package com.vaadin.sso.starter;

import com.vaadin.flow.component.UI;
import com.vaadin.flow.server.VaadinServletRequest;
import com.vaadin.flow.server.VaadinServletResponse;
import com.vaadin.flow.shared.JsonConstants;
import com.vaadin.flow.spring.security.VaadinSavedRequestAwareAuthenticationSuccessHandler;
import com.vaadin.flow.spring.security.VaadinWebSecurity;
import java.io.IOException;
import java.lang.invoke.SerializedLambda;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import javax.servlet.Filter;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.boot.autoconfigure.AutoConfiguration;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.boot.autoconfigure.security.oauth2.client.ClientsConfiguredCondition;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Conditional;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configurers.LogoutConfigurer;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.session.SessionRegistry;
import org.springframework.security.oauth2.client.oidc.web.logout.OidcClientInitiatedLogoutSuccessHandler;
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
import org.springframework.security.oauth2.core.oidc.user.OidcUser;
import org.springframework.security.web.DefaultSecurityFilterChain;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint;
import org.springframework.security.web.authentication.logout.CompositeLogoutHandler;
import org.springframework.security.web.authentication.logout.LogoutFilter;
import org.springframework.security.web.authentication.logout.LogoutHandler;
import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
import org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter;
import org.springframework.security.web.savedrequest.RequestCache;

@EnableConfigurationProperties({SingleSignOnProperties.class})
@AutoConfiguration
@EnableWebSecurity
@Conditional({LicenseCheckCondition.class, ClientsConfiguredCondition.class})
@ConditionalOnProperty(name = {"auto-configure"}, prefix = SingleSignOnProperties.PREFIX, matchIfMissing = true)
/* loaded from: input_file:BOOT-INF/lib/sso-kit-starter-1.0.custom-user-service-SNAPSHOT.jar:com/vaadin/sso/starter/SingleSignOnConfiguration.class */
public class SingleSignOnConfiguration extends VaadinWebSecurity {
    private final SingleSignOnProperties properties;
    private final OidcClientInitiatedLogoutSuccessHandler logoutSuccessHandler;
    private final VaadinSavedRequestAwareAuthenticationSuccessHandler loginSuccessHandler = new VaadinSavedRequestAwareAuthenticationSuccessHandler();
    private final DefaultAuthenticationContext authenticationContext;
    private final SessionRegistry sessionRegistry;
    private final BackChannelLogoutFilter backChannelLogoutFilter;
    private final SingleSignOnUserService userService;

    /* loaded from: input_file:BOOT-INF/lib/sso-kit-starter-1.0.custom-user-service-SNAPSHOT.jar:com/vaadin/sso/starter/SingleSignOnConfiguration$DefaultAuthenticationContext.class */
    static class DefaultAuthenticationContext implements AuthenticationContext {
        private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) AuthenticationContext.class);
        private LogoutSuccessHandler logoutSuccessHandler;
        private CompositeLogoutHandler logoutHandler;

        DefaultAuthenticationContext() {
        }

        @Override // com.vaadin.sso.starter.AuthenticationContext
        public <U extends OidcUser> Optional<U> getAuthenticatedUser(Class<U> cls) {
            Optional map = Optional.of(SecurityContextHolder.getContext()).map((v0) -> {
                return v0.getAuthentication();
            }).map((v0) -> {
                return v0.getPrincipal();
            });
            Objects.requireNonNull(cls);
            Optional filter = map.filter(cls::isInstance);
            Objects.requireNonNull(cls);
            return filter.map(cls::cast);
        }

        @Override // com.vaadin.sso.starter.AuthenticationContext
        public void logout() {
            HttpServletRequest httpServletRequest = VaadinServletRequest.getCurrent().getHttpServletRequest();
            HttpServletResponse httpServletResponse = VaadinServletResponse.getCurrent().getHttpServletResponse();
            Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
            UI current = UI.getCurrent();
            this.logoutHandler.logout(httpServletRequest, httpServletResponse, authentication);
            current.accessSynchronously(() -> {
                try {
                    this.logoutSuccessHandler.onLogoutSuccess(httpServletRequest, httpServletResponse, authentication);
                } catch (IOException | ServletException e) {
                    LOGGER.warn("There was an error notifying the OIDC provider of the user logout", e);
                }
            });
        }

        void setLogoutHandlers(LogoutSuccessHandler logoutSuccessHandler, List<LogoutHandler> list) {
            this.logoutSuccessHandler = logoutSuccessHandler;
            this.logoutHandler = new CompositeLogoutHandler(list);
        }

        LogoutSuccessHandler getLogoutSuccessHandler() {
            return this.logoutSuccessHandler;
        }

