package com.shiftphones.shifternetzwerk.config;

import com.shiftphones.shifternetzwerk.security.AuthoritiesConstantsKt;
import com.shiftphones.shifternetzwerk.security.SecurityUtils;
import com.shiftphones.shifternetzwerk.security.oauth2.AudienceValidator;
import com.shiftphones.shifternetzwerk.security.oauth2.JwtGrantedAuthorityConverter;
import io.github.jhipster.config.JHipsterProperties;
import java.util.Collection;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.servlet.Filter;
import kotlin.Metadata;
import kotlin.TypeCastException;
import kotlin.jvm.internal.Intrinsics;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Import;
import org.springframework.core.convert.converter.Converter;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AbstractAuthenticationToken;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;
import org.springframework.security.oauth2.core.DelegatingOAuth2TokenValidator;
import org.springframework.security.oauth2.core.oidc.OidcUserInfo;
import org.springframework.security.oauth2.core.oidc.user.OidcUserAuthority;
import org.springframework.security.oauth2.jwt.Jwt;
import org.springframework.security.oauth2.jwt.JwtDecoder;
import org.springframework.security.oauth2.jwt.JwtDecoders;
import org.springframework.security.oauth2.jwt.JwtValidators;
import org.springframework.security.oauth2.jwt.NimbusJwtDecoder;
import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationConverter;
import org.springframework.security.web.csrf.CookieCsrfTokenRepository;
import org.springframework.security.web.csrf.CsrfFilter;
import org.springframework.security.web.header.writers.ReferrerPolicyHeaderWriter;
import org.springframework.web.filter.CorsFilter;
import org.zalando.problem.spring.web.advice.security.SecurityProblemSupport;

/* compiled from: SecurityConfiguration.kt */
@EnableWebSecurity
@Metadata(mv = {1, 1, 16}, bv = {1, 0, 3}, k = 1, d1 = {"��P\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\u000e\n��\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0010\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\b\u0017\u0018��2\u00020\u0001B\u001d\u0012\u0006\u0010\u0002\u001a\u00020\u0003\u0012\u0006\u0010\u0004\u001a\u00020\u0005\u0012\u0006\u0010\u0006\u001a\u00020\u0007¢\u0006\u0002\u0010\bJ\u0014\u0010\u000b\u001a\u000e\u0012\u0004\u0012\u00020\r\u0012\u0004\u0012\u00020\u000e0\fH\u0016J\u0010\u0010\u000f\u001a\u00020\u00102\u0006\u0010\u0011\u001a\u00020\u0012H\u0016J\u0012\u0010\u000f\u001a\u00020\u00102\b\u0010\u0013\u001a\u0004\u0018\u00010\u0014H\u0016J\b\u0010\u0015\u001a\u00020\u0016H\u0017J\b\u0010\u0017\u001a\u00020\u0018H\u0017R\u000e\u0010\u0002\u001a\u00020\u0003X\u0092\u0004¢\u0006\u0002\n��R\u0012\u0010\t\u001a\u00020\n8\u0012@\u0012X\u0093.¢\u0006\u0002\n��R\u000e\u0010\u0004\u001a\u00020\u0005X\u0092\u0004¢\u0006\u0002\n��R\u000e\u0010\u0006\u001a\u00020\u0007X\u0092\u0004¢\u0006\u0002\n��¨\u0006\u0019"}, d2 = {"Lcom/shiftphones/shifternetzwerk/config/SecurityConfiguration;", "Lorg/springframework/security/config/annotation/web/configuration/WebSecurityConfigurerAdapter;", "corsFilter", "Lorg/springframework/web/filter/CorsFilter;", "jHipsterProperties", "Lio/github/jhipster/config/JHipsterProperties;", "problemSupport", "Lorg/zalando/problem/spring/web/advice/security/SecurityProblemSupport;", "(Lorg/springframework/web/filter/CorsFilter;Lio/github/jhipster/config/JHipsterProperties;Lorg/zalando/problem/spring/web/advice/security/SecurityProblemSupport;)V", "issuerUri", "", "authenticationConverter", "Lorg/springframework/core/convert/converter/Converter;", "Lorg/springframework/security/oauth2/jwt/Jwt;", "Lorg/springframework/security/authentication/AbstractAuthenticationToken;", "configure", "", "http", "Lorg/springframework/security/config/annotation/web/builders/HttpSecurity;", "web", "Lorg/springframework/security/config/annotation/web/builders/WebSecurity;", "jwtDecoder", "Lorg/springframework/security/oauth2/jwt/JwtDecoder;", "userAuthoritiesMapper", "Lorg/springframework/security/core/authority/mapping/GrantedAuthoritiesMapper;", "shifternetzwerk"})
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
@Import({SecurityProblemSupport.class})
/* loaded from: input_file:BOOT-INF/classes/com/shiftphones/shifternetzwerk/config/SecurityConfiguration.class */
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

    @Value("${spring.security.oauth2.client.provider.oidc.issuer-uri}")
    private String issuerUri;
    private final CorsFilter corsFilter;
    private final JHipsterProperties jHipsterProperties;
    private final SecurityProblemSupport problemSupport;

