package io.dialob.boot.security;

import io.dialob.security.key.ServletRequestApiKeyExtractor;
import io.dialob.security.spring.AuthenticationStrategy;
import io.dialob.security.spring.apikey.ApiKeyAuthoritiesProvider;
import io.dialob.security.spring.apikey.ApiKeyRequestMatcher;
import io.dialob.security.spring.apikey.ApiKeyValidator;
import io.dialob.security.spring.apikey.ClientApiKeyService;
import io.dialob.security.spring.filter.ApiKeyAuthenticationFilter;
import io.dialob.security.spring.tenant.TenantAccessEvaluator;
import io.dialob.settings.DialobSettings;
import java.util.ArrayList;
import javax.servlet.Filter;
import org.apache.commons.lang3.StringUtils;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.core.env.Environment;
import org.springframework.core.env.Profiles;
import org.springframework.lang.NonNull;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.AnonymousAuthenticationFilter;
import org.springframework.security.web.util.matcher.AndRequestMatcher;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.security.web.util.matcher.AnyRequestMatcher;
import org.springframework.security.web.util.matcher.RequestMatcher;

@Configuration
/* loaded from: input_file:BOOT-INF/classes/io/dialob/boot/security/ApiServiceSecurityConfigurer.class */
public class ApiServiceSecurityConfigurer extends AbstractApiSecurityConfigurer {
    public static final RequestMatcher SESSION_NOT_EXISTS_MATCHER = httpServletRequest -> {
        return httpServletRequest.getSession(false) == null;
    };
    private final ClientApiKeyService apiKeyService;
    private final ApiKeyAuthoritiesProvider apiKeyAuthoritiesProvider;
    private final ServletRequestApiKeyExtractor keyRequestExtractor;
    private final ApiKeyValidator apiKeyValidator;
    private final AuthenticationManager authenticationManager;
    private final boolean allRequests;
    private RequestMatcher requestMatcher;
    private RequestMatcher apiKeyRequestMatcher;

    public ApiServiceSecurityConfigurer(@NonNull ClientApiKeyService clientApiKeyService, @NonNull ApiKeyAuthoritiesProvider apiKeyAuthoritiesProvider, @NonNull ApiKeyValidator apiKeyValidator, @NonNull DialobSettings dialobSettings, @NonNull ServletRequestApiKeyExtractor servletRequestApiKeyExtractor, @NonNull TenantAccessEvaluator tenantAccessEvaluator, @NonNull AuthenticationStrategy authenticationStrategy, @NonNull AuthenticationManager authenticationManager, @NonNull Environment environment) {
        super(dialobSettings.getApi().getContextPath(), tenantAccessEvaluator, authenticationStrategy);
        this.apiKeyService = clientApiKeyService;
        this.apiKeyAuthoritiesProvider = apiKeyAuthoritiesProvider;
        this.keyRequestExtractor = servletRequestApiKeyExtractor;
        this.apiKeyValidator = apiKeyValidator;
        this.authenticationManager = authenticationManager;
        this.allRequests = environment.acceptsProfiles(Profiles.of("!ui"));
    }

    protected RequestMatcher apiKeyRequestMatcher() {
        if (this.apiKeyRequestMatcher == null) {
            if (this.allRequests) {
                this.apiKeyRequestMatcher = AnyRequestMatcher.INSTANCE;
            } else {
                this.apiKeyRequestMatcher = new ApiKeyRequestMatcher(this.keyRequestExtractor);
            }
        }
        return this.apiKeyRequestMatcher;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // io.dialob.boot.security.AbstractWebSecurityConfigurer
    public RequestMatcher requestMatcher() {
        if (this.requestMatcher == null) {
            ArrayList arrayList = new ArrayList();
            if (StringUtils.isNotBlank(getContextPath())) {
                arrayList.add(new AntPathRequestMatcher(getContextPath() + "/**"));
            }
            if (!this.allRequests) {
                arrayList.add(SESSION_NOT_EXISTS_MATCHER);
                arrayList.add(apiKeyRequestMatcher());
            }
            if (arrayList.isEmpty()) {
                this.requestMatcher = AnyRequestMatcher.INSTANCE;
            } else {
                this.requestMatcher = new AndRequestMatcher(arrayList);
            }
        }
        return this.requestMatcher;
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // io.dialob.boot.security.AbstractWebSecurityConfigurer
    protected HttpSecurity configureAuthentication(HttpSecurity httpSecurity) throws Exception {
        return (HttpSecurity) ((HttpSecurity) httpSecurity.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()).logout().disable();
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // io.dialob.boot.security.AbstractWebSecurityConfigurer
    protected HttpSecurity configureCsrf(HttpSecurity httpSecurity) throws Exception {
        return (HttpSecurity) httpSecurity.csrf().disable();
    }

    @Override // io.dialob.boot.security.AbstractWebSecurityConfigurer
    protected HttpSecurity configureFrameOptions(HttpSecurity httpSecurity) throws Exception {
        return (HttpSecurity) httpSecurity.headers().frameOptions().disable().and();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // io.dialob.boot.security.AbstractWebSecurityConfigurer
    public HttpSecurity configureMDCPrincipalFilter(HttpSecurity httpSecurity) throws Exception {
        return super.configureMDCPrincipalFilter(httpSecurity).addFilterBefore((Filter) new ApiKeyAuthenticationFilter(this.authenticationManager, this.keyRequestExtractor, apiKeyRequestMatcher()), AnonymousAuthenticationFilter.class);
    }

    @Bean
    @Order(Integer.MIN_VALUE)
    SecurityFilterChain apiFilterChain(HttpSecurity httpSecurity) throws Exception {
        return super.filterChain(httpSecurity);
    }
}
