package dev.hilla.sso.starter;

import com.vaadin.flow.spring.security.VaadinWebSecurity;
import com.vaadin.sso.core.BackChannelLogoutFilter;
import dev.hilla.sso.starter.endpoint.BackChannelLogoutEndpoint;
import dev.hilla.sso.starter.endpoint.SingleSignOnEndpoint;
import dev.hilla.sso.starter.endpoint.UserEndpoint;
import org.springframework.boot.autoconfigure.AutoConfiguration;
import org.springframework.boot.autoconfigure.security.oauth2.client.ClientsConfiguredCondition;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.ApplicationEventPublisher;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Conditional;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.core.session.SessionRegistry;
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.logout.LogoutFilter;
import org.springframework.security.web.util.matcher.RequestMatcher;

@EnableConfigurationProperties({SingleSignOnProperties.class})
@AutoConfiguration
@EnableWebSecurity
@Conditional({ClientsConfiguredCondition.class})
/* loaded from: input_file:dev/hilla/sso/starter/SingleSignOnConfiguration.class */
public class SingleSignOnConfiguration extends VaadinWebSecurity {
    private final SingleSignOnProperties properties;
    private final BackChannelLogoutFilter backChannelLogoutFilter;
    private final SessionRegistry sessionRegistry;
    private final SingleSignOnContext singleSignOnContext;
    private final BootstrapDataServiceListener bootstrapDataServiceListener;
    private final BackChannelLogoutEndpoint backChannelLogoutEndpoint;
    private final SingleSignOnEndpoint singleSignOnEndpoint;
    private final BackChannelLogoutSubscription backChannelLogoutSubscription = new BackChannelLogoutSubscription();
    private final UserEndpoint userEndpoint = new UserEndpoint();

    public SingleSignOnConfiguration(SingleSignOnProperties singleSignOnProperties, SessionRegistry sessionRegistry, ClientRegistrationRepository clientRegistrationRepository, ApplicationEventPublisher applicationEventPublisher) {
        this.properties = singleSignOnProperties;
        this.sessionRegistry = sessionRegistry;
        this.backChannelLogoutFilter = new BackChannelLogoutFilter(sessionRegistry, clientRegistrationRepository, applicationEventPublisher);
        this.singleSignOnContext = new SingleSignOnContext(clientRegistrationRepository, singleSignOnProperties, this.backChannelLogoutSubscription);
        this.bootstrapDataServiceListener = new BootstrapDataServiceListener(this.singleSignOnContext);
        this.backChannelLogoutEndpoint = new BackChannelLogoutEndpoint(this.singleSignOnContext);
        this.singleSignOnEndpoint = new SingleSignOnEndpoint(this.singleSignOnContext);
    }

    @Bean
    public BackChannelLogoutSubscription backChannelLogoutSubscription() {
        return this.backChannelLogoutSubscription;
    }

    @Bean
    public SingleSignOnContext singleSignOnContext() {
        return this.singleSignOnContext;
    }

    @Bean
    public BootstrapDataServiceListener bootstrapDataServiceListener() {
        return this.bootstrapDataServiceListener;
    }

    @Bean
    public BackChannelLogoutEndpoint backChannelLogoutEndpoint() {
        return this.backChannelLogoutEndpoint;
    }

    @Bean
    public SingleSignOnEndpoint singleSignOnEndpoint() {
        return this.singleSignOnEndpoint;
    }

    @Bean
    public UserEndpoint userEndpoint() {
        return this.userEndpoint;
    }

    @Bean(name = {"VaadinSecurityFilterChainBean"})
    public SecurityFilterChain filterChain(HttpSecurity httpSecurity) throws Exception {
        httpSecurity.oauth2Login().loginPage(this.properties.getLoginRoute()).and().logout().logoutSuccessUrl("/").and().sessionManagement().sessionConcurrency(concurrencyControlConfigurer -> {
            concurrencyControlConfigurer.maximumSessions(this.properties.getMaximumConcurrentSessions());
            concurrencyControlConfigurer.sessionRegistry(this.sessionRegistry);
        });
        if (this.properties.isBackChannelLogout()) {
            this.backChannelLogoutFilter.setBackChannelLogoutRoute(this.properties.getBackChannelLogoutRoute());
            httpSecurity.addFilterAfter(this.backChannelLogoutFilter, LogoutFilter.class);
            httpSecurity.csrf().ignoringRequestMatchers(new RequestMatcher[]{this.backChannelLogoutFilter.getRequestMatcher()});
        }
        return (SecurityFilterChain) httpSecurity.build();
    }
}
