package id.onyx.obdp.server.configuration.spring;

import id.onyx.obdp.server.security.AmbariEntryPoint;
import id.onyx.obdp.server.security.authentication.OBDPDelegatingAuthenticationFilter;
import id.onyx.obdp.server.security.authentication.OBDPLocalAuthenticationProvider;
import id.onyx.obdp.server.security.authentication.RequestBodyCachingFilter;
import id.onyx.obdp.server.security.authentication.jwt.OBDPJwtAuthenticationProvider;
import id.onyx.obdp.server.security.authentication.kerberos.AmbariAuthToLocalUserDetailsService;
import id.onyx.obdp.server.security.authentication.kerberos.AmbariKerberosTicketValidator;
import id.onyx.obdp.server.security.authentication.kerberos.OBDPKerberosAuthenticationProvider;
import id.onyx.obdp.server.security.authentication.kerberos.OBDPProxiedUserDetailsService;
import id.onyx.obdp.server.security.authentication.pam.AmbariPamAuthenticationProvider;
import id.onyx.obdp.server.security.authorization.AmbariLdapAuthenticationProvider;
import id.onyx.obdp.server.security.authorization.OBDPAuthorizationFilter;
import id.onyx.obdp.server.security.authorization.internal.AmbariInternalAuthenticationProvider;
import java.util.Arrays;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Import;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.ProviderManager;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.access.intercept.FilterSecurityInterceptor;
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;

@Configuration
@EnableWebSecurity
@Import({GuiceBeansConfig.class})
@ComponentScan({"id.onyx.obdp.server.security"})
/* loaded from: input_file:id/onyx/obdp/server/configuration/spring/ApiSecurityConfig.class */
public class ApiSecurityConfig {
    private final GuiceBeansConfig guiceBeansConfig;

    @Autowired
    private AmbariEntryPoint ambariEntryPoint;

    @Autowired
    private OBDPDelegatingAuthenticationFilter delegatingAuthenticationFilter;

    @Autowired
    private OBDPAuthorizationFilter authorizationFilter;

    public ApiSecurityConfig(GuiceBeansConfig guiceBeansConfig) {
        this.guiceBeansConfig = guiceBeansConfig;
    }

    @Bean
    public SecurityFilterChain securityFilterChain(HttpSecurity httpSecurity) throws Exception {
        httpSecurity.csrf().disable().authorizeHttpRequests(authorizationManagerRequestMatcherRegistry -> {
            ((AuthorizeHttpRequestsConfigurer.AuthorizedUrl) authorizationManagerRequestMatcherRegistry.anyRequest()).authenticated();
        }).headers(headersConfigurer -> {
            headersConfigurer.httpStrictTransportSecurity().disable().frameOptions().disable();
        }).exceptionHandling(exceptionHandlingConfigurer -> {
            exceptionHandlingConfigurer.authenticationEntryPoint(this.ambariEntryPoint);
        }).sessionManagement(sessionManagementConfigurer -> {
            sessionManagementConfigurer.sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED);
        }).addFilterBefore(new RequestBodyCachingFilter(), BasicAuthenticationFilter.class).addFilterBefore(this.guiceBeansConfig.obdpUserAuthorizationFilter(), BasicAuthenticationFilter.class).addFilterAt(this.delegatingAuthenticationFilter, BasicAuthenticationFilter.class).addFilterBefore(this.authorizationFilter, FilterSecurityInterceptor.class);
        return (SecurityFilterChain) httpSecurity.build();
    }

    @Bean
    public AuthenticationManager authenticationManager(OBDPJwtAuthenticationProvider oBDPJwtAuthenticationProvider, AmbariPamAuthenticationProvider ambariPamAuthenticationProvider, OBDPLocalAuthenticationProvider oBDPLocalAuthenticationProvider, AmbariLdapAuthenticationProvider ambariLdapAuthenticationProvider, AmbariInternalAuthenticationProvider ambariInternalAuthenticationProvider, OBDPKerberosAuthenticationProvider oBDPKerberosAuthenticationProvider) {
        return new ProviderManager(Arrays.asList(oBDPJwtAuthenticationProvider, ambariPamAuthenticationProvider, oBDPLocalAuthenticationProvider, ambariLdapAuthenticationProvider, ambariInternalAuthenticationProvider, oBDPKerberosAuthenticationProvider));
    }

    @Bean
    public OBDPKerberosAuthenticationProvider ambariKerberosAuthenticationProvider(AmbariKerberosTicketValidator ambariKerberosTicketValidator, AmbariAuthToLocalUserDetailsService ambariAuthToLocalUserDetailsService, OBDPProxiedUserDetailsService oBDPProxiedUserDetailsService) {
        return new OBDPKerberosAuthenticationProvider(ambariAuthToLocalUserDetailsService, oBDPProxiedUserDetailsService, ambariKerberosTicketValidator);
    }
}