    @Override // org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter, org.springframework.security.config.annotation.SecurityConfigurer
    public void configure(@Nullable WebSecurity webSecurity) {
        if (webSecurity == null) {
            Intrinsics.throwNpe();
        }
        webSecurity.ignoring().antMatchers(HttpMethod.OPTIONS, "/**").antMatchers("/app/**/*.{js,html}").antMatchers("/i18n/**").antMatchers("/content/**").antMatchers("/swagger-ui/index.html").antMatchers("/test/**");
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
    public void configure(@NotNull HttpSecurity http) throws Exception {
        Intrinsics.checkParameterIsNotNull(http, "http");
        ((HttpSecurity) ((HttpSecurity) ((HttpSecurity) ((HttpSecurity) ((HttpSecurity) ((HttpSecurity) http.csrf().csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()).and()).addFilterBefore((Filter) this.corsFilter, CsrfFilter.class).exceptionHandling().authenticationEntryPoint(this.problemSupport).accessDeniedHandler(this.problemSupport).and()).headers().contentSecurityPolicy("default-src 'self'; frame-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:").and().referrerPolicy(ReferrerPolicyHeaderWriter.ReferrerPolicy.STRICT_ORIGIN_WHEN_CROSS_ORIGIN).and().featurePolicy("geolocation 'none'; midi 'none'; sync-xhr 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; fullscreen 'self'; payment 'none'").and().frameOptions().deny().and()).authorizeRequests().antMatchers("/shifter/**").permitAll().antMatchers("/api/shifter/owv/**").permitAll().antMatchers("/api/productgroups").permitAll().antMatchers("/api/products").permitAll().antMatchers("/authorize").authenticated().antMatchers("/api/auth-info").permitAll().antMatchers("/api/**").authenticated().antMatchers("/management/health").permitAll().antMatchers("/management/info").permitAll().antMatchers("/management/prometheus").permitAll().antMatchers("/management/**").hasAuthority(AuthoritiesConstantsKt.ADMIN).and()).oauth2Login().and()).oauth2ResourceServer().jwt().jwtAuthenticationConverter(authenticationConverter()).and().and()).oauth2Client();
    }

    @NotNull
    public Converter<Jwt, AbstractAuthenticationToken> authenticationConverter() {
        JwtAuthenticationConverter jwtAuthenticationConverter = new JwtAuthenticationConverter();
        jwtAuthenticationConverter.setJwtGrantedAuthoritiesConverter(new JwtGrantedAuthorityConverter());
        return jwtAuthenticationConverter;
    }

    @Bean
    @NotNull
    public GrantedAuthoritiesMapper userAuthoritiesMapper() {
        return new GrantedAuthoritiesMapper() { // from class: com.shiftphones.shifternetzwerk.config.SecurityConfiguration$userAuthoritiesMapper$1
            @Override // org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper
            public /* bridge */ /* synthetic */ Collection mapAuthorities(Collection collection) {
                return mapAuthorities((Collection<? extends GrantedAuthority>) collection);
            }

            @Override // org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper
            @NotNull
            public final Set<GrantedAuthority> mapAuthorities(Collection<? extends GrantedAuthority> authorities) {
                LinkedHashSet linkedHashSet = new LinkedHashSet();
                Intrinsics.checkExpressionValueIsNotNull(authorities, "authorities");
                for (GrantedAuthority grantedAuthority : authorities) {
                    if (grantedAuthority instanceof OidcUserAuthority) {
                        OidcUserInfo userInfo = ((OidcUserAuthority) grantedAuthority).getUserInfo();
                        Intrinsics.checkExpressionValueIsNotNull(userInfo, "it.userInfo");
                        Map<String, Object> claims = userInfo.getClaims();
                        Intrinsics.checkExpressionValueIsNotNull(claims, "it.userInfo.claims");
                        List<GrantedAuthority> extractAuthorityFromClaims = SecurityUtils.extractAuthorityFromClaims(claims);
                        if (extractAuthorityFromClaims != null) {
                            linkedHashSet.addAll(extractAuthorityFromClaims);
                        }
                    }
                }
                return linkedHashSet;
            }
        };
    }

    @Bean
    @NotNull
    public JwtDecoder jwtDecoder() {
        String str = this.issuerUri;
        if (str == null) {
            Intrinsics.throwUninitializedPropertyAccessException("issuerUri");
        }
        JwtDecoder fromOidcIssuerLocation = JwtDecoders.fromOidcIssuerLocation(str);
        if (fromOidcIssuerLocation == null) {
            throw new TypeCastException("null cannot be cast to non-null type org.springframework.security.oauth2.jwt.NimbusJwtDecoder");
        }
        NimbusJwtDecoder nimbusJwtDecoder = (NimbusJwtDecoder) fromOidcIssuerLocation;
        JHipsterProperties.Security security = this.jHipsterProperties.getSecurity();
        Intrinsics.checkExpressionValueIsNotNull(security, "jHipsterProperties.security");
        JHipsterProperties.Security.OAuth2 oauth2 = security.getOauth2();
        Intrinsics.checkExpressionValueIsNotNull(oauth2, "jHipsterProperties.security.oauth2");
        List<String> audience = oauth2.getAudience();
        Intrinsics.checkExpressionValueIsNotNull(audience, "jHipsterProperties.security.oauth2.audience");
        AudienceValidator audienceValidator = new AudienceValidator(audience);
        String str2 = this.issuerUri;
        if (str2 == null) {
            Intrinsics.throwUninitializedPropertyAccessException("issuerUri");
        }
        nimbusJwtDecoder.setJwtValidator(new DelegatingOAuth2TokenValidator(JwtValidators.createDefaultWithIssuer(str2), audienceValidator));
        return nimbusJwtDecoder;
    }

    public SecurityConfiguration(@NotNull CorsFilter corsFilter, @NotNull JHipsterProperties jHipsterProperties, @NotNull SecurityProblemSupport problemSupport) {
        Intrinsics.checkParameterIsNotNull(corsFilter, "corsFilter");
        Intrinsics.checkParameterIsNotNull(jHipsterProperties, "jHipsterProperties");
        Intrinsics.checkParameterIsNotNull(problemSupport, "problemSupport");
        this.corsFilter = corsFilter;
        this.jHipsterProperties = jHipsterProperties;
        this.problemSupport = problemSupport;
    }
}
