package com.digiwin.dap.middleware.autoconfigure.core.config;

import com.digiwin.dap.middleware.auth.handler.Http401UnauthorizedEntryPoint;
import com.digiwin.dap.middleware.support.DapSecuritySupport;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.autoconfigure.condition.ConditionalOnBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.SecurityFilterChain;

@Configuration
@EnableWebSecurity
/* loaded from: input_file:WEB-INF/lib/dapware-core-spring-boot-autoconfigure-2.7.20.jar:com/digiwin/dap/middleware/autoconfigure/core/config/DapWebSecurityConfiguration.class */
public class DapWebSecurityConfiguration {
    private static final String[] AUTH_WHITELIST = {"/", "/*.html", "/**/*.js", "/**/*.css", "/**/*.html", "/favicon.ico", "/error", "/**/actuator/**", "/api/**/**/env/health/**", "/api/iam/v2/identity/token/analyze/internal"};

    @Value("${spring.application.name:}")
    private String appName;

    @Autowired
    private AuthenticationConfiguration authenticationConfiguration;

    /* JADX WARN: Multi-variable type inference failed */
    @ConditionalOnBean({DapSecuritySupport.class})
    @Bean
    public SecurityFilterChain securityFilterChain(HttpSecurity httpSecurity, DapSecuritySupport dapSecuritySupport) throws Exception {
        ((HttpSecurity) ((HttpSecurity) ((HttpSecurity) ((HttpSecurity) httpSecurity.cors().and()).csrf().disable()).sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()).authorizeRequests().antMatchers(HttpMethod.OPTIONS, "/**").permitAll().antMatchers(AUTH_WHITELIST).permitAll().antMatchers(dapSecuritySupport.getWhiteList()).permitAll().anyRequest().authenticated().and()).exceptionHandling().authenticationEntryPoint(new Http401UnauthorizedEntryPoint(this.appName));
        dapSecuritySupport.addCustomFilter(httpSecurity, this.authenticationConfiguration.getAuthenticationManager());
        return httpSecurity.build();
    }
}
