package si.spletsis.security;

import B.K;
import M6.b;
import M6.c;
import com.jolbox.bonecp.BoneCPDataSource;
import javax.sql.DataSource;
import org.jasig.cas.client.proxy.ProxyGrantingTicketStorageImpl;
import org.jasig.cas.client.session.SingleSignOutFilter;
import org.jasig.cas.client.validation.Cas20ProxyTicketValidator;
import org.springframework.context.annotation.Bean;
import org.springframework.core.env.Environment;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.cas.ServiceProperties;
import org.springframework.security.cas.authentication.CasAssertionAuthenticationToken;
import org.springframework.security.cas.authentication.CasAuthenticationProvider;
import org.springframework.security.cas.web.CasAuthenticationEntryPoint;
import org.springframework.security.cas.web.CasAuthenticationFilter;
import org.springframework.security.cas.web.authentication.ServiceAuthenticationDetailsSource;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.core.userdetails.AuthenticationUserDetailsService;
import org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper;
import org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
import org.springframework.security.web.authentication.logout.LogoutFilter;
import org.springframework.security.web.authentication.logout.LogoutHandler;
import org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler;
import org.springframework.security.web.context.SecurityContextRepository;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import si.spletsis.app.ConfigSettings;

/* loaded from: classes2.dex */
public abstract class SpletsisCasSecurityConfig extends WebSecurityConfigurerAdapter {
    private static final b log = c.c(SpletsisCasSecurityConfig.class);

    @Bean
    public AuthenticationManager authenticationManagerBean() {
        try {
            return super.authenticationManagerBean();
        } catch (Exception e6) {
            throw new IllegalStateException(e6);
        }
    }

    @Bean
    public AuthenticationSuccessHandler authenticationSuccessHandler() {
        return new SpletsisCasSuccessHandler(getEnvironment());
    }

    @Bean
    public AuthenticationUserDetailsService<CasAssertionAuthenticationToken> authenticationUserDetailsService() {
        return new UserDetailsByNameServiceWrapper(userService());
    }

    @Bean
    public CasAuthenticationProvider casAuthProvider() {
        CasAuthenticationProvider casAuthenticationProvider = new CasAuthenticationProvider();
        casAuthenticationProvider.setServiceProperties(serviceProperties());
        casAuthenticationProvider.setKey("casAuthProviderKey");
        casAuthenticationProvider.setAuthenticationUserDetailsService(authenticationUserDetailsService());
        Cas20ProxyTicketValidator cas20ProxyTicketValidator = new Cas20ProxyTicketValidator("https://" + getEnvironment().getRequiredProperty(ConfigSettings.CAS_SERVER_HOST) + "/" + getEnvironment().getRequiredProperty(ConfigSettings.CAS_SERVER_CONTEXT));
        cas20ProxyTicketValidator.setAcceptAnyProxy(true);
        StringBuilder sb = new StringBuilder("https://");
        sb.append(getEnvironment().getRequiredProperty(ConfigSettings.CAS_SERVICE_HOST));
        cas20ProxyTicketValidator.setProxyCallbackUrl(K.E(getEnvironment().getRequiredProperty(ConfigSettings.CAS_SERVICE_CONTEXT), "/login/cas/proxyreceptor", sb));
        cas20ProxyTicketValidator.setProxyGrantingTicketStorage(pgtStorage());
        casAuthenticationProvider.setTicketValidator(cas20ProxyTicketValidator);
        return casAuthenticationProvider;
    }

    @Bean
    public CasAuthenticationEntryPoint casEntryPoint() {
        CasAuthenticationEntryPoint casAuthenticationEntryPoint = new CasAuthenticationEntryPoint();
        casAuthenticationEntryPoint.setServiceProperties(serviceProperties());
        StringBuilder sb = new StringBuilder("https://");
        sb.append(getEnvironment().getRequiredProperty(ConfigSettings.CAS_SERVER_HOST));
        sb.append("/");
        casAuthenticationEntryPoint.setLoginUrl(K.E(getEnvironment().getRequiredProperty(ConfigSettings.CAS_SERVER_CONTEXT), "/login", sb));
        return casAuthenticationEntryPoint;
    }

