package com.vaadin.flow.spring.security.stateless;

import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.jwk.JWKSet;
import com.nimbusds.jose.jwk.OctetSequenceKey;
import com.nimbusds.jose.jwk.source.JWKSource;
import com.nimbusds.jose.proc.SecurityContext;
import com.vaadin.flow.spring.security.VaadinDefaultRequestCache;
import com.vaadin.flow.spring.security.VaadinSavedRequestAwareAuthenticationSuccessHandler;
import java.util.Objects;
import javax.crypto.SecretKey;
import org.springframework.security.authentication.AuthenticationTrustResolver;
import org.springframework.security.authentication.AuthenticationTrustResolverImpl;
import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.web.HttpSecurityBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.config.annotation.web.configurers.CsrfConfigurer;
import org.springframework.security.oauth2.jose.jws.JwsAlgorithm;
import org.springframework.security.oauth2.jose.jws.MacAlgorithm;
import org.springframework.security.web.context.SecurityContextRepository;
import org.springframework.security.web.csrf.CookieCsrfTokenRepository;
import org.springframework.security.web.csrf.CsrfTokenRequestHandler;
import org.springframework.security.web.csrf.XorCsrfTokenRequestAttributeHandler;
import org.springframework.security.web.savedrequest.CookieRequestCache;
import org.springframework.security.web.savedrequest.RequestCache;

/* loaded from: input_file:BOOT-INF/lib/vaadin-spring-24.2.2.jar:com/vaadin/flow/spring/security/stateless/VaadinStatelessSecurityConfigurer.class */
public final class VaadinStatelessSecurityConfigurer<H extends HttpSecurityBuilder<H>> extends AbstractHttpConfigurer<VaadinStatelessSecurityConfigurer<H>, H> {
    private long expiresIn = 1800;
    private String issuer;
    private VaadinStatelessSecurityConfigurer<H>.SecretKeyConfigurer secretKeyConfigurer;

    /* loaded from: input_file:BOOT-INF/lib/vaadin-spring-24.2.2.jar:com/vaadin/flow/spring/security/stateless/VaadinStatelessSecurityConfigurer$SecretKeyConfigurer.class */
    public class SecretKeyConfigurer {
        private SecretKey secretKey;
        private JwsAlgorithm jwsAlgorithm;

        private SecretKeyConfigurer() {
        }

        public VaadinStatelessSecurityConfigurer<H>.SecretKeyConfigurer secretKey(SecretKey secretKey) {
            this.secretKey = secretKey;
            if (this.jwsAlgorithm == null) {
                this.jwsAlgorithm = MacAlgorithm.from(secretKey.getAlgorithm());
            }
            return this;
        }

        public VaadinStatelessSecurityConfigurer<H>.SecretKeyConfigurer algorithm(MacAlgorithm macAlgorithm) {
            this.jwsAlgorithm = macAlgorithm;
            return this;
        }

        public VaadinStatelessSecurityConfigurer<H> and() {
            return VaadinStatelessSecurityConfigurer.this;
        }

        JWKSource<SecurityContext> getJWKSource() {
            JWKSet jWKSet = new JWKSet(new OctetSequenceKey.Builder(this.secretKey).algorithm(getAlgorithm()).build());
            return (jWKSelector, securityContext) -> {
                return jWKSelector.select(jWKSet);
            };
        }

        JWSAlgorithm getAlgorithm() {
            return JWSAlgorithm.parse(this.jwsAlgorithm.getName());
        }
    }

    public void setSharedObjects(HttpSecurity httpSecurity) {
        httpSecurity.setSharedObject(SecurityContextRepository.class, new JwtSecurityContextRepository(new SerializedJwtSplitCookieRepository()));
    }

    @Override // org.springframework.security.config.annotation.SecurityConfigurerAdapter, org.springframework.security.config.annotation.SecurityConfigurer
    public void init(H h) {
        CsrfConfigurer csrfConfigurer = (CsrfConfigurer) h.getConfigurer(CsrfConfigurer.class);
        if (csrfConfigurer != null) {
            CookieCsrfTokenRepository withHttpOnlyFalse = CookieCsrfTokenRepository.withHttpOnlyFalse();
            XorCsrfTokenRequestAttributeHandler xorCsrfTokenRequestAttributeHandler = new XorCsrfTokenRequestAttributeHandler();
            Objects.requireNonNull(xorCsrfTokenRequestAttributeHandler);
            CsrfTokenRequestHandler csrfTokenRequestHandler = xorCsrfTokenRequestAttributeHandler::handle;
            csrfConfigurer.csrfTokenRepository(withHttpOnlyFalse);
            csrfConfigurer.csrfTokenRequestHandler(csrfTokenRequestHandler);
            ((VaadinSavedRequestAwareAuthenticationSuccessHandler) h.getSharedObject(VaadinSavedRequestAwareAuthenticationSuccessHandler.class)).setCsrfTokenRepository(withHttpOnlyFalse);
        }
    }

    @Override // org.springframework.security.config.annotation.SecurityConfigurerAdapter, org.springframework.security.config.annotation.SecurityConfigurer
    public void configure(H h) {
        SecurityContextRepository securityContextRepository = (SecurityContextRepository) h.getSharedObject(SecurityContextRepository.class);
        if (securityContextRepository instanceof JwtSecurityContextRepository) {
            JwtSecurityContextRepository jwtSecurityContextRepository = (JwtSecurityContextRepository) securityContextRepository;
            jwtSecurityContextRepository.setJwsAlgorithm(this.secretKeyConfigurer.getAlgorithm());
            jwtSecurityContextRepository.setJwkSource(this.secretKeyConfigurer.getJWKSource());
            jwtSecurityContextRepository.setIssuer(this.issuer);
            jwtSecurityContextRepository.setExpiresIn(this.expiresIn);
            AuthenticationTrustResolver authenticationTrustResolver = (AuthenticationTrustResolver) h.getSharedObject(AuthenticationTrustResolver.class);
            if (authenticationTrustResolver == null) {
                authenticationTrustResolver = new AuthenticationTrustResolverImpl();
            }
            jwtSecurityContextRepository.setTrustResolver(authenticationTrustResolver);
        }
        RequestCache requestCache = (RequestCache) h.getSharedObject(RequestCache.class);
        if (requestCache instanceof VaadinDefaultRequestCache) {
            ((VaadinDefaultRequestCache) requestCache).setDelegateRequestCache(new CookieRequestCache());
        }
    }

    public VaadinStatelessSecurityConfigurer<H> expiresIn(long j) {
        this.expiresIn = j;
        return this;
    }

    public VaadinStatelessSecurityConfigurer<H> issuer(String str) {
        this.issuer = str;
        return this;
    }

    public VaadinStatelessSecurityConfigurer<H>.SecretKeyConfigurer withSecretKey() {
        if (this.secretKeyConfigurer == null) {
            this.secretKeyConfigurer = new SecretKeyConfigurer();
        }
        return this.secretKeyConfigurer;
    }

    public VaadinStatelessSecurityConfigurer<H> withSecretKey(Customizer<VaadinStatelessSecurityConfigurer<H>.SecretKeyConfigurer> customizer) {
        if (this.secretKeyConfigurer == null) {
            this.secretKeyConfigurer = new SecretKeyConfigurer();
        }
        customizer.customize(this.secretKeyConfigurer);
        return this;
    }
}
