package cn.kduck.security.mfa;

import cn.kduck.security.KduckSecurityProperties;
import cn.kduck.security.configuration.HttpSecurityConfigurer;
import cn.kduck.security.mfa.impl.MfaTokenServiceImpl;
import cn.kduck.security.mfa.impl.MfaUserDetailsServiceImpl;
import cn.kduck.security.mfa.send.MfaSendStrategy;
import cn.kduck.security.mfa.send.impl.StdOutSendStrategy;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.util.Assert;
import org.springframework.util.StringUtils;

@Configuration
@ConditionalOnProperty(prefix = "kduck.security.mfa", name = {"enabled"}, havingValue = "true")
/* loaded from: input_file:cn/kduck/security/mfa/MfaConfiguration.class */
public class MfaConfiguration implements HttpSecurityConfigurer {

    @Autowired
    private UserDetailsService userDetailsService;

    @Autowired
    private PasswordEncoder passwordEncoder;

    @Autowired
    private KduckSecurityProperties securityProperties;

    @Override // cn.kduck.security.configuration.HttpSecurityConfigurer
    public void configure(HttpSecurity httpSecurity) throws Exception {
        String str;
        str = "/mfa/validate";
        String str2 = "/mfaPage.html";
        String defaultSuccessUrl = StringUtils.hasText(this.securityProperties.getDefaultSuccessUrl()) ? this.securityProperties.getDefaultSuccessUrl() : "/";
        KduckSecurityProperties.MfaConfig mfa = this.securityProperties.getMfa();
        if (mfa != null) {
            str = StringUtils.hasText(mfa.getValidateUrl()) ? mfa.getValidateUrl() : "/mfa/validate";
            if (StringUtils.hasText(mfa.getMfaPage())) {
                str2 = mfa.getMfaPage();
            }
        }
        httpSecurity.authenticationProvider(mfaAuthenticationProvider());
        httpSecurity.addFilterAfter(new MfaAuthenticationValidationFilter(mfaUserDetailsService(), mfaTokenService(), str, defaultSuccessUrl, str2), UsernamePasswordAuthenticationFilter.class);
    }

    @Override // cn.kduck.security.configuration.HttpSecurityConfigurer
    public void configure(WebSecurity webSecurity) throws Exception {
    }

    @Bean
    public MfaAuthenticationProvider mfaAuthenticationProvider() {
        MfaAuthenticationProvider mfaAuthenticationProvider = new MfaAuthenticationProvider(mfaTokenService(), mfaUserDetailsService(), mfaAuthenticationStrategy());
        mfaAuthenticationProvider.setUserDetailsService(this.userDetailsService);
        mfaAuthenticationProvider.setPasswordEncoder(this.passwordEncoder);
        return mfaAuthenticationProvider;
    }

    @ConditionalOnMissingBean({MfaUserDetailsService.class})
    @Bean
    public MfaUserDetailsService mfaUserDetailsService() {
        MfaUserDetailsServiceImpl mfaUserDetailsServiceImpl = new MfaUserDetailsServiceImpl();
        if (this.securityProperties.getMfa() != null && this.securityProperties.getMfa().getMfaUsers() != null) {
            for (String str : this.securityProperties.getMfa().getMfaUsers()) {
                String[] split = str.split(":");
                Assert.isTrue(split.length == 2, "多因素认证用户格式不正确，正确格式（冒号分隔）：username:secret");
                mfaUserDetailsServiceImpl.addMfaUser(split[0], split[1]);
            }
        }
        return mfaUserDetailsServiceImpl;
    }

    @ConditionalOnMissingBean({MfaTokenService.class})
    @Bean
    public MfaTokenService mfaTokenService() {
        MfaType mfaType = MfaType.TOTP;
        if (this.securityProperties.getMfa() != null && this.securityProperties.getMfa().getType() != null) {
            mfaType = MfaType.valueOf(this.securityProperties.getMfa().getType().toUpperCase());
        }
        return new MfaTokenServiceImpl(mfaType);
    }

    @ConditionalOnMissingBean({MfaSendStrategy.class})
    @Bean
    public MfaSendStrategy mfaAuthenticationStrategy() {
        return new StdOutSendStrategy();
    }
}
