package com.kcloud.ms.authentication.config;

import com.kcloud.ms.authentication.basecore.service.CaptchaService;
import com.kcloud.ms.authentication.filter.CorsFilter;
import com.kcloud.ms.authentication.handler.CustomAuthenticationFailureHandler;
import com.kcloud.ms.authentication.handler.CustomAuthenticationSuccessHandler;
import com.kcloud.ms.authentication.security.CustomAuthenticationProvider;
import com.kcloud.ms.authentication.weixin.WxUserDetailsService;
import com.kcloud.ms.authentication.weixin.filter.SavedStateFilter;
import com.kcloud.ms.authentication.weixin.filter.WeiXinAuthenticationFilter;
import javax.servlet.http.HttpServletRequest;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationDetailsSource;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.session.SessionRegistry;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.access.channel.ChannelProcessingFilter;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.authentication.WebAuthenticationDetails;
import org.springframework.util.Assert;
import org.springframework.util.ObjectUtils;

@Configuration
/* loaded from: input_file:com/kcloud/ms/authentication/config/SecurityConfig.class */
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    CaptchaService captchaService;

    @Autowired
    CustomAuthenticationFailureHandler customAuthenticationFailureHandler;

    @Autowired
    CustomAuthenticationSuccessHandler customAuthenticationSuccessHandler;

    @Autowired
    AuthenticationDetailsSource<HttpServletRequest, WebAuthenticationDetails> authenticationDetailsSource;

    @Autowired
    AuthServerProperties authServerProperties;

    @Autowired
    SessionRegistry sessionRegistry;

    @Autowired(required = false)
    private WxUserDetailsService userDetailsService;

    @Value("${kduck.security.ignored:}")
    private String[] ignored;

    @Bean
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }

    public void configure(HttpSecurity httpSecurity) throws Exception {
        httpSecurity.csrf().disable();
        ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.addFilterBefore(new CorsFilter(), ChannelProcessingFilter.class).authorizeRequests().antMatchers(new String[]{"/favicon.ico", "/404", "/captcha/**", "/client/**", "/app/**", "/route/**", "/sso/**", "/logout/**", "/index"})).permitAll().antMatchers(new String[]{"/static/**", "/actuator/**"})).permitAll().antMatchers(new String[]{"/**/swagger-resources/**", "/**/v2/api-docs-ext/**", "/**/v2/api-docs/**", "/swagger-ui.html", "/doc.html", "**/webjars/**"})).permitAll().anyRequest()).authenticated().and().formLogin().loginPage("/index").permitAll().loginProcessingUrl("/security_check").permitAll().authenticationDetailsSource(this.authenticationDetailsSource).successHandler(this.customAuthenticationSuccessHandler).failureHandler(this.customAuthenticationFailureHandler).and().httpBasic().and().logout().clearAuthentication(true).logoutSuccessUrl("/sso/logout").and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED).sessionFixation().newSession();
        if (this.userDetailsService != null) {
            WeiXinAuthenticationFilter weiXinAuthenticationFilter = new WeiXinAuthenticationFilter(this.userDetailsService);
            weiXinAuthenticationFilter.setAuthenticationSuccessHandler(this.customAuthenticationSuccessHandler);
            weiXinAuthenticationFilter.setAuthenticationFailureHandler(this.customAuthenticationFailureHandler);
            httpSecurity.addFilterBefore(weiXinAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);
            httpSecurity.addFilterAfter(new SavedStateFilter(), UsernamePasswordAuthenticationFilter.class);
        }
        if (ObjectUtils.isEmpty(this.authServerProperties.getSession().getMaxSession()) || this.authServerProperties.getSession().getMaxSession().intValue() != 0) {
            httpSecurity.sessionManagement().maximumSessions(this.authServerProperties.getSession().getMaxSession().intValue()).sessionRegistry(this.sessionRegistry);
        } else {
            httpSecurity.sessionManagement().maximumSessions(1).sessionRegistry(this.sessionRegistry);
        }
    }

    protected void configure(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception {
        Assert.notNull(this.authServerProperties.getAuthenticateAction(), "A AuthenticateAction is required");
        for (int i = 0; i < this.authServerProperties.getAuthenticateAction().size(); i++) {
            authenticationManagerBuilder.authenticationProvider(new CustomAuthenticationProvider(this.authServerProperties.getAuthenticateAction().get(i), passwordEncoder(), this.captchaService, this.authServerProperties.getCaptcha().isAuthorizationCodeCaptcha(), this.authServerProperties.getCaptcha().isPasswordCaptcha()));
        }
    }

    @Bean
    PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }

    public void configure(WebSecurity webSecurity) throws Exception {
        webSecurity.ignoring().antMatchers(new String[]{"*.ico", "/**/*.js", "/**/*.css", "/**/*.png"});
        if (this.ignored == null || this.ignored.length <= 0) {
            return;
        }
        for (String str : this.ignored) {
            webSecurity.ignoring().antMatchers(new String[]{str});
        }
    }
}
