package com.kcloud.ms.authentication.config;

import com.goldgov.kduck.module.authority.service.AuthorityService;
import com.kcloud.ms.authentication.access.AccessManager;
import com.kcloud.ms.authentication.baseaccount.service.Account;
import com.kcloud.ms.authentication.baseaccount.service.AccountService;
import com.kcloud.ms.authentication.cache.CacheHolder;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.context.ApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.session.SessionRegistry;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.expression.OAuth2WebSecurityExpressionHandler;
import org.springframework.security.web.util.matcher.RequestMatcher;
import org.springframework.util.AntPathMatcher;

@Configuration
/* loaded from: input_file:com/kcloud/ms/authentication/config/OAuth2ResourceConfiguration.class */
public class OAuth2ResourceConfiguration {
    public static final String RESOURCE_ID = "userinfo-resource";

    @EnableResourceServer
    @Configuration
    /* loaded from: input_file:com/kcloud/ms/authentication/config/OAuth2ResourceConfiguration$UnityResourceServerConfiguration.class */
    protected static class UnityResourceServerConfiguration extends ResourceServerConfigurerAdapter {

        @Autowired
        SessionRegistry sessionRegistry;

        @Autowired
        private OAuth2WebSecurityExpressionHandler expressionHandler;

        protected UnityResourceServerConfiguration() {
        }

        public void configure(ResourceServerSecurityConfigurer resourceServerSecurityConfigurer) {
            resourceServerSecurityConfigurer.resourceId(OAuth2ResourceConfiguration.RESOURCE_ID).stateless(false);
            resourceServerSecurityConfigurer.expressionHandler(this.expressionHandler);
        }

        public void configure(HttpSecurity httpSecurity) throws Exception {
            ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((HttpSecurity.RequestMatcherConfigurer) httpSecurity.requestMatchers().requestMatchers(new RequestMatcher[]{httpServletRequest -> {
                String requestURI = httpServletRequest.getRequestURI();
                return (requestURI.equals(new StringBuilder().append(httpServletRequest.getContextPath()).append("/").toString()) || requestURI.equals(new StringBuilder().append(httpServletRequest.getContextPath()).append("/sso/token").toString()) || requestURI.equals(new StringBuilder().append(httpServletRequest.getContextPath()).append("/security_check").toString()) || requestURI.equals(new StringBuilder().append(httpServletRequest.getContextPath()).append("/actuator/health").toString()) || requestURI.equals(new StringBuilder().append(httpServletRequest.getContextPath()).append("/sso/phoneLogin").toString()) || requestURI.equals(new StringBuilder().append(httpServletRequest.getContextPath()).append("/sso/getVerification").toString()) || requestURI.equals(new StringBuilder().append(httpServletRequest.getContextPath()).append("/sso/verifyAccountName").toString()) || requestURI.equals(new StringBuilder().append(httpServletRequest.getContextPath()).append("/sso/verifyAccountBind").toString()) || requestURI.equals(new StringBuilder().append(httpServletRequest.getContextPath()).append("/sso/resetpassword").toString()) || requestURI.equals(new StringBuilder().append(httpServletRequest.getContextPath()).append("/sso/emailgeturl").toString()) || requestURI.equals(new StringBuilder().append(httpServletRequest.getContextPath()).append("/sso/checkverifyCode").toString()) || requestURI.equals(new StringBuilder().append(httpServletRequest.getContextPath()).append("/index").toString())) ? false : true;
            }})).and().authorizeRequests().anyRequest()).authenticated().anyRequest()).access("@accessManager.check(request,authentication)");
            httpSecurity.csrf().disable();
        }
    }

    @ConditionalOnMissingBean(name = {"accessManager"})
    @Bean({"accessManager"})
    public AccessManager accessManager() {
        return new AccessManager() { // from class: com.kcloud.ms.authentication.config.OAuth2ResourceConfiguration.1
            private AntPathMatcher matcher = new AntPathMatcher();

            @Autowired
            private AuthorityService authorityService;

            @Autowired
            private AccountService accountService;

            @Override // com.kcloud.ms.authentication.access.AccessManager
            protected boolean mathAuthorities(HttpServletRequest httpServletRequest, Authentication authentication, String str) {
                Object principal = authentication.getPrincipal();
                if (((List) CacheHolder.get(principal.toString())) != null) {
                    return true;
                }
                Account accountByName = this.accountService.getAccountByName(principal.toString());
                if (accountByName == null) {
                    throw new RuntimeException("账户不存在：" + principal.toString());
                }
                CacheHolder.put(principal.toString(), this.authorityService.listAuthOperate(accountByName.getUserId()), 120L);
                CacheHolder.clearExpired();
                return true;
            }
        };
    }

    @Bean
    public OAuth2WebSecurityExpressionHandler oAuth2WebSecurityExpressionHandler(ApplicationContext applicationContext) {
        OAuth2WebSecurityExpressionHandler oAuth2WebSecurityExpressionHandler = new OAuth2WebSecurityExpressionHandler();
        oAuth2WebSecurityExpressionHandler.setApplicationContext(applicationContext);
        return oAuth2WebSecurityExpressionHandler;
    }
}
