package org.squashtest.tm.plugin.openid.connect;

import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Conditional;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer;
import org.springframework.security.oauth2.client.web.AuthorizationRequestRepository;
import org.springframework.security.oauth2.client.web.HttpSessionOAuth2AuthorizationRequestRepository;
import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
import org.squashtest.tm.plugin.openid.connect.bean.SquashOidcGrantedAuthoritiesMapper;
import org.squashtest.tm.plugin.openid.connect.controller.SquashOidcFailureController;
import org.squashtest.tm.plugin.openid.connect.properties.OidcAccessProperties;

@EnableConfigurationProperties({OidcAccessProperties.class})
@Configuration
@EnableAutoConfiguration
@Conditional({EnableOAuth2Condition.class})
/* loaded from: input_file:org/squashtest/tm/plugin/openid/connect/OidcConfig.class */
public class OidcConfig {
    private static final String AUTHORIZATION_ENDPOINT = "/oidc/authorization/";
    private static final String REDIRECTION_ENDPOINT = "/oidc/code/*";

    @Bean
    @Order(29)
    public SecurityFilterChain oidcSecurityFilterChain(HttpSecurity httpSecurity) throws Exception {
        httpSecurity.csrf((v0) -> {
            v0.disable();
        }).securityMatcher(new String[]{"/oidc/**"}).authorizeHttpRequests(authorizationManagerRequestMatcherRegistry -> {
            ((AuthorizeHttpRequestsConfigurer.AuthorizedUrl) authorizationManagerRequestMatcherRegistry.anyRequest()).authenticated();
        }).oauth2Login(oAuth2LoginConfigurer -> {
            oAuth2LoginConfigurer.successHandler(oidcAuthenticationSuccessHandler()).failureHandler(oidcAuthenticationFailureHandler()).authorizationEndpoint(authorizationEndpointConfig -> {
                authorizationEndpointConfig.baseUri(AUTHORIZATION_ENDPOINT).authorizationRequestRepository(authorizationRequestRepository());
            }).redirectionEndpoint(redirectionEndpointConfig -> {
                redirectionEndpointConfig.baseUri(REDIRECTION_ENDPOINT);
            }).userInfoEndpoint(userInfoEndpointConfig -> {
                userInfoEndpointConfig.userAuthoritiesMapper(squashOidcGrantedAuthoritiesMapper());
            });
        });
        return (SecurityFilterChain) httpSecurity.build();
    }

    @Bean
    public AuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository() {
        return new HttpSessionOAuth2AuthorizationRequestRepository();
    }

    @Bean
    public SavedRequestAwareAuthenticationSuccessHandler oidcAuthenticationSuccessHandler() {
        SavedRequestAwareAuthenticationSuccessHandler savedRequestAwareAuthenticationSuccessHandler = new SavedRequestAwareAuthenticationSuccessHandler();
        savedRequestAwareAuthenticationSuccessHandler.setDefaultTargetUrl("/");
        return savedRequestAwareAuthenticationSuccessHandler;
    }

    @Bean
    public SimpleUrlAuthenticationFailureHandler oidcAuthenticationFailureHandler() {
        return new SimpleUrlAuthenticationFailureHandler(SquashOidcFailureController.AUTH_FAILURE_URL);
    }

    @Bean
    public SquashOidcGrantedAuthoritiesMapper squashOidcGrantedAuthoritiesMapper() {
        return new SquashOidcGrantedAuthoritiesMapper();
    }
}
