package de.ikor.sip.foundation.security.config;

import de.ikor.sip.foundation.core.util.exception.SIPFrameworkException;
import de.ikor.sip.foundation.security.authentication.CompositeAuthenticationFilter;
import de.ikor.sip.foundation.security.authentication.SIPAuthenticationProvider;
import de.ikor.sip.foundation.security.authentication.common.extractors.TokenExtractors;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.stream.Stream;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.ProviderManager;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
import org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer;
import org.springframework.security.config.authentication.AuthenticationManagerBeanDefinitionParser;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.security.web.util.matcher.RequestMatcher;

@Configuration
/* loaded from: input_file:de/ikor/sip/foundation/security/config/SecurityConfig.class */
public class SecurityConfig {
    private final List<SIPAuthenticationProvider<?>> authProviders;
    private final SecurityConfigProperties config;
    private final TokenExtractors tokenExtractors;

    @Autowired
    public SecurityConfig(Optional<List<SIPAuthenticationProvider<?>>> optional, SecurityConfigProperties securityConfigProperties, Optional<TokenExtractors> optional2) {
        this.authProviders = optional.orElse(Collections.emptyList());
        this.config = securityConfigProperties;
        this.tokenExtractors = optional2.orElse(null);
    }

    @Bean
    public AuthenticationManager authenticationManagerBean() throws SIPFrameworkException {
        List copyOf = List.copyOf(this.authProviders.stream().map((v0) -> {
            return v0.getClass();
        }).toList());
        List copyOf2 = List.copyOf(this.config.getAuthProviders().stream().map((v0) -> {
            return v0.getClassname();
        }).filter(cls -> {
            return !copyOf.contains(cls);
        }).toList());
        if (!copyOf2.isEmpty()) {
            throw SIPFrameworkException.init("Some providers declared in the config are not available in runtime: %s", new Object[]{copyOf2});
        }
        if (configHasDuplicateAuthProviders()) {
            throw new SIPFrameworkException("Each auth provider may only be configured once, duplicates are not allowed");
        }
        if (this.authProviders.isEmpty()) {
            return new ProviderManager(new AuthenticationProvider[]{new AuthenticationManagerBeanDefinitionParser.NullAuthenticationProvider()});
        }
        ArrayList arrayList = new ArrayList();
        Stream<SIPAuthenticationProvider<?>> filter = this.authProviders.stream().filter(sIPAuthenticationProvider -> {
            return this.config.getAuthProviders().stream().map((v0) -> {
                return v0.getClassname();
            }).anyMatch(cls2 -> {
                return cls2.equals(sIPAuthenticationProvider.getClass());
            });
        });
        Objects.requireNonNull(arrayList);
        filter.forEach((v1) -> {
            r1.add(v1);
        });
        return new ProviderManager(arrayList);
    }

    private boolean configHasDuplicateAuthProviders() {
        return ((long) this.config.getAuthProviders().size()) > this.config.getAuthProviders().stream().map((v0) -> {
            return v0.getClassname();
        }).distinct().count();
    }

    @Bean
    public SecurityFilterChain sipDefaultSecurityFilterChain(HttpSecurity httpSecurity) throws Exception {
        httpSecurity.sessionManagement(sessionManagementConfigurer -> {
            sessionManagementConfigurer.sessionCreationPolicy(SessionCreationPolicy.STATELESS);
        });
        if (this.config.isDisableCsrf()) {
            httpSecurity.csrf((v0) -> {
                v0.disable();
            });
        }
        httpSecurity.addFilterAt(new CompositeAuthenticationFilter(this.tokenExtractors, this.config, authenticationManagerBean()), BasicAuthenticationFilter.class).authorizeHttpRequests(authorizationManagerRequestMatcherRegistry -> {
            ((AuthorizeHttpRequestsConfigurer.AuthorizedUrl) authorizationManagerRequestMatcherRegistry.anyRequest()).authenticated();
        });
        return (SecurityFilterChain) httpSecurity.build();
    }

    @Bean
    public WebSecurityCustomizer sipDefaultWebSecurityCustomizer() {
        return webSecurity -> {
            WebSecurity.IgnoredRequestConfigurer ignoring = webSecurity.ignoring();
            this.config.getIgnoredEndpoints().forEach(str -> {
                ignoring.requestMatchers(new RequestMatcher[]{AntPathRequestMatcher.antMatcher(str)});
            });
        };
    }
}
