package de.ingrid.codelistHandler;

import java.util.Iterator;
import java.util.List;
import org.apache.log4j.Logger;
import org.apache.logging.log4j.message.ParameterizedMessage;
import org.eclipse.jetty.security.ConstraintMapping;
import org.eclipse.jetty.security.ConstraintSecurityHandler;
import org.eclipse.jetty.security.HashLoginService;
import org.eclipse.jetty.security.UserStore;
import org.eclipse.jetty.security.authentication.BasicAuthenticator;
import org.eclipse.jetty.util.resource.ResourceCollection;
import org.eclipse.jetty.util.security.Constraint;
import org.eclipse.jetty.util.security.Credential;
import org.eclipse.jetty.webapp.WebAppContext;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.web.embedded.jetty.JettyServerCustomizer;
import org.springframework.boot.web.embedded.jetty.JettyServletWebServerFactory;
import org.springframework.boot.web.server.WebServerFactoryCustomizer;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

@Configuration
/* loaded from: input_file:ingrid-codelist-repository-7.1.0/lib/ingrid-codelist-repository-7.1.0.jar:de/ingrid/codelistHandler/SecurityConfig.class */
public class SecurityConfig {
    private Logger log = Logger.getLogger((Class<?>) SecurityConfig.class);

    @Value("${jetty.base.resources:public}")
    private String[] jettyBaseResources;

    @Value("${credentials.admin:}")
    private List<String> adminUsers;

    @Value("${credentials.user:}")
    private List<String> simpleUsers;

    @Bean
    WebServerFactoryCustomizer embeddedServletContainerCustomizer(JettyServerCustomizer jettyServerCustomizer) {
        return webServerFactory -> {
            if (webServerFactory instanceof JettyServletWebServerFactory) {
                ((JettyServletWebServerFactory) webServerFactory).addServerCustomizers(jettyServerCustomizer);
            }
        };
    }

    @Bean
    JettyServerCustomizer jettyServerCustomizer(ConstraintSecurityHandler constraintSecurityHandler) {
        return server -> {
            ((WebAppContext) server.getHandler()).setBaseResource(new ResourceCollection(this.jettyBaseResources));
            ((WebAppContext) server.getHandler()).setSecurityHandler(constraintSecurityHandler);
        };
    }

    @Bean
    ConstraintSecurityHandler constraintSecurityHandler() {
        ConstraintSecurityHandler constraintSecurityHandler = new ConstraintSecurityHandler();
        HashLoginService hashLoginService = new HashLoginService("InGrid Realm");
        UserStore userStore = new UserStore();
        addUsersToStore(userStore, this.adminUsers, "admin");
        addUsersToStore(userStore, this.simpleUsers, "user");
        hashLoginService.setUserStore(userStore);
        constraintSecurityHandler.setLoginService(hashLoginService);
        Constraint constraint = new Constraint();
        constraint.setName("BASIC");
        constraint.setRoles(new String[]{"admin"});
        constraint.setAuthenticate(true);
        ConstraintMapping constraintMapping = new ConstraintMapping();
        constraintMapping.setConstraint(constraint);
        constraintMapping.setPathSpec("/*");
        Constraint constraint2 = new Constraint();
        constraint2.setName("BASIC");
        constraint2.setRoles(new String[]{"admin", "user"});
        constraint2.setAuthenticate(true);
        ConstraintMapping constraintMapping2 = new ConstraintMapping();
        constraintMapping2.setConstraint(constraint2);
        constraintMapping2.setPathSpec("/rest/*");
        constraintSecurityHandler.addConstraintMapping(constraintMapping);
        constraintSecurityHandler.addConstraintMapping(constraintMapping2);
        constraintSecurityHandler.setLoginService(hashLoginService);
        constraintSecurityHandler.setAuthenticator(new BasicAuthenticator());
        return constraintSecurityHandler;
    }

    private void addUsersToStore(UserStore userStore, List<String> list, String str) {
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            String[] split = it.next().split(ParameterizedMessage.ERROR_SEPARATOR);
            userStore.addUser(split[0], Credential.getCredential(split[1]), new String[]{str});
        }
    }
}
