package coop.intergal.ui.security;

import coop.intergal.AppConst;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Lazy;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
import org.springframework.security.web.util.matcher.RequestMatcher;

@EnableWebSecurity
@Configuration
/* loaded from: input_file:coop/intergal/ui/security/SecurityConfiguration.class */
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
    private static final String LOGIN_PROCESSING_URL = "/login";
    private static final String LOGIN_FAILURE_URL = "/login?error";
    private static final String LOGIN_URL = "/login";
    private static final String LOGOUT_SUCCESS_URL = "/";

    @Value("${ldap.urls}")
    private String ldapUrls;

    @Value("${ldap.base.dn}")
    private String ldapBaseDn;

    @Value("${ldap.username}")
    private String ldapSecurityPrincipal;

    @Value("${ldap.password}")
    private String ldapPrincipalPassword;

    @Value("${ldap.user.dn.pattern}")
    private String ldapUserDnPattern;

    @Value("${ldap.enabled}")
    private String ldapEnabled;

    @Value("${security.enabled}")
    private String securityEnabled;

    @Autowired
    @Lazy
    private PasswordEncoder passwordEncoder;

    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }

    protected void configure(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception {
        System.out.println("SecurityConfiguration.configure()----------------------------");
        if (Boolean.parseBoolean(this.ldapEnabled)) {
            authenticationManagerBuilder.ldapAuthentication().groupSearchBase("ou=groups").userSearchFilter("uid={0}").contextSource().url(this.ldapUrls + LOGOUT_SUCCESS_URL + this.ldapBaseDn).managerDn(this.ldapSecurityPrincipal).managerPassword(this.ldapPrincipalPassword).and().passwordCompare().passwordEncoder(new BCryptPasswordEncoder()).passwordAttribute("userPassword");
        } else {
            System.out.println("SecurityConfiguration.configure()---------------------------- .inMemoryAuthentication()");
            authenticationManagerBuilder.inMemoryAuthentication().withUser(AppConst.ICON_USERS).password("$2y$12$kKMEWgLzpj/Dfg7LzJVXSOAQlzAa3TMCa8XCwuFhP2YOPICnAUHKe").roles(new String[]{"USER"}).and().withUser("20user").password("$2y$12$kKMEWgLzpj/Dfg7LzJVXSOAQlzAa3TMCa8XCwuFhP2YOPICnAUHKe").roles(new String[]{"USER"}).and().withUser("24user").password("$2y$12$kKMEWgLzpj/Dfg7LzJVXSOAQlzAa3TMCa8XCwuFhP2YOPICnAUHKe").roles(new String[]{"USER"}).and().withUser("20ANT").password("$2y$12$kKMEWgLzpj/Dfg7LzJVXSOAQlzAa3TMCa8XCwuFhP2YOPICnAUHKe").roles(new String[]{"USER"});
        }
    }

    protected void configure(HttpSecurity httpSecurity) throws Exception {
        if (Boolean.parseBoolean(this.securityEnabled)) {
            ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.csrf().disable().requestCache().requestCache(new CustomRequestCache()).and().authorizeRequests().requestMatchers(new RequestMatcher[]{SecurityUtils::isFrameworkInternalRequest})).permitAll().anyRequest()).fullyAuthenticated().and().formLogin().loginPage("/login").permitAll().loginProcessingUrl("/login").failureUrl(LOGIN_FAILURE_URL).successHandler(new SavedRequestAwareAuthenticationSuccessHandler()).and().logout().logoutSuccessUrl(LOGOUT_SUCCESS_URL);
        } else {
            ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.csrf().disable().authorizeRequests().anyRequest()).permitAll().requestMatchers(new RequestMatcher[]{SecurityUtils::isFrameworkInternalRequest})).permitAll();
        }
    }

    public void configure(WebSecurity webSecurity) throws Exception {
        webSecurity.ignoring().antMatchers(new String[]{"/VAADIN/**", "/favicon.ico", "/robots.txt", "/manifest.webmanifest", "/sw.js", "/offline-page.html", "/icons/**", "/images/**", "/frontend/**", "/webjars/**", "/h2-console/**", "/frontend-es5/**", "/frontend-es6/**"});
    }
}
