroserviceFilter, BasicAuthenticationFilter.class);
        httpSecurity.addFilterBefore(preAuthenticateServletFilter, BasicAuthenticationFilter.class);
        httpSecurity.addFilterAfter(postAuthenticateServletFilter, AnonymousAuthenticationFilter.class);
        return (SecurityFilterChain) httpSecurity.build();
    }
}
