package net.smartcosmos.cluster.auth;

import java.util.Arrays;
import javax.servlet.Filter;
import net.smartcosmos.annotation.EnableSmartCosmosMonitoring;
import net.smartcosmos.cluster.auth.filter.CsrfHeaderFilter;
import net.smartcosmos.cluster.auth.handlers.AuthUnauthorizedEntryPoint;
import net.smartcosmos.security.SecurityResourceProperties;
import net.smartcosmos.security.authentication.direct.DirectAccessDeniedHandler;
import net.smartcosmos.security.authentication.direct.EnableDirectHandlers;
import net.smartcosmos.security.user.SmartCosmosUserAuthenticationConverter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.actuate.autoconfigure.ManagementServerProperties;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.boot.autoconfigure.security.SecurityProperties;
import org.springframework.boot.builder.SpringApplicationBuilder;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.cloud.client.discovery.EnableDiscoveryClient;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Primary;
import org.springframework.core.annotation.Order;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.ProviderManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
import org.springframework.security.config.annotation.authentication.configuration.EnableGlobalAuthentication;
import org.springframework.security.config.annotation.authentication.configurers.GlobalAuthenticationConfigurerAdapter;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.oauth2.common.OAuth2AccessToken;
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.token.DefaultAccessTokenConverter;
import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;
import org.springframework.security.oauth2.provider.token.store.KeyStoreKeyFactory;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
import org.springframework.security.web.csrf.CsrfFilter;
import org.springframework.security.web.csrf.CsrfTokenRepository;
import org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository;
import org.springframework.stereotype.Controller;
import org.springframework.util.Assert;
import org.springframework.web.bind.annotation.SessionAttributes;
import org.springframework.web.servlet.config.annotation.ViewControllerRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;

@SpringBootApplication
@EnableSmartCosmosMonitoring
@Controller
@SessionAttributes({"authorizationRequest"})
@EnableDiscoveryClient
/* loaded from: input_file:net/smartcosmos/cluster/auth/AuthServerApplication.class */
public class AuthServerApplication extends WebMvcConfigurerAdapter {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) AuthServerApplication.class);

    @EnableGlobalAuthentication
    @Configuration
    @Order(ManagementServerProperties.BASIC_AUTH_ORDER)
    /* loaded from: input_file:net/smartcosmos/cluster/auth/AuthServerApplication$GlobalAuthenticationConfig.class */
    protected static class GlobalAuthenticationConfig extends GlobalAuthenticationConfigurerAdapter {
        protected GlobalAuthenticationConfig() {
        }

        @Bean
        PasswordEncoder passwordEncoder() {
            return new BCryptPasswordEncoder();
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // org.springframework.security.config.annotation.authentication.configurers.GlobalAuthenticationConfigurerAdapter, org.springframework.security.config.annotation.SecurityConfigurer
        public void configure(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception {
            AuthServerApplication.log.info("Adding in customer user details authentication provider");
        }
    }

    @EnableWebSecurity
    @Configuration
    @EnableDirectHandlers
    @Order(SecurityProperties.ACCESS_OVERRIDE_ORDER)
    /* loaded from: input_file:net/smartcosmos/cluster/auth/AuthServerApplication$LoginConfig.class */
    protected static class LoginConfig extends WebSecurityConfigurerAdapter {

        @Autowired
        AuthenticationSuccessHandler authenticationSuccessHandler;

        @Autowired
        AuthenticationFailureHandler authenticationFailureHandler;

        @Autowired
        private AuthenticationProvider smartCosmosAuthenticationProvider;

        @Autowired
        LogoutSuccessHandler logoutSuccessHandler;

        @Autowired
        private AuthenticationManager authenticationManager;

        protected LoginConfig() {
        }

        /* JADX WARN: Multi-variable type inference failed */
        @Override // org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
        protected void configure(HttpSecurity httpSecurity) throws Exception {
            ((HttpSecurity) ((HttpSecurity) ((HttpSecurity) ((HttpSecurity) ((HttpSecurity) httpSecurity.csrf().csrfTokenRepository(csrfTokenRepository()).and()).addFilterAfter(csrfHeaderFilter(), CsrfFilter.class).exceptionHandling().accessDeniedHandler(new DirectAccessDeniedHandler()).authenticationEntryPoint(new AuthUnauthorizedEntryPoint("/login")).and()).formLogin().loginPage("/login").permitAll().usernameParameter("username").passwordParameter(UsernamePasswordAuthenticationFilter.SPRING_SECURITY_FORM_PASSWORD_KEY).permitAll().and()).logout().logoutUrl("/logout").deleteCookies("JSESSIONID", "CSRF-TOKEN").permitAll().and()).headers().frameOptions().disable().and()).antMatcher("/**").authorizeRequests().antMatchers("/login**").permitAll().anyRequest().authenticated();
        }

