package de.ingrid.admin.security;

import de.ingrid.admin.Config;
import de.ingrid.admin.IUris;
import de.ingrid.admin.JettyInitializer;
import de.ingrid.admin.service.PlugDescriptionService;
import java.util.List;
import org.eclipse.jetty.security.authentication.FormAuthenticator;
import org.eclipse.jetty.server.session.SessionHandler;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.web.embedded.jetty.JettyServletWebServerFactory;
import org.springframework.boot.web.servlet.server.ConfigurableServletWebServerFactory;
import org.springframework.context.MessageSource;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.support.ReloadableResourceBundleMessageSource;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.stereotype.Component;

@Configuration
@EnableWebSecurity
/* loaded from: input_file:ingrid-iplug-blp-7.3.0/lib/ingrid-base-webapp-7.3.0.jar:de/ingrid/admin/security/SecurityConfig.class */
public class SecurityConfig {

    @Value("${plugdescription.IPLUG_ADMIN_PASSWORD:}")
    String password;

    @Value("${development.mode:false}")
    private boolean developmentMode;

    @Value("${jetty.base.resources:src/main/webapp,target/base-webapp}")
    private String[] jettyBaseResources;

    @Component
    /* loaded from: input_file:ingrid-iplug-blp-7.3.0/lib/ingrid-base-webapp-7.3.0.jar:de/ingrid/admin/security/SecurityConfig$CustomAuthenticationManager.class */
    public class CustomAuthenticationManager implements AuthenticationProvider {
        private final PlugDescriptionService _plugDescriptionService;

        public CustomAuthenticationManager(PlugDescriptionService plugDescriptionService) {
            this._plugDescriptionService = plugDescriptionService;
        }

        @Override // org.springframework.security.authentication.AuthenticationProvider
        public Authentication authenticate(Authentication authentication) throws AuthenticationException {
            if (this._plugDescriptionService.isIPlugSecured()) {
                return null;
            }
            return new UsernamePasswordAuthenticationToken("admin", "xxx", List.of(new SimpleGrantedAuthority("ROLE_admin")));
        }

        @Override // org.springframework.security.authentication.AuthenticationProvider
        public boolean supports(Class<?> cls) {
            return true;
        }
    }

    @Bean
    public ConfigurableServletWebServerFactory servletContainerFactory(Config config) {
        JettyServletWebServerFactory jettyServletWebServerFactory = new JettyServletWebServerFactory();
        if (this.developmentMode) {
            jettyServletWebServerFactory.addServerCustomizers(new JettyInitializer(this.jettyBaseResources));
        }
        jettyServletWebServerFactory.setPort(config.webappPort.intValue());
        return jettyServletWebServerFactory;
    }

    @Bean
    public AuthenticationManager authManager(HttpSecurity httpSecurity, PasswordEncoder passwordEncoder, CustomAuthenticationManager customAuthenticationManager, InMemoryUserDetailsManager inMemoryUserDetailsManager) throws Exception {
        AuthenticationManagerBuilder authenticationManagerBuilder = (AuthenticationManagerBuilder) httpSecurity.getSharedObject(AuthenticationManagerBuilder.class);
        authenticationManagerBuilder.authenticationProvider((AuthenticationProvider) customAuthenticationManager);
        DaoAuthenticationProvider daoAuthenticationProvider = new DaoAuthenticationProvider();
        daoAuthenticationProvider.setUserDetailsService(inMemoryUserDetailsManager);
        daoAuthenticationProvider.setPasswordEncoder(passwordEncoder);
        authenticationManagerBuilder.authenticationProvider((AuthenticationProvider) daoAuthenticationProvider);
        return (AuthenticationManager) authenticationManagerBuilder.build();
    }

    @Bean
    public InMemoryUserDetailsManager userDetailsService(Config config, PlugDescriptionService plugDescriptionService) {
        return plugDescriptionService.isIPlugSecured() ? new InMemoryUserDetailsManager(User.withUsername("admin").password(config.pdPassword).roles("admin").build()) : new InMemoryUserDetailsManager();
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Bean
    public SecurityFilterChain filterChain(HttpSecurity httpSecurity, AuthenticationManager authenticationManager) throws Exception {
        ((HttpSecurity) ((HttpSecurity) ((HttpSecurity) ((HttpSecurity) httpSecurity.csrf().disable()).authorizeRequests().antMatchers("/base/auth/*", "/base/login*", "/css/**", "/images/**", "/js/**").permitAll().anyRequest().authenticated().and()).formLogin().loginPage("/base/auth/login.html").usernameParameter(FormAuthenticator.__J_USERNAME).passwordParameter(FormAuthenticator.__J_PASSWORD).loginProcessingUrl("/base/auth/j_spring_security_check").defaultSuccessUrl(IUris.WELCOME, true).failureUrl("/base/auth/loginFailure.html").and()).logout().logoutUrl("/perform_logout").deleteCookies(SessionHandler.__DefaultSessionCookie).and()).authenticationManager(authenticationManager);
        return httpSecurity.build();
    }

    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }

    @Bean
    public MessageSource messageSource() {
        ReloadableResourceBundleMessageSource reloadableResourceBundleMessageSource = new ReloadableResourceBundleMessageSource();
        reloadableResourceBundleMessageSource.setBasenames("classpath:messages_base", "classpath:messages");
        reloadableResourceBundleMessageSource.setDefaultEncoding("UTF-8");
        return reloadableResourceBundleMessageSource;
    }
}
