package restinterface;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.oauth2.client.oidc.web.logout.OidcClientInitiatedLogoutSuccessHandler;
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.Http403ForbiddenEntryPoint;
import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
import org.springframework.security.web.csrf.CookieCsrfTokenRepository;

@Configuration
@EnableWebSecurity
/* loaded from: input_file:BOOT-INF/classes/restinterface/SecurityConfig.class */
public class SecurityConfig {

    @Autowired
    private ClientRegistrationRepository clientRegistrationRepository;

    @Value("${restinterface.security.logout.redirect_success_url}")
    private String redirectSuccessUrl;

    @Value("${restinterface.security.csrf_cookie_domain}")
    private String csrfCookieDomain;

    @Value("${restinterface.security.enabled}")
    private Boolean securityEnabled;

    @Bean
    SecurityFilterChain securityFilterChain(HttpSecurity httpSecurity) throws Exception {
        if (this.securityEnabled.booleanValue()) {
            httpSecurity.authorizeHttpRequests(authorizationManagerRequestMatcherRegistry -> {
                authorizationManagerRequestMatcherRegistry.antMatchers(HttpMethod.POST, "/logout").permitAll().antMatchers("/task/**", "/me", "/file/**").authenticated().antMatchers("/ajaxLogout").authenticated().anyRequest().permitAll();
            }).logout(logoutConfigurer -> {
                logoutConfigurer.logoutUrl("/logout").logoutSuccessHandler(oidcLogoutSuccessHandler());
            }).csrf(csrfConfigurer -> {
                csrfConfigurer.csrfTokenRepository(myCsrfTokenRepository());
            }).oauth2Login(oAuth2LoginConfigurer -> {
                oAuth2LoginConfigurer.loginPage("/oauth2/authorization/startcloud").successHandler(successHandler());
            }).exceptionHandling().authenticationEntryPoint(new Http403ForbiddenEntryPoint());
            return httpSecurity.build();
        }
        httpSecurity.authorizeHttpRequests(authorizationManagerRequestMatcherRegistry2 -> {
            authorizationManagerRequestMatcherRegistry2.anyRequest().permitAll();
        }).csrf((v0) -> {
            v0.disable();
        });
        return httpSecurity.build();
    }

    private LogoutSuccessHandler oidcLogoutSuccessHandler() {
        OidcClientInitiatedLogoutSuccessHandler oidcClientInitiatedLogoutSuccessHandler = new OidcClientInitiatedLogoutSuccessHandler(this.clientRegistrationRepository);
        oidcClientInitiatedLogoutSuccessHandler.setPostLogoutRedirectUri(this.redirectSuccessUrl);
        return oidcClientInitiatedLogoutSuccessHandler;
    }

    @Bean
    CookieCsrfTokenRepository myCsrfTokenRepository() {
        CookieCsrfTokenRepository withHttpOnlyFalse = CookieCsrfTokenRepository.withHttpOnlyFalse();
        withHttpOnlyFalse.setCookieDomain(this.csrfCookieDomain);
        return withHttpOnlyFalse;
    }

    @Bean
    CustomAuthenticationSuccessHandler successHandler() {
        return new CustomAuthenticationSuccessHandler();
    }
}