        @Override // org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
        protected void configure(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception {
            authenticationManagerBuilder.authenticationProvider(this.smartCosmosAuthenticationProvider).parentAuthenticationManager(this.authenticationManager);
        }

        private CsrfTokenRepository csrfTokenRepository() {
            HttpSessionCsrfTokenRepository httpSessionCsrfTokenRepository = new HttpSessionCsrfTokenRepository();
            httpSessionCsrfTokenRepository.setHeaderName("X-XSRF-TOKEN");
            return httpSessionCsrfTokenRepository;
        }

        private Filter csrfHeaderFilter() {
            return new CsrfHeaderFilter();
        }
    }

    @EnableConfigurationProperties({SecurityResourceProperties.class})
    @Configuration
    @EnableAuthorizationServer
    @Order(SecurityProperties.ACCESS_OVERRIDE_ORDER)
    /* loaded from: input_file:net/smartcosmos/cluster/auth/AuthServerApplication$OAuth2Config.class */
    protected static class OAuth2Config extends AuthorizationServerConfigurerAdapter {

        @Autowired
        private SecurityResourceProperties securityResourceProperties;

        @Autowired
        private SmartCosmosAuthenticationProvider smartCosmosAuthenticationProvider;

        protected OAuth2Config() {
        }

        @Bean
        public JwtAccessTokenConverter jwtAccessTokenConverter() {
            Assert.hasText(this.securityResourceProperties.getKeystore().getKeypair());
            Assert.notNull(this.securityResourceProperties.getKeystore().getLocation());
            JwtAccessTokenConverter jwtAccessTokenConverter = new JwtAccessTokenConverter();
            ((DefaultAccessTokenConverter) jwtAccessTokenConverter.getAccessTokenConverter()).setUserTokenConverter(new SmartCosmosUserAuthenticationConverter());
            jwtAccessTokenConverter.setKeyPair(new KeyStoreKeyFactory(this.securityResourceProperties.getKeystore().getLocation(), this.securityResourceProperties.getKeystore().getPassword()).getKeyPair(this.securityResourceProperties.getKeystore().getKeypair(), this.securityResourceProperties.getKeystore().getKeypairPassword()));
            return jwtAccessTokenConverter;
        }

        @Override // org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter, org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurer
        public void configure(ClientDetailsServiceConfigurer clientDetailsServiceConfigurer) throws Exception {
            clientDetailsServiceConfigurer.inMemory().withClient(this.securityResourceProperties.getClientId()).secret(this.securityResourceProperties.getClientSecret()).authorizedGrantTypes("authorization_code", OAuth2AccessToken.REFRESH_TOKEN, "implicit", UsernamePasswordAuthenticationFilter.SPRING_SECURITY_FORM_PASSWORD_KEY, "client_credentials").scopes("read", "write");
        }

        @Override // org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter, org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurer
        public void configure(AuthorizationServerEndpointsConfigurer authorizationServerEndpointsConfigurer) throws Exception {
            authorizationServerEndpointsConfigurer.authenticationManager(new ProviderManager(Arrays.asList(this.smartCosmosAuthenticationProvider))).userDetailsService(this.smartCosmosAuthenticationProvider).accessTokenConverter(jwtAccessTokenConverter());
        }

        @Override // org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter, org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurer
        public void configure(AuthorizationServerSecurityConfigurer authorizationServerSecurityConfigurer) throws Exception {
            authorizationServerSecurityConfigurer.tokenKeyAccess("permitAll()").checkTokenAccess("isAuthenticated()");
        }
    }

    public static void main(String[] strArr) {
        new SpringApplicationBuilder(AuthServerApplication.class).web(true).run(strArr);
    }

    @Bean
    @Primary
    public AuthenticationManager authenticationManager(AuthenticationConfiguration authenticationConfiguration) throws Exception {
        return authenticationConfiguration.getAuthenticationManager();
    }

    @Override // org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter, org.springframework.web.servlet.config.annotation.WebMvcConfigurer
    public void addViewControllers(ViewControllerRegistry viewControllerRegistry) {
        viewControllerRegistry.addViewController("/login").setViewName("login");
        viewControllerRegistry.addViewController("/oauth/confirm_access").setViewName("authorize");
    }
}
