package org.opensingular.requirement.module.spring.security.config;

import java.util.Collections;
import java.util.Optional;
import javax.inject.Inject;
import org.apache.commons.lang3.StringUtils;
import org.opensingular.lib.support.spring.util.AutoScanDisabled;
import org.opensingular.requirement.module.auth.AdminCredentialChecker;
import org.opensingular.requirement.module.auth.AdministrationAuthenticationProvider;
import org.opensingular.requirement.module.spring.security.AbstractSingularSpringSecurityAdapter;
import org.opensingular.requirement.module.spring.security.DefaultUserDetails;
import org.opensingular.requirement.module.spring.security.config.cas.SingularCASSpringSecurityConfig;
import org.opensingular.requirement.module.wicket.view.util.DispatcherPageUtil;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configurers.ChannelSecurityConfigurer;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.web.util.matcher.RegexRequestMatcher;

/* loaded from: input_file:org/opensingular/requirement/module/spring/security/config/SecurityConfigs.class */
public interface SecurityConfigs {

    @Configuration
    @EnableWebSecurity
    @AutoScanDisabled
    @Order(105)
    /* loaded from: input_file:org/opensingular/requirement/module/spring/security/config/SecurityConfigs$AdministrationSecurity.class */
    public static class AdministrationSecurity extends AbstractSingularSpringSecurityAdapter {

        @Inject
        private Optional<AdminCredentialChecker> credentialChecker;

        protected void configure(HttpSecurity httpSecurity) throws Exception {
            ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.regexMatcher(getContext().getSettings().getPathRegex()).authorizeRequests().regexMatchers(new String[]{getContext().getSettings().getUrlPath() + "/login.*"})).permitAll().antMatchers(new String[]{getContext().getSettings().getContextPath()})).hasRole("ADMIN").and().exceptionHandling().accessDeniedPage("/public/error/403").and().csrf().disable().formLogin().permitAll().loginPage(getContext().getSettings().getUrlPath() + "/login").successForwardUrl(getContext().getSettings().getUrlPath()).and().logout().logoutRequestMatcher(new RegexRequestMatcher("/.*logout\\?{0,1}.*", HttpMethod.GET.name())).logoutSuccessUrl(DispatcherPageUtil.DISPATCHER_PAGE_PATH);
        }

        protected void configure(AuthenticationManagerBuilder authenticationManagerBuilder) {
            this.credentialChecker.ifPresent(adminCredentialChecker -> {
                authenticationManagerBuilder.authenticationProvider(new AdministrationAuthenticationProvider(adminCredentialChecker, getContext()));
            });
        }
    }

    /* loaded from: input_file:org/opensingular/requirement/module/spring/security/config/SecurityConfigs$AllowAllSecurity.class */
    public static abstract class AllowAllSecurity extends AbstractSingularSpringSecurityAdapter {
        protected void configure(HttpSecurity httpSecurity) throws Exception {
            ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ChannelSecurityConfigurer.RequiresChannelUrl) httpSecurity.regexMatcher(getContext().getSettings().getPathRegex()).requiresChannel().anyRequest()).requiresSecure().and().headers().frameOptions().sameOrigin().and().csrf().disable().authorizeRequests().regexMatchers(new String[]{getContext().getSettings().getUrlPath() + getLoginPagePath() + ".*"})).permitAll().anyRequest()).authenticated().and().formLogin().loginPage(getContext().getSettings().getUrlPath() + getLoginPagePath()).successForwardUrl(getContext().getSettings().getUrlPath()).and().logout().logoutRequestMatcher(new RegexRequestMatcher("/.*logout\\?{0,1}.*", HttpMethod.GET.name())).logoutSuccessUrl(getLogoutSuccessUrl());
        }

        protected String getLogoutSuccessUrl() {
            return DispatcherPageUtil.DISPATCHER_PAGE_PATH;
        }

        protected String getLoginPagePath() {
            return "/login";
        }

        protected void configure(AuthenticationManagerBuilder authenticationManagerBuilder) {
            authenticationManagerBuilder.authenticationProvider(getAuthenticationProvider());
        }

        protected AbstractUserDetailsAuthenticationProvider getAuthenticationProvider() {
            return new AbstractUserDetailsAuthenticationProvider() { // from class: org.opensingular.requirement.module.spring.security.config.SecurityConfigs.AllowAllSecurity.1
                protected void additionalAuthenticationChecks(UserDetails userDetails, UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken) throws AuthenticationException {
                }

                protected UserDetails retrieveUser(String str, UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken) throws AuthenticationException {
                    if (StringUtils.isNotBlank(str)) {
                        return new DefaultUserDetails(str, str, Collections.emptyList(), Collections.singletonList(AllowAllSecurity.this.getContext().getClass()));
                    }
                    throw new BadCredentialsException("Não foi possivel autenticar o usuario informado");
                }
            };
        }
    }

    @Configuration
    @EnableWebSecurity
    @AutoScanDisabled
    @Order(104)
    /* loaded from: input_file:org/opensingular/requirement/module/spring/security/config/SecurityConfigs$CASAnalise.class */
    public static class CASAnalise extends SingularCASSpringSecurityConfig {
    }

    @Configuration
    @AutoScanDisabled
    @Order(103)
    /* loaded from: input_file:org/opensingular/requirement/module/spring/security/config/SecurityConfigs$CASPeticionamento.class */
    public static class CASPeticionamento extends SingularCASSpringSecurityConfig {
    }

    @Configuration
    @EnableWebSecurity
    @AutoScanDisabled
    @Order(106)
    /* loaded from: input_file:org/opensingular/requirement/module/spring/security/config/SecurityConfigs$RequirementSecurity.class */
    public static class RequirementSecurity extends AllowAllSecurity {
    }

    @Configuration
    @EnableWebSecurity
    @AutoScanDisabled
    @Order(107)
    /* loaded from: input_file:org/opensingular/requirement/module/spring/security/config/SecurityConfigs$WorklistSecurity.class */
    public static class WorklistSecurity extends AllowAllSecurity {
    }
}
