package dk.digitalidentity.samlmodule.security;

import dk.digitalidentity.samlmodule.config.settings.DISAML_Configuration;
import dk.digitalidentity.samlmodule.filter.CsrfHeaderFilter;
import java.util.Iterator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
import org.springframework.security.web.csrf.CsrfFilter;

@Configuration
@EnableWebSecurity
@Order(105)
@EnableGlobalMethodSecurity(prePostEnabled = true)
/* loaded from: input_file:dk/digitalidentity/samlmodule/security/SecurityConfiguration.class */
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
    private static final Logger log = LoggerFactory.getLogger(SecurityConfiguration.class);

    @Autowired
    private DISAML_Configuration configuration;

    @Bean
    public UserDetailsService userDetailsService() {
        return new InMemoryUserDetailsManager();
    }

    protected void configure(HttpSecurity httpSecurity) throws Exception {
        if (log.isDebugEnabled()) {
            log.debug("Configuring CSRF and CORS preflight.");
        }
        if (this.configuration.getPages().isCsrfEnabled()) {
            httpSecurity.csrf().ignoringAntMatchers(new String[]{this.configuration.getPages().getPrefix() + "/**"});
            Iterator<String> it = this.configuration.getPages().getCsrfBypass().iterator();
            while (it.hasNext()) {
                httpSecurity.csrf().ignoringAntMatchers(new String[]{it.next()});
            }
            httpSecurity.addFilterAfter(new CsrfHeaderFilter(), CsrfFilter.class);
        } else {
            if (log.isDebugEnabled()) {
                log.debug("CSRF Disabled");
            }
            httpSecurity.csrf().disable();
        }
        if (this.configuration.getSp().isBlockExternalScripts()) {
            httpSecurity.headers().contentSecurityPolicy("script-src 'self' 'unsafe-inline'");
        }
        ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.authorizeRequests().antMatchers(HttpMethod.OPTIONS)).permitAll();
    }
}
