package org.alfresco.event.gateway.autoconfigure.security;

import java.util.Set;
import org.alfresco.core.handler.GroupsApiClient;
import org.alfresco.event.gateway.security.ACSAuthoritiesProvider;
import org.alfresco.event.gateway.security.ACSAuthoritiesService;
import org.alfresco.event.gateway.security.ExtendedAuthoritiesKeycloakAuthenticationProvider;
import org.alfresco.event.gateway.security.HeadersForwardDelegatedAuthenticationProvider;
import org.alfresco.event.gateway.security.SubscriptionOwnerValidator;
import org.alfresco.event.gateway.subscription.EventSubscriptionService;
import org.alfresco.rest.sdk.feign.DelegatedAuthenticationProvider;
import org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver;
import org.keycloak.adapters.springsecurity.KeycloakConfiguration;
import org.keycloak.adapters.springsecurity.authentication.KeycloakAuthenticationProvider;
import org.keycloak.adapters.springsecurity.config.KeycloakWebSecurityConfigurerAdapter;
import org.springdoc.core.Constants;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Import;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.core.session.SessionRegistryImpl;
import org.springframework.security.web.authentication.session.RegisterSessionAuthenticationStrategy;
import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy;

@KeycloakConfiguration
@Import({KeycloakSpringBootConfigResolver.class})
@EnableGlobalMethodSecurity(prePostEnabled = true)
/* loaded from: input_file:BOOT-INF/lib/alfresco-event-gateway-spring-boot-1.0.0-SNAPSHOT.jar:org/alfresco/event/gateway/autoconfigure/security/GlobalSecurityConfiguration.class */
public class GlobalSecurityConfiguration extends KeycloakWebSecurityConfigurerAdapter {

    @Autowired
    public GroupsApiClient groupsApiClient;

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder authenticationManagerBuilder) {
        authenticationManagerBuilder.authenticationProvider((AuthenticationProvider) keycloakAuthenticationProvider());
    }

    @Override // org.keycloak.adapters.springsecurity.config.KeycloakWebSecurityConfigurerAdapter
    @Bean
    protected SessionAuthenticationStrategy sessionAuthenticationStrategy() {
        return new RegisterSessionAuthenticationStrategy(new SessionRegistryImpl());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* JADX WARN: Multi-variable type inference failed */
    @Override // org.keycloak.adapters.springsecurity.config.KeycloakWebSecurityConfigurerAdapter, org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
    public void configure(HttpSecurity httpSecurity) throws Exception {
        super.configure(httpSecurity);
        ((HttpSecurity) httpSecurity.csrf().disable()).authorizeRequests().anyRequest().authenticated();
    }

    @Override // org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter, org.springframework.security.config.annotation.SecurityConfigurer
    public void configure(WebSecurity webSecurity) {
        webSecurity.ignoring().antMatchers("/actuator/health", "/api-docs", "/configuration/ui", "/swagger-resources/**", "/configuration/security", Constants.DEFAULT_SWAGGER_UI_PATH, "/webjars/**", "/swagger-ui/**");
    }

    @Override // org.keycloak.adapters.springsecurity.config.KeycloakWebSecurityConfigurerAdapter
    protected KeycloakAuthenticationProvider keycloakAuthenticationProvider() {
        return new ExtendedAuthoritiesKeycloakAuthenticationProvider(Set.of(acsAuthoritiesProvider()));
    }

    protected ACSAuthoritiesProvider acsAuthoritiesProvider() {
        return new ACSAuthoritiesProvider(acsAuthoritiesService());
    }

    @Bean
    protected ACSAuthoritiesService acsAuthoritiesService() {
        return new ACSAuthoritiesService(this.groupsApiClient);
    }

    @Bean
    public DelegatedAuthenticationProvider headersForwardDelegatedAuthenticationProvider() {
        return new HeadersForwardDelegatedAuthenticationProvider(Set.of("authorization"));
    }

    @Bean
    public SubscriptionOwnerValidator subscriptionOwnerValidator(EventSubscriptionService eventSubscriptionService) {
        return new SubscriptionOwnerValidator(eventSubscriptionService);
    }
}
