package com.kdgcsoft.uframe.web.config.security;

import cn.hutool.core.util.ArrayUtil;
import cn.hutool.core.util.BooleanUtil;
import com.kdgcsoft.uframe.web.common.enums.BaseParamEnum;
import com.kdgcsoft.uframe.web.config.UFrameProperties;
import com.kdgcsoft.uframe.web.config.jwt.JWTAuthorizationFilter;
import com.kdgcsoft.uframe.web.config.security.details.BaseUserDetailService;
import com.kdgcsoft.uframe.web.config.security.details.DevopserDetailService;
import com.kdgcsoft.uframe.web.config.security.details.SuperAdminDetailService;
import com.kdgcsoft.uframe.web.config.security.filter.DecryptionFilter;
import com.kdgcsoft.uframe.web.config.security.handler.AuthenticationEntryPointImpl;
import com.kdgcsoft.uframe.web.config.security.handler.AuthenticationHandler;
import com.kdgcsoft.uframe.web.config.security.handler.LogoutSuccessHandlerImpl;
import com.kdgcsoft.uframe.web.module.UFrameModuleManager;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.boot.web.servlet.ServletComponentScan;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.session.SessionRegistry;
import org.springframework.security.core.session.SessionRegistryImpl;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.firewall.DefaultHttpFirewall;
import org.springframework.security.web.session.HttpSessionEventPublisher;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.CorsConfigurationSource;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;

@Configuration
@EnableWebSecurity
@ServletComponentScan
@EnableGlobalMethodSecurity(prePostEnabled = true)
/* loaded from: input_file:com/kdgcsoft/uframe/web/config/security/SecurityConfiguration.class */
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

    @Autowired
    UFrameModuleManager moduleManager;

    @Autowired
    UFrameProperties uFrameProperties;

    @Autowired
    BaseUserDetailService baseUserDetailService;

    @Autowired
    DevopserDetailService devopserDetailService;

    @Autowired
    SuperAdminDetailService superAdminDetailService;

    @Autowired
    AuthenticationEntryPointImpl authenticationEntryPointImpl;

    @Autowired
    LogoutSuccessHandlerImpl logoutSuccessHandler;

    @Autowired
    AuthenticationHandler authenticationHandler;
    private static final Logger log = LoggerFactory.getLogger(SecurityConfiguration.class);
    private static String[] WHITE_LIST = {"/login", "/login/image/*", "/login/file/*", "logout", "/doc.html", "/swagger-resources/**", "/v2/api-docs"};

    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }

    @Bean
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }

    @ConditionalOnProperty(name = {"uframe.font-backend"}, havingValue = "true")
    @Bean
    JWTAuthorizationFilter jwtAuthorizationFilter() {
        return new JWTAuthorizationFilter();
    }

    @Bean
    public SessionRegistry sessionRegistry() {
        return new SessionRegistryImpl();
    }

    @Bean
    public HttpSessionEventPublisher httpSessionEventPublisher() {
        return new HttpSessionEventPublisher();
    }

    public void configure(WebSecurity webSecurity) throws Exception {
        super.configure(webSecurity);
        webSecurity.ignoring().antMatchers(new String[]{"/static/**", "/webjars/**"});
        webSecurity.httpFirewall(new DefaultHttpFirewall());
    }

    /* JADX WARN: Type inference failed for: r0v11, types: [java.lang.Object[][], java.lang.String[]] */
    protected void configure(HttpSecurity httpSecurity) throws Exception {
        httpSecurity.csrf().disable();
        httpSecurity.cors().and().headers().frameOptions().disable();
        ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.authorizeRequests().antMatchers((String[]) ArrayUtil.addAll((Object[][]) new String[]{WHITE_LIST, (String[]) this.moduleManager.getWhiteList().toArray(new String[0])}))).permitAll().anyRequest()).authenticated();
        if (this.uFrameProperties.isFontBackend()) {
            httpSecurity.formLogin().disable().csrf().disable().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
            httpSecurity.addFilterBefore(jwtAuthorizationFilter(), UsernamePasswordAuthenticationFilter.class);
            httpSecurity.exceptionHandling().authenticationEntryPoint(this.authenticationEntryPointImpl);
            httpSecurity.logout().logoutUrl("/logout").logoutSuccessHandler(this.logoutSuccessHandler);
            return;
        }
        httpSecurity.headers().frameOptions().disable();
        if (BooleanUtil.toBoolean(this.moduleManager.getParamText(BaseParamEnum.ENCRYPT_PASSWORD.name()))) {
            httpSecurity.addFilterBefore(new DecryptionFilter(), UsernamePasswordAuthenticationFilter.class);
        }
        httpSecurity.formLogin().loginPage("/login").loginProcessingUrl("/login").defaultSuccessUrl("/", true).successHandler(this.authenticationHandler).failureHandler(this.authenticationHandler);
        log.info("max-session:" + this.uFrameProperties.getMaxSession());
        httpSecurity.sessionManagement().maximumSessions(this.uFrameProperties.getMaxSession()).expiredUrl("/login");
        httpSecurity.logout().logoutUrl("/logout").logoutSuccessHandler(this.authenticationHandler).logoutSuccessUrl("/login").invalidateHttpSession(true);
    }

    protected void configure(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception {
        authenticationManagerBuilder.userDetailsService(this.superAdminDetailService).passwordEncoder(passwordEncoder());
        authenticationManagerBuilder.userDetailsService(this.devopserDetailService).passwordEncoder(passwordEncoder());
        authenticationManagerBuilder.userDetailsService(this.baseUserDetailService).passwordEncoder(passwordEncoder());
    }

    @Bean
    CorsConfigurationSource corsConfigurationSource() {
        UrlBasedCorsConfigurationSource urlBasedCorsConfigurationSource = new UrlBasedCorsConfigurationSource();
        CorsConfiguration corsConfiguration = new CorsConfiguration();
        corsConfiguration.addAllowedMethod("*");
        corsConfiguration.applyPermitDefaultValues();
        urlBasedCorsConfigurationSource.registerCorsConfiguration("/**", corsConfiguration);
        return urlBasedCorsConfigurationSource;
    }
}
