package de.hallobtf.Kai.server.security;

import de.hallobtf.Basics.B2Protocol;
import java.util.Arrays;
import java.util.Optional;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer;
import org.springframework.security.config.annotation.web.configurers.ExceptionHandlingConfigurer;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.CorsConfigurationSource;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;

@Configuration
/* loaded from: classes.dex */
public class SecurityConfiguration {
    private final String[] UNAUTHREQ = {"/", "/index.html", "/*.png", "/*.ico", "/*Service", "/login", "/webstart", "/assets/*", "/inventar/**", "/anlagen/**", "/inventur/**", "/stammdaten/**", "/administration/**", "/batchjobs/**", "/api/auth/login", "/api/auth/refresh", "/api/batch/getBatchJobResult", "/api/jnlp", "/api/jnlp/lib/*", "/api/jnlp/res/ico/*", "/api/jnlp/res/png/*", "/api/serverinfo/getAnonymous", "/api/serverinfo/sse", "/api/serverinfo/getInfoText"};

    @Autowired
    private AuthManager authManager;

    @Autowired
    private AuthTokenFilter authTokenFilter;

    @Value("${app.cors.allowed.origin:}")
    private String corsAllowedOrigin;

    @Autowired
    private AuthEntryPointJwt unauthorizedHandler;

    private /* synthetic */ void lambda$securityFilterChain$1(ExceptionHandlingConfigurer exceptionHandlingConfigurer) {
        exceptionHandlingConfigurer.authenticationEntryPoint(this.unauthorizedHandler);
    }

    private /* synthetic */ void lambda$securityFilterChain$3(AuthorizeHttpRequestsConfigurer.AuthorizationManagerRequestMatcherRegistry authorizationManagerRequestMatcherRegistry) {
        ((AuthorizeHttpRequestsConfigurer.AuthorizedUrl) ((AuthorizeHttpRequestsConfigurer.AuthorizedUrl) authorizationManagerRequestMatcherRegistry.requestMatchers(this.UNAUTHREQ)).permitAll().anyRequest()).authenticated();
    }

    @Bean
    public CorsConfigurationSource corsConfigurationSource() {
        CorsConfiguration corsConfiguration = new CorsConfiguration();
        if (((String) Optional.ofNullable(this.corsAllowedOrigin).orElse("")).trim().isEmpty()) {
            B2Protocol.getInstance().severe("NO CORS");
        } else {
            B2Protocol.getInstance().severe("CORS: " + this.corsAllowedOrigin);
            corsConfiguration.setAllowedOrigins(Arrays.asList(this.corsAllowedOrigin));
            corsConfiguration.applyPermitDefaultValues();
        }
        UrlBasedCorsConfigurationSource urlBasedCorsConfigurationSource = new UrlBasedCorsConfigurationSource();
        urlBasedCorsConfigurationSource.registerCorsConfiguration("/**", corsConfiguration);
        return urlBasedCorsConfigurationSource;
    }

    @Bean
    public SecurityFilterChain securityFilterChain(HttpSecurity httpSecurity) {
        httpSecurity.csrf(new Customizer() { // from class: de.hallobtf.Kai.server.security.SecurityConfiguration$$ExternalSyntheticLambda0
        }).exceptionHandling(new Customizer() { // from class: de.hallobtf.Kai.server.security.SecurityConfiguration$$ExternalSyntheticLambda1
        }).sessionManagement(new Customizer() { // from class: de.hallobtf.Kai.server.security.SecurityConfiguration$$ExternalSyntheticLambda0
        }).authenticationManager(this.authManager).authorizeHttpRequests(new Customizer() { // from class: de.hallobtf.Kai.server.security.SecurityConfiguration$$ExternalSyntheticLambda1
        }).addFilterBefore(this.authTokenFilter, UsernamePasswordAuthenticationFilter.class);
        return (SecurityFilterChain) httpSecurity.build();
    }
}
