package org.georchestra.gateway.security;

import java.net.URI;
import java.util.List;
import java.util.Map;
import java.util.stream.Stream;
import lombok.Generated;
import org.georchestra.gateway.model.GatewayConfigProperties;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
import org.springframework.security.config.web.server.ServerHttpSecurity;
import org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter;
import org.springframework.security.web.server.SecurityWebFilterChain;
import org.springframework.security.web.server.authentication.logout.RedirectServerLogoutSuccessHandler;
import org.springframework.security.web.server.authentication.logout.ServerLogoutSuccessHandler;
import org.springframework.security.web.server.util.matcher.ServerWebExchangeMatchers;

@EnableConfigurationProperties({GatewayConfigProperties.class})
@Configuration(proxyBeanMethods = false)
@EnableWebFluxSecurity
/* loaded from: input_file:BOOT-INF/classes/org/georchestra/gateway/security/GatewaySecurityConfiguration.class */
public class GatewaySecurityConfiguration {

    @Generated
    private static final Logger log = LoggerFactory.getLogger("org.georchestra.gateway.security");

    @Autowired(required = false)
    ServerLogoutSuccessHandler oidcLogoutSuccessHandler;

    @Value("${georchestra.gateway.logoutUrl:/?logout}")
    private String georchestraLogoutUrl;

    @Bean
    SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity serverHttpSecurity, List<ServerHttpSecurityCustomizer> list) throws Exception {
        log.info("Initializing security filter chain...");
        serverHttpSecurity.csrf().disable();
        serverHttpSecurity.exceptionHandling().accessDeniedHandler(new CustomAccessDeniedHandler());
        sortedCustomizers(list).forEach(serverHttpSecurityCustomizer -> {
            log.debug("Applying security customizer {}", serverHttpSecurityCustomizer.getName());
            serverHttpSecurityCustomizer.customize(serverHttpSecurity);
        });
        log.info("Security filter chain initialized");
        RedirectServerLogoutSuccessHandler redirectServerLogoutSuccessHandler = new RedirectServerLogoutSuccessHandler();
        redirectServerLogoutSuccessHandler.setLogoutSuccessUrl(URI.create(this.georchestraLogoutUrl));
        return serverHttpSecurity.formLogin().loginPage(DefaultLoginPageGeneratingFilter.DEFAULT_LOGIN_PAGE_URL).and().logout().requiresLogout(ServerWebExchangeMatchers.pathMatchers(HttpMethod.GET, "/logout")).logoutSuccessHandler(this.oidcLogoutSuccessHandler != null ? this.oidcLogoutSuccessHandler : redirectServerLogoutSuccessHandler).and().build();
    }

    private Stream<ServerHttpSecurityCustomizer> sortedCustomizers(List<ServerHttpSecurityCustomizer> list) {
        return list.stream().sorted((serverHttpSecurityCustomizer, serverHttpSecurityCustomizer2) -> {
            return Integer.compare(serverHttpSecurityCustomizer.getOrder(), serverHttpSecurityCustomizer2.getOrder());
        });
    }

    @Bean
    GeorchestraUserMapper georchestraUserResolver(List<GeorchestraUserMapperExtension> list, List<GeorchestraUserCustomizerExtension> list2) {
        return new GeorchestraUserMapper(list, list2);
    }

    @Bean
    ResolveGeorchestraUserGlobalFilter resolveGeorchestraUserGlobalFilter(GeorchestraUserMapper georchestraUserMapper) {
        return new ResolveGeorchestraUserGlobalFilter(georchestraUserMapper);
    }

    @Bean
    RolesMappingsUserCustomizer rolesMappingsUserCustomizer(GatewayConfigProperties gatewayConfigProperties) {
        Map<String, List<String>> rolesMappings = gatewayConfigProperties.getRolesMappings();
        log.info("Creating {}", RolesMappingsUserCustomizer.class.getSimpleName());
        return new RolesMappingsUserCustomizer(rolesMappings);
    }
}
