package io.dialob.boot.security;

import io.dialob.security.aws.elb.ElbAuthenticationStrategy;
import io.dialob.security.spring.AuthenticationStrategy;
import io.dialob.security.spring.filter.MDCPrincipalFilter;
import io.dialob.security.spring.tenant.DefaultTenantGrantedAuthorityProvider;
import io.dialob.security.spring.tenant.RequestParameterTenantScopeFilter;
import io.dialob.security.spring.tenant.TenantAccessEvaluator;
import java.util.Optional;
import javax.servlet.Filter;
import org.apache.commons.lang3.StringUtils;
import org.springframework.lang.NonNull;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.access.ExceptionTranslationFilter;
import org.springframework.security.web.authentication.AnonymousAuthenticationFilter;
import org.springframework.security.web.csrf.CookieCsrfTokenRepository;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.security.web.util.matcher.RequestMatcher;

/* loaded from: input_file:BOOT-INF/classes/io/dialob/boot/security/AbstractWebSecurityConfigurer.class */
public abstract class AbstractWebSecurityConfigurer {
    private static final MDCPrincipalFilter MDC_PRINCIPAL_FILTER = new MDCPrincipalFilter();
    private final String contextPath;
    private final TenantAccessEvaluator tenantPermissionEvaluator;
    private final AuthenticationStrategy authenticationStrategy;
    private final CookieCsrfTokenRepository csrfTokenRepository = new CookieCsrfTokenRepository();

    public AbstractWebSecurityConfigurer(String str, TenantAccessEvaluator tenantAccessEvaluator, AuthenticationStrategy authenticationStrategy) {
        this.contextPath = StringUtils.defaultString(str, "/");
        this.tenantPermissionEvaluator = tenantAccessEvaluator;
        this.authenticationStrategy = authenticationStrategy;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SecurityFilterChain filterChain(HttpSecurity httpSecurity) throws Exception {
        return configureMDCPrincipalFilter(configureRequestParameterTenantScopeFilter(configureCors(configureAuthentication(configureCsrf(configureAuthenticationManager(configureFrameOptions(configureLogout(configurePermissions(httpSecurity))))))))).build();
    }

    protected HttpSecurity configureAuthenticationManager(HttpSecurity httpSecurity) {
        return httpSecurity;
    }

    protected abstract HttpSecurity configurePermissions(HttpSecurity httpSecurity) throws Exception;

    /* JADX INFO: Access modifiers changed from: protected */
    public RequestMatcher requestMatcher() {
        return new AntPathRequestMatcher(StringUtils.appendIfMissing(getContextPath(), "/", new CharSequence[0]) + "**");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public HttpSecurity configureMDCPrincipalFilter(HttpSecurity httpSecurity) throws Exception {
        return httpSecurity.addFilterAfter((Filter) MDC_PRINCIPAL_FILTER, AnonymousAuthenticationFilter.class);
    }

    protected HttpSecurity configureRequestParameterTenantScopeFilter(HttpSecurity httpSecurity) {
        getRequestParameterTenantScopeFilter().ifPresent(requestParameterTenantScopeFilter -> {
            httpSecurity.addFilterAfter((Filter) requestParameterTenantScopeFilter, ExceptionTranslationFilter.class);
        });
        return httpSecurity;
    }

    /* JADX WARN: Multi-variable type inference failed */
    protected HttpSecurity configureCsrf(HttpSecurity httpSecurity) throws Exception {
        if (this.authenticationStrategy instanceof ElbAuthenticationStrategy) {
            httpSecurity = (HttpSecurity) httpSecurity.csrf().csrfTokenRepository(this.csrfTokenRepository).sessionAuthenticationStrategy((authentication, httpServletRequest, httpServletResponse) -> {
            }).and();
        }
        return httpSecurity;
    }

    protected HttpSecurity configureCors(HttpSecurity httpSecurity) throws Exception {
        return httpSecurity;
    }

    protected HttpSecurity configureAuthentication(HttpSecurity httpSecurity) throws Exception {
        return this.authenticationStrategy.configureAuthentication(httpSecurity);
    }

    protected HttpSecurity configureFrameOptions(HttpSecurity httpSecurity) throws Exception {
        return (HttpSecurity) httpSecurity.headers().frameOptions().sameOrigin().and();
    }

    /* JADX WARN: Multi-variable type inference failed */
    protected HttpSecurity configureLogout(HttpSecurity httpSecurity) throws Exception {
        return (HttpSecurity) httpSecurity.logout().logoutRequestMatcher(new AntPathRequestMatcher("/logout")).logoutSuccessUrl("/").and();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final String getContextPath() {
        return this.contextPath;
    }

    @NonNull
    protected Optional<RequestParameterTenantScopeFilter> getRequestParameterTenantScopeFilter() {
        RequestParameterTenantScopeFilter requestParameterTenantScopeFilter = new RequestParameterTenantScopeFilter(getTenantPermissionEvaluator(), getDefaultTenantSupplier());
        requestParameterTenantScopeFilter.setTenantRequiredMatcher(getTenantRequiredMatcher());
        return Optional.of(requestParameterTenantScopeFilter);
    }

    @NonNull
    protected RequestMatcher getTenantRequiredMatcher() {
        return httpServletRequest -> {
            return false;
        };
    }

    @NonNull
    protected TenantAccessEvaluator getTenantPermissionEvaluator() {
        return this.tenantPermissionEvaluator;
    }

    @NonNull
    protected DefaultTenantGrantedAuthorityProvider getDefaultTenantSupplier() {
        return new DefaultTenantGrantedAuthorityProvider();
    }
}
