package de.ingrid.codelistHandler;

import java.util.Collection;
import java.util.HashMap;
import java.util.List;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.apache.logging.log4j.message.ParameterizedMessage;
import org.eclipse.jetty.util.security.Credential;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.DelegatingPasswordEncoder;
import org.springframework.security.crypto.password.MessageDigestPasswordEncoder;
import org.springframework.security.crypto.password.NoOpPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
import org.springframework.security.web.SecurityFilterChain;

@Configuration
/* loaded from: input_file:ingrid-codelist-repository-7.5.0/lib/ingrid-codelist-repository-7.5.0.jar:de/ingrid/codelistHandler/SecurityConfig.class */
public class SecurityConfig {

    @Value("${credentials.admin:}")
    private List<String> adminUsers;

    @Value("${credentials.user:}")
    private List<String> simpleUsers;

    @Bean
    public SecurityFilterChain securityFilterChain(HttpSecurity httpSecurity) throws Exception {
        httpSecurity.csrf((v0) -> {
            v0.disable();
        }).authorizeHttpRequests(authorizationManagerRequestMatcherRegistry -> {
            authorizationManagerRequestMatcherRegistry.requestMatchers("/rest/**").hasAnyRole("admin", "user").requestMatchers("/**").hasAnyRole("admin").anyRequest().authenticated();
        }).httpBasic(httpBasicConfigurer -> {
        });
        return httpSecurity.build();
    }

    @Bean
    public PasswordEncoder passwordEncoder() {
        HashMap hashMap = new HashMap();
        hashMap.put("bcrypt", new BCryptPasswordEncoder());
        hashMap.put("md5", new MessageDigestPasswordEncoder("MD5"));
        hashMap.put("noop", NoOpPasswordEncoder.getInstance());
        return new DelegatingPasswordEncoder("noop", hashMap);
    }

    @Bean
    public UserDetailsService userDetailsService() {
        return new InMemoryUserDetailsManager((Collection<UserDetails>) Stream.concat(this.adminUsers.stream().map(str -> {
            return str.split(ParameterizedMessage.ERROR_SEPARATOR);
        }).map(strArr -> {
            String obj = Credential.getCredential(strArr[1]).toString();
            return User.withUsername(strArr[0]).password(detectPasswordType(obj) + obj).roles("admin").build();
        }).toList().stream(), this.simpleUsers.stream().map(str2 -> {
            return str2.split(ParameterizedMessage.ERROR_SEPARATOR);
        }).map(strArr2 -> {
            String obj = Credential.getCredential(strArr2[1]).toString();
            return User.withUsername(strArr2[0]).password(detectPasswordType(obj) + obj).roles("user").build();
        }).toList().stream()).collect(Collectors.toList()));
    }

    private static String detectPasswordType(String str) {
        return (str.length() == 60 && (str.startsWith("$2a$") || str.startsWith("$2b$") || str.startsWith("$2y$"))) ? "{bcrypt}" : str.matches("^[a-fA-F0-9]{32}$") ? "{md5}" : "{noop}";
    }
}
