package com.kdgcsoft.web.config.security;

import cn.hutool.core.collection.CollUtil;
import cn.hutool.core.util.ArrayUtil;
import cn.hutool.core.util.StrUtil;
import com.kdgcsoft.web.common.consts.WebConst;
import com.kdgcsoft.web.config.NovaProperties;
import com.kdgcsoft.web.config.jwt.cache.JwtTokenCache;
import com.kdgcsoft.web.config.jwt.cache.LocalJwtTokenCache;
import com.kdgcsoft.web.config.jwt.cache.RedisJwtTokenCache;
import com.kdgcsoft.web.config.security.detailservice.NormalUserDetailService;
import com.kdgcsoft.web.config.security.detailservice.RootUserDetailService;
import com.kdgcsoft.web.config.security.filter.JwtAuthenticationTokenFilter;
import com.kdgcsoft.web.config.security.handler.FormAuthenticationHandler;
import com.kdgcsoft.web.config.security.handler.JwtAuthenticationHandler;
import com.kdgcsoft.web.config.security.scanner.AnonAccessScanner;
import java.util.ArrayList;
import javax.annotation.Resource;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.ApplicationEventPublisher;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Import;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.DefaultAuthenticationEventPublisher;
import org.springframework.security.authentication.ProviderManager;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.firewall.DefaultHttpFirewall;

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
@Import({AnonAccessScanner.class})
/* loaded from: input_file:com/kdgcsoft/web/config/security/SecurityConfiguration.class */
public class SecurityConfiguration {

    @Resource
    NovaProperties novaProperties;

    @Autowired
    AnonAccessScanner anonAccessScanner;

    @Autowired
    ApplicationEventPublisher applicationEventPublisher;

    @Autowired
    private JwtAuthenticationTokenFilter jwtAuthenticationTokenFilter;

    @Autowired
    private JwtAuthenticationHandler jwtAuthenticationHandler;

    @Autowired
    private FormAuthenticationHandler formAuthenticationHandler;
    private static final Logger log = LoggerFactory.getLogger(SecurityConfiguration.class);
    public static String[] DEF_WHITE_LIST = {"/static/**", "/webjars/**", "/anon/**", "/doc.html", "/swagger-resources/**", "/v2/api-docs"};

    @Bean
    public WebSecurityCustomizer webSecurityCustomizer() {
        return webSecurity -> {
            webSecurity.httpFirewall(new DefaultHttpFirewall());
        };
    }

    @Bean
    SecurityFilterChain filterChain(HttpSecurity httpSecurity) throws Exception {
        log.info("Application will run at fontbackend:" + this.novaProperties.isFontBackend());
        httpSecurity.csrf().disable();
        httpSecurity.cors();
        httpSecurity.headers().frameOptions().disable();
        ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry authorizeRequests = httpSecurity.authorizeRequests();
        this.anonAccessScanner.getAnonymousUrls().forEach(str -> {
            ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) authorizeRequests.antMatchers(new String[]{str})).permitAll();
        });
        ArrayList arrayList = new ArrayList();
        arrayList.add(this.novaProperties.getLoginPageUrl());
        arrayList.add(this.novaProperties.getLoginUrl());
        arrayList.add(this.novaProperties.getLogoutUrl());
        CollUtil.addAll(arrayList, DEF_WHITE_LIST);
        CollUtil.addAll(arrayList, StrUtil.split(this.novaProperties.getWhiteList(), ",", true, true));
        ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.authorizeRequests().antMatchers((String[]) ArrayUtil.toArray(arrayList, String.class))).permitAll().anyRequest()).authenticated();
        if (this.novaProperties.isFontBackend()) {
            httpSecurity.formLogin().disable();
            httpSecurity.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
            httpSecurity.addFilterBefore(this.jwtAuthenticationTokenFilter, UsernamePasswordAuthenticationFilter.class);
            httpSecurity.exceptionHandling().authenticationEntryPoint(this.jwtAuthenticationHandler);
            httpSecurity.logout().logoutUrl(this.novaProperties.getLogoutUrl()).logoutSuccessHandler(this.jwtAuthenticationHandler);
        } else {
            httpSecurity.formLogin().loginPage(this.novaProperties.getLoginPageUrl()).loginProcessingUrl(this.novaProperties.getLoginUrl()).defaultSuccessUrl("/", true).successHandler(this.formAuthenticationHandler).failureHandler(this.formAuthenticationHandler);
            httpSecurity.sessionManagement().maximumSessions(this.novaProperties.getMaxSession().intValue()).expiredUrl(this.novaProperties.getLoginPageUrl());
            httpSecurity.logout().logoutUrl(this.novaProperties.getLogoutUrl()).logoutSuccessHandler(this.formAuthenticationHandler).logoutSuccessUrl(this.novaProperties.getLoginPageUrl()).invalidateHttpSession(true);
        }
        return (SecurityFilterChain) httpSecurity.build();
    }

    @Bean
    public BCryptPasswordEncoder bCryptPasswordEncoder() {
        return new BCryptPasswordEncoder();
    }

    @Bean
    public RootUserDetailService rootUserDetailService() {
        return new RootUserDetailService();
    }

    @Bean
    public NormalUserDetailService normalUserDetailService() {
        return new NormalUserDetailService();
    }

    @Bean
    public AuthenticationManager authenticationManager(AuthenticationConfiguration authenticationConfiguration) throws Exception {
        AuthenticationProvider daoAuthenticationProvider = new DaoAuthenticationProvider();
        daoAuthenticationProvider.setUserDetailsService(rootUserDetailService());
        daoAuthenticationProvider.setPasswordEncoder(bCryptPasswordEncoder());
        AuthenticationProvider daoAuthenticationProvider2 = new DaoAuthenticationProvider();
        daoAuthenticationProvider2.setUserDetailsService(normalUserDetailService());
        daoAuthenticationProvider2.setPasswordEncoder(bCryptPasswordEncoder());
        ProviderManager providerManager = new ProviderManager(new AuthenticationProvider[]{daoAuthenticationProvider, daoAuthenticationProvider2});
        providerManager.setAuthenticationEventPublisher(new DefaultAuthenticationEventPublisher(this.applicationEventPublisher));
        return providerManager;
    }

    @Bean
    public JwtTokenCache jwtTokenCache() {
        return StrUtil.equals(WebConst.REDIS_JWT_CACHE, this.novaProperties.getJwtCacheType()) ? new RedisJwtTokenCache() : new LocalJwtTokenCache();
    }
}