    @Bean
    public CasAuthenticationFilter casFilter() throws Exception {
        ServiceProperties serviceProperties = serviceProperties();
        CasAuthenticationFilter casAuthenticationFilter = new CasAuthenticationFilter();
        casAuthenticationFilter.setAuthenticationManager(authenticationManager());
        casAuthenticationFilter.setServiceProperties(serviceProperties);
        casAuthenticationFilter.setProxyGrantingTicketStorage(pgtStorage());
        casAuthenticationFilter.setProxyReceptorUrl("/login/cas/proxyreceptor");
        casAuthenticationFilter.setAuthenticationDetailsSource(new ServiceAuthenticationDetailsSource(serviceProperties));
        casAuthenticationFilter.setAllowSessionCreation(false);
        SimpleUrlAuthenticationFailureHandler simpleUrlAuthenticationFailureHandler = new SimpleUrlAuthenticationFailureHandler();
        simpleUrlAuthenticationFailureHandler.setDefaultFailureUrl("/casfailed.jsp");
        casAuthenticationFilter.setAuthenticationFailureHandler(simpleUrlAuthenticationFailureHandler);
        casAuthenticationFilter.setAuthenticationSuccessHandler(authenticationSuccessHandler());
        return casAuthenticationFilter;
    }

    public void configure(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception {
        authenticationManagerBuilder.authenticationProvider(casAuthProvider());
    }

    public void configure(HttpSecurity httpSecurity) throws Exception {
        httpSecurity.csrf().disable().headers().disable().addFilterBefore(requestSingleLogoutFilter(), LogoutFilter.class).addFilterBefore(singleLogoutFilter(), CasAuthenticationFilter.class).addFilter(casFilter());
        customConfigure(httpSecurity);
        ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.authorizeRequests().antMatchers(new String[]{"/rest/topbar/queryStatus"})).permitAll().antMatchers(new String[]{"/login/cas"})).permitAll().antMatchers(new String[]{"/cas-logout.jsp"})).permitAll().antMatchers(new String[]{"/casfailed.jsp"})).permitAll().antMatchers(new String[]{"/online"})).permitAll().antMatchers(new String[]{"/online/**"})).permitAll().anyRequest()).authenticated();
        httpSecurity.exceptionHandling().authenticationEntryPoint(casEntryPoint());
        httpSecurity.securityContext().securityContextRepository(securityContextRepository());
    }

    public abstract void customConfigure(HttpSecurity httpSecurity) throws Exception;

    public abstract Environment getEnvironment();

    public abstract TokenAuthenticationService getTokenAuthenticationService();

    @Bean
    public ProxyGrantingTicketStorageImpl pgtStorage() {
        return new ProxyGrantingTicketStorageImpl();
    }

    @Bean
    public LogoutFilter requestSingleLogoutFilter() {
        StringBuilder sb = new StringBuilder("https://");
        sb.append(getEnvironment().getRequiredProperty(ConfigSettings.CAS_SERVER_HOST));
        sb.append("/");
        LogoutFilter logoutFilter = new LogoutFilter(K.E(getEnvironment().getRequiredProperty(ConfigSettings.CAS_SERVER_CONTEXT), "/logout", sb), new LogoutHandler[]{securityContextLogoutHandler()});
        logoutFilter.setLogoutRequestMatcher(new AntPathRequestMatcher("/logout/cas"));
        return logoutFilter;
    }

    @Bean
    public SecurityContextLogoutHandler securityContextLogoutHandler() {
        return new SecurityContextLogoutHandler();
    }

    @Bean
    public SecurityContextRepository securityContextRepository() {
        StatelessSecurityContextRepository statelessSecurityContextRepository = new StatelessSecurityContextRepository(getEnvironment());
        statelessSecurityContextRepository.setAllowSessionCreation(false);
        return statelessSecurityContextRepository;
    }

