package com.gold.ms.gateway.security.config;

import com.gold.ms.gateway.AuthServerProperties;
import com.gold.ms.gateway.security.access.IResourceService;
import com.gold.ms.gateway.security.authentication.CustomAuthenticationUserDetailsService;
import com.gold.ms.gateway.security.authentication.CustomWebAuthenticationDetailsSource;
import com.gold.ms.gateway.security.authentication.IAuthenticateAction;
import com.gold.ms.gateway.security.authentication.IAuthenticateRoles;
import com.gold.ms.gateway.security.boe.BoeAuthenticationFilter;
import com.gold.ms.gateway.security.boe.BoeProperties;
import com.gold.ms.gateway.security.client.service.LoginUser;
import com.gold.ms.gateway.security.dj.DjAuthenticationFilter;
import com.gold.ms.gateway.security.dj.Oauth2LoginSuccessHandler;
import com.gold.ms.gateway.security.dj.client.DjProperties;
import com.gold.ms.gateway.security.entrypoint.BaseAuthenticationEntryPoint;
import com.gold.ms.gateway.security.entrypoint.CaptchaEntryPoint;
import com.gold.ms.gateway.security.filter.ActiveFilter;
import com.gold.ms.gateway.security.filter.CaptchaFilter;
import com.gold.ms.gateway.security.filter.CustomBasicAuthenticationFilter;
import com.gold.ms.gateway.security.filter.CustomConcurrentSessionFilter;
import com.gold.ms.gateway.security.filter.CustomSecurityFilter;
import com.gold.ms.gateway.security.logout.CustomLogoutSuccessHandler;
import com.gold.ms.gateway.security.session.CustomSessionInformationExpiredStrategy;
import com.gold.ms.gateway.security.session.CustomSessionRegistryImpl;
import java.util.Arrays;
import java.util.HashSet;
import javax.servlet.Filter;
import javax.servlet.http.HttpServletRequest;
import org.springframework.amqp.core.FanoutExchange;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.core.session.SessionRegistry;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.web.access.intercept.FilterSecurityInterceptor;
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
import org.springframework.security.web.csrf.CookieCsrfTokenRepository;
import org.springframework.security.web.session.ConcurrentSessionFilter;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.security.web.util.matcher.RequestMatcher;
import org.springframework.util.Assert;

@Configuration
@Order(2147483640)
/* loaded from: input_file:com/gold/ms/gateway/security/config/SecurityConfig.class */
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private CustomSecurityFilter mySecurityFilter;

    @Autowired(required = false)
    private Oauth2LoginSuccessHandler djLoginSessionHandler;

    @Autowired
    private DjProperties djProperties;

    @Autowired
    private BoeProperties boeProperties;

    /* loaded from: input_file:com/gold/ms/gateway/security/config/SecurityConfig$CsrfRequestMatcher.class */
    private static final class CsrfRequestMatcher implements RequestMatcher {
        private final HashSet<String> allowedMethods;
        private AntPathRequestMatcher unprotectedMatcher;

        private CsrfRequestMatcher() {
            this.allowedMethods = new HashSet<>(Arrays.asList("GET", "HEAD", "TRACE", "OPTIONS"));
            this.unprotectedMatcher = new AntPathRequestMatcher("/**/wx/open/portal/*", (String) null);
        }

        public boolean matches(HttpServletRequest httpServletRequest) {
            return (this.unprotectedMatcher.matches(httpServletRequest) || this.allowedMethods.contains(httpServletRequest.getMethod())) ? false : true;
        }
    }

    @Bean
    public FanoutExchange userEvent() {
        return new FanoutExchange("userEventExchange");
    }

    @Bean
    protected AuthenticationManager authenticationManager() throws Exception {
        return super.authenticationManager();
    }

    @Bean
    public SessionRegistry sessionRegistry() {
        return new CustomSessionRegistryImpl();
    }

    @Bean
    public AuthServerProperties authServerProperties() {
        return new AuthServerProperties();
    }

    @Bean
    public Filter captchaFile() {
        return new CaptchaFilter(new CaptchaEntryPoint());
    }

    @Bean
    public Filter activeFile() {
        return new ActiveFilter(new BaseAuthenticationEntryPoint());
    }

    @Bean
    public IResourceService resourceService() throws InstantiationException, IllegalAccessException, ClassNotFoundException {
        Assert.notNull(authServerProperties().getResourceService(), "A ResourceService is required");
        return (IResourceService) Class.forName(authServerProperties().getResourceService()).newInstance();
    }

