package de.codecamp.vaadin.security.spring.autoconfigure;

import de.codecamp.vaadin.security.spring.access.DefaultRouteAccessControl;
import de.codecamp.vaadin.security.spring.access.DefaultVaadinSecurityExpressionHandler;
import de.codecamp.vaadin.security.spring.access.RouteAccessControlServiceInitListener;
import de.codecamp.vaadin.security.spring.access.RouteAccessDeniedHandler;
import de.codecamp.vaadin.security.spring.access.VaadinSecurityExpressionHandler;
import de.codecamp.vaadin.security.spring.authentication.AuthenticationResultHandler;
import de.codecamp.vaadin.security.spring.authentication.StandardAuthenticationHandlers;
import de.codecamp.vaadin.security.spring.authentication.StandardAuthenticationService;
import de.codecamp.vaadin.security.spring.authentication.StandardAuthenticationServiceInitListener;
import de.codecamp.vaadin.security.spring.config.VaadinSecurityConfigurerAdapter;
import java.net.URI;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.AutoConfigureBefore;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.access.hierarchicalroles.RoleHierarchy;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

@AutoConfigureBefore({SecurityAutoConfiguration.class})
@EnableConfigurationProperties({VaadinSecurityProperties.class})
@Configuration(proxyBeanMethods = false)
/* loaded from: input_file:de/codecamp/vaadin/security/spring/autoconfigure/VaadinSecurityAutoConfiguration.class */
public class VaadinSecurityAutoConfiguration {

    @Autowired
    private VaadinSecurityProperties properties;

    @ConditionalOnMissingBean({WebSecurityConfigurerAdapter.class})
    @Configuration(proxyBeanMethods = false)
    @Order(2147483642)
    /* loaded from: input_file:de/codecamp/vaadin/security/spring/autoconfigure/VaadinSecurityAutoConfiguration$DefaultVaadinSecurityConfigurerAdapter.class */
    static class DefaultVaadinSecurityConfigurerAdapter extends VaadinSecurityConfigurerAdapter {
        public DefaultVaadinSecurityConfigurerAdapter(VaadinSecurityProperties vaadinSecurityProperties) {
            super(vaadinSecurityProperties);
        }
    }

    @ConditionalOnProperty(prefix = "codecamp.vaadin.security.standard-auth", name = {"enabled"}, matchIfMissing = true)
    @Bean
    public StandardAuthenticationService vaadinStandardAuthenticationService(List<AuthenticationResultHandler> list) {
        StandardAuthenticationService standardAuthenticationService = new StandardAuthenticationService();
        URI create = URI.create(this.properties.getUiRootUrl());
        URI create2 = URI.create(this.properties.getStandardAuth().getLoginProcessingUrl());
        URI create3 = URI.create(this.properties.getStandardAuth().getLogoutUrl());
        standardAuthenticationService.setLoginProcessingClientUrl(create.relativize(create2).toString());
        standardAuthenticationService.setLogoutClientUrl(create.relativize(create3).toString());
        standardAuthenticationService.setAuthenticationResultHandlers(list);
        return standardAuthenticationService;
    }

    @ConditionalOnProperty(prefix = "codecamp.vaadin.security.standard-auth", name = {"enabled"}, matchIfMissing = true)
    @Bean
    public StandardAuthenticationHandlers vaadinStandardAuthenticationHandlers() {
        StandardAuthenticationHandlers standardAuthenticationHandlers = new StandardAuthenticationHandlers();
        standardAuthenticationHandlers.setMainRoute(this.properties.getStandardAuth().getMainRoute());
        standardAuthenticationHandlers.setLoginRoute(this.properties.getStandardAuth().getLoginRoute());
        return standardAuthenticationHandlers;
    }

    @ConditionalOnProperty(prefix = "codecamp.vaadin.security.standard-auth", name = {"enabled"}, matchIfMissing = true)
    @Bean
    public StandardAuthenticationServiceInitListener vaadinLoginRouteAccessRuleServiceInitListener() {
        StandardAuthenticationServiceInitListener standardAuthenticationServiceInitListener = new StandardAuthenticationServiceInitListener();
        standardAuthenticationServiceInitListener.setLoginRoute(this.properties.getStandardAuth().getLoginRoute());
        standardAuthenticationServiceInitListener.setMainRoute(this.properties.getStandardAuth().getMainRoute());
        return standardAuthenticationServiceInitListener;
    }

    @Bean
    public DefaultRouteAccessControl vaadinRouteAccessControl(List<RouteAccessDeniedHandler> list) {
        DefaultRouteAccessControl defaultRouteAccessControl = new DefaultRouteAccessControl();
        defaultRouteAccessControl.setDenyUnsecured(this.properties.getDenyUnsecured());
        defaultRouteAccessControl.setAccessDeniedHandlers(list);
        return defaultRouteAccessControl;
    }

    @Bean
    public RouteAccessControlServiceInitListener vaadinRouteAccessControlServiceInitListener() {
        return new RouteAccessControlServiceInitListener();
    }

    @ConditionalOnMissingBean
    @Bean
    public VaadinSecurityExpressionHandler vaadinSecurityExpressionHandler(Optional<RoleHierarchy> optional) {
        DefaultVaadinSecurityExpressionHandler defaultVaadinSecurityExpressionHandler = new DefaultVaadinSecurityExpressionHandler();
        Objects.requireNonNull(defaultVaadinSecurityExpressionHandler);
        optional.ifPresent(defaultVaadinSecurityExpressionHandler::setRoleHierarchy);
        return defaultVaadinSecurityExpressionHandler;
    }
}
