package net.oneandone.stool.dashboard.config;

import java.io.IOException;
import javax.servlet.Filter;
import net.oneandone.stool.stage.Stage;
import net.oneandone.stool.util.Session;
import org.jasig.cas.client.validation.Cas20ServiceTicketValidator;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.cas.ServiceProperties;
import org.springframework.security.cas.authentication.CasAuthenticationProvider;
import org.springframework.security.cas.web.CasAuthenticationEntryPoint;
import org.springframework.security.cas.web.CasAuthenticationFilter;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.ldap.DefaultSpringSecurityContextSource;
import org.springframework.security.ldap.search.FilterBasedLdapUserSearch;
import org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator;
import org.springframework.security.ldap.userdetails.InetOrgPersonContextMapper;
import org.springframework.security.ldap.userdetails.LdapUserDetailsService;

@EnableWebSecurity
@Configuration
/* loaded from: input_file:WEB-INF/classes/net/oneandone/stool/dashboard/config/SecurityConfiguration.class */
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

    @Autowired
    private DashboardProperties properties;

    @Autowired
    private Session session;

    @Autowired
    private Stage self;

    @Override // org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
    protected void configure(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception {
        CasAuthenticationProvider casAuthenticationProvider = new CasAuthenticationProvider();
        casAuthenticationProvider.setServiceProperties(serviceProperties());
        casAuthenticationProvider.setTicketValidator(new Cas20ServiceTicketValidator(this.properties.sso));
        casAuthenticationProvider.setKey("cas");
        casAuthenticationProvider.setAuthenticationUserDetailsService(new UserDetailsByNameServiceWrapper(userDetailsService()));
        authenticationManagerBuilder.authenticationProvider((AuthenticationProvider) casAuthenticationProvider);
    }

    @Override // org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter, org.springframework.security.config.annotation.SecurityConfigurer
    public void configure(WebSecurity webSecurity) {
        webSecurity.ignoring().antMatchers("/ressources/**").antMatchers("/favicon.ico").antMatchers("/system");
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
    protected void configure(HttpSecurity httpSecurity) throws Exception {
        CasAuthenticationFilter casAuthenticationFilter = new CasAuthenticationFilter();
        casAuthenticationFilter.setAuthenticationManager(authenticationManager());
        CasAuthenticationEntryPoint casAuthenticationEntryPoint = new CasAuthenticationEntryPoint();
        casAuthenticationEntryPoint.setLoginUrl(this.properties.sso + "/login/");
        casAuthenticationEntryPoint.setServiceProperties(serviceProperties());
        ((HttpSecurity) ((HttpSecurity) httpSecurity.csrf().disable()).exceptionHandling().authenticationEntryPoint(casAuthenticationEntryPoint).and()).addFilter((Filter) casAuthenticationFilter);
        if (this.properties.sso.isEmpty()) {
            httpSecurity.authorizeRequests().antMatchers("/**").anonymous();
        } else {
            httpSecurity.authorizeRequests().antMatchers("/whoami").fullyAuthenticated().antMatchers("/stages/").anonymous().antMatchers("/**").hasRole("LOGIN");
        }
    }

    @Bean
    public ServiceProperties serviceProperties() throws IOException {
        ServiceProperties serviceProperties = new ServiceProperties();
        serviceProperties.setService(this.self.loadPortsOpt().firstWebapp().httpsUrl(this.session.configuration.vhosts, this.self.getName(), this.session.configuration.hostname) + "/j_spring_cas_security_check");
        serviceProperties.setSendRenew(false);
        return serviceProperties;
    }

    @Bean
    public DefaultSpringSecurityContextSource contextSource() {
        String str = this.session.configuration.ldapUrl;
        if (str.isEmpty()) {
            str = "ldap://localhost";
        }
        DefaultSpringSecurityContextSource defaultSpringSecurityContextSource = new DefaultSpringSecurityContextSource(str);
        defaultSpringSecurityContextSource.setUserDn(this.session.configuration.ldapPrincipal);
        defaultSpringSecurityContextSource.setPassword(this.session.configuration.ldapCredentials);
        return defaultSpringSecurityContextSource;
    }

    @Override // org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
    public UserDetailsService userDetailsService() {
        String str = this.session.configuration.ldapUnit;
        FilterBasedLdapUserSearch filterBasedLdapUserSearch = new FilterBasedLdapUserSearch("ou=" + str, "(uid={0})", contextSource());
        DefaultLdapAuthoritiesPopulator defaultLdapAuthoritiesPopulator = new DefaultLdapAuthoritiesPopulator(contextSource(), "ou=roles,ou=" + str);
        defaultLdapAuthoritiesPopulator.setGroupSearchFilter("(member=uid={1})");
        defaultLdapAuthoritiesPopulator.setGroupRoleAttribute("ou");
        defaultLdapAuthoritiesPopulator.setSearchSubtree(false);
        defaultLdapAuthoritiesPopulator.setIgnorePartialResultException(true);
        LdapUserDetailsService ldapUserDetailsService = new LdapUserDetailsService(filterBasedLdapUserSearch, defaultLdapAuthoritiesPopulator);
        ldapUserDetailsService.setUserDetailsMapper(new InetOrgPersonContextMapper());
        return ldapUserDetailsService;
    }
}
