package com.almis.awe.autoconfigure;

import com.almis.awe.component.AweHttpServletRequestWrapper;
import com.almis.awe.config.ServiceConfig;
import com.almis.awe.dao.UserDAO;
import com.almis.awe.dao.UserDAOImpl;
import com.almis.awe.model.component.AweElements;
import com.almis.awe.model.util.log.LogUtil;
import com.almis.awe.security.accessbean.LoginAccessControl;
import com.almis.awe.security.authentication.encoder.Ripemd160PasswordEncoder;
import com.almis.awe.security.authentication.filter.JsonAuthenticationFilter;
import com.almis.awe.security.handler.AweLogoutHandler;
import com.almis.awe.service.AccessService;
import com.almis.awe.service.MenuService;
import com.almis.awe.service.QueryService;
import com.almis.awe.service.user.AweUserDetailService;
import com.almis.awe.service.user.LdapAweUserDetailsMapper;
import com.almis.awe.session.AweSessionDetails;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.node.JsonNodeFactory;
import com.fasterxml.jackson.databind.node.ObjectNode;
import java.io.IOException;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.servlet.Filter;
import javax.servlet.http.HttpServletRequest;
import org.apache.batik.util.SVGConstants;
import org.apache.logging.log4j.Level;
import org.hsqldb.Tokens;
import org.jasypt.encryption.StringEncryptor;
import org.jasypt.encryption.pbe.PooledPBEStringEncryptor;
import org.jasypt.encryption.pbe.StandardPBEByteEncryptor;
import org.jasypt.encryption.pbe.config.SimpleStringPBEConfig;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Scope;
import org.springframework.ldap.core.support.BaseLdapPathContextSource;
import org.springframework.ldap.core.support.LdapContextSource;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.authority.mapping.SimpleAuthorityMapper;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.ldap.authentication.BindAuthenticator;
import org.springframework.security.ldap.authentication.LdapAuthenticationProvider;
import org.springframework.security.ldap.search.FilterBasedLdapUserSearch;
import org.springframework.security.ldap.userdetails.UserDetailsContextMapper;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.authentication.logout.LogoutHandler;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;

@Configuration
@EnableWebSecurity
/* loaded from: input_file:BOOT-INF/lib/awe-spring-boot-starter-4.1.4.jar:com/almis/awe/autoconfigure/SecurityConfig.class */
public class SecurityConfig extends ServiceConfig {
    private AweSessionDetails aweSessionDetails;
    private LogUtil logger;
    private AweElements elements;

    @Value("${screen.parameter.username:cod_usr}")
    private String usernameParameter;

    @Value("${screen.parameter.password:pwd_usr}")
    private String passwordParameter;

    @Value("${language.default}:en")
    private String defaultLocale;

    @Value("${security.auth.mode:bbdd}")
    private String authenticationProviderSource;

    @Value("${security.role.prefix:ROLE_}")
    private String rolePrefix;

    @Value("#{'${security.auth.custom.providers:}'.split(',')}")
    private List<String> authenticationProviders;

    @Value("#{'${security.auth.ldap.url:}'.split(',')}")
    private List<String> ldapUrl;

    @Value("${security.auth.ldap.user:}")
    private String ldapUserFilter;

    @Value("${security.auth.ldap.password.bind:}")
    private String ldapPassword;

    @Value("${security.auth.ldap.user.bind:}")
    private String ldapUserDN;

    @Value("${security.auth.ldap.basedn:}")
    private String ldapBaseDN;

    @Value("${security.auth.ldap.timeout:}")
    private String ldapConnectTimeout;

    @Value("${security.headers.frameOptions.sameOrigin:true}")
    private boolean sameOrigin;

    @Value("${session.cookie.name:AWESESSIONID}")
    private String cookieName;

    /* loaded from: input_file:BOOT-INF/lib/awe-spring-boot-starter-4.1.4.jar:com/almis/awe/autoconfigure/SecurityConfig$AUTHENTICATION_MODE.class */
    private enum AUTHENTICATION_MODE {
        LDAP("ldap"),
        BBDD("bbdd"),
        IN_MEMORY("in_memory"),
        CUSTOM("custom");

        private String mode;

        AUTHENTICATION_MODE(String str) {
            this.mode = str;
        }

        public String getValue() {
            return this.mode;
        }

        public static AUTHENTICATION_MODE fromValue(String str) {
            if (str.equalsIgnoreCase(LDAP.getValue())) {
                return LDAP;
            }
            if (str.equalsIgnoreCase(BBDD.getValue())) {
                return BBDD;
            }
            if (str.equalsIgnoreCase(IN_MEMORY.getValue())) {
                return IN_MEMORY;
            }
            if (str.equalsIgnoreCase(CUSTOM.getValue())) {
                return CUSTOM;
            }
            return null;
        }
    }

