package io.pikei.dst.app.config;

import io.pikei.dst.commons.context.AppContext;
import org.keycloak.adapters.springsecurity.KeycloakConfiguration;
import org.keycloak.adapters.springsecurity.authentication.KeycloakAuthenticationProvider;
import org.keycloak.adapters.springsecurity.config.KeycloakWebSecurityConfigurerAdapter;
import org.keycloak.adapters.springsecurity.management.HttpSessionManager;
import org.springdoc.core.Constants;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.authority.mapping.SimpleAuthorityMapper;
import org.springframework.security.core.session.SessionRegistryImpl;
import org.springframework.security.web.authentication.session.RegisterSessionAuthenticationStrategy;
import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy;

@Configuration
@EnableWebSecurity
@KeycloakConfiguration
/* loaded from: input_file:BOOT-INF/classes/io/pikei/dst/app/config/SecurityConfig.class */
public class SecurityConfig extends KeycloakWebSecurityConfigurerAdapter implements AppContext {

    @Value("${dst.app.cookie.name}")
    private String cookieName;

    @Value("${dst.app.cookie.age}")
    private Integer cookieAge;

    @Value("${dst.app.cookie.key}")
    private String cookieKey;

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder authenticationManagerBuilder) {
        SimpleAuthorityMapper simpleAuthorityMapper = new SimpleAuthorityMapper();
        simpleAuthorityMapper.setPrefix("ROLE_");
        KeycloakAuthenticationProvider keycloakAuthenticationProvider = keycloakAuthenticationProvider();
        keycloakAuthenticationProvider.setGrantedAuthoritiesMapper(simpleAuthorityMapper);
        authenticationManagerBuilder.authenticationProvider((AuthenticationProvider) keycloakAuthenticationProvider);
    }

    @Override // org.keycloak.adapters.springsecurity.config.KeycloakWebSecurityConfigurerAdapter
    @Bean
    protected SessionAuthenticationStrategy sessionAuthenticationStrategy() {
        return new RegisterSessionAuthenticationStrategy(new SessionRegistryImpl());
    }

    @Override // org.keycloak.adapters.springsecurity.config.KeycloakWebSecurityConfigurerAdapter
    @ConditionalOnMissingBean({HttpSessionManager.class})
    @Bean
    protected HttpSessionManager httpSessionManager() {
        return new HttpSessionManager();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* JADX WARN: Multi-variable type inference failed */
    @Override // org.keycloak.adapters.springsecurity.config.KeycloakWebSecurityConfigurerAdapter, org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
    public void configure(HttpSecurity httpSecurity) throws Exception {
        super.configure(httpSecurity);
        httpSecurity.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED);
        httpSecurity.authorizeRequests().antMatchers("/sso/login*").permitAll().antMatchers("/manual/**").permitAll().antMatchers("/webapp/**").permitAll().antMatchers("/resource/**").permitAll().antMatchers("/status/**").permitAll().antMatchers("/favicon.ico").permitAll();
        ((HttpSecurity) httpSecurity.authorizeRequests().antMatchers(Constants.ALL_PATTERN).authenticated().anyRequest().authenticated().and()).logout().invalidateHttpSession(true).addLogoutHandler(keycloakLogoutHandler()).deleteCookies("JSESSIONID", "OAuth_Token_Request_State");
        httpSecurity.csrf().disable();
        httpSecurity.headers().frameOptions().sameOrigin();
    }
}