    @Bean
    public ServiceProperties serviceProperties() {
        ServiceProperties serviceProperties = new ServiceProperties();
        StringBuilder sb = new StringBuilder("https://");
        sb.append(getEnvironment().getRequiredProperty(ConfigSettings.CAS_SERVICE_HOST));
        serviceProperties.setService(K.E(getEnvironment().getRequiredProperty(ConfigSettings.CAS_SERVICE_CONTEXT), "/login/cas", sb));
        serviceProperties.setAuthenticateAllArtifacts(true);
        serviceProperties.setSendRenew(false);
        return serviceProperties;
    }

    @Bean
    public SingleSignOutFilter singleLogoutFilter() {
        return new SingleSignOutFilter();
    }

    @Bean(destroyMethod = "close")
    public DataSource ssoDataSource() {
        BoneCPDataSource boneCPDataSource = new BoneCPDataSource();
        boneCPDataSource.setDriverClass(getEnvironment().getRequiredProperty(ConfigSettings.SSO_DATABASE_DRIVER));
        boneCPDataSource.setJdbcUrl(getEnvironment().getRequiredProperty(ConfigSettings.SSO_DATABASE_URL));
        boneCPDataSource.setUsername(getEnvironment().getRequiredProperty(ConfigSettings.SSO_DATABASE_USERNAME));
        boneCPDataSource.setPassword(getEnvironment().getRequiredProperty(ConfigSettings.SSO_DATABASE_PASSWORD));
        boneCPDataSource.setDefaultAutoCommit(false);
        boneCPDataSource.setIdleMaxAgeInSeconds(Long.parseLong(getEnvironment().getRequiredProperty(ConfigSettings.SSO_BONECP_IDLE_MAX_AGE)));
        boneCPDataSource.setIdleConnectionTestPeriodInSeconds(Long.parseLong(getEnvironment().getRequiredProperty(ConfigSettings.SSO_BONECP_IDLE_CONN_TEST_PERIOD)));
        boneCPDataSource.setPartitionCount(Integer.parseInt(getEnvironment().getRequiredProperty(ConfigSettings.SSO_BONECP_PARTITION_COUNT)));
        boneCPDataSource.setAcquireIncrement(Integer.parseInt(getEnvironment().getRequiredProperty(ConfigSettings.SSO_BONECP_ACQUIRE_INCREMENT)));
        boneCPDataSource.setMaxConnectionsPerPartition(Integer.parseInt(getEnvironment().getRequiredProperty(ConfigSettings.SSO_BONECP_MAX_CONN_PER_PARTITION)));
        boneCPDataSource.setMinConnectionsPerPartition(Integer.parseInt(getEnvironment().getRequiredProperty(ConfigSettings.SSO_BONECP_MIN_CONN_PER_PARTITION)));
        boneCPDataSource.setStatementsCacheSize(Integer.parseInt(getEnvironment().getRequiredProperty(ConfigSettings.SSO_BONECP_STATEMENTS_CACHE_SIZE)));
        return boneCPDataSource;
    }

    @Bean
    public JdbcDaoImpl userService() {
        ClientJdbcDaoImpl clientJdbcDaoImpl = new ClientJdbcDaoImpl();
        clientJdbcDaoImpl.setDataSource(ssoDataSource());
        clientJdbcDaoImpl.setUsersByUsernameQuery("SELECT spletsis.master_user.username as username , spletsis.master_user.password as password , spletsis.master_user.enabled as enabled FROM spletsis.master_user WHERE spletsis.master_user.username = ?");
        clientJdbcDaoImpl.setAuthoritiesByUsernameQuery("SELECT spletsis.authorities.username AS username, spletsis.authorities.authority AS authority FROM spletsis.authorities WHERE spletsis.authorities.username = ?");
        return clientJdbcDaoImpl;
    }
}
