package cn.kduck.security.configuration;

import cn.kduck.security.KduckSecurityProperties;
import cn.kduck.security.LoginJsonAuthenticationEntryPoint;
import cn.kduck.security.authentication.KduckAuthenticationDetailsSource;
import cn.kduck.security.filter.AuthenticationFailureStrategyFilter;
import cn.kduck.security.filter.CorsFilter;
import cn.kduck.security.handler.LoginFailHandler;
import cn.kduck.security.handler.LoginSuccessHandler;
import cn.kduck.security.handler.LogoutSuccessHandler;
import cn.kduck.tenant.application.TenantAppService;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.stream.Collectors;
import org.springframework.beans.factory.ObjectProvider;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.access.channel.ChannelProcessingFilter;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.util.Assert;
import org.springframework.web.filter.GenericFilterBean;

@EnableConfigurationProperties({KduckSecurityProperties.class})
@Configuration
/* loaded from: input_file:cn/kduck/security/configuration/WebSecurityConfiguration.class */
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {

    @Autowired
    private KduckSecurityProperties securityProperties;

    @Autowired(required = false)
    private List<HttpSecurityConfigurer> httpSecurityConfigurerList;

    @Autowired
    private KduckAuthenticationDetailsSource authenticationDetailsSource;
    private AuthenticationFailureStrategyFilter failureStrategyFilter;

    @Autowired
    private TenantAppService tenantAppService;

    @Autowired
    private CustomAuthenticationProviderConfig customAuthenticationProviderConfig;

    protected void configure(HttpSecurity httpSecurity) throws Exception {
        ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.cors().disable().addFilterBefore(new CorsFilter(), ChannelProcessingFilter.class).authorizeRequests().anyRequest()).authenticated().and().formLogin().successHandler(loginSuccessHandler()).failureHandler(loginFailHandler()).loginProcessingUrl("/login").authenticationDetailsSource(this.authenticationDetailsSource).and().logout().logoutSuccessHandler(logoutSuccessHandler()).and().csrf().disable();
        httpSecurity.addFilterBefore(this.failureStrategyFilter, UsernamePasswordAuthenticationFilter.class);
        if (this.securityProperties.isHttpBasic()) {
            httpSecurity.httpBasic();
        }
        if (this.securityProperties.getLoginPage() != null) {
            httpSecurity.exceptionHandling().authenticationEntryPoint(new LoginJsonAuthenticationEntryPoint(this.securityProperties.getLoginPage()));
        }
        if (this.securityProperties.getAccessDeniedUrl() != null) {
            httpSecurity.exceptionHandling().accessDeniedPage(this.securityProperties.getAccessDeniedUrl());
        }
        if (this.httpSecurityConfigurerList == null || this.httpSecurityConfigurerList.isEmpty()) {
            return;
        }
        Iterator<HttpSecurityConfigurer> it = this.httpSecurityConfigurerList.iterator();
        while (it.hasNext()) {
            it.next().configure(httpSecurity);
        }
    }

    @Bean
    public LoginSuccessHandler loginSuccessHandler() {
        LoginSuccessHandler loginSuccessHandler = new LoginSuccessHandler();
        if (this.securityProperties.getDefaultSuccessUrl() != null) {
            loginSuccessHandler.setDefaultTargetUrl(this.securityProperties.getDefaultSuccessUrl());
        }
        if (this.securityProperties.getSuccessUrlParameter() != null) {
            loginSuccessHandler.setTargetUrlParameter(this.securityProperties.getSuccessUrlParameter());
        }
        loginSuccessHandler.setAlwaysUseDefaultTargetUrl(this.securityProperties.isAlwaysUse());
        return loginSuccessHandler;
    }

    @Bean
    public LogoutSuccessHandler logoutSuccessHandler() {
        return new LogoutSuccessHandler();
    }

