package eu.etaxonomy.cdm.remote.config;

import eu.etaxonomy.cdm.config.ConfigFileUtil;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.nio.charset.Charset;
import java.util.Properties;
import org.apache.commons.io.FileUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Import;
import org.springframework.core.annotation.Order;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.authentication.configurers.provisioning.InMemoryUserDetailsManagerConfigurer;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;

@EnableWebSecurity
@Import({OAuth2ServerConfiguration.class})
/* loaded from: input_file:lib/cdmlib-remote-5.45.0.jar:eu/etaxonomy/cdm/remote/config/MultiWebSecurityConfiguration.class */
public class MultiWebSecurityConfiguration {
    public static final String MANAGE_CLIENT = "MANAGE_CLIENT";
    public static final String ROLE_MANAGE_CLIENT = "ROLE_MANAGE_CLIENT";
    private static final String MANAGING_USERS_PROPERTIES = "managing-users.properties";

    @Autowired
    private ConfigFileUtil configFileUtil;

    @Configuration
    /* loaded from: input_file:lib/cdmlib-remote-5.45.0.jar:eu/etaxonomy/cdm/remote/config/MultiWebSecurityConfiguration$DefaultWebSecurityConfigurationAdapter.class */
    public static class DefaultWebSecurityConfigurationAdapter extends WebSecurityConfigurerAdapter {
        protected void configure(HttpSecurity httpSecurity) throws Exception {
            httpSecurity.anonymous().and().antMatcher("/**").csrf().disable().httpBasic();
        }
    }

    @Configuration
    @Order(1)
    /* loaded from: input_file:lib/cdmlib-remote-5.45.0.jar:eu/etaxonomy/cdm/remote/config/MultiWebSecurityConfiguration$LoginWebSecurityConfigurationAdapter.class */
    public static class LoginWebSecurityConfigurationAdapter extends WebSecurityConfigurerAdapter {
        protected void configure(HttpSecurity httpSecurity) throws Exception {
            ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.anonymous().disable().antMatcher("/oauth/authorize").authorizeRequests().anyRequest()).fullyAuthenticated().and().csrf().disable().httpBasic();
        }
    }

    @Configuration
    @Order(2)
    /* loaded from: input_file:lib/cdmlib-remote-5.45.0.jar:eu/etaxonomy/cdm/remote/config/MultiWebSecurityConfiguration$RemotingWebSecurityConfigurationAdapter.class */
    public static class RemotingWebSecurityConfigurationAdapter extends WebSecurityConfigurerAdapter {
        protected void configure(HttpSecurity httpSecurity) throws Exception {
            ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.anonymous().disable().antMatcher("/remoting/**").authorizeRequests().anyRequest()).access("hasAnyRole('ROLE_ADMIN', 'ROLE_PROJECT_MANAGER', 'ROLE_REMOTING')").and().csrf().disable().httpBasic();
        }
    }

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder authenticationManagerBuilder, DaoAuthenticationProvider daoAuthenticationProvider) throws Exception {
        authenticationManagerBuilder.authenticationProvider(daoAuthenticationProvider);
        InMemoryUserDetailsManagerConfigurer inMemoryAuthentication = authenticationManagerBuilder.inMemoryAuthentication();
        File file = new File(this.configFileUtil.perUserCdmFolder(), MANAGING_USERS_PROPERTIES);
        if (!file.exists()) {
            makeManagingUsersPropertiesFile(file);
        }
        Properties properties = new Properties();
        properties.load(new FileInputStream(file));
        for (Object obj : properties.keySet()) {
            inMemoryAuthentication.withUser(obj.toString()).password(properties.get(obj).toString()).roles(new String[]{MANAGE_CLIENT});
        }
    }

    private void makeManagingUsersPropertiesFile(File file) throws IOException {
        file.createNewFile();
        FileUtils.write(file, "# Managing users properties file\n#\n# This file has been autogenerated by the cdmlib.\n# In case the file is deleted the cdmlib will re-create it during the next start up.\n#\n# This is a java properties file to populate the InMemoryUserDetailsManager in any of \n# the cdm-remote instances with special global management users which are granted to \n# access special web services. Among these are the /manage/ web services and those\n# triggering long running tasks. For more details please refer to\n# https://dev.e-taxonomy.eu/redmine/projects/edit/wiki/CdmAuthorisationAndAccessControl\n# \n# Global management users have the role ROLE_MANAGE_CLIENT.\n# and will be available in each of the cdm-remote instances.\n# Changes made to this file are applied after restarting a cdm instance.\n#\n# This properties file should contain entries in the form\n#    username=password\n# -------------------------------------------------------------------------------------------\n#\n", Charset.defaultCharset());
    }
}
