package edu.ksu.lti.launch.spring.config;

import edu.ksu.lti.launch.oauth.LtiConsumerDetailsService;
import edu.ksu.lti.launch.oauth.LtiOAuthAuthenticationHandler;
import edu.ksu.lti.launch.service.ConfigService;
import java.net.URI;
import org.apache.commons.lang3.StringUtils;
import org.apache.log4j.Logger;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity;
import org.springframework.security.oauth.provider.filter.ProtectedResourceProcessingFilter;
import org.springframework.security.oauth.provider.nonce.InMemoryNonceServices;
import org.springframework.security.oauth.provider.token.InMemoryProviderTokenServices;
import org.springframework.security.oauth.provider.token.OAuthProviderTokenServices;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.header.writers.StaticHeadersWriter;
import org.springframework.security.web.header.writers.frameoptions.StaticAllowFromStrategy;
import org.springframework.security.web.header.writers.frameoptions.XFrameOptionsHeaderWriter;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;

@EnableWebMvcSecurity
@Configuration
/* loaded from: input_file:edu/ksu/lti/launch/spring/config/LtiLaunchSecurityConfig.class */
public class LtiLaunchSecurityConfig extends WebMvcConfigurerAdapter {
    private static final Logger LOG = Logger.getLogger(LtiLaunchSecurityConfig.class);

    @Configuration
    @Order(1)
    /* loaded from: input_file:edu/ksu/lti/launch/spring/config/LtiLaunchSecurityConfig$LTISecurityConfigurerAdapter.class */
    public static class LTISecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {

        @Autowired
        private LtiConsumerDetailsService oauthConsumerDetailsService;

        @Autowired
        private LtiOAuthAuthenticationHandler oauthAuthenticationHandler;

        @Autowired
        private OAuthProviderTokenServices oauthProviderTokenServices;

        @Autowired
        private ConfigService configService;

        public void configure(WebSecurity webSecurity) throws Exception {
        }

        protected void configure(HttpSecurity httpSecurity) throws Exception {
            LtiLaunchSecurityConfig.LOG.debug("configuring HttpSecurity");
            String configValue = this.configService.getConfigValue("canvas_url");
            if (StringUtils.isBlank(configValue)) {
                throw new RuntimeException("Missing canvas_url config value");
            }
            ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((HttpSecurity.RequestMatcherConfigurer) httpSecurity.requestMatchers().antMatchers(new String[]{"/launch"})).and().addFilterBefore(configureProcessingFilter(), UsernamePasswordAuthenticationFilter.class).authorizeRequests().anyRequest()).authenticated().and().csrf().disable().headers().addHeaderWriter(new XFrameOptionsHeaderWriter(new StaticAllowFromStrategy(new URI(configValue)))).addHeaderWriter(new StaticHeadersWriter("Content-Security-Policy", new String[]{"default-src 'self' https://s.ksucloud.net https://*.instructure.com; font-src 'self' https://s.ksucloud.net https://*.instructure.com; script-src 'self' 'unsafe-inline' https://ajax.googleapis.com; style-src 'self' 'unsafe-inline' https://*.instructure.com https://www.k-state.edu"})).addHeaderWriter(new StaticHeadersWriter("P3P", new String[]{"CP=\"This is just to make IE happy with cookies in this iframe\""}));
        }

        private ProtectedResourceProcessingFilter configureProcessingFilter() {
            InMemoryNonceServices inMemoryNonceServices = new InMemoryNonceServices();
            inMemoryNonceServices.setValidityWindowSeconds(600L);
            ProtectedResourceProcessingFilter protectedResourceProcessingFilter = new ProtectedResourceProcessingFilter();
            protectedResourceProcessingFilter.setAuthHandler(this.oauthAuthenticationHandler);
            protectedResourceProcessingFilter.setConsumerDetailsService(this.oauthConsumerDetailsService);
            protectedResourceProcessingFilter.setNonceServices(inMemoryNonceServices);
            protectedResourceProcessingFilter.setTokenServices(this.oauthProviderTokenServices);
            return protectedResourceProcessingFilter;
        }
    }

    @Bean(name = {"oauthProviderTokenServices"})
    public OAuthProviderTokenServices oauthProviderTokenServices() {
        return new InMemoryProviderTokenServices();
    }
}