    @Bean
    public LoginFailHandler loginFailHandler() {
        LoginFailHandler loginFailHandler = new LoginFailHandler();
        if (this.securityProperties.getDefaultFailureUrl() != null) {
            loginFailHandler.setDefaultFailureUrl(this.securityProperties.getDefaultFailureUrl());
        }
        loginFailHandler.setUseForward(this.securityProperties.isForwardToFailureUrl());
        return loginFailHandler;
    }

    public void configure(WebSecurity webSecurity) throws Exception {
        ((WebSecurity.IgnoredRequestConfigurer) ((WebSecurity.IgnoredRequestConfigurer) ((WebSecurity.IgnoredRequestConfigurer) ((WebSecurity.IgnoredRequestConfigurer) ((WebSecurity.IgnoredRequestConfigurer) ((WebSecurity.IgnoredRequestConfigurer) ((WebSecurity.IgnoredRequestConfigurer) ((WebSecurity.IgnoredRequestConfigurer) ((WebSecurity.IgnoredRequestConfigurer) ((WebSecurity.IgnoredRequestConfigurer) ((WebSecurity.IgnoredRequestConfigurer) ((WebSecurity.IgnoredRequestConfigurer) ((WebSecurity.IgnoredRequestConfigurer) ((WebSecurity.IgnoredRequestConfigurer) ((WebSecurity.IgnoredRequestConfigurer) ((WebSecurity.IgnoredRequestConfigurer) ((WebSecurity.IgnoredRequestConfigurer) webSecurity.ignoring().antMatchers(new String[]{"/**/*.png", "/**/*.jpg", "/**/*.gif", "/**/*.bmp"})).antMatchers(new String[]{"/**/*.css", "/**/*.js"})).antMatchers(new String[]{"/swagger-ui.html"})).antMatchers(new String[]{"/doc.html"})).antMatchers(new String[]{"/webjars/**"})).antMatchers(new String[]{"/v2/**"})).antMatchers(new String[]{"/v3/**"})).antMatchers(new String[]{"/swagger-resources/**"})).antMatchers(new String[]{"/error"})).antMatchers(new String[]{"/favicon.ico"})).antMatchers(new String[]{"/oauth/token/code"})).antMatchers(new String[]{"/oauth/token/password"})).antMatchers(new String[]{"/oauth/token/client"})).antMatchers(new String[]{"/actuator/**"})).antMatchers(new String[]{"/proxy/**"})).antMatchers(new String[]{"/**/sc/**"})).antMatchers(new String[]{"/**/*.nocache.js"})).antMatchers(new String[]{"/**/*.cache.js"});
        if (this.securityProperties.getLoginPage() != null) {
            webSecurity.ignoring().antMatchers(new String[]{this.securityProperties.getLoginPage()});
        }
        if (this.securityProperties.getDefaultFailureUrl() != null) {
            webSecurity.ignoring().antMatchers(new String[]{this.securityProperties.getDefaultFailureUrl()});
        }
        if (this.securityProperties.getMfa() == null || this.securityProperties.getMfa().getMfaPage() == null) {
            webSecurity.ignoring().antMatchers(new String[]{"/mfaPage.html"});
        } else {
            webSecurity.ignoring().antMatchers(new String[]{this.securityProperties.getMfa().getMfaPage()});
        }
        String[] ignored = this.securityProperties.getIgnored();
        if (ignored != null && ignored.length > 0) {
            for (String str : ignored) {
                webSecurity.ignoring().antMatchers(new String[]{str});
            }
        }
        if (this.httpSecurityConfigurerList == null || this.httpSecurityConfigurerList.isEmpty()) {
            return;
        }
        Iterator<HttpSecurityConfigurer> it = this.httpSecurityConfigurerList.iterator();
        while (it.hasNext()) {
            it.next().configure(webSecurity);
        }
    }

    @Bean
    public GenericFilterBean authenticationFailureStrategyFilter(ObjectProvider<AuthenticationFailureStrategyFilter.AuthenticationFailureStrategyHandler> objectProvider) {
        this.failureStrategyFilter = new AuthenticationFailureStrategyFilter(Collections.unmodifiableList(new ArrayList((Collection) objectProvider.stream().collect(Collectors.toList()))));
        return this.failureStrategyFilter;
    }

    @Bean
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }

    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }

    protected void configure(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception {
        Assert.notNull(this.customAuthenticationProviderConfig.getAuthenticationAction(), "A AuthenticateAction is required");
        for (int i = 0; i < this.customAuthenticationProviderConfig.getAuthenticationAction().size(); i++) {
            CustomAuthenticationProvider customAuthenticationProvider = this.customAuthenticationProviderConfig.getAuthenticationAction().get(i);
            customAuthenticationProvider.setPasswordEncoder(passwordEncoder());
            customAuthenticationProvider.setTenantAppService(this.tenantAppService);
            authenticationManagerBuilder.authenticationProvider(customAuthenticationProvider);
        }
        if (this.customAuthenticationProviderConfig.getAuthenticationAction().size() == 0) {
            super.configure(authenticationManagerBuilder);
        }
    }
}
