package com.vaadin.sso.starter;

import com.vaadin.flow.spring.security.VaadinSavedRequestAwareAuthenticationSuccessHandler;
import com.vaadin.flow.spring.security.VaadinWebSecurity;
import java.util.Objects;
import javax.servlet.Filter;
import org.springframework.boot.autoconfigure.AutoConfiguration;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.boot.autoconfigure.security.oauth2.client.ClientsConfiguredCondition;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.annotation.Conditional;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.core.session.SessionRegistry;
import org.springframework.security.oauth2.client.oidc.web.logout.OidcClientInitiatedLogoutSuccessHandler;
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint;
import org.springframework.security.web.authentication.logout.LogoutFilter;
import org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter;
import org.springframework.security.web.savedrequest.RequestCache;

@EnableConfigurationProperties({SingleSignOnProperties.class})
@AutoConfiguration
@EnableWebSecurity
@Conditional({ClientsConfiguredCondition.class})
@ConditionalOnProperty(name = {"auto-configure"}, prefix = SingleSignOnProperties.PREFIX, matchIfMissing = true)
/* loaded from: input_file:BOOT-INF/lib/sso-kit-starter-1.0-SNAPSHOT.jar:com/vaadin/sso/starter/SingleSignOnConfiguration.class */
public class SingleSignOnConfiguration extends VaadinWebSecurity {
    private final SingleSignOnProperties properties;
    private final OidcClientInitiatedLogoutSuccessHandler logoutSuccessHandler;
    private final VaadinSavedRequestAwareAuthenticationSuccessHandler loginSuccessHandler = new VaadinSavedRequestAwareAuthenticationSuccessHandler();
    private final SessionRegistry sessionRegistry;
    private final BackChannelLogoutFilter backChannelLogoutFilter;

    public SingleSignOnConfiguration(SingleSignOnProperties singleSignOnProperties, SessionRegistry sessionRegistry, ClientRegistrationRepository clientRegistrationRepository) {
        this.properties = singleSignOnProperties;
        this.sessionRegistry = sessionRegistry;
        this.logoutSuccessHandler = new OidcClientInitiatedLogoutSuccessHandler(clientRegistrationRepository);
        this.logoutSuccessHandler.setRedirectStrategy(new UidlRedirectStrategy());
        this.backChannelLogoutFilter = new BackChannelLogoutFilter(sessionRegistry, clientRegistrationRepository);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.vaadin.flow.spring.security.VaadinWebSecurity
    public void configure(HttpSecurity httpSecurity) throws Exception {
        super.configure(httpSecurity);
        String str = (String) Objects.requireNonNullElse(this.properties.getLoginRoute(), DefaultLoginPageGeneratingFilter.DEFAULT_LOGIN_PAGE_URL);
        String str2 = (String) Objects.requireNonNullElse(this.properties.getLogoutRedirectRoute(), "{baseUrl}");
        String str3 = (String) Objects.requireNonNullElse(this.properties.getBackChannelLogoutRoute(), "/logout/back-channel/{registrationId}");
        int maximumConcurrentSessions = this.properties.getMaximumConcurrentSessions();
        httpSecurity.oauth2Login(oAuth2LoginConfigurer -> {
            RequestCache requestCache = (RequestCache) httpSecurity.getSharedObject(RequestCache.class);
            if (requestCache != null) {
                this.loginSuccessHandler.setRequestCache(requestCache);
            }
            oAuth2LoginConfigurer.successHandler(this.loginSuccessHandler);
            oAuth2LoginConfigurer.loginPage(str).permitAll();
            getViewAccessChecker().setLoginView(str);
        }).logout(logoutConfigurer -> {
            this.logoutSuccessHandler.setPostLogoutRedirectUri(str2);
            logoutConfigurer.logoutSuccessHandler(this.logoutSuccessHandler);
        }).exceptionHandling(exceptionHandlingConfigurer -> {
            exceptionHandlingConfigurer.authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint(str));
        }).sessionManagement(sessionManagementConfigurer -> {
            sessionManagementConfigurer.sessionConcurrency(concurrencyControlConfigurer -> {
                concurrencyControlConfigurer.maximumSessions(maximumConcurrentSessions);
                concurrencyControlConfigurer.sessionRegistry(this.sessionRegistry);
                concurrencyControlConfigurer.expiredSessionStrategy(new UidlExpiredSessionStrategy());
            });
        });
        if (this.properties.isBackChannelLogout()) {
            this.backChannelLogoutFilter.setBackChannelLogoutRoute(str3);
            httpSecurity.addFilterAfter((Filter) this.backChannelLogoutFilter, LogoutFilter.class);
            httpSecurity.csrf().ignoringRequestMatchers(this.backChannelLogoutFilter.getRequestMatcher());
        }
    }
}