        CompositeLogoutHandler getLogoutHandler() {
            return this.logoutHandler;
        }

        private static /* synthetic */ Object $deserializeLambda$(SerializedLambda serializedLambda) {
            String implMethodName = serializedLambda.getImplMethodName();
            boolean z = -1;
            switch (implMethodName.hashCode()) {
                case -1297989082:
                    if (implMethodName.equals("lambda$logout$5f26b8a2$1")) {
                        z = false;
                        break;
                    }
                    break;
            }
            switch (z) {
                case false:
                    if (serializedLambda.getImplMethodKind() == 7 && serializedLambda.getFunctionalInterfaceClass().equals("com/vaadin/flow/server/Command") && serializedLambda.getFunctionalInterfaceMethodName().equals(JsonConstants.UIDL_KEY_EXECUTE) && serializedLambda.getFunctionalInterfaceMethodSignature().equals("()V") && serializedLambda.getImplClass().equals("com/vaadin/sso/starter/SingleSignOnConfiguration$DefaultAuthenticationContext") && serializedLambda.getImplMethodSignature().equals("(Ljavax/servlet/http/HttpServletRequest;Ljavax/servlet/http/HttpServletResponse;Lorg/springframework/security/core/Authentication;)V")) {
                        DefaultAuthenticationContext defaultAuthenticationContext = (DefaultAuthenticationContext) serializedLambda.getCapturedArg(0);
                        HttpServletRequest httpServletRequest = (HttpServletRequest) serializedLambda.getCapturedArg(1);
                        HttpServletResponse httpServletResponse = (HttpServletResponse) serializedLambda.getCapturedArg(2);
                        Authentication authentication = (Authentication) serializedLambda.getCapturedArg(3);
                        return () -> {
                            try {
                                this.logoutSuccessHandler.onLogoutSuccess(httpServletRequest, httpServletResponse, authentication);
                            } catch (IOException | ServletException e) {
                                LOGGER.warn("There was an error notifying the OIDC provider of the user logout", e);
                            }
                        };
                    }
                    break;
            }
            throw new IllegalArgumentException("Invalid lambda deserialization");
        }
    }

    public SingleSignOnConfiguration(SingleSignOnProperties singleSignOnProperties, SessionRegistry sessionRegistry, ClientRegistrationRepository clientRegistrationRepository) {
        this.properties = singleSignOnProperties;
        this.sessionRegistry = sessionRegistry;
        this.logoutSuccessHandler = new OidcClientInitiatedLogoutSuccessHandler(clientRegistrationRepository);
        this.logoutSuccessHandler.setRedirectStrategy(new UidlRedirectStrategy());
        this.backChannelLogoutFilter = new BackChannelLogoutFilter(sessionRegistry, clientRegistrationRepository);
        this.authenticationContext = new DefaultAuthenticationContext();
        this.userService = new SingleSignOnUserService();
    }

    @Bean
    public AuthenticationContext getAuthenticationContext() {
        return this.authenticationContext;
    }

    @Override // com.vaadin.flow.spring.security.VaadinWebSecurity
    @Bean(name = {"VaadinSecurityFilterChainBean"})
    public SecurityFilterChain filterChain(HttpSecurity httpSecurity) throws Exception {
        configure(httpSecurity);
        DefaultSecurityFilterChain build = httpSecurity.build();
        LogoutConfigurer<HttpSecurity> logout = httpSecurity.logout();
        this.authenticationContext.setLogoutHandlers(logout.getLogoutSuccessHandler(), logout.getLogoutHandlers());
        return build;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.vaadin.flow.spring.security.VaadinWebSecurity
    public void configure(HttpSecurity httpSecurity) throws Exception {
        super.configure(httpSecurity);
        String str = (String) Objects.requireNonNullElse(this.properties.getLoginRoute(), DefaultLoginPageGeneratingFilter.DEFAULT_LOGIN_PAGE_URL);
        String str2 = (String) Objects.requireNonNullElse(this.properties.getLogoutRedirectRoute(), "{baseUrl}");
        String str3 = (String) Objects.requireNonNullElse(this.properties.getBackChannelLogoutRoute(), "/logout/back-channel/{registrationId}");
        int maximumConcurrentSessions = this.properties.getMaximumConcurrentSessions();
        httpSecurity.oauth2Login(oAuth2LoginConfigurer -> {
            oAuth2LoginConfigurer.userInfoEndpoint().oidcUserService(this.userService);
            RequestCache requestCache = (RequestCache) httpSecurity.getSharedObject(RequestCache.class);
            if (requestCache != null) {
                this.loginSuccessHandler.setRequestCache(requestCache);
            }
            oAuth2LoginConfigurer.successHandler(this.loginSuccessHandler);
            oAuth2LoginConfigurer.loginPage(str).permitAll();
            getViewAccessChecker().setLoginView(str);
        }).logout(logoutConfigurer -> {
            this.logoutSuccessHandler.setPostLogoutRedirectUri(str2);
            logoutConfigurer.logoutSuccessHandler(this.logoutSuccessHandler);
        }).exceptionHandling(exceptionHandlingConfigurer -> {
            exceptionHandlingConfigurer.authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint(str));
        }).sessionManagement(sessionManagementConfigurer -> {
            sessionManagementConfigurer.sessionConcurrency(concurrencyControlConfigurer -> {
                concurrencyControlConfigurer.maximumSessions(maximumConcurrentSessions);
                concurrencyControlConfigurer.sessionRegistry(this.sessionRegistry);
                concurrencyControlConfigurer.expiredSessionStrategy(new UidlExpiredSessionStrategy());
            });
        });
        if (this.properties.isBackChannelLogout()) {
            this.backChannelLogoutFilter.setBackChannelLogoutRoute(str3);
            httpSecurity.addFilterAfter((Filter) this.backChannelLogoutFilter, LogoutFilter.class);
            httpSecurity.csrf().ignoringRequestMatchers(this.backChannelLogoutFilter.getRequestMatcher());
        }
    }
}