    @Bean
    public IAuthenticateRoles authenticateRoles() throws InstantiationException, IllegalAccessException, ClassNotFoundException {
        Assert.notNull(authServerProperties().getRoleService(), "A RoleService is required");
        return (IAuthenticateRoles) Class.forName(authServerProperties().getRoleService()).newInstance();
    }

    protected void configure(HttpSecurity httpSecurity) throws Exception {
        BaseAuthenticationEntryPoint baseAuthenticationEntryPoint = new BaseAuthenticationEntryPoint();
        CustomBasicAuthenticationFilter customBasicAuthenticationFilter = new CustomBasicAuthenticationFilter(authenticationManagerBean(), baseAuthenticationEntryPoint);
        customBasicAuthenticationFilter.setAuthenticationDetailsSource(new CustomWebAuthenticationDetailsSource());
        CustomConcurrentSessionFilter customConcurrentSessionFilter = new CustomConcurrentSessionFilter(sessionRegistry(), new CustomSessionInformationExpiredStrategy());
        AuthServerProperties authServerProperties = authServerProperties();
        httpSecurity.headers().frameOptions().disable();
        ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.httpBasic().authenticationEntryPoint(baseAuthenticationEntryPoint).and().addFilterBefore(djAuthenticationFilter(), CustomConcurrentSessionFilter.class).addFilterBefore(boeAuthenticationFilter(), CustomConcurrentSessionFilter.class).addFilterBefore(this.mySecurityFilter, FilterSecurityInterceptor.class).addFilterBefore(captchaFile(), BasicAuthenticationFilter.class).addFilterBefore(activeFile(), CustomBasicAuthenticationFilter.class).addFilterBefore(customBasicAuthenticationFilter, BasicAuthenticationFilter.class).addFilterBefore(customConcurrentSessionFilter, ConcurrentSessionFilter.class).logout().invalidateHttpSession(false).logoutSuccessHandler(new CustomLogoutSuccessHandler()).logoutRequestMatcher(new AntPathRequestMatcher("/logout", "GET")).and().authorizeRequests().antMatchers(new String[]{"/", "/login", "/user/generateCaptchaNum", "/user/generateCaptchaImage", "/user/isInternet", "/user/validateCaptcha", "/user/event/visit", "/user/oauth", "/user/rnauth", "/user/oauthH5", "/user/rnauthH5"})).permitAll().antMatchers(new String[]{"/**/open/**/**", "/**/open/**"})).permitAll().antMatchers(new String[]{"/**/workbench/**/**", "/**/workbench/**"})).hasRole(LoginUser.SYS_IDENTITY_ADMIN).anyRequest()).authenticated().and().csrf().requireCsrfProtectionMatcher(new CsrfRequestMatcher()).ignoringAntMatchers(authServerProperties.getCsrf() != null ? (String[]) authServerProperties.getCsrf().getIgnoringAntMatchers().toArray(new String[0]) : new String[0]).csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()).and().sessionManagement().maximumSessions(authServerProperties.getMaximumSessions()).sessionRegistry(sessionRegistry());
    }

    @Bean
    public DjAuthenticationFilter djAuthenticationFilter() throws Exception {
        DjAuthenticationFilter djAuthenticationFilter = new DjAuthenticationFilter(new BCryptPasswordEncoder(), this.djLoginSessionHandler, this.djProperties);
        djAuthenticationFilter.setAuthenticationManager(authenticationManager());
        return djAuthenticationFilter;
    }

    @Bean
    public BoeAuthenticationFilter boeAuthenticationFilter() throws Exception {
        BoeAuthenticationFilter boeAuthenticationFilter = new BoeAuthenticationFilter(new BCryptPasswordEncoder(), this.djLoginSessionHandler, this.boeProperties);
        boeAuthenticationFilter.setAuthenticationManager(authenticationManager());
        return boeAuthenticationFilter;
    }

    protected void configure(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception {
        Assert.notNull(authServerProperties().getAuthenticateAction(), "A AuthenticateAction is required");
        for (int i = 0; i < authServerProperties().getAuthenticateAction().size(); i++) {
            DaoAuthenticationProvider daoAuthenticationProvider = new DaoAuthenticationProvider();
            daoAuthenticationProvider.setHideUserNotFoundExceptions(false);
            daoAuthenticationProvider.setUserDetailsService(new CustomAuthenticationUserDetailsService((IAuthenticateAction) Class.forName(authServerProperties().getAuthenticateAction().get(i)).newInstance(), authenticateRoles()));
            daoAuthenticationProvider.setPasswordEncoder(new BCryptPasswordEncoder());
            authenticationManagerBuilder.authenticationProvider(daoAuthenticationProvider);
        }
    }
}