    @Configuration
    /* loaded from: input_file:BOOT-INF/lib/awe-spring-boot-starter-4.1.4.jar:com/almis/awe/autoconfigure/SecurityConfig$AWEScreenSecurityAdapter.class */
    public class AWEScreenSecurityAdapter extends WebSecurityConfigurerAdapter {
        public AWEScreenSecurityAdapter() {
        }

        /* JADX WARN: Multi-variable type inference failed */
        @Override // org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
        protected void configure(HttpSecurity httpSecurity) throws Exception {
            ((HttpSecurity) ((HttpSecurity) httpSecurity.csrf().disable()).authorizeRequests().antMatchers("css/**", "js/**", "images/**", "fonts/**").permitAll().and()).addFilterAt((Filter) SecurityConfig.this.getBean(JsonAuthenticationFilter.class), UsernamePasswordAuthenticationFilter.class).logout().logoutUrl("/action/logout").deleteCookies(SecurityConfig.this.cookieName).addLogoutHandler((LogoutHandler) SecurityConfig.this.getBean(AweLogoutHandler.class));
            if (SecurityConfig.this.sameOrigin) {
                httpSecurity.headers().frameOptions().sameOrigin();
            }
        }

        @Autowired
        public void configureGlobal(AuthenticationManagerBuilder authenticationManagerBuilder) {
            AUTHENTICATION_MODE fromValue = AUTHENTICATION_MODE.fromValue(SecurityConfig.this.authenticationProviderSource);
            AUTHENTICATION_MODE authentication_mode = fromValue == null ? AUTHENTICATION_MODE.BBDD : fromValue;
            SecurityConfig.this.logger.log(getClass(), Level.INFO, "Using authentication mode: " + authentication_mode);
            switch (authentication_mode) {
                case CUSTOM:
                    for (String str : SecurityConfig.this.authenticationProviders) {
                        try {
                            Object bean = SecurityConfig.this.getBean(str);
                            if (bean instanceof AuthenticationProvider) {
                                authenticationManagerBuilder.authenticationProvider((AuthenticationProvider) bean);
                            }
                        } catch (Exception e) {
                            SecurityConfig.this.logger.log(getClass(), Level.ERROR, "Couldn't load authentication provider bean with name [{0}]", e, str);
                        }
                    }
                    return;
                case LDAP:
                case BBDD:
                default:
                    authenticationManagerBuilder.authenticationProvider((AuthenticationProvider) SecurityConfig.this.getBean(AuthenticationProvider.class));
                    return;
            }
        }

        private void initRequest(HttpServletRequest httpServletRequest) {
            String body = httpServletRequest instanceof AweHttpServletRequestWrapper ? ((AweHttpServletRequestWrapper) httpServletRequest).getBody() : "{}";
            String header = httpServletRequest.getHeader("Authorization");
            try {
                SecurityConfig.this.getRequest().init((ObjectNode) new ObjectMapper().readTree(body), header);
            } catch (IOException e) {
                SecurityConfig.this.getRequest().init(JsonNodeFactory.instance.objectNode(), header);
            }
        }

        @Bean
        public JsonAuthenticationFilter authenticationFilter() {
            JsonAuthenticationFilter jsonAuthenticationFilter = new JsonAuthenticationFilter(SecurityConfig.this.elements);
            jsonAuthenticationFilter.setRequiresAuthenticationRequestMatcher(new AntPathRequestMatcher("/action/login", "POST"));
            jsonAuthenticationFilter.setUsernameParameter(SecurityConfig.this.usernameParameter);
            jsonAuthenticationFilter.setPasswordParameter(SecurityConfig.this.passwordParameter);
            jsonAuthenticationFilter.setAuthenticationSuccessHandler((httpServletRequest, httpServletResponse, authentication) -> {
                initRequest(httpServletRequest);
                SecurityConfig.this.aweSessionDetails.onLoginSuccess(authentication);
                httpServletRequest.getRequestDispatcher("/action/loginRedirect").forward(httpServletRequest, httpServletResponse);
            });
            jsonAuthenticationFilter.setAuthenticationFailureHandler((httpServletRequest2, httpServletResponse2, authenticationException) -> {
                initRequest(httpServletRequest2);
                SecurityConfig.this.aweSessionDetails.onLoginFailure(authenticationException);
                httpServletRequest2.getRequestDispatcher("/action/loginRedirect").forward(httpServletRequest2, httpServletResponse2);
            });
            return jsonAuthenticationFilter;
        }

