package de.iip_ecosphere.platform.support.aas.basyx2.apps.security;

import de.iip_ecosphere.platform.support.aas.AuthenticationDescriptor;
import de.iip_ecosphere.platform.support.identities.IdentityToken;
import java.util.ArrayList;
import java.util.List;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.web.embedded.tomcat.TomcatConnectorCustomizer;
import org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory;
import org.springframework.boot.web.servlet.server.ServletWebServerFactory;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
import org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.util.matcher.RequestMatcher;

@Configuration
@EnableWebSecurity
/* loaded from: input_file:de/iip_ecosphere/platform/support/aas/basyx2/apps/security/ServerConfig.class */
public class ServerConfig {

    @Autowired(required = false)
    private AuthenticationDescriptor authDesc;

    /* renamed from: de.iip_ecosphere.platform.support.aas.basyx2.apps.security.ServerConfig$1, reason: invalid class name */
    /* loaded from: input_file:de/iip_ecosphere/platform/support/aas/basyx2/apps/security/ServerConfig$1.class */
    static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$de$iip_ecosphere$platform$support$identities$IdentityToken$TokenType = new int[IdentityToken.TokenType.values().length];

        static {
            try {
                $SwitchMap$de$iip_ecosphere$platform$support$identities$IdentityToken$TokenType[IdentityToken.TokenType.USERNAME.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
        }
    }

    @Bean
    public ServletWebServerFactory servletContainer(SSLConnectorCustomizer sSLConnectorCustomizer) {
        TomcatServletWebServerFactory tomcatServletWebServerFactory = new TomcatServletWebServerFactory();
        tomcatServletWebServerFactory.addConnectorCustomizers(new TomcatConnectorCustomizer[]{sSLConnectorCustomizer});
        return tomcatServletWebServerFactory;
    }

    @Bean
    public SecurityFilterChain securityFilterChain(HttpSecurity httpSecurity) throws Exception {
        httpSecurity.securityMatcher(new String[]{"/**"});
        if (null == this.authDesc) {
            httpSecurity.authorizeHttpRequests(authorizationManagerRequestMatcherRegistry -> {
                ((AuthorizeHttpRequestsConfigurer.AuthorizedUrl) authorizationManagerRequestMatcherRegistry.anyRequest()).permitAll();
            }).httpBasic(Customizer.withDefaults()).csrf(csrfConfigurer -> {
                csrfConfigurer.ignoringRequestMatchers(new RequestMatcher[]{httpServletRequest -> {
                    return true;
                }});
            });
            return (SecurityFilterChain) httpSecurity.build();
        }
        httpSecurity.authorizeHttpRequests(authorizationManagerRequestMatcherRegistry2 -> {
            ((AuthorizeHttpRequestsConfigurer.AuthorizedUrl) authorizationManagerRequestMatcherRegistry2.requestMatchers(new String[]{"/error"})).permitAll();
            if (this.authDesc.requiresAnonymousAccess()) {
                ((AuthorizeHttpRequestsConfigurer.AuthorizedUrl) authorizationManagerRequestMatcherRegistry2.anyRequest()).permitAll();
            } else {
                ((AuthorizeHttpRequestsConfigurer.AuthorizedUrl) authorizationManagerRequestMatcherRegistry2.anyRequest()).authenticated();
            }
        });
        httpSecurity.httpBasic(Customizer.withDefaults());
        if (this.authDesc.requiresAnonymousAccess()) {
            AuthenticationDescriptor.DefaultRole defaultRole = AuthenticationDescriptor.DefaultRole.NONE;
            httpSecurity.anonymous(anonymousConfigurer -> {
                anonymousConfigurer.key(defaultRole.name()).authorities(new String[]{defaultRole.name()}).principal(defaultRole.name());
            });
        }
        httpSecurity.csrf(csrfConfigurer2 -> {
            csrfConfigurer2.disable();
        });
        return (SecurityFilterChain) httpSecurity.build();
    }

    @Bean
    public UserDetailsService userDetailsService() {
        List<AuthenticationDescriptor.IdentityTokenWithRole> serverUsers;
        ArrayList arrayList = new ArrayList();
        if (null != this.authDesc && this.authDesc.getServerUsers() != null && null != (serverUsers = this.authDesc.getServerUsers())) {
            for (AuthenticationDescriptor.IdentityTokenWithRole identityTokenWithRole : serverUsers) {
                switch (AnonymousClass1.$SwitchMap$de$iip_ecosphere$platform$support$identities$IdentityToken$TokenType[identityTokenWithRole.getType().ordinal()]) {
                    case 1:
                        Object obj = "";
                        String tokenEncryptionAlgorithm = identityTokenWithRole.getTokenEncryptionAlgorithm();
                        if ("UTF-8".equalsIgnoreCase(tokenEncryptionAlgorithm)) {
                            obj = "{noop}";
                        } else if ("BCRYPT".equalsIgnoreCase(tokenEncryptionAlgorithm)) {
                            obj = "{bcrypt}";
                        } else if ("SHA256".equalsIgnoreCase(tokenEncryptionAlgorithm)) {
                            obj = "{sha256}";
                        }
                        arrayList.add(User.withUsername(identityTokenWithRole.getUserName()).password(obj + identityTokenWithRole.getTokenDataAsString()).authorities(new GrantedAuthority[]{new SimpleGrantedAuthority(identityTokenWithRole.getRole().name())}).build());
                        break;
                    default:
                        LoggerFactory.getLogger(getClass()).warn("Token type {} for user {} cannot be processed. Skipping.", identityTokenWithRole.getType(), identityTokenWithRole.getUserName());
                        break;
                }
            }
        }
        return new InMemoryUserDetailsManager(arrayList);
    }

    @Bean
    public WebSecurityCustomizer webSecurityCustomizer() {
        return webSecurity -> {
            webSecurity.debug(false);
        };
    }
}
