package org.squashtest.tm.plugin.openid.connect;

import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Conditional;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.oauth2.client.web.AuthorizationRequestRepository;
import org.springframework.security.oauth2.client.web.HttpSessionOAuth2AuthorizationRequestRepository;
import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;
import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
import org.squashtest.tm.plugin.openid.connect.bean.SquashOidcGrantedAuthoritiesMapper;
import org.squashtest.tm.plugin.openid.connect.controller.SquashOidcFailureController;
import org.squashtest.tm.plugin.openid.connect.properties.OidcAccessProperties;

@EnableConfigurationProperties({OidcAccessProperties.class})
@Configuration
@EnableAutoConfiguration
@Conditional({EnableOAuth2Condition.class})
@Order(29)
/* loaded from: input_file:org/squashtest/tm/plugin/openid/connect/OidcConfig.class */
public class OidcConfig extends WebSecurityConfigurerAdapter {
    private static final String AUTHORIZATION_ENDPOINT = "/oidc/authorization/";
    private static final String REDIRECTION_ENDPOINT = "/oidc/code/*";

    protected void configure(AuthenticationManagerBuilder authenticationManagerBuilder) {
        authenticationManagerBuilder.eraseCredentials(true);
    }

    protected void configure(HttpSecurity httpSecurity) throws Exception {
        ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.csrf().disable().antMatcher("/oidc/**").authorizeRequests().anyRequest()).authenticated().and().oauth2Login().successHandler(oidcAuthenticationSuccessHandler()).failureHandler(oidcAuthenticationFailureHandler()).authorizationEndpoint().baseUri(AUTHORIZATION_ENDPOINT).authorizationRequestRepository(authorizationRequestRepository()).and().redirectionEndpoint().baseUri(REDIRECTION_ENDPOINT).and().userInfoEndpoint().userAuthoritiesMapper(squashOidcGrantedAuthoritiesMapper());
    }

    public AuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository() {
        return new HttpSessionOAuth2AuthorizationRequestRepository();
    }

    @Bean
    public SavedRequestAwareAuthenticationSuccessHandler oidcAuthenticationSuccessHandler() {
        SavedRequestAwareAuthenticationSuccessHandler savedRequestAwareAuthenticationSuccessHandler = new SavedRequestAwareAuthenticationSuccessHandler();
        savedRequestAwareAuthenticationSuccessHandler.setDefaultTargetUrl("/");
        return savedRequestAwareAuthenticationSuccessHandler;
    }

    public SimpleUrlAuthenticationFailureHandler oidcAuthenticationFailureHandler() {
        return new SimpleUrlAuthenticationFailureHandler(SquashOidcFailureController.AUTH_FAILURE_URL);
    }

    @Bean
    public SquashOidcGrantedAuthoritiesMapper squashOidcGrantedAuthoritiesMapper() {
        return new SquashOidcGrantedAuthoritiesMapper();
    }
}