        @ConditionalOnProperty(name = {"security.auth.mode"}, havingValue = "ldap")
        @Bean
        public AuthenticationProvider ldapAuthenticationProvider(UserDAO userDAO) {
            BindAuthenticator bindAuthenticator = new BindAuthenticator((BaseLdapPathContextSource) SecurityConfig.this.getBean(LdapContextSource.class));
            bindAuthenticator.setUserSearch(new FilterBasedLdapUserSearch("", Tokens.T_OPENBRACKET + SecurityConfig.this.ldapUserFilter + ")", (BaseLdapPathContextSource) SecurityConfig.this.getBean(LdapContextSource.class)));
            LdapAuthenticationProvider ldapAuthenticationProvider = new LdapAuthenticationProvider(bindAuthenticator);
            ldapAuthenticationProvider.setHideUserNotFoundExceptions(false);
            ldapAuthenticationProvider.setAuthoritiesMapper(new SimpleAuthorityMapper());
            ldapAuthenticationProvider.setUserDetailsContextMapper(ldapAweUserDetailsMapper(userDAO));
            return ldapAuthenticationProvider;
        }

        @Bean
        public AweLogoutHandler logoutHandler(AweSessionDetails aweSessionDetails) {
            return new AweLogoutHandler(aweSessionDetails);
        }

        @Bean
        public UserDetailsContextMapper ldapAweUserDetailsMapper(UserDAO userDAO) {
            return new LdapAweUserDetailsMapper(userDAO);
        }

        @ConditionalOnProperty(name = {"security.auth.mode"}, havingValue = "bbdd")
        @Bean
        public AuthenticationProvider daoAuthenticationProvider(UserDetailsService userDetailsService) {
            DaoAuthenticationProvider daoAuthenticationProvider = new DaoAuthenticationProvider();
            daoAuthenticationProvider.setPasswordEncoder(new Ripemd160PasswordEncoder());
            daoAuthenticationProvider.setUserDetailsService(userDetailsService);
            daoAuthenticationProvider.setHideUserNotFoundExceptions(false);
            return daoAuthenticationProvider;
        }

        @Bean
        public UserDetailsService aweUserDetailsService(UserDAO userDAO) {
            return new AweUserDetailService(userDAO);
        }

        @Bean
        public UserDAO userDAO(QueryService queryService) {
            return new UserDAOImpl(queryService);
        }

        @ConditionalOnMissingBean
        @Bean
        public LdapContextSource contextSource() {
            Map<String, Object> synchronizedMap = Collections.synchronizedMap(new HashMap());
            synchronizedMap.put("com.sun.jndi.ldap.connect.timeout", SecurityConfig.this.ldapConnectTimeout);
            LdapContextSource ldapContextSource = new LdapContextSource();
            ldapContextSource.setBaseEnvironmentProperties(synchronizedMap);
            ldapContextSource.setUrls((String[]) SecurityConfig.this.ldapUrl.toArray(new String[0]));
            ldapContextSource.setBase(SecurityConfig.this.ldapBaseDN);
            ldapContextSource.setUserDn(SecurityConfig.this.ldapUserDN);
            ldapContextSource.setPassword(SecurityConfig.this.ldapPassword);
            ldapContextSource.setPooled(true);
            return ldapContextSource;
        }

        @ConditionalOnMissingBean
        @Bean
        public LoginAccessControl loginAccessControl() {
            return new LoginAccessControl();
        }
    }

    @Autowired
    public SecurityConfig(AweSessionDetails aweSessionDetails, LogUtil logUtil, AweElements aweElements) {
        this.aweSessionDetails = aweSessionDetails;
        this.logger = logUtil;
        this.elements = aweElements;
    }

    @ConditionalOnMissingBean
    @Bean
    public StringEncryptor jasyptStringEncryptor(@Value("${security.master.key:fdvsd4@sdsa08}") String str, SimpleStringPBEConfig simpleStringPBEConfig) {
        PooledPBEStringEncryptor pooledPBEStringEncryptor = new PooledPBEStringEncryptor();
        simpleStringPBEConfig.setPassword(str);
        pooledPBEStringEncryptor.setConfig(simpleStringPBEConfig);
        return pooledPBEStringEncryptor;
    }

    @ConditionalOnMissingBean
    @Scope("prototype")
    @Bean
    public SimpleStringPBEConfig encryptorConfig() {
        SimpleStringPBEConfig simpleStringPBEConfig = new SimpleStringPBEConfig();
        simpleStringPBEConfig.setAlgorithm(StandardPBEByteEncryptor.DEFAULT_ALGORITHM);
        simpleStringPBEConfig.setKeyObtentionIterations(SVGConstants.SVG_FONT_FACE_UNITS_PER_EM_DEFAULT_VALUE);
        simpleStringPBEConfig.setPoolSize("1");
        simpleStringPBEConfig.setProviderName("SunJCE");
        simpleStringPBEConfig.setSaltGeneratorClassName("org.jasypt.salt.RandomSaltGenerator");
        simpleStringPBEConfig.setStringOutputType("base64");
        return simpleStringPBEConfig;
    }

    @ConditionalOnMissingBean
    @Bean
    public AccessService accessService(MenuService menuService) {
        return new AccessService(menuService);
    }
}
